package org.cesecore.certificates.certificate.certextensions.standard;

import java.security.PublicKey;
import java.util.Date;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERGeneralizedTime;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.x509.Extension;
import org.cesecore.certificates.ca.CA;
import org.cesecore.certificates.ca.internal.CertificateValidity;
import org.cesecore.certificates.certificate.certextensions.CertificateExtensionException;
import org.cesecore.certificates.certificateprofile.CertificateProfile;
import org.cesecore.certificates.endentity.EndEntityInformation;

/* loaded from: input_file:org/cesecore/certificates/certificate/certextensions/standard/PrivateKeyUsagePeriod.class */
public class PrivateKeyUsagePeriod extends StandardCertificateExtension {
    private static final Logger LOG = Logger.getLogger(PrivateKeyUsagePeriod.class);

    @Override // org.cesecore.certificates.certificate.certextensions.standard.StandardCertificateExtension
    public void init(CertificateProfile certificateProfile) {
        super.setOID(Extension.privateKeyUsagePeriod.getId());
        super.setCriticalFlag(false);
    }

    @Override // org.cesecore.certificates.certificate.certextensions.CertificateExtension
    public ASN1Encodable getValue(EndEntityInformation endEntityInformation, CA ca, CertificateProfile certificateProfile, PublicKey publicKey, PublicKey publicKey2, CertificateValidity certificateValidity) throws CertificateExtensionException {
        long time;
        if (certificateValidity != null) {
            time = certificateValidity.getNotBefore().getTime();
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("No validity passed in to getValue, using default 'Date().getTime() - CertificateValidity.SETBACKTIME'");
            }
            time = new Date().getTime() - CertificateValidity.SETBACKTIME;
        }
        if (certificateProfile.isUsePrivateKeyUsagePeriodNotBefore()) {
            time += certificateProfile.getPrivateKeyUsagePeriodStartOffset() * 1000;
        }
        Date date = null;
        Date date2 = null;
        if (certificateProfile.isUsePrivateKeyUsagePeriodNotBefore()) {
            date = new Date(time);
        }
        if (certificateProfile.isUsePrivateKeyUsagePeriodNotAfter()) {
            date2 = new Date(time + (certificateProfile.getPrivateKeyUsagePeriodLength() * 1000));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("PrivateKeyUsagePeriod.notBefore: " + date);
            LOG.debug("PrivateKeyUsagePeriod.notAfter: " + date2);
        }
        return privateKeyUsagePeriod(date, date2);
    }

    private static DERSequence privateKeyUsagePeriod(Date date, Date date2) throws CertificateExtensionException {
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        if (date != null) {
            aSN1EncodableVector.add(new DERTaggedObject(false, 0, new DERGeneralizedTime(date)));
        }
        if (date2 != null) {
            aSN1EncodableVector.add(new DERTaggedObject(false, 1, new DERGeneralizedTime(date2)));
        }
        if (aSN1EncodableVector.size() == 0) {
            throw new CertificateExtensionException("At least one of notBefore and notAfter must be specified!");
        }
        return new DERSequence(aSN1EncodableVector);
    }
}
