package okhttp3.tls.internal;

import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.platform.Platform;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;

/* compiled from: TlsUtil.kt */
/* loaded from: classes2.dex */
public final class TlsUtil {
    private static final char[] a;
    public static final TlsUtil b = new TlsUtil();

    static {
        char[] charArray = "password".toCharArray();
        Intrinsics.d(charArray, "(this as java.lang.String).toCharArray()");
        a = charArray;
        LazyKt__LazyJVMKt.b(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: b, reason: merged with bridge method [inline-methods] */
            public final HandshakeCertificates c() {
                HeldCertificate.Builder builder = new HeldCertificate.Builder();
                builder.c("localhost");
                InetAddress byName = InetAddress.getByName("localhost");
                Intrinsics.d(byName, "InetAddress.getByName(\"localhost\")");
                String canonicalHostName = byName.getCanonicalHostName();
                Intrinsics.d(canonicalHostName, "InetAddress.getByName(\"l…lhost\").canonicalHostName");
                builder.a(canonicalHostName);
                HeldCertificate b2 = builder.b();
                HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
                builder2.d(b2, new X509Certificate[0]);
                builder2.b(b2.a());
                return builder2.c();
            }
        });
    }

    private TlsUtil() {
    }

    private final KeyStore a(String str) {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, a);
        Intrinsics.d(keyStore, "KeyStore.getInstance(key…utStream, password)\n    }");
        return keyStore;
    }

    public static final X509KeyManager b(String str, HeldCertificate heldCertificate, X509Certificate... intermediates) {
        Intrinsics.e(intermediates, "intermediates");
        KeyStore a2 = b.a(str);
        if (heldCertificate != null) {
            Certificate[] certificateArr = new Certificate[intermediates.length + 1];
            certificateArr[0] = heldCertificate.a();
            ArraysKt.g(intermediates, certificateArr, 1, 0, 0, 12, null);
            a2.setKeyEntry("private", heldCertificate.b().getPrivate(), a, certificateArr);
        }
        KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        factory.init(a2, a);
        Intrinsics.d(factory, "factory");
        KeyManager[] keyManagers = factory.getKeyManagers();
        Intrinsics.c(keyManagers);
        if (keyManagers.length == 1 && (keyManagers[0] instanceof X509KeyManager)) {
            KeyManager keyManager = keyManagers[0];
            if (keyManager != null) {
                return (X509KeyManager) keyManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509KeyManager");
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Unexpected key managers:");
        String arrays = Arrays.toString(keyManagers);
        Intrinsics.d(arrays, "java.util.Arrays.toString(this)");
        sb.append(arrays);
        throw new IllegalStateException(sb.toString().toString());
    }

    @IgnoreJRERequirement
    public static final X509TrustManager c(String str, List<? extends X509Certificate> trustedCertificates, List<String> insecureHosts) {
        X509TrustManager insecureExtendedTrustManager;
        Intrinsics.e(trustedCertificates, "trustedCertificates");
        Intrinsics.e(insecureHosts, "insecureHosts");
        KeyStore a2 = b.a(str);
        int size = trustedCertificates.size();
        for (int i = 0; i < size; i++) {
            a2.setCertificateEntry("cert_" + i, trustedCertificates.get(i));
        }
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(a2);
        Intrinsics.d(factory, "factory");
        TrustManager[] trustManagers = factory.getTrustManagers();
        Intrinsics.c(trustManagers);
        if (!(trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager))) {
            StringBuilder sb = new StringBuilder();
            sb.append("Unexpected trust managers: ");
            String arrays = Arrays.toString(trustManagers);
            Intrinsics.d(arrays, "java.util.Arrays.toString(this)");
            sb.append(arrays);
            throw new IllegalStateException(sb.toString().toString());
        }
        TrustManager trustManager = trustManagers[0];
        if (trustManager == null) {
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }
        X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
        if (insecureHosts.isEmpty()) {
            return x509TrustManager;
        }
        if (Platform.c.h()) {
            insecureExtendedTrustManager = new InsecureAndroidTrustManager(x509TrustManager, insecureHosts);
        } else {
            if (x509TrustManager == null) {
                throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509ExtendedTrustManager");
            }
            insecureExtendedTrustManager = new InsecureExtendedTrustManager((X509ExtendedTrustManager) x509TrustManager, insecureHosts);
        }
        return insecureExtendedTrustManager;
    }
}
