package org.apache.hadoop.hdds.security.x509.certificate.authority;

import java.security.PrivateKey;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CRLCodec;
import org.bouncycastle.cert.X509v2CRLBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/authority/DefaultCRLApprover.class */
public class DefaultCRLApprover implements CRLApprover {
    private SecurityConfig config;
    private PrivateKey caPrivate;

    public DefaultCRLApprover(SecurityConfig securityConfig, PrivateKey privateKey) {
        this.config = securityConfig;
        this.caPrivate = privateKey;
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.authority.CRLApprover
    public X509CRL sign(X509v2CRLBuilder x509v2CRLBuilder) throws CRLException, OperatorCreationException {
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(this.config.getSignatureAlgo());
        jcaContentSignerBuilder.setProvider(this.config.getProvider());
        return CRLCodec.getX509CRL(x509v2CRLBuilder.build(jcaContentSignerBuilder.build(this.caPrivate)));
    }
}
