package okhttp3.tls.internal;

import java.math.BigInteger;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.UUID;
import kotlin.LazyKt;
import kotlin.Pair;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.internal.Util;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.DerReader;
import okhttp3.tls.internal.der.DerWriter;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import okio.Buffer;
import okio.Buffer$inputStream$1;
import okio.ByteString;

/* loaded from: classes.dex */
public final class TlsUtil {

    /* renamed from: a, reason: collision with root package name */
    public static final TlsUtil f10375a = new TlsUtil();

    /* renamed from: b, reason: collision with root package name */
    public static final char[] f10376b = "password".toCharArray();

    static {
        LazyKt.b(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            public final Object c() {
                String str;
                Pair pair;
                HeldCertificate.Builder builder = new HeldCertificate.Builder();
                builder.c = "localhost";
                String canonicalHostName = InetAddress.getByName("localhost").getCanonicalHostName();
                ArrayList arrayList = builder.d;
                arrayList.add(canonicalHostName);
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(builder.f);
                keyPairGenerator.initialize(builder.g, new SecureRandom());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                CertificateAdapters.f10404a.getClass();
                BasicDerAdapter basicDerAdapter = CertificateAdapters.g;
                ByteString d = ByteString.Companion.d(ByteString.R, generateKeyPair.getPublic().getEncoded());
                basicDerAdapter.getClass();
                Buffer buffer = new Buffer();
                d.l(buffer, d.c());
                SubjectPublicKeyInfo subjectPublicKeyInfo = (SubjectPublicKeyInfo) basicDerAdapter.b(new DerReader(buffer));
                ArrayList arrayList2 = new ArrayList();
                String str2 = builder.c;
                if (str2 == null) {
                    str2 = UUID.randomUUID().toString();
                }
                arrayList2.add(Collections.singletonList(new AttributeTypeAndValue(str2, "2.5.4.3")));
                AlgorithmIdentifier algorithmIdentifier = generateKeyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier(null, "1.2.840.113549.1.1.11") : new AlgorithmIdentifier(ByteString.S, "1.2.840.10045.4.3.2");
                BigInteger bigInteger = BigInteger.ONE;
                long j = builder.f10369a;
                if (j == -1) {
                    j = System.currentTimeMillis();
                }
                long j2 = builder.f10370b;
                if (j2 == -1) {
                    j2 = j + 86400000;
                }
                Validity validity = new Validity(j, j2);
                ArrayList arrayList3 = new ArrayList();
                int i = builder.f10371e;
                if (i != -1) {
                    arrayList3.add(new Extension(true, "2.5.29.19", new BasicConstraints(true, Long.valueOf(i))));
                }
                if (!arrayList.isEmpty()) {
                    ArrayList arrayList4 = new ArrayList(CollectionsKt.i(arrayList, 10));
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        String str3 = (String) it.next();
                        if (Util.f.c(str3)) {
                            CertificateAdapters.f10404a.getClass();
                            pair = new Pair(CertificateAdapters.d, ByteString.Companion.d(ByteString.R, InetAddress.getByName(str3).getAddress()));
                        } else {
                            CertificateAdapters.f10404a.getClass();
                            pair = new Pair(CertificateAdapters.c, str3);
                        }
                        arrayList4.add(pair);
                    }
                    arrayList3.add(new Extension(true, "2.5.29.17", arrayList4));
                }
                TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger, algorithmIdentifier, arrayList2, validity, arrayList2, subjectPublicKeyInfo, null, null, arrayList3);
                String str4 = algorithmIdentifier.f10388a;
                if (Intrinsics.a(str4, "1.2.840.113549.1.1.11")) {
                    str = "SHA256WithRSA";
                } else {
                    if (!Intrinsics.a(str4, "1.2.840.10045.4.3.2")) {
                        throw new IllegalStateException(("unexpected signature algorithm: " + str4).toString());
                    }
                    str = "SHA256withECDSA";
                }
                Signature signature = Signature.getInstance(str);
                signature.initSign(generateKeyPair.getPrivate());
                CertificateAdapters.f10404a.getClass();
                BasicDerAdapter basicDerAdapter2 = CertificateAdapters.h;
                basicDerAdapter2.getClass();
                Buffer buffer2 = new Buffer();
                basicDerAdapter2.d(new DerWriter(buffer2), tbsCertificate);
                signature.update(buffer2.j(buffer2.y).j());
                Certificate certificate = new Certificate(tbsCertificate, algorithmIdentifier, new BitString(ByteString.Companion.d(ByteString.R, signature.sign()), 0));
                BasicDerAdapter basicDerAdapter3 = CertificateAdapters.i;
                basicDerAdapter3.getClass();
                Buffer buffer3 = new Buffer();
                basicDerAdapter3.d(new DerWriter(buffer3), certificate);
                ByteString j4 = buffer3.j(buffer3.y);
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    Buffer buffer4 = new Buffer();
                    buffer4.o0(j4);
                    X509Certificate x509Certificate = (X509Certificate) CollectionsKt.C(certificateFactory.generateCertificates(new Buffer$inputStream$1(buffer4)));
                    HeldCertificate heldCertificate = new HeldCertificate(generateKeyPair, x509Certificate);
                    HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
                    builder2.f10365a = heldCertificate;
                    builder2.f10366b = (X509Certificate[]) Arrays.copyOf(new X509Certificate[0], 0);
                    builder2.c.add(x509Certificate);
                    return builder2.a();
                } catch (IllegalArgumentException e5) {
                    throw new IllegalArgumentException("failed to decode certificate", e5);
                } catch (GeneralSecurityException e6) {
                    throw new IllegalArgumentException("failed to decode certificate", e6);
                } catch (NoSuchElementException e7) {
                    throw new IllegalArgumentException("failed to decode certificate", e7);
                }
            }
        });
    }

    private TlsUtil() {
    }
}
