package okhttp3.tls;

import java.math.BigInteger;
import java.net.InetAddress;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt__CollectionsJVMKt;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Regex;
import okhttp3.internal.Util;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import okio.ByteString;

/* loaded from: classes3.dex */
public final class HeldCertificate {

    /* renamed from: c, reason: collision with root package name */
    public static final Companion f31032c = new Companion(null);

    /* renamed from: d, reason: collision with root package name */
    private static final Regex f31033d = new Regex("-----BEGIN ([!-,.-~ ]*)-----([^-]*)-----END \\1-----");

    /* renamed from: a, reason: collision with root package name */
    private final KeyPair f31034a;

    /* renamed from: b, reason: collision with root package name */
    private final X509Certificate f31035b;

    /* loaded from: classes3.dex */
    public static final class Builder {

        /* renamed from: l, reason: collision with root package name */
        public static final Companion f31036l = new Companion(null);

        /* renamed from: c, reason: collision with root package name */
        private String f31039c;

        /* renamed from: d, reason: collision with root package name */
        private String f31040d;

        /* renamed from: f, reason: collision with root package name */
        private BigInteger f31042f;

        /* renamed from: g, reason: collision with root package name */
        private KeyPair f31043g;

        /* renamed from: h, reason: collision with root package name */
        private HeldCertificate f31044h;

        /* renamed from: j, reason: collision with root package name */
        private String f31046j;

        /* renamed from: k, reason: collision with root package name */
        private int f31047k;

        /* renamed from: a, reason: collision with root package name */
        private long f31037a = -1;

        /* renamed from: b, reason: collision with root package name */
        private long f31038b = -1;

        /* renamed from: e, reason: collision with root package name */
        private final List f31041e = new ArrayList();

        /* renamed from: i, reason: collision with root package name */
        private int f31045i = -1;

        /* loaded from: classes3.dex */
        public static final class Companion {
            private Companion() {
            }

            public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
                this();
            }
        }

        public Builder() {
            d();
        }

        private final List e() {
            int r2;
            Pair a2;
            ArrayList arrayList = new ArrayList();
            int i2 = this.f31045i;
            if (i2 != -1) {
                arrayList.add(new Extension("2.5.29.19", true, new BasicConstraints(true, Long.valueOf(i2))));
            }
            if (!this.f31041e.isEmpty()) {
                List<String> list = this.f31041e;
                r2 = CollectionsKt__IterablesKt.r(list, 10);
                ArrayList arrayList2 = new ArrayList(r2);
                for (String str : list) {
                    if (Util.i(str)) {
                        BasicDerAdapter e2 = CertificateAdapters.f31114a.e();
                        ByteString.Companion companion = ByteString.f31222q;
                        byte[] address = InetAddress.getByName(str).getAddress();
                        Intrinsics.e(address, "getByName(it).address");
                        a2 = TuplesKt.a(e2, ByteString.Companion.f(companion, address, 0, 0, 3, null));
                    } else {
                        a2 = TuplesKt.a(CertificateAdapters.f31114a.d(), str);
                    }
                    arrayList2.add(a2);
                }
                arrayList.add(new Extension("2.5.29.17", true, arrayList2));
            }
            return arrayList;
        }

        private final KeyPair f() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.f31046j);
            keyPairGenerator.initialize(this.f31047k, new SecureRandom());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Intrinsics.e(generateKeyPair, "getInstance(keyAlgorithm…generateKeyPair()\n      }");
            return generateKeyPair;
        }

        private final AlgorithmIdentifier g(KeyPair keyPair) {
            return keyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier("1.2.840.113549.1.1.11", null) : new AlgorithmIdentifier("1.2.840.10045.4.3.2", ByteString.f31223r);
        }

        private final List h() {
            List d2;
            List d3;
            ArrayList arrayList = new ArrayList();
            String str = this.f31040d;
            if (str != null) {
                d3 = CollectionsKt__CollectionsJVMKt.d(new AttributeTypeAndValue("2.5.4.11", str));
                arrayList.add(d3);
            }
            String str2 = this.f31039c;
            if (str2 == null) {
                str2 = UUID.randomUUID().toString();
                Intrinsics.e(str2, "randomUUID().toString()");
            }
            d2 = CollectionsKt__CollectionsJVMKt.d(new AttributeTypeAndValue("2.5.4.3", str2));
            arrayList.add(d2);
            return arrayList;
        }

        private final Validity i() {
            long j2 = this.f31037a;
            if (j2 == -1) {
                j2 = System.currentTimeMillis();
            }
            long j3 = this.f31038b;
            if (j3 == -1) {
                j3 = j2 + 86400000;
            }
            return new Validity(j2, j3);
        }

        public final Builder a(String altName) {
            Intrinsics.f(altName, "altName");
            this.f31041e.add(altName);
            return this;
        }

        public final HeldCertificate b() {
            KeyPair keyPair;
            List list;
            KeyPair keyPair2 = this.f31043g;
            if (keyPair2 == null) {
                keyPair2 = f();
            }
            CertificateAdapters certificateAdapters = CertificateAdapters.f31114a;
            BasicDerAdapter g2 = certificateAdapters.g();
            ByteString.Companion companion = ByteString.f31222q;
            byte[] encoded = keyPair2.getPublic().getEncoded();
            Intrinsics.e(encoded, "subjectKeyPair.public.encoded");
            SubjectPublicKeyInfo subjectPublicKeyInfo = (SubjectPublicKeyInfo) g2.k(ByteString.Companion.f(companion, encoded, 0, 0, 3, null));
            List h2 = h();
            HeldCertificate heldCertificate = this.f31044h;
            if (heldCertificate != null) {
                Intrinsics.c(heldCertificate);
                keyPair = heldCertificate.b();
                BasicDerAdapter f2 = certificateAdapters.f();
                HeldCertificate heldCertificate2 = this.f31044h;
                Intrinsics.c(heldCertificate2);
                byte[] encoded2 = heldCertificate2.a().getSubjectX500Principal().getEncoded();
                Intrinsics.e(encoded2, "signedBy!!.certificate.s…jectX500Principal.encoded");
                list = (List) f2.k(ByteString.Companion.f(companion, encoded2, 0, 0, 3, null));
            } else {
                keyPair = keyPair2;
                list = h2;
            }
            AlgorithmIdentifier g3 = g(keyPair);
            BigInteger bigInteger = this.f31042f;
            if (bigInteger == null) {
                bigInteger = BigInteger.ONE;
            }
            BigInteger bigInteger2 = bigInteger;
            Intrinsics.e(bigInteger2, "serialNumber ?: BigInteger.ONE");
            TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger2, g3, list, i(), h2, subjectPublicKeyInfo, null, null, e());
            Signature signature = Signature.getInstance(tbsCertificate.f());
            signature.initSign(keyPair.getPrivate());
            signature.update(certificateAdapters.h().p(tbsCertificate).z());
            byte[] sign = signature.sign();
            Intrinsics.e(sign, "sign()");
            return new HeldCertificate(keyPair2, new Certificate(tbsCertificate, g3, new BitString(ByteString.Companion.f(companion, sign, 0, 0, 3, null), 0)).d());
        }

        public final Builder c(String cn) {
            Intrinsics.f(cn, "cn");
            this.f31039c = cn;
            return this;
        }

        public final Builder d() {
            this.f31046j = "EC";
            this.f31047k = 256;
            return this;
        }
    }

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public HeldCertificate(KeyPair keyPair, X509Certificate certificate) {
        Intrinsics.f(keyPair, "keyPair");
        Intrinsics.f(certificate, "certificate");
        this.f31034a = keyPair;
        this.f31035b = certificate;
    }

    public final X509Certificate a() {
        return this.f31035b;
    }

    public final KeyPair b() {
        return this.f31034a;
    }
}
