package com.rsa.cryptoj.o;

import com.rsa.jsafe.cert.CertComplianceAdjustment;
import com.rsa.jsafe.cert.CertCreationException;
import com.rsa.jsafe.cert.CertCreationParameterSpec;
import com.rsa.jsafe.cert.IssuerInformation;
import com.rsa.jsafe.cert.Version;
import com.rsa.jsafe.cert.X509ExtensionSpec;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import mf.org.apache.xerces.impl.xs.SchemaSymbols;

/* loaded from: classes.dex */
public final class py {

    /* renamed from: a, reason: collision with root package name */
    private static final int f1828a = 1;

    /* renamed from: b, reason: collision with root package name */
    private static final int f1829b = 20;

    /* renamed from: c, reason: collision with root package name */
    private final ch f1830c;
    private final SecureRandom d;
    private final pa e;

    public py(ch chVar, SecureRandom secureRandom, pa paVar) {
        this.f1830c = chVar;
        this.d = secureRandom;
        this.e = paVar;
    }

    private d a(IssuerInformation issuerInformation, CertCreationParameterSpec certCreationParameterSpec, d dVar, d dVar2) {
        Integer valueOf = certCreationParameterSpec.getVersion() == Version.V1 ? null : Integer.valueOf(certCreationParameterSpec.getVersion().getIntValue());
        BigInteger b2 = certCreationParameterSpec.getSerialNum() == null ? b() : certCreationParameterSpec.getSerialNum();
        Date date = certCreationParameterSpec.getNotBefore() == null ? new Date() : certCreationParameterSpec.getNotBefore();
        return a.a("TBSCertificate", new Object[]{valueOf, b2, dVar2, a.a(SchemaSymbols.ATTVAL_NAME, issuerInformation.getIssuerName().getEncoded(), 0), a(date, certCreationParameterSpec.getNotAfter() == null ? a(date) : certCreationParameterSpec.getNotAfter()), certCreationParameterSpec.getSubject() != null ? a.a(SchemaSymbols.ATTVAL_NAME, certCreationParameterSpec.getSubject().getEncoded(), 0) : a.a(SchemaSymbols.ATTVAL_NAME, a.a("RDNSequence", new Object[]{a.a("RelativeDistinguishedName", new Object[0])})), a.a("SubjectPublicKeyInfo", certCreationParameterSpec.getSubjectPublicKey().getEncoded(), 0), null, null, dVar != null ? dVar.c(a.c(3)) : null});
    }

    static d a(Date date, Date date2) {
        return a.a("Validity", new Object[]{px.a(date), px.a(date2)});
    }

    public static Date a(Date date) {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, 1);
        return calendar.getTime();
    }

    private byte[] a(IssuerInformation issuerInformation, CertCreationParameterSpec certCreationParameterSpec, d dVar) {
        pj b2 = pi.b(issuerInformation.getSignatureAlgorithm());
        if (b2 == null) {
            throw new CertCreationException("Unsupported signing algorithm.");
        }
        d a2 = new ow(b2).a();
        d a3 = a(issuerInformation, certCreationParameterSpec, dVar, a2);
        return a.c(a.a("Certificate", new Object[]{a3, a2, a.a((c) j.f1510a, (Object) a(issuerInformation, a.c(a3)))}));
    }

    private byte[] a(IssuerInformation issuerInformation, byte[] bArr) {
        try {
            os c2 = kj.c(issuerInformation.getSignatureAlgorithm(), this.f1830c, kf.f1566a);
            c2.initSign(issuerInformation.getIssuerPrivateKey(), this.d);
            c2.update(bArr);
            return c2.sign();
        } catch (GeneralSecurityException e) {
            throw new CertCreationException("Could not create certificate with given private key.", e);
        }
    }

    private BigInteger b() {
        byte[] bArr = new byte[20];
        SecureRandom secureRandom = this.d;
        if (secureRandom == null) {
            dc.a(this.f1830c).nextBytes(bArr);
        } else {
            secureRandom.nextBytes(bArr);
        }
        bArr[0] = (byte) (bArr[0] & Byte.MAX_VALUE);
        return new BigInteger(bArr);
    }

    public String a() {
        return this.e.a();
    }

    public X509Certificate a(IssuerInformation issuerInformation, CertCreationParameterSpec certCreationParameterSpec, CertComplianceAdjustment certComplianceAdjustment) {
        if (issuerInformation == null) {
            throw new IllegalArgumentException("Issuer information is null");
        }
        if (certComplianceAdjustment == null) {
            throw new IllegalArgumentException("Certificate compliance adjustments object is null");
        }
        if (certCreationParameterSpec == null) {
            throw new IllegalArgumentException("Certificate creation parameter spec object is null");
        }
        CertCreationParameterSpec certCreationParameterSpec2 = (CertCreationParameterSpec) certCreationParameterSpec.clone();
        CertComplianceAdjustment certComplianceAdjustment2 = (CertComplianceAdjustment) certComplianceAdjustment.clone();
        X509ExtensionSpec extensions = certCreationParameterSpec2.getExtensions();
        d a2 = (extensions == null || extensions.isEmpty()) ? null : pd.a(extensions);
        this.e.a(issuerInformation, certCreationParameterSpec2, certComplianceAdjustment2, a2);
        byte[] a3 = a(issuerInformation, certCreationParameterSpec2, a2);
        try {
            return new qd(this.f1830c, kf.f1566a, ByteBuffer.wrap(a3), a3);
        } catch (CertificateException e) {
            throw new CertCreationException(e);
        }
    }
}
