package okhttp3.tls.internal;

import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.platform.Platform;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import y1.c;

/* loaded from: classes3.dex */
public final class TlsUtil {

    /* renamed from: a, reason: collision with root package name */
    public static final TlsUtil f31053a = new TlsUtil();

    /* renamed from: b, reason: collision with root package name */
    private static final char[] f31054b;

    /* renamed from: c, reason: collision with root package name */
    private static final Lazy f31055c;

    static {
        Lazy b2;
        char[] charArray = "password".toCharArray();
        Intrinsics.e(charArray, "this as java.lang.String).toCharArray()");
        f31054b = charArray;
        b2 = LazyKt__LazyJVMKt.b(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: b, reason: merged with bridge method [inline-methods] */
            public final HandshakeCertificates d() {
                HeldCertificate.Builder c2 = new HeldCertificate.Builder().c("localhost");
                String canonicalHostName = InetAddress.getByName("localhost").getCanonicalHostName();
                Intrinsics.e(canonicalHostName, "getByName(\"localhost\").canonicalHostName");
                HeldCertificate b3 = c2.a(canonicalHostName).b();
                return new HandshakeCertificates.Builder().d(b3, new X509Certificate[0]).b(b3.a()).c();
            }
        });
        f31055c = b2;
    }

    private TlsUtil() {
    }

    private final KeyStore a(String str) {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, f31054b);
        Intrinsics.e(keyStore, "getInstance(keyStoreType…utStream, password)\n    }");
        return keyStore;
    }

    public static final X509KeyManager b(String str, HeldCertificate heldCertificate, X509Certificate... intermediates) {
        Intrinsics.f(intermediates, "intermediates");
        KeyStore a2 = f31053a.a(str);
        if (heldCertificate != null) {
            Certificate[] certificateArr = new Certificate[intermediates.length + 1];
            certificateArr[0] = heldCertificate.a();
            ArraysKt___ArraysJvmKt.g(intermediates, certificateArr, 1, 0, 0, 12, null);
            a2.setKeyEntry("private", heldCertificate.b().getPrivate(), f31054b, certificateArr);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(a2, f31054b);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        Intrinsics.c(keyManagers);
        if (keyManagers.length == 1) {
            KeyManager keyManager = keyManagers[0];
            if (keyManager instanceof X509KeyManager) {
                Intrinsics.d(keyManager, "null cannot be cast to non-null type javax.net.ssl.X509KeyManager");
                return (X509KeyManager) keyManager;
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Unexpected key managers:");
        String arrays = Arrays.toString(keyManagers);
        Intrinsics.e(arrays, "toString(this)");
        sb.append(arrays);
        throw new IllegalStateException(sb.toString().toString());
    }

    public static final X509TrustManager c(String str, List trustedCertificates, List insecureHosts) {
        Intrinsics.f(trustedCertificates, "trustedCertificates");
        Intrinsics.f(insecureHosts, "insecureHosts");
        KeyStore a2 = f31053a.a(str);
        int size = trustedCertificates.size();
        for (int i2 = 0; i2 < size; i2++) {
            a2.setCertificateEntry("cert_" + i2, (Certificate) trustedCertificates.get(i2));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(a2);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        Intrinsics.c(trustManagers);
        if (trustManagers.length == 1) {
            TrustManager trustManager = trustManagers[0];
            if (trustManager instanceof X509TrustManager) {
                Intrinsics.d(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                if (insecureHosts.isEmpty()) {
                    return x509TrustManager;
                }
                return Platform.f30980a.h() ? new InsecureAndroidTrustManager(x509TrustManager, insecureHosts) : new InsecureExtendedTrustManager(c.a(x509TrustManager), insecureHosts);
            }
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Unexpected trust managers: ");
        String arrays = Arrays.toString(trustManagers);
        Intrinsics.e(arrays, "toString(this)");
        sb.append(arrays);
        throw new IllegalStateException(sb.toString().toString());
    }
}
