package org.eclipse.hono.service.management.tenant;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.time.Instant;
import java.util.Objects;
import java.util.Optional;
import javax.security.auth.x500.X500Principal;
import org.eclipse.hono.annotation.HonoTimestamp;

@JsonInclude(JsonInclude.Include.NON_NULL)
/* loaded from: input_file:org/eclipse/hono/service/management/tenant/TrustedCertificateAuthority.class */
public class TrustedCertificateAuthority {

    @JsonProperty("id")
    private String id;
    private X500Principal subjectDn;
    private byte[] publicKey;
    private X509Certificate cert;

    @JsonProperty("algorithm")
    private String keyAlgorithm;

    @JsonProperty("not-before")
    @HonoTimestamp
    private Instant notBefore;

    @JsonProperty("not-after")
    @HonoTimestamp
    private Instant notAfter;

    @JsonProperty("auto-provisioning-enabled")
    private boolean autoProvisioningEnabled;

    @JsonIgnore
    public final boolean isValid() {
        if (this.cert != null) {
            return true;
        }
        if (this.subjectDn == null || this.publicKey == null || this.notBefore == null || this.notAfter == null) {
            return false;
        }
        try {
            KeyFactory.getInstance((String) Optional.ofNullable(this.keyAlgorithm).orElse("RSA")).generatePublic(new X509EncodedKeySpec(this.publicKey));
            return true;
        } catch (IllegalArgumentException | GeneralSecurityException e) {
            return false;
        }
    }

    public final String getId() {
        return this.id;
    }

    public final TrustedCertificateAuthority setId(String str) {
        this.id = str;
        return this;
    }

    @JsonProperty("subject-dn")
    public final TrustedCertificateAuthority setSubjectDn(String str) {
        setSubjectDn(new X500Principal(str));
        return this;
    }

    public final TrustedCertificateAuthority setSubjectDn(X500Principal x500Principal) {
        this.subjectDn = x500Principal;
        return this;
    }

    public final X500Principal getSubjectDn() {
        return (X500Principal) Optional.ofNullable(this.cert).map(x509Certificate -> {
            return x509Certificate.getSubjectX500Principal();
        }).orElse(this.subjectDn);
    }

    @JsonProperty("subject-dn")
    public final String getSubjectDnAsString() {
        return (String) Optional.ofNullable(this.cert).map(x509Certificate -> {
            return x509Certificate.getSubjectX500Principal().getName("RFC2253");
        }).orElseGet(() -> {
            return (String) Optional.ofNullable(this.subjectDn).map(x500Principal -> {
                return x500Principal.getName("RFC2253");
            }).orElse(null);
        });
    }

    @JsonProperty("public-key")
    public final TrustedCertificateAuthority setPublicKey(byte[] bArr) {
        this.publicKey = bArr;
        return this;
    }

    @JsonProperty("public-key")
    public final byte[] getPublicKey() {
        return (byte[]) Optional.ofNullable(this.cert).map(x509Certificate -> {
            return x509Certificate.getPublicKey().getEncoded();
        }).orElse(this.publicKey);
    }

    @JsonProperty("cert")
    public final TrustedCertificateAuthority setCertificate(byte[] bArr) throws CertificateException {
        this.cert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        return this;
    }

    public final TrustedCertificateAuthority setKeyAlgorithm(String str) {
        this.keyAlgorithm = str;
        return this;
    }

    public final String getKeyAlgorithm() {
        return (String) Optional.ofNullable(this.cert).map(x509Certificate -> {
            return x509Certificate.getPublicKey().getAlgorithm();
        }).orElse(this.keyAlgorithm);
    }

    public final TrustedCertificateAuthority setNotBefore(Instant instant) {
        this.notBefore = (Instant) Objects.requireNonNull(instant);
        return this;
    }

    public final Instant getNotBefore() {
        return (Instant) Optional.ofNullable(this.cert).map(x509Certificate -> {
            return x509Certificate.getNotBefore().toInstant();
        }).orElse(this.notBefore);
    }

    public final TrustedCertificateAuthority setNotAfter(Instant instant) {
        this.notAfter = (Instant) Objects.requireNonNull(instant);
        return this;
    }

    public final Instant getNotAfter() {
        return (Instant) Optional.ofNullable(this.cert).map(x509Certificate -> {
            return x509Certificate.getNotAfter().toInstant();
        }).orElse(this.notAfter);
    }

    public final boolean isAutoProvisioningEnabled() {
        return this.autoProvisioningEnabled;
    }

    public final TrustedCertificateAuthority setAutoProvisioningEnabled(boolean z) {
        this.autoProvisioningEnabled = z;
        return this;
    }
}
