package okhttp3.tls;

import g.c.a.d1;
import g.c.a.e;
import g.c.a.j;
import g.c.a.k;
import g.c.a.l2.l;
import g.c.a.l2.q;
import g.c.a.l2.t;
import g.c.a.l2.u;
import g.c.a.l2.w;
import g.c.a.n;
import g.c.a.x0;
import g.c.d.b.a;
import g.c.f.d;
import g.c.g.b;
import g.c.g.c;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import okhttp3.internal.Util;
import p.h;

/* loaded from: classes2.dex */
public final class HeldCertificate {
    public final X509Certificate certificate;
    public final KeyPair keyPair;

    /* loaded from: classes2.dex */
    public static final class Builder {
        public static final long DEFAULT_DURATION_MILLIS = 86400000;
        public String cn;
        public String keyAlgorithm;
        public KeyPair keyPair;
        public int keySize;
        public String ou;
        public BigInteger serialNumber;
        public HeldCertificate signedBy;
        public long notBefore = -1;
        public long notAfter = -1;
        public final List<String> altNames = new ArrayList();
        public int maxIntermediateCas = -1;

        static {
            Security.addProvider(new a());
        }

        public Builder() {
            ecdsa256();
        }

        private X500Principal buildSubject() {
            StringBuilder sb = new StringBuilder();
            String str = this.cn;
            sb.append("CN=");
            if (str != null) {
                sb.append(this.cn);
            } else {
                sb.append(UUID.randomUUID());
            }
            if (this.ou != null) {
                sb.append(", OU=");
                sb.append(this.ou);
            }
            return new X500Principal(sb.toString());
        }

        private KeyPair generateKeyPair() {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyAlgorithm);
                keyPairGenerator.initialize(this.keySize, new SecureRandom());
                return keyPairGenerator.generateKeyPair();
            } catch (GeneralSecurityException e) {
                throw new AssertionError(e);
            }
        }

        public Builder addSubjectAlternativeName(String str) {
            if (str == null) {
                throw new NullPointerException("altName == null");
            }
            this.altNames.add(str);
            return this;
        }

        public HeldCertificate build() {
            KeyPair keyPair;
            X500Principal x500Principal;
            g.c.a.l2.a aVar;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = generateKeyPair();
            }
            X500Principal buildSubject = buildSubject();
            HeldCertificate heldCertificate = this.signedBy;
            if (heldCertificate != null) {
                keyPair = heldCertificate.keyPair;
                x500Principal = this.signedBy.certificate.getSubjectX500Principal();
            } else {
                keyPair = keyPair2;
                x500Principal = buildSubject;
            }
            long j2 = this.notBefore;
            if (j2 == -1) {
                j2 = System.currentTimeMillis();
            }
            long j3 = this.notAfter;
            if (j3 == -1) {
                j3 = j2 + 86400000;
            }
            BigInteger bigInteger = this.serialNumber;
            if (bigInteger == null) {
                bigInteger = BigInteger.ONE;
            }
            c cVar = new c();
            if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
                throw new IllegalArgumentException("serial number must be a positive integer");
            }
            cVar.b.b = new k(bigInteger);
            try {
                u uVar = cVar.b;
                g.c.d.a aVar2 = new g.c.d.a(x500Principal.getEncoded());
                if (uVar == null) {
                    throw null;
                }
                uVar.d = g.c.a.k2.c.k(aVar2);
                cVar.b.e = new t(new Date(j2));
                cVar.b.f = new t(new Date(j3));
                try {
                    u uVar2 = cVar.b;
                    g.c.d.a aVar3 = new g.c.d.a(buildSubject.getEncoded());
                    if (uVar2 == null) {
                        throw null;
                    }
                    uVar2.f950g = g.c.a.k2.c.k(aVar3.b());
                    try {
                        cVar.b.f951h = q.k(new j(keyPair2.getPublic().getEncoded()).p());
                        String str = keyPair.getPrivate() instanceof RSAPrivateKey ? "SHA256WithRSAEncryption" : "SHA256withECDSA";
                        cVar.e = str;
                        try {
                            n c2 = b.c(str);
                            cVar.f1052c = c2;
                            if (b.f1051c.contains(c2)) {
                                aVar = new g.c.a.l2.a(c2);
                            } else {
                                String g2 = d.g(str);
                                aVar = b.b.containsKey(g2) ? new g.c.a.l2.a(c2, (e) b.b.get(g2)) : new g.c.a.l2.a(c2, x0.R);
                            }
                            cVar.d = aVar;
                            cVar.b.f949c = aVar;
                            int i2 = this.maxIntermediateCas;
                            if (i2 != -1) {
                                cVar.a(w.U, true, new g.c.a.l2.b(i2));
                            }
                            if (!this.altNames.isEmpty()) {
                                e[] eVarArr = new e[this.altNames.size()];
                                int size = this.altNames.size();
                                for (int i3 = 0; i3 < size; i3++) {
                                    String str2 = this.altNames.get(i3);
                                    eVarArr[i3] = new l(Util.verifyAsIpAddress(str2) ? 7 : 2, str2);
                                }
                                cVar.a(w.T, true, new d1(eVarArr));
                            }
                            try {
                                return new HeldCertificate(keyPair2, cVar.d(keyPair.getPrivate()));
                            } catch (GeneralSecurityException e) {
                                throw new AssertionError(e);
                            }
                        } catch (Exception unused) {
                            throw new IllegalArgumentException(j.c.a.a.a.s("Unknown signature type requested: ", str));
                        }
                    } catch (Exception e2) {
                        StringBuilder L = j.c.a.a.a.L("unable to process key - ");
                        L.append(e2.toString());
                        throw new IllegalArgumentException(L.toString());
                    }
                } catch (IOException e3) {
                    throw new IllegalArgumentException(j.c.a.a.a.q("can't process principal: ", e3));
                }
            } catch (IOException e4) {
                throw new IllegalArgumentException(j.c.a.a.a.q("can't process principal: ", e4));
            }
        }

        public Builder certificateAuthority(int i2) {
            if (i2 < 0) {
                throw new IllegalArgumentException(j.c.a.a.a.l("maxIntermediateCas < 0: ", i2));
            }
            this.maxIntermediateCas = i2;
            return this;
        }

        public Builder commonName(String str) {
            this.cn = str;
            return this;
        }

        public Builder duration(long j2, TimeUnit timeUnit) {
            long currentTimeMillis = System.currentTimeMillis();
            return validityInterval(currentTimeMillis, timeUnit.toMillis(j2) + currentTimeMillis);
        }

        public Builder ecdsa256() {
            this.keyAlgorithm = "EC";
            this.keySize = 256;
            return this;
        }

        public Builder keyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
            return this;
        }

        public Builder keyPair(PublicKey publicKey, PrivateKey privateKey) {
            return keyPair(new KeyPair(publicKey, privateKey));
        }

        public Builder organizationalUnit(String str) {
            this.ou = str;
            return this;
        }

        public Builder rsa2048() {
            this.keyAlgorithm = "RSA";
            this.keySize = 2048;
            return this;
        }

        public Builder serialNumber(long j2) {
            return serialNumber(BigInteger.valueOf(j2));
        }

        public Builder serialNumber(BigInteger bigInteger) {
            this.serialNumber = bigInteger;
            return this;
        }

        public Builder signedBy(HeldCertificate heldCertificate) {
            this.signedBy = heldCertificate;
            return this;
        }

        public Builder validityInterval(long j2, long j3) {
            if (j2 <= j3) {
                if ((j2 == -1) == (j3 == -1)) {
                    this.notBefore = j2;
                    this.notAfter = j3;
                    return this;
                }
            }
            throw new IllegalArgumentException("invalid interval: " + j2 + ".." + j3);
        }
    }

    public HeldCertificate(KeyPair keyPair, X509Certificate x509Certificate) {
        if (keyPair == null) {
            throw new NullPointerException("keyPair == null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("certificate == null");
        }
        this.certificate = x509Certificate;
        this.keyPair = keyPair;
    }

    private void encodeBase64Lines(StringBuilder sb, h hVar) {
        String b = hVar.b();
        int i2 = 0;
        while (i2 < b.length()) {
            int i3 = i2 + 64;
            sb.append((CharSequence) b, i2, Math.min(i3, b.length()));
            sb.append('\n');
            i2 = i3;
        }
    }

    private h pkcs1Bytes() {
        try {
            return h.s(g.c.a.i2.c.k(this.keyPair.getPrivate().getEncoded()).m().b().g());
        } catch (IOException e) {
            throw new AssertionError(e);
        }
    }

    public X509Certificate certificate() {
        return this.certificate;
    }

    public String certificatePem() {
        try {
            StringBuilder sb = new StringBuilder();
            sb.append("-----BEGIN CERTIFICATE-----\n");
            encodeBase64Lines(sb, h.s(this.certificate.getEncoded()));
            sb.append("-----END CERTIFICATE-----\n");
            return sb.toString();
        } catch (CertificateEncodingException e) {
            throw new AssertionError(e);
        }
    }

    public KeyPair keyPair() {
        return this.keyPair;
    }

    public String privateKeyPkcs1Pem() {
        if (!(this.keyPair.getPrivate() instanceof RSAPrivateKey)) {
            throw new IllegalStateException("PKCS1 only supports RSA keys");
        }
        StringBuilder L = j.c.a.a.a.L("-----BEGIN RSA PRIVATE KEY-----\n");
        encodeBase64Lines(L, pkcs1Bytes());
        L.append("-----END RSA PRIVATE KEY-----\n");
        return L.toString();
    }

    public String privateKeyPkcs8Pem() {
        StringBuilder L = j.c.a.a.a.L("-----BEGIN PRIVATE KEY-----\n");
        encodeBase64Lines(L, h.s(this.keyPair.getPrivate().getEncoded()));
        L.append("-----END PRIVATE KEY-----\n");
        return L.toString();
    }
}
