package okhttp3.tls.internal;

import C.K;
import Vb.C1111l;
import ea.h;
import f5.l;
import fa.t;
import java.math.BigInteger;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.UUID;
import kotlin.Metadata;
import ma.AbstractC3767b;
import okhttp3.internal.Util;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.DerReader;
import okhttp3.tls.internal.der.DerWriter;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import ra.InterfaceC4352a;
import sa.m;
import ua.AbstractC4602a;

@Metadata(d1 = {"\u0000\b\n\u0000\n\u0002\u0018\u0002\n\u0000\u0010\u0000\u001a\u00020\u0001H\n¢\u0006\u0002\b\u0002"}, d2 = {"<anonymous>", "Lokhttp3/tls/HandshakeCertificates;", "invoke"}, k = 3, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes.dex */
public final class TlsUtil$localhost$2 extends m implements InterfaceC4352a {

    /* renamed from: d, reason: collision with root package name */
    public static final TlsUtil$localhost$2 f40523d = new TlsUtil$localhost$2();

    public TlsUtil$localhost$2() {
        super(0);
    }

    /* JADX WARN: Type inference failed for: r4v16, types: [java.lang.Object, Vb.i] */
    /* JADX WARN: Type inference failed for: r5v1, types: [java.lang.Object, Vb.i] */
    /* JADX WARN: Type inference failed for: r6v2, types: [java.lang.Object, Vb.i] */
    /* JADX WARN: Type inference failed for: r6v3, types: [java.lang.Object, Vb.i] */
    @Override // ra.InterfaceC4352a
    public final Object invoke() {
        String str;
        h hVar;
        HeldCertificate.Builder builder = new HeldCertificate.Builder();
        builder.f40512c = "localhost";
        String canonicalHostName = InetAddress.getByName("localhost").getCanonicalHostName();
        AbstractC3767b.j(canonicalHostName, "getByName(\"localhost\").canonicalHostName");
        ArrayList arrayList = builder.f40513d;
        arrayList.add(canonicalHostName);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(builder.f40515f);
        keyPairGenerator.initialize(builder.f40516g, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        AbstractC3767b.j(generateKeyPair, "getInstance(keyAlgorithm…generateKeyPair()\n      }");
        CertificateAdapters.f40581a.getClass();
        BasicDerAdapter basicDerAdapter = CertificateAdapters.f40587g;
        C1111l c1111l = C1111l.f16072d;
        byte[] encoded = generateKeyPair.getPublic().getEncoded();
        AbstractC3767b.j(encoded, "subjectKeyPair.public.encoded");
        C1111l s10 = K.s(encoded);
        basicDerAdapter.getClass();
        ?? obj = new Object();
        obj.Z(s10);
        SubjectPublicKeyInfo subjectPublicKeyInfo = (SubjectPublicKeyInfo) basicDerAdapter.b(new DerReader(obj));
        ArrayList arrayList2 = new ArrayList();
        String str2 = builder.f40512c;
        if (str2 == null) {
            str2 = UUID.randomUUID().toString();
            AbstractC3767b.j(str2, "randomUUID().toString()");
        }
        arrayList2.add(l.A(new AttributeTypeAndValue(str2, "2.5.4.3")));
        AlgorithmIdentifier algorithmIdentifier = generateKeyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier(null, "1.2.840.113549.1.1.11") : new AlgorithmIdentifier(C1111l.f16072d, "1.2.840.10045.4.3.2");
        BigInteger bigInteger = BigInteger.ONE;
        AbstractC3767b.j(bigInteger, "serialNumber ?: BigInteger.ONE");
        long j4 = builder.f40510a;
        if (j4 == -1) {
            j4 = System.currentTimeMillis();
        }
        long j10 = builder.f40511b;
        if (j10 == -1) {
            j10 = j4 + 86400000;
        }
        Validity validity = new Validity(j4, j10);
        ArrayList arrayList3 = new ArrayList();
        int i10 = builder.f40514e;
        if (i10 != -1) {
            arrayList3.add(new Extension(new BasicConstraints(true, Long.valueOf(i10)), "2.5.29.19", true));
        }
        if (!arrayList.isEmpty()) {
            ArrayList arrayList4 = new ArrayList(AbstractC4602a.P(arrayList));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str3 = (String) it.next();
                byte[] bArr = Util.f39964a;
                AbstractC3767b.k(str3, "<this>");
                if (Util.f39969f.a(str3)) {
                    CertificateAdapters.f40581a.getClass();
                    BasicDerAdapter basicDerAdapter2 = CertificateAdapters.f40584d;
                    C1111l c1111l2 = C1111l.f16072d;
                    byte[] address = InetAddress.getByName(str3).getAddress();
                    AbstractC3767b.j(address, "getByName(it).address");
                    hVar = new h(basicDerAdapter2, K.s(address));
                } else {
                    CertificateAdapters.f40581a.getClass();
                    hVar = new h(CertificateAdapters.f40583c, str3);
                }
                arrayList4.add(hVar);
            }
            arrayList3.add(new Extension(arrayList4, "2.5.29.17", true));
        }
        AlgorithmIdentifier algorithmIdentifier2 = algorithmIdentifier;
        TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger, algorithmIdentifier, arrayList2, validity, arrayList2, subjectPublicKeyInfo, null, null, arrayList3);
        AlgorithmIdentifier algorithmIdentifier3 = tbsCertificate.f40640c;
        String str4 = algorithmIdentifier3.f40555a;
        if (AbstractC3767b.c(str4, "1.2.840.113549.1.1.11")) {
            str = "SHA256WithRSA";
        } else {
            if (!AbstractC3767b.c(str4, "1.2.840.10045.4.3.2")) {
                throw new IllegalStateException(AbstractC3767b.H(algorithmIdentifier3.f40555a, "unexpected signature algorithm: ").toString());
            }
            str = "SHA256withECDSA";
        }
        Signature signature = Signature.getInstance(str);
        signature.initSign(generateKeyPair.getPrivate());
        CertificateAdapters.f40581a.getClass();
        BasicDerAdapter basicDerAdapter3 = CertificateAdapters.f40588h;
        basicDerAdapter3.getClass();
        ?? obj2 = new Object();
        basicDerAdapter3.d(new DerWriter(obj2), tbsCertificate);
        signature.update(obj2.n(obj2.f16071b).q());
        C1111l c1111l3 = C1111l.f16072d;
        byte[] sign = signature.sign();
        AbstractC3767b.j(sign, "sign()");
        Certificate certificate = new Certificate(tbsCertificate, algorithmIdentifier2, new BitString(0, K.s(sign)));
        BasicDerAdapter basicDerAdapter4 = CertificateAdapters.f40589i;
        basicDerAdapter4.getClass();
        ?? obj3 = new Object();
        basicDerAdapter4.d(new DerWriter(obj3), certificate);
        C1111l n10 = obj3.n(obj3.f16071b);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ?? obj4 = new Object();
            obj4.Z(n10);
            Collection<? extends java.security.cert.Certificate> generateCertificates = certificateFactory.generateCertificates(obj4.w0());
            AbstractC3767b.j(generateCertificates, "certificates");
            Object v02 = t.v0(generateCertificates);
            if (v02 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) v02;
            HeldCertificate heldCertificate = new HeldCertificate(generateKeyPair, x509Certificate);
            HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
            builder2.b(heldCertificate, new X509Certificate[0]);
            builder2.f40506c.add(x509Certificate);
            return builder2.a();
        } catch (IllegalArgumentException e10) {
            throw new IllegalArgumentException("failed to decode certificate", e10);
        } catch (GeneralSecurityException e11) {
            throw new IllegalArgumentException("failed to decode certificate", e11);
        } catch (NoSuchElementException e12) {
            throw new IllegalArgumentException("failed to decode certificate", e12);
        }
    }
}
