package okhttp3.tls.internal;

import java.math.BigInteger;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.NoSuchElementException;
import java.util.UUID;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Pair;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.collections.CollectionsKt__IteratorsJVMKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.Util;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.DerReader;
import okhttp3.tls.internal.der.DerWriter;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import okio.Buffer;
import okio.Buffer$inputStream$1;
import okio.ByteString;

/* compiled from: TlsUtil.kt */
/* loaded from: classes.dex */
public final class TlsUtil {
    public static final char[] password;

    static {
        char[] charArray = "password".toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
        password = charArray;
        LazyKt__LazyJVMKt.lazy(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            public final HandshakeCertificates invoke() {
                String str;
                Pair pair;
                HeldCertificate.Builder builder = new HeldCertificate.Builder();
                builder.commonName = "localhost";
                String canonicalHostName = InetAddress.getByName("localhost").getCanonicalHostName();
                Intrinsics.checkNotNullExpressionValue(canonicalHostName, "getByName(\"localhost\").canonicalHostName");
                ArrayList<String> arrayList = builder.altNames;
                arrayList.add(canonicalHostName);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(builder.keyAlgorithm);
                keyPairGenerator.initialize(builder.keySize, new SecureRandom());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                Intrinsics.checkNotNullExpressionValue(generateKeyPair, "getInstance(keyAlgorithm…generateKeyPair()\n      }");
                BasicDerAdapter<SubjectPublicKeyInfo> basicDerAdapter = CertificateAdapters.subjectPublicKeyInfo;
                ByteString byteString = ByteString.EMPTY;
                byte[] encoded = generateKeyPair.getPublic().getEncoded();
                Intrinsics.checkNotNullExpressionValue(encoded, "subjectKeyPair.public.encoded");
                ByteString of$default = ByteString.Companion.of$default(encoded);
                basicDerAdapter.getClass();
                Buffer buffer = new Buffer();
                buffer.m162write(of$default);
                SubjectPublicKeyInfo fromDer = basicDerAdapter.fromDer(new DerReader(buffer));
                ArrayList arrayList2 = new ArrayList();
                String str2 = builder.commonName;
                if (str2 == null) {
                    str2 = UUID.randomUUID().toString();
                    Intrinsics.checkNotNullExpressionValue(str2, "randomUUID().toString()");
                }
                arrayList2.add(CollectionsKt__CollectionsKt.listOf(new AttributeTypeAndValue("2.5.4.3", str2)));
                AlgorithmIdentifier algorithmIdentifier = generateKeyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier("1.2.840.113549.1.1.11", null) : new AlgorithmIdentifier("1.2.840.10045.4.3.2", ByteString.EMPTY);
                BigInteger bigInteger = BigInteger.ONE;
                Intrinsics.checkNotNullExpressionValue(bigInteger, "serialNumber ?: BigInteger.ONE");
                long j = builder.notBefore;
                if (j == -1) {
                    j = System.currentTimeMillis();
                }
                long j2 = builder.notAfter;
                if (j2 == -1) {
                    j2 = j + 86400000;
                }
                Validity validity = new Validity(j, j2);
                ArrayList arrayList3 = new ArrayList();
                int i = builder.maxIntermediateCas;
                if (i != -1) {
                    arrayList3.add(new Extension(new BasicConstraints(true, Long.valueOf(i)), "2.5.29.19", true));
                }
                if (!arrayList.isEmpty()) {
                    ArrayList arrayList4 = new ArrayList(CollectionsKt__IteratorsJVMKt.collectionSizeOrDefault(arrayList));
                    for (String str3 : arrayList) {
                        byte[] bArr = Util.EMPTY_BYTE_ARRAY;
                        Intrinsics.checkNotNullParameter(str3, "<this>");
                        if (Util.VERIFY_AS_IP_ADDRESS.matches(str3)) {
                            BasicDerAdapter<ByteString> basicDerAdapter2 = CertificateAdapters.generalNameIpAddress;
                            ByteString byteString2 = ByteString.EMPTY;
                            byte[] address = InetAddress.getByName(str3).getAddress();
                            Intrinsics.checkNotNullExpressionValue(address, "getByName(it).address");
                            pair = new Pair(basicDerAdapter2, ByteString.Companion.of$default(address));
                        } else {
                            pair = new Pair(CertificateAdapters.generalNameDnsName, str3);
                        }
                        arrayList4.add(pair);
                    }
                    arrayList3.add(new Extension(arrayList4, "2.5.29.17", true));
                }
                AlgorithmIdentifier algorithmIdentifier2 = algorithmIdentifier;
                TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger, algorithmIdentifier, arrayList2, validity, arrayList2, fromDer, null, null, arrayList3);
                AlgorithmIdentifier algorithmIdentifier3 = tbsCertificate.signature;
                String str4 = algorithmIdentifier3.algorithm;
                if (Intrinsics.areEqual(str4, "1.2.840.113549.1.1.11")) {
                    str = "SHA256WithRSA";
                } else {
                    if (!Intrinsics.areEqual(str4, "1.2.840.10045.4.3.2")) {
                        throw new IllegalStateException(Intrinsics.stringPlus(algorithmIdentifier3.algorithm, "unexpected signature algorithm: ").toString());
                    }
                    str = "SHA256withECDSA";
                }
                Signature signature = Signature.getInstance(str);
                signature.initSign(generateKeyPair.getPrivate());
                BasicDerAdapter<TbsCertificate> basicDerAdapter3 = CertificateAdapters.tbsCertificate;
                basicDerAdapter3.getClass();
                Buffer buffer2 = new Buffer();
                basicDerAdapter3.toDer(new DerWriter(buffer2), tbsCertificate);
                signature.update(buffer2.readByteString().toByteArray());
                ByteString byteString3 = ByteString.EMPTY;
                byte[] sign = signature.sign();
                Intrinsics.checkNotNullExpressionValue(sign, "sign()");
                Certificate certificate = new Certificate(tbsCertificate, algorithmIdentifier2, new BitString(ByteString.Companion.of$default(sign), 0));
                BasicDerAdapter<Certificate> basicDerAdapter4 = CertificateAdapters.certificate;
                basicDerAdapter4.getClass();
                Buffer buffer3 = new Buffer();
                basicDerAdapter4.toDer(new DerWriter(buffer3), certificate);
                ByteString readByteString = buffer3.readByteString();
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    Buffer buffer4 = new Buffer();
                    buffer4.m162write(readByteString);
                    Collection<? extends java.security.cert.Certificate> certificates = certificateFactory.generateCertificates(new Buffer$inputStream$1(buffer4));
                    Intrinsics.checkNotNullExpressionValue(certificates, "certificates");
                    Object single = CollectionsKt___CollectionsKt.single(certificates);
                    if (single == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    X509Certificate x509Certificate = (X509Certificate) single;
                    HeldCertificate heldCertificate = new HeldCertificate(generateKeyPair, x509Certificate);
                    HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
                    builder2.heldCertificate = heldCertificate;
                    builder2.intermediates = (X509Certificate[]) Arrays.copyOf(new X509Certificate[0], 0);
                    builder2.trustedCertificates.add(x509Certificate);
                    return builder2.build();
                } catch (IllegalArgumentException e) {
                    throw new IllegalArgumentException("failed to decode certificate", e);
                } catch (GeneralSecurityException e2) {
                    throw new IllegalArgumentException("failed to decode certificate", e2);
                } catch (NoSuchElementException e3) {
                    throw new IllegalArgumentException("failed to decode certificate", e3);
                }
            }
        });
    }
}
