package okhttp3.tls;

import com.amazon.ads.video.sis.SisConstants;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Regex;
import okhttp3.internal.Util;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;

/* loaded from: classes5.dex */
public final class HeldCertificate {
    private final X509Certificate certificate;
    private final KeyPair keyPair;

    /* loaded from: classes5.dex */
    public static final class Builder {
        private String cn;
        private String keyAlgorithm;
        private KeyPair keyPair;
        private int keySize;
        private String ou;
        private BigInteger serialNumber;
        private HeldCertificate signedBy;
        private long notBefore = -1;
        private long notAfter = -1;
        private final List<String> altNames = new ArrayList();
        private int maxIntermediateCas = -1;

        /* loaded from: classes5.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
                this();
            }
        }

        static {
            new Companion(null);
            Security.addProvider(new BouncyCastleProvider());
        }

        public Builder() {
            ecdsa256();
        }

        private final X500Principal buildSubject() {
            StringBuilder sb = new StringBuilder();
            sb.append("CN=");
            String str = this.cn;
            if (str != null) {
                sb.append(str);
            } else {
                sb.append(UUID.randomUUID());
            }
            if (this.ou != null) {
                sb.append(", OU=");
                sb.append(this.ou);
            }
            String sb2 = sb.toString();
            Intrinsics.checkExpressionValueIsNotNull(sb2, "StringBuilder().apply(builderAction).toString()");
            return new X500Principal(sb2);
        }

        private final KeyPair generateKeyPair() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.keyAlgorithm);
            keyPairGenerator.initialize(this.keySize, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "keyPairGenerator.generateKeyPair()");
            return generateKeyPair;
        }

        public final Builder addSubjectAlternativeName(String altName) {
            Intrinsics.checkParameterIsNotNull(altName, "altName");
            this.altNames.add(altName);
            return this;
        }

        public final HeldCertificate build() {
            KeyPair keyPair;
            X500Principal x500Principal;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = generateKeyPair();
            }
            X500Principal buildSubject = buildSubject();
            HeldCertificate heldCertificate = this.signedBy;
            if (heldCertificate == null) {
                keyPair = keyPair2;
                x500Principal = buildSubject;
            } else {
                if (heldCertificate == null) {
                    Intrinsics.throwNpe();
                    throw null;
                }
                keyPair = heldCertificate.keyPair();
                HeldCertificate heldCertificate2 = this.signedBy;
                if (heldCertificate2 == null) {
                    Intrinsics.throwNpe();
                    throw null;
                }
                x500Principal = heldCertificate2.certificate().getSubjectX500Principal();
                Intrinsics.checkExpressionValueIsNotNull(x500Principal, "signedBy!!.certificate.subjectX500Principal");
            }
            long j = this.notBefore;
            if (j == -1) {
                j = System.currentTimeMillis();
            }
            long j2 = this.notAfter;
            if (j2 == -1) {
                j2 = j + SisConstants.SIS_CHECKIN_INTERVAL;
            }
            BigInteger bigInteger = this.serialNumber;
            if (bigInteger == null) {
                bigInteger = BigInteger.ONE;
            }
            String str = keyPair.getPrivate() instanceof RSAPrivateKey ? "SHA256WithRSA" : "SHA256withECDSA";
            X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
            x509V3CertificateGenerator.setSerialNumber(bigInteger);
            x509V3CertificateGenerator.setIssuerDN(x500Principal);
            x509V3CertificateGenerator.setNotBefore(new Date(j));
            x509V3CertificateGenerator.setNotAfter(new Date(j2));
            x509V3CertificateGenerator.setSubjectDN(buildSubject);
            x509V3CertificateGenerator.setPublicKey(keyPair2.getPublic());
            x509V3CertificateGenerator.setSignatureAlgorithm(str);
            int i = this.maxIntermediateCas;
            if (i != -1) {
                x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(i));
            }
            if (!this.altNames.isEmpty()) {
                ASN1Encodable[] aSN1EncodableArr = new ASN1Encodable[this.altNames.size()];
                int size = this.altNames.size();
                for (int i2 = 0; i2 < size; i2++) {
                    String str2 = this.altNames.get(i2);
                    aSN1EncodableArr[i2] = new GeneralName(Util.canParseAsIpAddress(str2) ? 7 : 2, str2);
                }
                x509V3CertificateGenerator.addExtension(X509Extensions.SubjectAlternativeName, true, new DERSequence(aSN1EncodableArr));
            }
            X509Certificate certificate = x509V3CertificateGenerator.generate(keyPair.getPrivate());
            Intrinsics.checkExpressionValueIsNotNull(certificate, "certificate");
            return new HeldCertificate(keyPair2, certificate);
        }

        public final Builder commonName(String cn) {
            Intrinsics.checkParameterIsNotNull(cn, "cn");
            this.cn = cn;
            return this;
        }

        public final Builder ecdsa256() {
            this.keyAlgorithm = "EC";
            this.keySize = 256;
            return this;
        }
    }

    /* loaded from: classes5.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    static {
        new Companion(null);
        new Regex("-----BEGIN ([!-,.-~ ]*)-----([^-]*)-----END \\1-----");
    }

    public HeldCertificate(KeyPair keyPair, X509Certificate certificate) {
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(certificate, "certificate");
        this.keyPair = keyPair;
        this.certificate = certificate;
    }

    public final X509Certificate certificate() {
        return this.certificate;
    }

    public final KeyPair keyPair() {
        return this.keyPair;
    }
}
