package okhttp3.tls;

import fa.AbstractC2747q;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import ma.AbstractC3767b;
import okhttp3.internal.Util;
import okhttp3.internal.platform.Platform;
import okhttp3.tls.internal.InsecureAndroidTrustManager;
import okhttp3.tls.internal.InsecureExtendedTrustManager;
import okhttp3.tls.internal.TlsUtil;

@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\u0018\u00002\u00020\u0001:\u0001\u0002¨\u0006\u0003"}, d2 = {"Lokhttp3/tls/HandshakeCertificates;", "", "Builder", "okhttp-tls"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes.dex */
public final class HandshakeCertificates {

    /* renamed from: a, reason: collision with root package name */
    public final X509KeyManager f40502a;

    /* renamed from: b, reason: collision with root package name */
    public final X509TrustManager f40503b;

    @Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\u0018\u00002\u00020\u0001B\u0007¢\u0006\u0004\b\u0002\u0010\u0003¨\u0006\u0004"}, d2 = {"Lokhttp3/tls/HandshakeCertificates$Builder;", "", "<init>", "()V", "okhttp-tls"}, k = 1, mv = {1, 6, 0})
    /* loaded from: classes.dex */
    public static final class Builder {

        /* renamed from: a, reason: collision with root package name */
        public HeldCertificate f40504a;

        /* renamed from: b, reason: collision with root package name */
        public X509Certificate[] f40505b;

        /* renamed from: c, reason: collision with root package name */
        public final ArrayList f40506c = new ArrayList();

        /* renamed from: d, reason: collision with root package name */
        public final ArrayList f40507d = new ArrayList();

        public final HandshakeCertificates a() {
            List x10 = Util.x(this.f40507d);
            HeldCertificate heldCertificate = this.f40504a;
            X509Certificate[] x509CertificateArr = this.f40505b;
            if (x509CertificateArr == null) {
                x509CertificateArr = new X509Certificate[0];
            }
            X509Certificate[] x509CertificateArr2 = (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length);
            TlsUtil tlsUtil = TlsUtil.f40521a;
            AbstractC3767b.k(x509CertificateArr2, "intermediates");
            TlsUtil tlsUtil2 = TlsUtil.f40521a;
            tlsUtil2.getClass();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            tlsUtil2.getClass();
            char[] cArr = TlsUtil.f40522b;
            keyStore.load(null, cArr);
            if (heldCertificate != null) {
                Certificate[] certificateArr = new Certificate[x509CertificateArr2.length + 1];
                certificateArr[0] = heldCertificate.f40509b;
                AbstractC2747q.D0(x509CertificateArr2, certificateArr, 1, 0, 0, 12);
                keyStore.setKeyEntry("private", heldCertificate.f40508a.getPrivate(), cArr, certificateArr);
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            AbstractC3767b.h(keyManagers);
            if (keyManagers.length == 1) {
                KeyManager keyManager = keyManagers[0];
                if (keyManager instanceof X509KeyManager) {
                    if (keyManager == null) {
                        throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509KeyManager");
                    }
                    X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
                    ArrayList arrayList = this.f40506c;
                    AbstractC3767b.k(arrayList, "trustedCertificates");
                    KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    tlsUtil2.getClass();
                    keyStore2.load(null, cArr);
                    int size = arrayList.size();
                    for (int i10 = 0; i10 < size; i10++) {
                        keyStore2.setCertificateEntry(AbstractC3767b.H(Integer.valueOf(i10), "cert_"), (Certificate) arrayList.get(i10));
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore2);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    AbstractC3767b.h(trustManagers);
                    if (trustManagers.length == 1) {
                        TrustManager trustManager = trustManagers[0];
                        if (trustManager instanceof X509TrustManager) {
                            if (trustManager == null) {
                                throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                            }
                            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                            if (!x10.isEmpty()) {
                                Platform.f40440a.getClass();
                                x509TrustManager = Platform.Companion.c() ? new InsecureAndroidTrustManager(x509TrustManager, x10) : new InsecureExtendedTrustManager((X509ExtendedTrustManager) x509TrustManager, x10);
                            }
                            return new HandshakeCertificates(x509KeyManager, x509TrustManager);
                        }
                    }
                    String arrays = Arrays.toString(trustManagers);
                    AbstractC3767b.j(arrays, "toString(this)");
                    throw new IllegalStateException(AbstractC3767b.H(arrays, "Unexpected trust managers: ").toString());
                }
            }
            String arrays2 = Arrays.toString(keyManagers);
            AbstractC3767b.j(arrays2, "toString(this)");
            throw new IllegalStateException(AbstractC3767b.H(arrays2, "Unexpected key managers:").toString());
        }

        public final void b(HeldCertificate heldCertificate, X509Certificate... x509CertificateArr) {
            this.f40504a = heldCertificate;
            this.f40505b = (X509Certificate[]) Arrays.copyOf(x509CertificateArr, x509CertificateArr.length);
        }
    }

    public HandshakeCertificates(X509KeyManager x509KeyManager, X509TrustManager x509TrustManager) {
        this.f40502a = x509KeyManager;
        this.f40503b = x509TrustManager;
    }

    public final SSLSocketFactory a() {
        Platform.f40440a.getClass();
        SSLContext l10 = Platform.f40441b.l();
        l10.init(new KeyManager[]{this.f40502a}, new TrustManager[]{this.f40503b}, new SecureRandom());
        SSLSocketFactory socketFactory = l10.getSocketFactory();
        AbstractC3767b.j(socketFactory, "sslContext().socketFactory");
        return socketFactory;
    }
}
