package ae.network.nicardmanagementsdk.core.security;

import android.util.Base64;
import android.util.Log;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Locale;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: SelfSignedCertificate.kt */
@Metadata(d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\n\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 \u00152\u00020\u0001:\u0001\u0015B9\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0002\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\n\b\u0002\u0010\b\u001a\u0004\u0018\u00010\t\u0012\n\b\u0002\u0010\n\u001a\u0004\u0018\u00010\t¢\u0006\u0002\u0010\u000bJ4\u0010\u0010\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0011\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\b\u0010\b\u001a\u0004\u0018\u00010\t2\b\u0010\n\u001a\u0004\u0018\u00010\tH\u0002J\u0010\u0010\u0012\u001a\u00020\u00032\u0006\u0010\u0013\u001a\u00020\u0014H\u0002R\u000e\u0010\f\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\r\u001a\u00020\u00038F¢\u0006\u0006\u001a\u0004\b\u000e\u0010\u000f¨\u0006\u0016"}, d2 = {"Lae/network/nicardmanagementsdk/core/security/SelfSignedCertificate;", "", "fqdn", "", "secureRandom", "Ljava/security/SecureRandom;", "keyPair", "Ljava/security/KeyPair;", "notBefore", "Ljava/util/Date;", "notAfter", "(Ljava/lang/String;Ljava/security/SecureRandom;Ljava/security/KeyPair;Ljava/util/Date;Ljava/util/Date;)V", "base64StringCertificate", "certificateBase64String", "getCertificateBase64String", "()Ljava/lang/String;", "buildCertificate", "random", "getEncodedBase64String", "certificate", "Ljava/security/cert/X509Certificate;", "Companion", "ni_sdk_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes.dex */
public final class SelfSignedCertificate {
    private static final String DEFAULT_FQDN = "NICardManagementSDK_Android";
    private final String base64StringCertificate;
    private static final String TAG = "SelfSignedCertificate";
    private static final long ONE_DAY_MILLIS = 86400000;
    private static final Date DEFAULT_NOT_BEFORE = new Date(System.currentTimeMillis() - ONE_DAY_MILLIS);
    private static final Date DEFAULT_NOT_AFTER = new Date(System.currentTimeMillis() + ONE_DAY_MILLIS);
    private static final Provider provider = new BouncyCastleProvider();

    public SelfSignedCertificate(String fqdn, SecureRandom secureRandom, KeyPair keyPair, Date date, Date date2) {
        Intrinsics.checkNotNullParameter(fqdn, "fqdn");
        Intrinsics.checkNotNullParameter(secureRandom, "secureRandom");
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        try {
            this.base64StringCertificate = buildCertificate(fqdn, secureRandom, keyPair, date, date2);
        } catch (Throwable th) {
            Log.d(TAG, "Failed to generate a self-signed X.509 certificate using Bouncy Castle:", th);
            throw new CertificateException("No provider succeeded to generate a self-signed certificate. See debug log for the root cause.", th);
        }
    }

    public /* synthetic */ SelfSignedCertificate(String str, SecureRandom secureRandom, KeyPair keyPair, Date date, Date date2, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this((i & 1) != 0 ? DEFAULT_FQDN : str, (i & 2) != 0 ? new SecureRandom() : secureRandom, keyPair, (i & 8) != 0 ? DEFAULT_NOT_BEFORE : date, (i & 16) != 0 ? DEFAULT_NOT_AFTER : date2);
    }

    private final String buildCertificate(String fqdn, SecureRandom random, KeyPair keyPair, Date notBefore, Date notAfter) throws Exception {
        X500Name x500Name = new X500Name("CN=" + fqdn);
        Locale forLanguageTag = Locale.forLanguageTag("en-US");
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, random), new Time(notBefore, forLanguageTag), new Time(notAfter, forLanguageTag), x500Name, keyPair.getPublic());
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
        Intrinsics.checkNotNullExpressionValue(build, "JcaContentSignerBuilder(…\").build(keyPair.private)");
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(provider).getCertificate(jcaX509v3CertificateBuilder.build(build));
        Intrinsics.checkNotNullExpressionValue(certificate, "JcaX509CertificateConver…ficate(certificateHolder)");
        certificate.verify(keyPair.getPublic());
        return getEncodedBase64String(certificate);
    }

    private final String getEncodedBase64String(X509Certificate certificate) {
        String encodeToString = Base64.encodeToString(certificate.getEncoded(), 2);
        Intrinsics.checkNotNullExpressionValue(encodeToString, "encodeToString(certifica….encoded, Base64.NO_WRAP)");
        return encodeToString;
    }

    /* renamed from: getCertificateBase64String, reason: from getter */
    public final String getBase64StringCertificate() {
        return this.base64StringCertificate;
    }
}
