package com.unboundid.ldap.listener;

import bu.b;
import com.microsoft.identity.common.internal.platform.DevicePopManager;
import com.unboundid.ldap.sdk.DN;
import com.unboundid.ldap.sdk.LDAPConnectionOptions;
import com.unboundid.ldap.sdk.NameResolver;
import com.unboundid.ldap.sdk.RDN;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Base64;
import com.unboundid.util.Debug;
import com.unboundid.util.ObjectPair;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.ssl.cert.CertException;
import com.unboundid.util.ssl.cert.ManageCertificates;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.net.InetAddress;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Set;

/* compiled from: ProGuard */
@ThreadSafety(level = ThreadSafetyLevel.NOT_THREADSAFE)
/* loaded from: classes5.dex */
public final class SelfSignedCertificateGenerator {
    private SelfSignedCertificateGenerator() {
    }

    public static void generateSelfSignedCertificate(String str, File file, String str2, String str3, String str4) throws CertException {
        NameResolver nameResolver = LDAPConnectionOptions.DEFAULT_NAME_RESOLVER;
        Set<InetAddress> allLocalAddresses = StaticUtils.getAllLocalAddresses(nameResolver);
        Set<String> availableCanonicalHostNames = StaticUtils.getAvailableCanonicalHostNames(nameResolver, allLocalAddresses);
        DN dn2 = allLocalAddresses.isEmpty() ? new DN(new RDN("CN", str)) : new DN(new RDN("CN", nameResolver.getCanonicalHostName(allLocalAddresses.iterator().next())), new RDN("OU", str));
        String format = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date(System.currentTimeMillis() - 86400000));
        ArrayList arrayList = new ArrayList(30);
        arrayList.add("generate-self-signed-certificate");
        arrayList.add("--keystore");
        arrayList.add(file.getAbsolutePath());
        arrayList.add("--keystore-password");
        arrayList.add(str2);
        arrayList.add("--keystore-type");
        arrayList.add(str3);
        arrayList.add("--alias");
        arrayList.add(str4);
        arrayList.add("--subject-dn");
        arrayList.add(dn2.toString());
        arrayList.add("--days-valid");
        arrayList.add("3650");
        arrayList.add("--validityStartTime");
        arrayList.add(format);
        arrayList.add("--key-algorithm");
        arrayList.add(DevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        arrayList.add("--key-size-bits");
        arrayList.add("2048");
        arrayList.add("--signature-algorithm");
        arrayList.add("SHA256withRSA");
        for (String str5 : availableCanonicalHostNames) {
            arrayList.add("--subject-alternative-name-dns");
            arrayList.add(str5);
        }
        for (InetAddress inetAddress : allLocalAddresses) {
            arrayList.add("--subject-alternative-name-ip-address");
            arrayList.add(StaticUtils.trimInterfaceNameFromHostAddress(inetAddress.getHostAddress()));
        }
        arrayList.add("--key-usage");
        arrayList.add("digitalSignature");
        arrayList.add("--key-usage");
        arrayList.add("keyEncipherment");
        arrayList.add("--extended-key-usage");
        arrayList.add("server-auth");
        arrayList.add("--extended-key-usage");
        arrayList.add("client-auth");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (ManageCertificates.main(null, byteArrayOutputStream, byteArrayOutputStream, (String[]) arrayList.toArray(StaticUtils.NO_STRINGS)) != ResultCode.SUCCESS) {
            throw new CertException(b.ERR_SELF_SIGNED_CERT_GENERATOR_ERROR_GENERATING_CERT.b(StaticUtils.toUTF8String(byteArrayOutputStream.toByteArray())));
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static ObjectPair<File, char[]> generateTemporarySelfSignedCertificate(String str, String str2) throws CertException {
        try {
            File createTempFile = File.createTempFile("temp-keystore-", ".jks");
            createTempFile.delete();
            byte[] bArr = new byte[50];
            new SecureRandom().nextBytes(bArr);
            String encode = Base64.encode(bArr);
            generateSelfSignedCertificate(str, createTempFile, encode, str2, "server-cert");
            return new ObjectPair<>(createTempFile, encode.toCharArray());
        } catch (Exception e11) {
            Debug.debugException(e11);
            throw new CertException(b.ERR_SELF_SIGNED_CERT_GENERATOR_CANNOT_CREATE_FILE.b(StaticUtils.getExceptionMessage(e11)), e11);
        }
    }
}
