package okhttp3.tls.internal;

import android.support.v4.media.a;
import com.google.android.material.search.j;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.collections.ArraysKt___ArraysJvmKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.platform.Platform;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000N\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0019\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\b\u0010\u0003\u001a\u00020\u0004H\u0007J\u0012\u0010\r\u001a\u00020\u000e2\b\u0010\u000f\u001a\u0004\u0018\u00010\u0010H\u0002J5\u0010\u0011\u001a\u00020\u00122\b\u0010\u000f\u001a\u0004\u0018\u00010\u00102\b\u0010\u0013\u001a\u0004\u0018\u00010\u00142\u0012\u0010\u0015\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00170\u0016\"\u00020\u0017H\u0007¢\u0006\u0002\u0010\u0018J.\u0010\u0019\u001a\u00020\u001a2\b\u0010\u000f\u001a\u0004\u0018\u00010\u00102\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u00170\u001c2\f\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\u00100\u001cH\u0007R\u001b\u0010\u0003\u001a\u00020\u00048BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0007\u0010\b\u001a\u0004\b\u0005\u0010\u0006R\u0011\u0010\t\u001a\u00020\n¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\f¨\u0006\u001e"}, d2 = {"Lokhttp3/tls/internal/TlsUtil;", "", "()V", "localhost", "Lokhttp3/tls/HandshakeCertificates;", "getLocalhost", "()Lokhttp3/tls/HandshakeCertificates;", "localhost$delegate", "Lkotlin/Lazy;", "password", "", "getPassword", "()[C", "newEmptyKeyStore", "Ljava/security/KeyStore;", "keyStoreType", "", "newKeyManager", "Ljavax/net/ssl/X509KeyManager;", "heldCertificate", "Lokhttp3/tls/HeldCertificate;", "intermediates", "", "Ljava/security/cert/X509Certificate;", "(Ljava/lang/String;Lokhttp3/tls/HeldCertificate;[Ljava/security/cert/X509Certificate;)Ljavax/net/ssl/X509KeyManager;", "newTrustManager", "Ljavax/net/ssl/X509TrustManager;", "trustedCertificates", "", "insecureHosts", "okhttp-tls"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes3.dex */
public final class TlsUtil {
    public static final TlsUtil INSTANCE = new TlsUtil();

    /* renamed from: localhost$delegate, reason: from kotlin metadata */
    private static final Lazy localhost;

    @NotNull
    private static final char[] password;

    static {
        char[] charArray = "password".toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
        password = charArray;
        localhost = LazyKt.lazy(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            @NotNull
            public final HandshakeCertificates invoke() {
                HeldCertificate.Builder commonName = new HeldCertificate.Builder().commonName("localhost");
                InetAddress byName = InetAddress.getByName("localhost");
                Intrinsics.checkNotNullExpressionValue(byName, "InetAddress.getByName(\"localhost\")");
                String canonicalHostName = byName.getCanonicalHostName();
                Intrinsics.checkNotNullExpressionValue(canonicalHostName, "InetAddress.getByName(\"l…lhost\").canonicalHostName");
                HeldCertificate build = commonName.addSubjectAlternativeName(canonicalHostName).build();
                return new HandshakeCertificates.Builder().heldCertificate(build, new X509Certificate[0]).addTrustedCertificate(build.certificate()).build();
            }
        });
    }

    private TlsUtil() {
    }

    private final HandshakeCertificates getLocalhost() {
        return (HandshakeCertificates) localhost.getValue();
    }

    @JvmStatic
    @NotNull
    public static final HandshakeCertificates localhost() {
        return INSTANCE.getLocalhost();
    }

    private final KeyStore newEmptyKeyStore(String keyStoreType) {
        if (keyStoreType == null) {
            keyStoreType = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, password);
        Intrinsics.checkNotNullExpressionValue(keyStore, "KeyStore.getInstance(key…utStream, password)\n    }");
        return keyStore;
    }

    @JvmStatic
    @NotNull
    public static final X509KeyManager newKeyManager(@Nullable String keyStoreType, @Nullable HeldCertificate heldCertificate, @NotNull X509Certificate... intermediates) {
        Intrinsics.checkNotNullParameter(intermediates, "intermediates");
        KeyStore newEmptyKeyStore = INSTANCE.newEmptyKeyStore(keyStoreType);
        if (heldCertificate != null) {
            Certificate[] certificateArr = new Certificate[intermediates.length + 1];
            certificateArr[0] = heldCertificate.certificate();
            ArraysKt___ArraysJvmKt.copyInto$default(intermediates, certificateArr, 1, 0, 0, 12, (Object) null);
            newEmptyKeyStore.setKeyEntry("private", heldCertificate.keyPair().getPrivate(), password, certificateArr);
        }
        KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        factory.init(newEmptyKeyStore, password);
        Intrinsics.checkNotNullExpressionValue(factory, "factory");
        KeyManager[] keyManagers = factory.getKeyManagers();
        Intrinsics.checkNotNull(keyManagers);
        if (keyManagers.length == 1 && (keyManagers[0] instanceof X509KeyManager)) {
            KeyManager keyManager = keyManagers[0];
            if (keyManager != null) {
                return (X509KeyManager) keyManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509KeyManager");
        }
        StringBuilder sb = new StringBuilder("Unexpected key managers:");
        String arrays = Arrays.toString(keyManagers);
        Intrinsics.checkNotNullExpressionValue(arrays, "java.util.Arrays.toString(this)");
        sb.append(arrays);
        throw new IllegalStateException(sb.toString().toString());
    }

    @JvmStatic
    @IgnoreJRERequirement
    @NotNull
    public static final X509TrustManager newTrustManager(@Nullable String keyStoreType, @NotNull List<? extends X509Certificate> trustedCertificates, @NotNull List<String> insecureHosts) {
        Intrinsics.checkNotNullParameter(trustedCertificates, "trustedCertificates");
        Intrinsics.checkNotNullParameter(insecureHosts, "insecureHosts");
        KeyStore newEmptyKeyStore = INSTANCE.newEmptyKeyStore(keyStoreType);
        int size = trustedCertificates.size();
        for (int i = 0; i < size; i++) {
            newEmptyKeyStore.setCertificateEntry(a.c("cert_", i), trustedCertificates.get(i));
        }
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(newEmptyKeyStore);
        Intrinsics.checkNotNullExpressionValue(factory, "factory");
        TrustManager[] trustManagers = factory.getTrustManagers();
        Intrinsics.checkNotNull(trustManagers);
        if (!(trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager))) {
            StringBuilder sb = new StringBuilder("Unexpected trust managers: ");
            String arrays = Arrays.toString(trustManagers);
            Intrinsics.checkNotNullExpressionValue(arrays, "java.util.Arrays.toString(this)");
            sb.append(arrays);
            throw new IllegalStateException(sb.toString().toString());
        }
        TrustManager trustManager = trustManagers[0];
        if (trustManager == null) {
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }
        X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
        if (insecureHosts.isEmpty()) {
            return x509TrustManager;
        }
        return Platform.INSTANCE.isAndroid() ? new InsecureAndroidTrustManager(x509TrustManager, insecureHosts) : new InsecureExtendedTrustManager(j.p(x509TrustManager), insecureHosts);
    }

    @NotNull
    public final char[] getPassword() {
        return password;
    }
}
