package net.ripe.rpki.commons.crypto.cms.manifest;

import java.math.BigInteger;
import java.security.PrivateKey;
import java.util.Map;
import java.util.TreeMap;
import net.ripe.rpki.commons.crypto.cms.RpkiSignedObjectBuilder;
import net.ripe.rpki.commons.crypto.util.Asn1Util;
import net.ripe.rpki.commons.crypto.x509cert.X509CertificateBuilderHelper;
import net.ripe.rpki.commons.crypto.x509cert.X509ResourceCertificate;
import net.ripe.rpki.commons.validation.ValidationResult;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1GeneralizedTime;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERBitString;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DERSequence;
import org.joda.time.DateTime;

/* loaded from: input_file:net/ripe/rpki/commons/crypto/cms/manifest/ManifestCmsBuilder.class */
public class ManifestCmsBuilder extends RpkiSignedObjectBuilder {
    private X509ResourceCertificate certificate;
    private BigInteger number;
    private DateTime thisUpdateTime;
    private DateTime nextUpdateTime;
    private String signatureProvider = X509CertificateBuilderHelper.DEFAULT_SIGNATURE_PROVIDER;
    private Map<String, byte[]> files = new TreeMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    public boolean containsFile(String str) {
        return this.files.containsKey(str);
    }

    public ManifestCmsBuilder withCertificate(X509ResourceCertificate x509ResourceCertificate) {
        this.certificate = x509ResourceCertificate;
        return this;
    }

    public ManifestCmsBuilder withManifestNumber(BigInteger bigInteger) {
        this.number = bigInteger;
        return this;
    }

    public ManifestCmsBuilder withThisUpdateTime(DateTime dateTime) {
        this.thisUpdateTime = dateTime;
        return this;
    }

    public ManifestCmsBuilder withNextUpdateTime(DateTime dateTime) {
        this.nextUpdateTime = dateTime;
        return this;
    }

    public ManifestCmsBuilder withSignatureProvider(String str) {
        this.signatureProvider = str;
        return this;
    }

    public ManifestCms build(PrivateKey privateKey) {
        ManifestCmsParser manifestCmsParser = new ManifestCmsParser();
        manifestCmsParser.parse(ValidationResult.withLocation("unknown.mft"), generateCms(this.certificate.getCertificate(), privateKey, this.signatureProvider, new ASN1ObjectIdentifier(ManifestCms.CONTENT_TYPE_OID), encodeManifest()));
        return manifestCmsParser.getManifestCms();
    }

    public void addFile(String str, byte[] bArr) {
        this.files.put(str, ManifestCms.hashContents(bArr));
    }

    public void addFileHash(String str, byte[] bArr) {
        if (!$assertionsDisabled && (bArr == null || bArr.length != 32)) {
            throw new AssertionError("Hash must be 32 bytes");
        }
        this.files.put(str, bArr);
    }

    ASN1Encodable encodeFileAndHash(String str, byte[] bArr) {
        return new DERSequence(new ASN1Encodable[]{new DERIA5String(str, true), new DERBitString(bArr)});
    }

    ASN1Encodable encodeFileList() {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (Map.Entry<String, byte[]> entry : this.files.entrySet()) {
            aSN1EncodableVector.add(encodeFileAndHash(entry.getKey(), entry.getValue()));
        }
        return new DERSequence(aSN1EncodableVector);
    }

    byte[] encodeManifest() {
        return Asn1Util.encode(new DERSequence(new ASN1Encodable[]{new ASN1Integer(this.number), new ASN1GeneralizedTime(this.thisUpdateTime.toDate()), new ASN1GeneralizedTime(this.nextUpdateTime.toDate()), new ASN1ObjectIdentifier(ManifestCms.FILE_HASH_ALGORITHM), encodeFileList()}));
    }

    static {
        $assertionsDisabled = !ManifestCmsBuilder.class.desiredAssertionStatus();
    }
}
