package okhttp3.tls;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import okhttp3.internal.Util;
import org.bouncycastle.asn1.f;
import org.bouncycastle.asn1.pkcs.u;
import org.bouncycastle.asn1.t1;
import org.bouncycastle.asn1.x509.b0;
import org.bouncycastle.asn1.x509.j;
import org.bouncycastle.asn1.x509.v1;
import org.bouncycastle.jce.provider.b;
import org.bouncycastle.x509.e0;

/* loaded from: classes14.dex */
public final class HeldCertificate {
    private final X509Certificate certificate;
    private final KeyPair keyPair;

    /* loaded from: classes14.dex */
    public static final class Builder {
        private static final long DEFAULT_DURATION_MILLIS = 86400000;

        @Nullable
        private String cn;

        @Nullable
        private String keyAlgorithm;

        @Nullable
        private KeyPair keyPair;
        private int keySize;

        @Nullable
        private String ou;

        @Nullable
        private BigInteger serialNumber;

        @Nullable
        private HeldCertificate signedBy;
        private long notBefore = -1;
        private long notAfter = -1;
        private final List<String> altNames = new ArrayList();
        private int maxIntermediateCas = -1;

        static {
            Security.addProvider(new b());
        }

        public Builder() {
            ecdsa256();
        }

        private X500Principal buildSubject() {
            StringBuilder sb2 = new StringBuilder();
            if (this.cn != null) {
                sb2.append("CN=");
                sb2.append(this.cn);
            } else {
                sb2.append("CN=");
                sb2.append(UUID.randomUUID());
            }
            if (this.ou != null) {
                sb2.append(", OU=");
                sb2.append(this.ou);
            }
            return new X500Principal(sb2.toString());
        }

        private KeyPair generateKeyPair() {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyAlgorithm);
                keyPairGenerator.initialize(this.keySize, new SecureRandom());
                return keyPairGenerator.generateKeyPair();
            } catch (GeneralSecurityException e10) {
                throw new AssertionError(e10);
            }
        }

        public Builder addSubjectAlternativeName(String str) {
            Objects.requireNonNull(str, "altName == null");
            this.altNames.add(str);
            return this;
        }

        public HeldCertificate build() {
            KeyPair keyPair;
            X500Principal x500Principal;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = generateKeyPair();
            }
            X500Principal buildSubject = buildSubject();
            HeldCertificate heldCertificate = this.signedBy;
            if (heldCertificate != null) {
                keyPair = heldCertificate.keyPair;
                x500Principal = this.signedBy.certificate.getSubjectX500Principal();
            } else {
                keyPair = keyPair2;
                x500Principal = buildSubject;
            }
            long j10 = this.notBefore;
            if (j10 == -1) {
                j10 = System.currentTimeMillis();
            }
            long j11 = this.notAfter;
            if (j11 == -1) {
                j11 = j10 + 86400000;
            }
            BigInteger bigInteger = this.serialNumber;
            if (bigInteger == null) {
                bigInteger = BigInteger.ONE;
            }
            e0 e0Var = new e0();
            e0Var.z(bigInteger);
            e0Var.t(x500Principal);
            e0Var.x(new Date(j10));
            e0Var.w(new Date(j11));
            e0Var.B(buildSubject);
            e0Var.y(keyPair2.getPublic());
            e0Var.A(keyPair.getPrivate() instanceof RSAPrivateKey ? "SHA256WithRSAEncryption" : "SHA256withECDSA");
            int i10 = this.maxIntermediateCas;
            if (i10 != -1) {
                e0Var.c(v1.f28173i, true, new j(i10));
            }
            if (!this.altNames.isEmpty()) {
                f[] fVarArr = new f[this.altNames.size()];
                int size = this.altNames.size();
                for (int i11 = 0; i11 < size; i11++) {
                    String str = this.altNames.get(i11);
                    fVarArr[i11] = new b0(Util.verifyAsIpAddress(str) ? 7 : 2, str);
                }
                e0Var.c(v1.f28171g, true, new t1(fVarArr));
            }
            try {
                return new HeldCertificate(keyPair2, e0Var.n(keyPair.getPrivate()));
            } catch (GeneralSecurityException e10) {
                throw new AssertionError(e10);
            }
        }

        public Builder certificateAuthority(int i10) {
            if (i10 >= 0) {
                this.maxIntermediateCas = i10;
                return this;
            }
            throw new IllegalArgumentException("maxIntermediateCas < 0: " + i10);
        }

        public Builder commonName(String str) {
            this.cn = str;
            return this;
        }

        public Builder duration(long j10, TimeUnit timeUnit) {
            long currentTimeMillis = System.currentTimeMillis();
            return validityInterval(currentTimeMillis, timeUnit.toMillis(j10) + currentTimeMillis);
        }

        public Builder ecdsa256() {
            this.keyAlgorithm = "EC";
            this.keySize = 256;
            return this;
        }

        public Builder keyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
            return this;
        }

        public Builder keyPair(PublicKey publicKey, PrivateKey privateKey) {
            return keyPair(new KeyPair(publicKey, privateKey));
        }

        public Builder organizationalUnit(String str) {
            this.ou = str;
            return this;
        }

        public Builder rsa2048() {
            this.keyAlgorithm = "RSA";
            this.keySize = 2048;
            return this;
        }

        public Builder serialNumber(long j10) {
            return serialNumber(BigInteger.valueOf(j10));
        }

        public Builder serialNumber(BigInteger bigInteger) {
            this.serialNumber = bigInteger;
            return this;
        }

        public Builder signedBy(HeldCertificate heldCertificate) {
            this.signedBy = heldCertificate;
            return this;
        }

        public Builder validityInterval(long j10, long j11) {
            if (j10 <= j11) {
                if ((j10 == -1) == (j11 == -1)) {
                    this.notBefore = j10;
                    this.notAfter = j11;
                    return this;
                }
            }
            throw new IllegalArgumentException("invalid interval: " + j10 + ".." + j11);
        }
    }

    public HeldCertificate(KeyPair keyPair, X509Certificate x509Certificate) {
        Objects.requireNonNull(keyPair, "keyPair == null");
        Objects.requireNonNull(x509Certificate, "certificate == null");
        this.certificate = x509Certificate;
        this.keyPair = keyPair;
    }

    private void encodeBase64Lines(StringBuilder sb2, okio.f fVar) {
        String b10 = fVar.b();
        int i10 = 0;
        while (i10 < b10.length()) {
            int i11 = i10 + 64;
            sb2.append((CharSequence) b10, i10, Math.min(i11, b10.length()));
            sb2.append('\n');
            i10 = i11;
        }
    }

    private okio.f pkcs1Bytes() {
        try {
            return okio.f.l0(u.m(this.keyPair.getPrivate().getEncoded()).r().f().getEncoded());
        } catch (IOException e10) {
            throw new AssertionError(e10);
        }
    }

    public X509Certificate certificate() {
        return this.certificate;
    }

    public String certificatePem() {
        try {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("-----BEGIN CERTIFICATE-----\n");
            encodeBase64Lines(sb2, okio.f.l0(this.certificate.getEncoded()));
            sb2.append("-----END CERTIFICATE-----\n");
            return sb2.toString();
        } catch (CertificateEncodingException e10) {
            throw new AssertionError(e10);
        }
    }

    public KeyPair keyPair() {
        return this.keyPair;
    }

    public String privateKeyPkcs1Pem() {
        if (!(this.keyPair.getPrivate() instanceof RSAPrivateKey)) {
            throw new IllegalStateException("PKCS1 only supports RSA keys");
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append("-----BEGIN RSA PRIVATE KEY-----\n");
        encodeBase64Lines(sb2, pkcs1Bytes());
        sb2.append("-----END RSA PRIVATE KEY-----\n");
        return sb2.toString();
    }

    public String privateKeyPkcs8Pem() {
        StringBuilder sb2 = new StringBuilder();
        sb2.append("-----BEGIN PRIVATE KEY-----\n");
        encodeBase64Lines(sb2, okio.f.l0(this.keyPair.getPrivate().getEncoded()));
        sb2.append("-----END PRIVATE KEY-----\n");
        return sb2.toString();
    }
}
