package okhttp3.internal.tls;

import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import okhttp3.internal.Util;
import org.a.a.bh;
import org.a.a.d;
import org.a.a.i;
import org.a.a.i.f;
import org.a.a.i.h;
import org.a.a.i.m;
import org.a.a.j;
import org.a.c.b.a;
import org.a.e.b;
import org.a.e.c;

/* loaded from: classes2.dex */
public final class HeldCertificate {
    public final X509Certificate certificate;
    public final KeyPair keyPair;

    /* loaded from: classes2.dex */
    public static final class Builder {
        private String hostname;
        private HeldCertificate issuedBy;
        private KeyPair keyPair;
        private int maxIntermediateCas;
        private final long duration = 86400000;
        private List<String> altNames = new ArrayList();
        private String serialNumber = "1";

        static {
            Security.addProvider(new a());
        }

        public final HeldCertificate build() throws GeneralSecurityException {
            KeyPair keyPair;
            X500Principal x500Principal;
            KeyPair generateKeyPair = this.keyPair != null ? this.keyPair : generateKeyPair();
            X500Principal x500Principal2 = this.hostname != null ? new X500Principal("CN=" + this.hostname) : new X500Principal("CN=" + UUID.randomUUID());
            if (this.issuedBy != null) {
                keyPair = this.issuedBy.keyPair;
                x500Principal = this.issuedBy.certificate.getSubjectX500Principal();
            } else {
                keyPair = generateKeyPair;
                x500Principal = x500Principal2;
            }
            long currentTimeMillis = System.currentTimeMillis();
            c cVar = new c();
            BigInteger bigInteger = new BigInteger(this.serialNumber);
            if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
                throw new IllegalArgumentException("serial number must be a positive integer");
            }
            cVar.f12978a.f12917b = new j(bigInteger);
            try {
                cVar.f12978a.d = org.a.a.h.c.a(new org.a.c.a(x500Principal.getEncoded()));
                cVar.f12978a.e = new org.a.a.i.j(new Date(currentTimeMillis));
                cVar.f12978a.f = new org.a.a.i.j(new Date(currentTimeMillis + 86400000));
                try {
                    cVar.f12978a.g = org.a.a.h.c.a(new org.a.c.a(x500Principal2.getEncoded()).s_());
                    try {
                        cVar.f12978a.h = h.a(new i(generateKeyPair.getPublic().getEncoded()).a());
                        cVar.d = "SHA256WithRSAEncryption";
                        try {
                            cVar.f12979b = b.a("SHA256WithRSAEncryption");
                            cVar.f12980c = b.a(cVar.f12979b, "SHA256WithRSAEncryption");
                            cVar.f12978a.f12918c = cVar.f12980c;
                            if (this.maxIntermediateCas > 0) {
                                cVar.a(m.g, new org.a.a.i.b(this.maxIntermediateCas));
                            }
                            if (!this.altNames.isEmpty()) {
                                d[] dVarArr = new d[this.altNames.size()];
                                int size = this.altNames.size();
                                for (int i = 0; i < size; i++) {
                                    String str = this.altNames.get(i);
                                    dVarArr[i] = new f(Util.verifyAsIpAddress(str) ? 7 : 2, str);
                                }
                                cVar.a(m.e, new bh(dVarArr));
                            }
                            return new HeldCertificate(cVar.a(keyPair.getPrivate(), "BC"), generateKeyPair);
                        } catch (Exception unused) {
                            throw new IllegalArgumentException("Unknown signature type requested: ".concat(String.valueOf("SHA256WithRSAEncryption")));
                        }
                    } catch (Exception e) {
                        throw new IllegalArgumentException("unable to process key - " + e.toString());
                    }
                } catch (IOException e2) {
                    throw new IllegalArgumentException("can't process principal: ".concat(String.valueOf(e2)));
                }
            } catch (IOException e3) {
                throw new IllegalArgumentException("can't process principal: ".concat(String.valueOf(e3)));
            }
        }

        public final Builder ca(int i) {
            this.maxIntermediateCas = i;
            return this;
        }

        public final Builder commonName(String str) {
            this.hostname = str;
            return this;
        }

        public final KeyPair generateKeyPair() throws GeneralSecurityException {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(1024, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        }

        public final Builder issuedBy(HeldCertificate heldCertificate) {
            this.issuedBy = heldCertificate;
            return this;
        }

        public final Builder keyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
            return this;
        }

        public final Builder serialNumber(String str) {
            this.serialNumber = str;
            return this;
        }

        public final Builder subjectAlternativeName(String str) {
            this.altNames.add(str);
            return this;
        }
    }

    public HeldCertificate(X509Certificate x509Certificate, KeyPair keyPair) {
        this.certificate = x509Certificate;
        this.keyPair = keyPair;
    }
}
