package okhttp3.tls;

import com.fyber.inneractive.sdk.external.InneractiveMediationDefs;
import com.unity3d.services.store.gpbl.bridges.billingclient.common.BillingClientBuilderBridgeCommon;
import defpackage.C1654xp;
import defpackage.C1655yp;
import java.math.BigInteger;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.security.auth.x500.X500Principal;
import kotlin.Deprecated;
import kotlin.DeprecationLevel;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.ReplaceWith;
import kotlin.TuplesKt;
import kotlin.jvm.JvmName;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.MatchGroup;
import kotlin.text.MatchResult;
import kotlin.text.Regex;
import okhttp3.internal.Util;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.ObjectIdentifiers;
import okhttp3.tls.internal.der.PrivateKeyInfo;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import okio.ByteString;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(bv = {}, d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\t\u0018\u0000 \u00152\u00020\u0001:\u0002\u0016\u0015B\u0017\u0012\u0006\u0010\t\u001a\u00020\u0006\u0012\u0006\u0010\u0005\u001a\u00020\u0002¢\u0006\u0004\b\u0013\u0010\u0014J\u000f\u0010\u0005\u001a\u00020\u0002H\u0007¢\u0006\u0004\b\u0003\u0010\u0004J\u000f\u0010\t\u001a\u00020\u0006H\u0007¢\u0006\u0004\b\u0007\u0010\bJ\u0006\u0010\u000b\u001a\u00020\nJ\u0006\u0010\f\u001a\u00020\nJ\u0006\u0010\r\u001a\u00020\nJ\b\u0010\u000f\u001a\u00020\u000eH\u0002R\u0017\u0010\t\u001a\u00020\u00068\u0007¢\u0006\f\n\u0004\b\u000f\u0010\u0010\u001a\u0004\b\t\u0010\bR\u0017\u0010\u0005\u001a\u00020\u00028\u0007¢\u0006\f\n\u0004\b\u0011\u0010\u0012\u001a\u0004\b\u0005\u0010\u0004¨\u0006\u0017"}, d2 = {"Lokhttp3/tls/HeldCertificate;", "", "Ljava/security/cert/X509Certificate;", "-deprecated_certificate", "()Ljava/security/cert/X509Certificate;", "certificate", "Ljava/security/KeyPair;", "-deprecated_keyPair", "()Ljava/security/KeyPair;", "keyPair", "", "certificatePem", "privateKeyPkcs8Pem", "privateKeyPkcs1Pem", "Lokio/ByteString;", "a", "Ljava/security/KeyPair;", "b", "Ljava/security/cert/X509Certificate;", "<init>", "(Ljava/security/KeyPair;Ljava/security/cert/X509Certificate;)V", "Companion", "Builder", "okhttp-tls"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes2.dex */
public final class HeldCertificate {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    public static final Regex c = new Regex("-----BEGIN ([!-,.-~ ]*)-----([^-]*)-----END \\1-----");

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    @NotNull
    public final KeyPair keyPair;

    /* renamed from: b, reason: from kotlin metadata */
    @NotNull
    public final X509Certificate certificate;

    @Metadata(bv = {}, d1 = {"\u0000h\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\b\n\u0002\b\u0005\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0016\u0018\u0000 >2\u00020\u0001:\u0001>B\u0007¢\u0006\u0004\b<\u0010=J\u0016\u0010\u0005\u001a\u00020\u00002\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0004\u001a\u00020\u0002J\u0016\u0010\u0006\u001a\u00020\u00002\u0006\u0010\u0006\u001a\u00020\u00022\u0006\u0010\b\u001a\u00020\u0007J\u000e\u0010\u000b\u001a\u00020\u00002\u0006\u0010\n\u001a\u00020\tJ\u000e\u0010\r\u001a\u00020\u00002\u0006\u0010\f\u001a\u00020\tJ\u000e\u0010\u000f\u001a\u00020\u00002\u0006\u0010\u000e\u001a\u00020\tJ\u000e\u0010\u0011\u001a\u00020\u00002\u0006\u0010\u0011\u001a\u00020\u0010J\u000e\u0010\u0011\u001a\u00020\u00002\u0006\u0010\u0011\u001a\u00020\u0002J\u000e\u0010\u0013\u001a\u00020\u00002\u0006\u0010\u0013\u001a\u00020\u0012J\u0016\u0010\u0013\u001a\u00020\u00002\u0006\u0010\u0015\u001a\u00020\u00142\u0006\u0010\u0017\u001a\u00020\u0016J\u0010\u0010\u0019\u001a\u00020\u00002\b\u0010\u0019\u001a\u0004\u0018\u00010\u0018J\u000e\u0010\u001c\u001a\u00020\u00002\u0006\u0010\u001b\u001a\u00020\u001aJ\u0006\u0010\u001d\u001a\u00020\u0000J\u0006\u0010\u001e\u001a\u00020\u0000J\u0006\u0010\u001f\u001a\u00020\u0018J\u0014\u0010\"\u001a\u000e\u0012\n\u0012\b\u0012\u0004\u0012\u00020!0 0 H\u0002J\b\u0010$\u001a\u00020#H\u0002J\u000e\u0010'\u001a\b\u0012\u0004\u0012\u00020&0%H\u0002J\u0010\u0010*\u001a\u00020)2\u0006\u0010(\u001a\u00020\u0012H\u0002J\b\u0010+\u001a\u00020\u0012H\u0002R\u0016\u0010\u0003\u001a\u00020\u00028\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b'\u0010,R\u0016\u0010\u0004\u001a\u00020\u00028\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b+\u0010,R\u0018\u0010\r\u001a\u0004\u0018\u00010\t8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b*\u0010-R\u0018\u0010\u000f\u001a\u0004\u0018\u00010\t8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\"\u0010-R\u001a\u0010/\u001a\b\u0012\u0004\u0012\u00020\t0%8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b$\u0010.R\u0018\u0010\u0011\u001a\u0004\u0018\u00010\u00108\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b0\u00101R\u0018\u0010\u0013\u001a\u0004\u0018\u00010\u00128\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b2\u00103R\u0018\u0010\u0019\u001a\u0004\u0018\u00010\u00188\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b4\u00105R\u0016\u0010\u001b\u001a\u00020\u001a8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b6\u00107R\u0018\u00109\u001a\u0004\u0018\u00010\t8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b8\u0010-R\u0016\u0010;\u001a\u00020\u001a8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b:\u00107¨\u0006?"}, d2 = {"Lokhttp3/tls/HeldCertificate$Builder;", "", "", "notBefore", "notAfter", "validityInterval", "duration", "Ljava/util/concurrent/TimeUnit;", "unit", "", "altName", "addSubjectAlternativeName", "cn", "commonName", "ou", "organizationalUnit", "Ljava/math/BigInteger;", "serialNumber", "Ljava/security/KeyPair;", "keyPair", "Ljava/security/PublicKey;", "publicKey", "Ljava/security/PrivateKey;", "privateKey", "Lokhttp3/tls/HeldCertificate;", "signedBy", "", "maxIntermediateCas", "certificateAuthority", "ecdsa256", "rsa2048", BillingClientBuilderBridgeCommon.buildMethodName, "", "Lokhttp3/tls/internal/der/AttributeTypeAndValue;", "d", "Lokhttp3/tls/internal/der/Validity;", "e", "", "Lokhttp3/tls/internal/der/Extension;", "a", "signedByKeyPair", "Lokhttp3/tls/internal/der/AlgorithmIdentifier;", "c", "b", "J", "Ljava/lang/String;", "Ljava/util/List;", "altNames", InneractiveMediationDefs.GENDER_FEMALE, "Ljava/math/BigInteger;", "g", "Ljava/security/KeyPair;", "h", "Lokhttp3/tls/HeldCertificate;", "i", "I", "j", "keyAlgorithm", "k", "keySize", "<init>", "()V", "Companion", "okhttp-tls"}, k = 1, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public static final class Builder {

        /* renamed from: c, reason: from kotlin metadata */
        public String commonName;

        /* renamed from: d, reason: from kotlin metadata */
        public String organizationalUnit;

        /* renamed from: f, reason: from kotlin metadata */
        public BigInteger serialNumber;

        /* renamed from: g, reason: from kotlin metadata */
        public KeyPair keyPair;

        /* renamed from: h, reason: from kotlin metadata */
        public HeldCertificate signedBy;

        /* renamed from: j, reason: from kotlin metadata */
        public String keyAlgorithm;

        /* renamed from: k, reason: from kotlin metadata */
        public int keySize;

        /* renamed from: a, reason: collision with root package name and from kotlin metadata */
        public long notBefore = -1;

        /* renamed from: b, reason: from kotlin metadata */
        public long notAfter = -1;

        /* renamed from: e, reason: from kotlin metadata */
        public final List<String> altNames = new ArrayList();

        /* renamed from: i, reason: from kotlin metadata */
        public int maxIntermediateCas = -1;

        public Builder() {
            ecdsa256();
        }

        public final List<Extension> a() {
            Pair pair;
            ArrayList arrayList = new ArrayList();
            int i = this.maxIntermediateCas;
            if (i != -1) {
                arrayList.add(new Extension(ObjectIdentifiers.basicConstraints, true, new BasicConstraints(true, Long.valueOf(i))));
            }
            if (!this.altNames.isEmpty()) {
                List<String> list = this.altNames;
                ArrayList arrayList2 = new ArrayList(C1655yp.collectionSizeOrDefault(list, 10));
                for (String str : list) {
                    if (Util.canParseAsIpAddress(str)) {
                        BasicDerAdapter<ByteString> generalNameIpAddress$okhttp_tls = CertificateAdapters.INSTANCE.getGeneralNameIpAddress$okhttp_tls();
                        ByteString.Companion companion = ByteString.INSTANCE;
                        InetAddress byName = InetAddress.getByName(str);
                        Intrinsics.checkNotNullExpressionValue(byName, "InetAddress.getByName(it)");
                        byte[] address = byName.getAddress();
                        Intrinsics.checkNotNullExpressionValue(address, "InetAddress.getByName(it).address");
                        pair = TuplesKt.to(generalNameIpAddress$okhttp_tls, ByteString.Companion.of$default(companion, address, 0, 0, 3, null));
                    } else {
                        pair = TuplesKt.to(CertificateAdapters.INSTANCE.getGeneralNameDnsName$okhttp_tls(), str);
                    }
                    arrayList2.add(pair);
                }
                arrayList.add(new Extension(ObjectIdentifiers.subjectAlternativeName, true, arrayList2));
            }
            return arrayList;
        }

        @NotNull
        public final Builder addSubjectAlternativeName(@NotNull String altName) {
            Intrinsics.checkNotNullParameter(altName, "altName");
            this.altNames.add(altName);
            return this;
        }

        public final KeyPair b() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyAlgorithm);
            keyPairGenerator.initialize(this.keySize, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkNotNullExpressionValue(generateKeyPair, "KeyPairGenerator.getInst…generateKeyPair()\n      }");
            return generateKeyPair;
        }

        @NotNull
        public final HeldCertificate build() {
            KeyPair keyPair;
            List<List<AttributeTypeAndValue>> list;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = b();
            }
            CertificateAdapters certificateAdapters = CertificateAdapters.INSTANCE;
            BasicDerAdapter<SubjectPublicKeyInfo> subjectPublicKeyInfo$okhttp_tls = certificateAdapters.getSubjectPublicKeyInfo$okhttp_tls();
            ByteString.Companion companion = ByteString.INSTANCE;
            PublicKey publicKey = keyPair2.getPublic();
            Intrinsics.checkNotNullExpressionValue(publicKey, "subjectKeyPair.public");
            byte[] encoded = publicKey.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "subjectKeyPair.public.encoded");
            SubjectPublicKeyInfo fromDer = subjectPublicKeyInfo$okhttp_tls.fromDer(ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null));
            List<List<AttributeTypeAndValue>> d = d();
            HeldCertificate heldCertificate = this.signedBy;
            if (heldCertificate != null) {
                Intrinsics.checkNotNull(heldCertificate);
                keyPair = heldCertificate.keyPair();
                BasicDerAdapter<List<List<AttributeTypeAndValue>>> rdnSequence$okhttp_tls = certificateAdapters.getRdnSequence$okhttp_tls();
                HeldCertificate heldCertificate2 = this.signedBy;
                Intrinsics.checkNotNull(heldCertificate2);
                X500Principal subjectX500Principal = heldCertificate2.certificate().getSubjectX500Principal();
                Intrinsics.checkNotNullExpressionValue(subjectX500Principal, "signedBy!!.certificate.subjectX500Principal");
                byte[] encoded2 = subjectX500Principal.getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded2, "signedBy!!.certificate.s…jectX500Principal.encoded");
                list = rdnSequence$okhttp_tls.fromDer(ByteString.Companion.of$default(companion, encoded2, 0, 0, 3, null));
            } else {
                keyPair = keyPair2;
                list = d;
            }
            AlgorithmIdentifier c = c(keyPair);
            BigInteger bigInteger = this.serialNumber;
            if (bigInteger == null) {
                bigInteger = BigInteger.ONE;
            }
            BigInteger bigInteger2 = bigInteger;
            Intrinsics.checkNotNullExpressionValue(bigInteger2, "serialNumber ?: BigInteger.ONE");
            TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger2, c, list, e(), d, fromDer, null, null, a());
            Signature signature = Signature.getInstance(tbsCertificate.getSignatureAlgorithmName());
            signature.initSign(keyPair.getPrivate());
            signature.update(certificateAdapters.getTbsCertificate$okhttp_tls().toDer(tbsCertificate).toByteArray());
            byte[] sign = signature.sign();
            Intrinsics.checkNotNullExpressionValue(sign, "sign()");
            return new HeldCertificate(keyPair2, new Certificate(tbsCertificate, c, new BitString(ByteString.Companion.of$default(companion, sign, 0, 0, 3, null), 0)).toX509Certificate());
        }

        public final AlgorithmIdentifier c(KeyPair signedByKeyPair) {
            return signedByKeyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier(ObjectIdentifiers.sha256WithRSAEncryption, null) : new AlgorithmIdentifier(ObjectIdentifiers.sha256withEcdsa, ByteString.EMPTY);
        }

        @NotNull
        public final Builder certificateAuthority(int maxIntermediateCas) {
            if (maxIntermediateCas >= 0) {
                this.maxIntermediateCas = maxIntermediateCas;
                return this;
            }
            throw new IllegalArgumentException(("maxIntermediateCas < 0: " + maxIntermediateCas).toString());
        }

        @NotNull
        public final Builder commonName(@NotNull String cn) {
            Intrinsics.checkNotNullParameter(cn, "cn");
            this.commonName = cn;
            return this;
        }

        public final List<List<AttributeTypeAndValue>> d() {
            ArrayList arrayList = new ArrayList();
            String str = this.organizationalUnit;
            if (str != null) {
                arrayList.add(C1654xp.listOf(new AttributeTypeAndValue(ObjectIdentifiers.organizationalUnitName, str)));
            }
            String str2 = this.commonName;
            if (str2 == null) {
                str2 = UUID.randomUUID().toString();
                Intrinsics.checkNotNullExpressionValue(str2, "UUID.randomUUID().toString()");
            }
            arrayList.add(C1654xp.listOf(new AttributeTypeAndValue(ObjectIdentifiers.commonName, str2)));
            return arrayList;
        }

        @NotNull
        public final Builder duration(long duration, @NotNull TimeUnit unit) {
            Intrinsics.checkNotNullParameter(unit, "unit");
            long currentTimeMillis = System.currentTimeMillis();
            validityInterval(currentTimeMillis, unit.toMillis(duration) + currentTimeMillis);
            return this;
        }

        public final Validity e() {
            long j = this.notBefore;
            if (j == -1) {
                j = System.currentTimeMillis();
            }
            long j2 = this.notAfter;
            if (j2 == -1) {
                j2 = j + 86400000;
            }
            return new Validity(j, j2);
        }

        @NotNull
        public final Builder ecdsa256() {
            this.keyAlgorithm = "EC";
            this.keySize = 256;
            return this;
        }

        @NotNull
        public final Builder keyPair(@NotNull KeyPair keyPair) {
            Intrinsics.checkNotNullParameter(keyPair, "keyPair");
            this.keyPair = keyPair;
            return this;
        }

        @NotNull
        public final Builder keyPair(@NotNull PublicKey publicKey, @NotNull PrivateKey privateKey) {
            Intrinsics.checkNotNullParameter(publicKey, "publicKey");
            Intrinsics.checkNotNullParameter(privateKey, "privateKey");
            keyPair(new KeyPair(publicKey, privateKey));
            return this;
        }

        @NotNull
        public final Builder organizationalUnit(@NotNull String ou) {
            Intrinsics.checkNotNullParameter(ou, "ou");
            this.organizationalUnit = ou;
            return this;
        }

        @NotNull
        public final Builder rsa2048() {
            this.keyAlgorithm = "RSA";
            this.keySize = 2048;
            return this;
        }

        @NotNull
        public final Builder serialNumber(long serialNumber) {
            BigInteger valueOf = BigInteger.valueOf(serialNumber);
            Intrinsics.checkNotNullExpressionValue(valueOf, "BigInteger.valueOf(serialNumber)");
            serialNumber(valueOf);
            return this;
        }

        @NotNull
        public final Builder serialNumber(@NotNull BigInteger serialNumber) {
            Intrinsics.checkNotNullParameter(serialNumber, "serialNumber");
            this.serialNumber = serialNumber;
            return this;
        }

        @NotNull
        public final Builder signedBy(@Nullable HeldCertificate signedBy) {
            this.signedBy = signedBy;
            return this;
        }

        /* JADX WARN: Code restructure failed: missing block: B:9:0x0016, code lost:
        
            if ((r6 == -1) == (r8 == -1)) goto L15;
         */
        @org.jetbrains.annotations.NotNull
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final okhttp3.tls.HeldCertificate.Builder validityInterval(long r6, long r8) {
            /*
                r5 = this;
                int r0 = (r6 > r8 ? 1 : (r6 == r8 ? 0 : -1))
                r1 = 1
                r2 = 0
                if (r0 > 0) goto L19
                r3 = -1
                int r0 = (r6 > r3 ? 1 : (r6 == r3 ? 0 : -1))
                if (r0 != 0) goto Le
                r0 = r1
                goto Lf
            Le:
                r0 = r2
            Lf:
                int r3 = (r8 > r3 ? 1 : (r8 == r3 ? 0 : -1))
                if (r3 != 0) goto L15
                r3 = r1
                goto L16
            L15:
                r3 = r2
            L16:
                if (r0 != r3) goto L19
                goto L1a
            L19:
                r1 = r2
            L1a:
                if (r1 == 0) goto L21
                r5.notBefore = r6
                r5.notAfter = r8
                return r5
            L21:
                java.lang.StringBuilder r0 = new java.lang.StringBuilder
                r0.<init>()
                java.lang.String r1 = "invalid interval: "
                r0.append(r1)
                r0.append(r6)
                java.lang.String r6 = ".."
                r0.append(r6)
                r0.append(r8)
                java.lang.String r6 = r0.toString()
                java.lang.IllegalArgumentException r7 = new java.lang.IllegalArgumentException
                java.lang.String r6 = r6.toString()
                r7.<init>(r6)
                throw r7
            */
            throw new UnsupportedOperationException("Method not decompiled: okhttp3.tls.HeldCertificate.Builder.validityInterval(long, long):okhttp3.tls.HeldCertificate$Builder");
        }
    }

    @Metadata(bv = {}, d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0011\u0010\u0012J\u0010\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0007J\u0018\u0010\b\u001a\u00020\u00042\u0006\u0010\u0006\u001a\u00020\u00022\u0006\u0010\u0007\u001a\u00020\u0002H\u0002J\u0018\u0010\r\u001a\u00020\f2\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\u000b\u001a\u00020\u0002H\u0002R\u0014\u0010\u000f\u001a\u00020\u000e8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u000f\u0010\u0010¨\u0006\u0013"}, d2 = {"Lokhttp3/tls/HeldCertificate$Companion;", "", "", "certificateAndPrivateKeyPem", "Lokhttp3/tls/HeldCertificate;", "decode", "certificatePem", "pkcs8Base64Text", "a", "Lokio/ByteString;", "data", "keyAlgorithm", "Ljava/security/PrivateKey;", "b", "Lkotlin/text/Regex;", "PEM_REGEX", "Lkotlin/text/Regex;", "<init>", "()V", "okhttp-tls"}, k = 1, mv = {1, 4, 0})
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final HeldCertificate a(String certificatePem, String pkcs8Base64Text) {
            String str;
            X509Certificate decodeCertificatePem = Certificates.decodeCertificatePem(certificatePem);
            ByteString decodeBase64 = ByteString.INSTANCE.decodeBase64(pkcs8Base64Text);
            if (decodeBase64 == null) {
                throw new IllegalArgumentException("failed to decode private key");
            }
            PublicKey publicKey = decodeCertificatePem.getPublicKey();
            if (publicKey instanceof ECPublicKey) {
                str = "EC";
            } else {
                if (!(publicKey instanceof RSAPublicKey)) {
                    throw new IllegalArgumentException("unexpected key type: " + decodeCertificatePem.getPublicKey());
                }
                str = "RSA";
            }
            return new HeldCertificate(new KeyPair(decodeCertificatePem.getPublicKey(), b(decodeBase64, str)), decodeCertificatePem);
        }

        public final PrivateKey b(ByteString data, String keyAlgorithm) {
            try {
                PrivateKey generatePrivate = KeyFactory.getInstance(keyAlgorithm).generatePrivate(new PKCS8EncodedKeySpec(data.toByteArray()));
                Intrinsics.checkNotNullExpressionValue(generatePrivate, "keyFactory.generatePriva…Spec(data.toByteArray()))");
                return generatePrivate;
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("failed to decode private key", e);
            }
        }

        @JvmStatic
        @NotNull
        public final HeldCertificate decode(@NotNull String certificateAndPrivateKeyPem) {
            String value;
            Intrinsics.checkNotNullParameter(certificateAndPrivateKeyPem, "certificateAndPrivateKeyPem");
            String str = null;
            Iterator it = Regex.findAll$default(HeldCertificate.c, certificateAndPrivateKeyPem, 0, 2, null).iterator();
            String str2 = null;
            while (true) {
                if (!it.hasNext()) {
                    if (!(str != null)) {
                        throw new IllegalArgumentException("string does not include a certificate".toString());
                    }
                    if (str2 != null) {
                        return a(str, str2);
                    }
                    throw new IllegalArgumentException("string does not include a private key".toString());
                }
                MatchResult matchResult = (MatchResult) it.next();
                MatchGroup matchGroup = matchResult.getGroups().get(1);
                Intrinsics.checkNotNull(matchGroup);
                value = matchGroup.getValue();
                int hashCode = value.hashCode();
                if (hashCode == -189606537) {
                    if (!value.equals("CERTIFICATE")) {
                        break;
                    }
                    if (!(str == null)) {
                        throw new IllegalArgumentException("string includes multiple certificates".toString());
                    }
                    MatchGroup matchGroup2 = matchResult.getGroups().get(0);
                    Intrinsics.checkNotNull(matchGroup2);
                    str = matchGroup2.getValue();
                } else {
                    if (hashCode != -170985982 || !value.equals("PRIVATE KEY")) {
                        break;
                    }
                    if (!(str2 == null)) {
                        throw new IllegalArgumentException("string includes multiple private keys".toString());
                    }
                    MatchGroup matchGroup3 = matchResult.getGroups().get(2);
                    Intrinsics.checkNotNull(matchGroup3);
                    str2 = matchGroup3.getValue();
                }
            }
            throw new IllegalArgumentException("unexpected type: " + value);
        }
    }

    public HeldCertificate(@NotNull KeyPair keyPair, @NotNull X509Certificate certificate) {
        Intrinsics.checkNotNullParameter(keyPair, "keyPair");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        this.keyPair = keyPair;
        this.certificate = certificate;
    }

    @JvmStatic
    @NotNull
    public static final HeldCertificate decode(@NotNull String str) {
        return INSTANCE.decode(str);
    }

    @Deprecated(level = DeprecationLevel.ERROR, message = "moved to val", replaceWith = @ReplaceWith(expression = "certificate", imports = {}))
    @JvmName(name = "-deprecated_certificate")
    @NotNull
    /* renamed from: -deprecated_certificate, reason: not valid java name and from getter */
    public final X509Certificate getCertificate() {
        return this.certificate;
    }

    @Deprecated(level = DeprecationLevel.ERROR, message = "moved to val", replaceWith = @ReplaceWith(expression = "keyPair", imports = {}))
    @JvmName(name = "-deprecated_keyPair")
    @NotNull
    /* renamed from: -deprecated_keyPair, reason: not valid java name and from getter */
    public final KeyPair getKeyPair() {
        return this.keyPair;
    }

    public final ByteString a() {
        BasicDerAdapter<PrivateKeyInfo> privateKeyInfo$okhttp_tls = CertificateAdapters.INSTANCE.getPrivateKeyInfo$okhttp_tls();
        ByteString.Companion companion = ByteString.INSTANCE;
        PrivateKey privateKey = this.keyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "keyPair.private");
        byte[] encoded = privateKey.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "keyPair.private.encoded");
        return privateKeyInfo$okhttp_tls.fromDer(ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null)).getPrivateKey();
    }

    @JvmName(name = "certificate")
    @NotNull
    public final X509Certificate certificate() {
        return this.certificate;
    }

    @NotNull
    public final String certificatePem() {
        return Certificates.certificatePem(this.certificate);
    }

    @JvmName(name = "keyPair")
    @NotNull
    public final KeyPair keyPair() {
        return this.keyPair;
    }

    @NotNull
    public final String privateKeyPkcs1Pem() {
        if (!(this.keyPair.getPrivate() instanceof RSAPrivateKey)) {
            throw new IllegalStateException("PKCS1 only supports RSA keys".toString());
        }
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN RSA PRIVATE KEY-----\n");
        Certificates.encodeBase64Lines(sb, a());
        sb.append("-----END RSA PRIVATE KEY-----\n");
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()");
        return sb2;
    }

    @NotNull
    public final String privateKeyPkcs8Pem() {
        StringBuilder sb = new StringBuilder();
        sb.append("-----BEGIN PRIVATE KEY-----\n");
        ByteString.Companion companion = ByteString.INSTANCE;
        PrivateKey privateKey = this.keyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "keyPair.private");
        byte[] encoded = privateKey.getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "keyPair.private.encoded");
        Certificates.encodeBase64Lines(sb, ByteString.Companion.of$default(companion, encoded, 0, 0, 3, null));
        sb.append("-----END PRIVATE KEY-----\n");
        String sb2 = sb.toString();
        Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()");
        return sb2;
    }
}
