package okhttp3.tls;

import androidx.appcompat.app.a0;
import androidx.appcompat.widget.p0;
import com.yospace.util.YoLog;
import f70.c;
import f80.d;
import h70.a;
import h70.b;
import h70.q;
import h70.t;
import h70.u;
import h70.w;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import okhttp3.internal.Util;
import okio.ByteString;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import u60.a1;
import u60.e;
import u60.h;
import u60.i;
import u60.l;
import u60.p;
import u60.u0;

/* loaded from: classes3.dex */
public final class HeldCertificate {
    private final X509Certificate certificate;
    private final KeyPair keyPair;

    /* loaded from: classes3.dex */
    public static final class Builder {
        private static final long DEFAULT_DURATION_MILLIS = 86400000;

        /* renamed from: cn, reason: collision with root package name */
        @Nullable
        private String f31359cn;

        @Nullable
        private String keyAlgorithm;

        @Nullable
        private KeyPair keyPair;
        private int keySize;

        /* renamed from: ou, reason: collision with root package name */
        @Nullable
        private String f31360ou;

        @Nullable
        private BigInteger serialNumber;

        @Nullable
        private HeldCertificate signedBy;
        private long notBefore = -1;
        private long notAfter = -1;
        private final List<String> altNames = new ArrayList();
        private int maxIntermediateCas = -1;

        static {
            Security.addProvider(new BouncyCastleProvider());
        }

        public Builder() {
            ecdsa256();
        }

        private X500Principal buildSubject() {
            StringBuilder sb2 = new StringBuilder();
            if (this.f31359cn != null) {
                sb2.append("CN=");
                sb2.append(this.f31359cn);
            } else {
                sb2.append("CN=");
                sb2.append(UUID.randomUUID());
            }
            if (this.f31360ou != null) {
                sb2.append(", OU=");
                sb2.append(this.f31360ou);
            }
            return new X500Principal(sb2.toString());
        }

        private KeyPair generateKeyPair() {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyAlgorithm);
                keyPairGenerator.initialize(this.keySize, new SecureRandom());
                return keyPairGenerator.generateKeyPair();
            } catch (GeneralSecurityException e5) {
                throw new AssertionError(e5);
            }
        }

        public Builder addSubjectAlternativeName(String str) {
            if (str == null) {
                throw new NullPointerException("altName == null");
            }
            this.altNames.add(str);
            return this;
        }

        public HeldCertificate build() {
            KeyPair keyPair;
            X500Principal x500Principal;
            a aVar;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = generateKeyPair();
            }
            X500Principal buildSubject = buildSubject();
            HeldCertificate heldCertificate = this.signedBy;
            if (heldCertificate != null) {
                keyPair = heldCertificate.keyPair;
                x500Principal = this.signedBy.certificate.getSubjectX500Principal();
            } else {
                keyPair = keyPair2;
                x500Principal = buildSubject;
            }
            long j11 = this.notBefore;
            if (j11 == -1) {
                j11 = System.currentTimeMillis();
            }
            long j12 = this.notAfter;
            if (j12 == -1) {
                j12 = j11 + DEFAULT_DURATION_MILLIS;
            }
            BigInteger bigInteger = this.serialNumber;
            if (bigInteger == null) {
                bigInteger = BigInteger.ONE;
            }
            org.bouncycastle.x509.a aVar2 = new org.bouncycastle.x509.a();
            if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
                throw new IllegalArgumentException("serial number must be a positive integer");
            }
            i iVar = new i(bigInteger);
            u uVar = aVar2.f31564b;
            uVar.f24313b = iVar;
            try {
                uVar.f24315d = c.i(new q70.a(x500Principal.getEncoded()));
                uVar.f24316e = new t(new Date(j11));
                uVar.f = new t(new Date(j12));
                try {
                    uVar.f24317g = c.i(new q70.a(buildSubject.getEncoded()).c());
                    try {
                        uVar.f24318h = q.i(new h(keyPair2.getPublic().getEncoded()).n());
                        String str = keyPair.getPrivate() instanceof RSAPrivateKey ? "SHA256WithRSAEncryption" : "SHA256withECDSA";
                        aVar2.f31567e = str;
                        try {
                            Hashtable hashtable = j80.a.f27027a;
                            String e5 = d.e(str);
                            Hashtable hashtable2 = j80.a.f27027a;
                            l lVar = hashtable2.containsKey(e5) ? (l) hashtable2.get(e5) : new l(e5);
                            aVar2.f31565c = lVar;
                            if (j80.a.f27029c.contains(lVar)) {
                                aVar = new a(lVar);
                            } else {
                                String e11 = d.e(str);
                                Hashtable hashtable3 = j80.a.f27028b;
                                aVar = hashtable3.containsKey(e11) ? new a(lVar, (e) hashtable3.get(e11)) : new a(lVar, u0.f36377a);
                            }
                            aVar2.f31566d = aVar;
                            uVar.f24314c = aVar;
                            int i11 = this.maxIntermediateCas;
                            if (i11 != -1) {
                                aVar2.a(w.f24325d, new b(i11));
                            }
                            if (!this.altNames.isEmpty()) {
                                e[] eVarArr = new e[this.altNames.size()];
                                int size = this.altNames.size();
                                for (int i12 = 0; i12 < size; i12++) {
                                    String str2 = this.altNames.get(i12);
                                    eVarArr[i12] = new h70.l(Util.verifyAsIpAddress(str2) ? 7 : 2, str2);
                                }
                                aVar2.a(w.f24324c, new a1(eVarArr));
                            }
                            try {
                                return new HeldCertificate(keyPair2, aVar2.b(keyPair.getPrivate()));
                            } catch (GeneralSecurityException e12) {
                                throw new AssertionError(e12);
                            }
                        } catch (Exception unused) {
                            throw new IllegalArgumentException("Unknown signature type requested: ".concat(str));
                        }
                    } catch (Exception e13) {
                        throw new IllegalArgumentException("unable to process key - " + e13.toString());
                    }
                } catch (IOException e14) {
                    throw new IllegalArgumentException("can't process principal: " + e14);
                }
            } catch (IOException e15) {
                throw new IllegalArgumentException("can't process principal: " + e15);
            }
        }

        public Builder certificateAuthority(int i11) {
            if (i11 < 0) {
                throw new IllegalArgumentException(p0.b("maxIntermediateCas < 0: ", i11));
            }
            this.maxIntermediateCas = i11;
            return this;
        }

        public Builder commonName(String str) {
            this.f31359cn = str;
            return this;
        }

        public Builder duration(long j11, TimeUnit timeUnit) {
            long currentTimeMillis = System.currentTimeMillis();
            return validityInterval(currentTimeMillis, timeUnit.toMillis(j11) + currentTimeMillis);
        }

        public Builder ecdsa256() {
            this.keyAlgorithm = "EC";
            this.keySize = 256;
            return this;
        }

        public Builder keyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
            return this;
        }

        public Builder keyPair(PublicKey publicKey, PrivateKey privateKey) {
            return keyPair(new KeyPair(publicKey, privateKey));
        }

        public Builder organizationalUnit(String str) {
            this.f31360ou = str;
            return this;
        }

        public Builder rsa2048() {
            this.keyAlgorithm = "RSA";
            this.keySize = YoLog.DEBUG_HTTP;
            return this;
        }

        public Builder serialNumber(long j11) {
            return serialNumber(BigInteger.valueOf(j11));
        }

        public Builder serialNumber(BigInteger bigInteger) {
            this.serialNumber = bigInteger;
            return this;
        }

        public Builder signedBy(HeldCertificate heldCertificate) {
            this.signedBy = heldCertificate;
            return this;
        }

        public Builder validityInterval(long j11, long j12) {
            if (j11 <= j12) {
                if ((j11 == -1) == (j12 == -1)) {
                    this.notBefore = j11;
                    this.notAfter = j12;
                    return this;
                }
            }
            StringBuilder e5 = a0.e("invalid interval: ", j11, "..");
            e5.append(j12);
            throw new IllegalArgumentException(e5.toString());
        }
    }

    public HeldCertificate(KeyPair keyPair, X509Certificate x509Certificate) {
        if (keyPair == null) {
            throw new NullPointerException("keyPair == null");
        }
        if (x509Certificate == null) {
            throw new NullPointerException("certificate == null");
        }
        this.certificate = x509Certificate;
        this.keyPair = keyPair;
    }

    private void encodeBase64Lines(StringBuilder sb2, ByteString byteString) {
        String a2 = byteString.a();
        int i11 = 0;
        while (i11 < a2.length()) {
            int i12 = i11 + 64;
            sb2.append((CharSequence) a2, i11, Math.min(i12, a2.length()));
            sb2.append('\n');
            i11 = i12;
        }
    }

    private ByteString pkcs1Bytes() {
        try {
            p j11 = d70.c.i(this.keyPair.getPrivate().getEncoded()).j();
            j11.getClass();
            return ByteString.p(j11.g());
        } catch (IOException e5) {
            throw new AssertionError(e5);
        }
    }

    public X509Certificate certificate() {
        return this.certificate;
    }

    public String certificatePem() {
        try {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("-----BEGIN CERTIFICATE-----\n");
            encodeBase64Lines(sb2, ByteString.p(this.certificate.getEncoded()));
            sb2.append("-----END CERTIFICATE-----\n");
            return sb2.toString();
        } catch (CertificateEncodingException e5) {
            throw new AssertionError(e5);
        }
    }

    public KeyPair keyPair() {
        return this.keyPair;
    }

    public String privateKeyPkcs1Pem() {
        if (!(this.keyPair.getPrivate() instanceof RSAPrivateKey)) {
            throw new IllegalStateException("PKCS1 only supports RSA keys");
        }
        StringBuilder e5 = a0.e.e("-----BEGIN RSA PRIVATE KEY-----\n");
        encodeBase64Lines(e5, pkcs1Bytes());
        e5.append("-----END RSA PRIVATE KEY-----\n");
        return e5.toString();
    }

    public String privateKeyPkcs8Pem() {
        StringBuilder e5 = a0.e.e("-----BEGIN PRIVATE KEY-----\n");
        encodeBase64Lines(e5, ByteString.p(this.keyPair.getPrivate().getEncoded()));
        e5.append("-----END PRIVATE KEY-----\n");
        return e5.toString();
    }
}
