package okhttp3.tls.internal;

import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.platform.Platform;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;

/* compiled from: TlsUtil.kt */
/* loaded from: classes3.dex */
public final class TlsUtil {

    /* renamed from: a, reason: collision with root package name */
    private static final char[] f33275a;

    /* renamed from: b, reason: collision with root package name */
    private static final Lazy f33276b;

    /* renamed from: c, reason: collision with root package name */
    public static final TlsUtil f33277c = new TlsUtil();

    static {
        Lazy b2;
        char[] charArray = "password".toCharArray();
        Intrinsics.e(charArray, "(this as java.lang.String).toCharArray()");
        f33275a = charArray;
        b2 = LazyKt__LazyJVMKt.b(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public final HandshakeCertificates c() {
                HeldCertificate.Builder c3 = new HeldCertificate.Builder().c("localhost");
                InetAddress byName = InetAddress.getByName("localhost");
                Intrinsics.e(byName, "InetAddress.getByName(\"localhost\")");
                String canonicalHostName = byName.getCanonicalHostName();
                Intrinsics.e(canonicalHostName, "InetAddress.getByName(\"l…lhost\").canonicalHostName");
                HeldCertificate b3 = c3.a(canonicalHostName).b();
                return new HandshakeCertificates.Builder().d(b3, new X509Certificate[0]).b(b3.a()).c();
            }
        });
        f33276b = b2;
    }

    private TlsUtil() {
    }

    private final KeyStore a(String str) {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, f33275a);
        Intrinsics.e(keyStore, "KeyStore.getInstance(key…utStream, password)\n    }");
        return keyStore;
    }

    public static final X509KeyManager b(String str, HeldCertificate heldCertificate, X509Certificate... intermediates) {
        Intrinsics.f(intermediates, "intermediates");
        KeyStore a3 = f33277c.a(str);
        if (heldCertificate != null) {
            Certificate[] certificateArr = new Certificate[intermediates.length + 1];
            certificateArr[0] = heldCertificate.a();
            ArraysKt___ArraysJvmKt.g(intermediates, certificateArr, 1, 0, 0, 12, null);
            a3.setKeyEntry("private", heldCertificate.b().getPrivate(), f33275a, certificateArr);
        }
        KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        factory.init(a3, f33275a);
        Intrinsics.e(factory, "factory");
        KeyManager[] keyManagers = factory.getKeyManagers();
        Intrinsics.d(keyManagers);
        if (keyManagers.length == 1 && (keyManagers[0] instanceof X509KeyManager)) {
            KeyManager keyManager = keyManagers[0];
            Objects.requireNonNull(keyManager, "null cannot be cast to non-null type javax.net.ssl.X509KeyManager");
            return (X509KeyManager) keyManager;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Unexpected key managers:");
        String arrays = Arrays.toString(keyManagers);
        Intrinsics.e(arrays, "java.util.Arrays.toString(this)");
        sb.append(arrays);
        throw new IllegalStateException(sb.toString().toString());
    }

    @IgnoreJRERequirement
    public static final X509TrustManager c(String str, List<? extends X509Certificate> trustedCertificates, List<String> insecureHosts) {
        Intrinsics.f(trustedCertificates, "trustedCertificates");
        Intrinsics.f(insecureHosts, "insecureHosts");
        KeyStore a3 = f33277c.a(str);
        int size = trustedCertificates.size();
        for (int i2 = 0; i2 < size; i2++) {
            a3.setCertificateEntry("cert_" + i2, trustedCertificates.get(i2));
        }
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(a3);
        Intrinsics.e(factory, "factory");
        TrustManager[] trustManagers = factory.getTrustManagers();
        Intrinsics.d(trustManagers);
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            TrustManager trustManager = trustManagers[0];
            Objects.requireNonNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            if (insecureHosts.isEmpty()) {
                return x509TrustManager;
            }
            return Platform.f33207c.h() ? new InsecureAndroidTrustManager(x509TrustManager, insecureHosts) : new InsecureExtendedTrustManager((X509ExtendedTrustManager) x509TrustManager, insecureHosts);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Unexpected trust managers: ");
        String arrays = Arrays.toString(trustManagers);
        Intrinsics.e(arrays, "java.util.Arrays.toString(this)");
        sb.append(arrays);
        throw new IllegalStateException(sb.toString().toString());
    }
}
