package okhttp3.internal.tls;

import com.inisoft.playready.UdpClient;
import f.a.a.c.utils.r.e;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import m.b.a.b1;
import m.b.a.g1;
import m.b.a.i;
import m.b.a.j2.f;
import m.b.a.j2.h;
import m.b.a.j2.j;
import m.b.a.j2.m;
import m.b.a.l;
import m.b.a.z0;
import m.b.c.c.a;
import m.b.e.b;
import m.b.e.c;
import okhttp3.internal.Util;
import okhttp3.internal.cache.DiskLruCache;

/* loaded from: classes2.dex */
public final class HeldCertificate {
    public final X509Certificate certificate;
    public final KeyPair keyPair;

    /* loaded from: classes2.dex */
    public static final class Builder {
        public String hostname;
        public HeldCertificate issuedBy;
        public KeyPair keyPair;
        public int maxIntermediateCas;
        public final long duration = 86400000;
        public List<String> altNames = new ArrayList();
        public String serialNumber = DiskLruCache.VERSION_1;

        static {
            Security.addProvider(new a());
        }

        public HeldCertificate build() throws GeneralSecurityException {
            X500Principal x500Principal;
            KeyPair keyPair;
            X500Principal x500Principal2;
            m.b.a.j2.a aVar;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = generateKeyPair();
            }
            if (this.hostname != null) {
                StringBuilder a2 = a.b.a.a.a.a("CN=");
                a2.append(this.hostname);
                x500Principal = new X500Principal(a2.toString());
            } else {
                StringBuilder a3 = a.b.a.a.a.a("CN=");
                a3.append(UUID.randomUUID());
                x500Principal = new X500Principal(a3.toString());
            }
            HeldCertificate heldCertificate = this.issuedBy;
            if (heldCertificate != null) {
                keyPair = heldCertificate.keyPair;
                x500Principal2 = heldCertificate.certificate.getSubjectX500Principal();
            } else {
                keyPair = keyPair2;
                x500Principal2 = x500Principal;
            }
            long currentTimeMillis = System.currentTimeMillis();
            c cVar = new c();
            BigInteger bigInteger = new BigInteger(this.serialNumber);
            if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
                throw new IllegalArgumentException("serial number must be a positive integer");
            }
            cVar.f8223a.b = new i(bigInteger);
            try {
                cVar.f8223a.a(new m.b.c.a(x500Principal2.getEncoded()));
                cVar.f8223a.e = new j(new Date(currentTimeMillis));
                cVar.f8223a.f8152f = new j(new Date(currentTimeMillis + 86400000));
                try {
                    cVar.f8223a.b(new m.b.c.a(x500Principal.getEncoded()));
                    try {
                        cVar.f8223a.f8154h = h.a(new m.b.a.h(keyPair2.getPublic().getEncoded()).a());
                        cVar.d = "SHA256WithRSAEncryption";
                        try {
                            cVar.b = b.a("SHA256WithRSAEncryption");
                            b1 b1Var = cVar.b;
                            if (b.c.contains(b1Var)) {
                                aVar = new m.b.a.j2.a(b1Var);
                            } else {
                                String h2 = e.h("SHA256WithRSAEncryption");
                                aVar = b.b.containsKey(h2) ? new m.b.a.j2.a(b1Var, (m.b.a.c) b.b.get(h2)) : new m.b.a.j2.a(b1Var, z0.c);
                            }
                            cVar.c = aVar;
                            cVar.f8223a.c = cVar.c;
                            int i2 = this.maxIntermediateCas;
                            if (i2 > 0) {
                                cVar.e.a(new l(m.f8161g.c), true, (m.b.a.c) new m.b.a.j2.b(i2));
                            }
                            if (!this.altNames.isEmpty()) {
                                m.b.a.c[] cVarArr = new m.b.a.c[this.altNames.size()];
                                int size = this.altNames.size();
                                for (int i3 = 0; i3 < size; i3++) {
                                    String str = this.altNames.get(i3);
                                    cVarArr[i3] = new f(Util.verifyAsIpAddress(str) ? 7 : 2, str);
                                }
                                cVar.e.a(new l(m.f8160f.c), true, (m.b.a.c) new g1(cVarArr));
                            }
                            try {
                                return new HeldCertificate(cVar.a(keyPair.getPrivate(), "BC", null), keyPair2);
                            } catch (InvalidKeyException e) {
                                throw e;
                            } catch (NoSuchProviderException e2) {
                                throw e2;
                            } catch (SignatureException e3) {
                                throw e3;
                            } catch (GeneralSecurityException e4) {
                                throw new SecurityException("exception: " + e4);
                            }
                        } catch (Exception unused) {
                            throw new IllegalArgumentException(a.b.a.a.a.a("Unknown signature type requested: ", "SHA256WithRSAEncryption"));
                        }
                    } catch (Exception e5) {
                        StringBuilder a4 = a.b.a.a.a.a("unable to process key - ");
                        a4.append(e5.toString());
                        throw new IllegalArgumentException(a4.toString());
                    }
                } catch (IOException e6) {
                    throw new IllegalArgumentException("can't process principal: " + e6);
                }
            } catch (IOException e7) {
                throw new IllegalArgumentException("can't process principal: " + e7);
            }
        }

        public Builder ca(int i2) {
            this.maxIntermediateCas = i2;
            return this;
        }

        public Builder commonName(String str) {
            this.hostname = str;
            return this;
        }

        public KeyPair generateKeyPair() throws GeneralSecurityException {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(UdpClient.max_length, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        }

        public Builder issuedBy(HeldCertificate heldCertificate) {
            this.issuedBy = heldCertificate;
            return this;
        }

        public Builder keyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
            return this;
        }

        public Builder serialNumber(String str) {
            this.serialNumber = str;
            return this;
        }

        public Builder subjectAlternativeName(String str) {
            this.altNames.add(str);
            return this;
        }
    }

    public HeldCertificate(X509Certificate x509Certificate, KeyPair keyPair) {
        this.certificate = x509Certificate;
        this.keyPair = keyPair;
    }
}
