package okhttp3.tls.internal;

import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.collections.h;
import kotlin.i;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import okhttp3.e0.a;
import okhttp3.e0.b;
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;

/* loaded from: classes4.dex */
public final class TlsUtil {
    private static final Lazy b;
    public static final TlsUtil c = new TlsUtil();
    private static final char[] a = "password".toCharArray();

    static {
        Lazy b2;
        b2 = i.b(new Function0<okhttp3.e0.a>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public final okhttp3.e0.a invoke() {
                b.a aVar = new b.a();
                aVar.c("localhost");
                aVar.a(InetAddress.getByName("localhost").getCanonicalHostName());
                okhttp3.e0.b b3 = aVar.b();
                a.C0686a c0686a = new a.C0686a();
                c0686a.d(b3, new X509Certificate[0]);
                c0686a.b(b3.a());
                return c0686a.c();
            }
        });
        b = b2;
    }

    private TlsUtil() {
    }

    private final KeyStore a(String str) {
        if (str == null) {
            str = KeyStore.getDefaultType();
        }
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, a);
        return keyStore;
    }

    @JvmStatic
    public static final X509KeyManager b(String str, okhttp3.e0.b bVar, X509Certificate... x509CertificateArr) {
        KeyStore a2 = c.a(str);
        if (bVar != null) {
            Certificate[] certificateArr = new Certificate[x509CertificateArr.length + 1];
            certificateArr[0] = bVar.a();
            h.h(x509CertificateArr, certificateArr, 1, 0, 0, 12, null);
            a2.setKeyEntry("private", bVar.b().getPrivate(), a, certificateArr);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(a2, a);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        if (keyManagers.length == 1 && (keyManagers[0] instanceof X509KeyManager)) {
            KeyManager keyManager = keyManagers[0];
            Objects.requireNonNull(keyManager, "null cannot be cast to non-null type javax.net.ssl.X509KeyManager");
            return (X509KeyManager) keyManager;
        }
        throw new IllegalStateException(("Unexpected key managers:" + Arrays.toString(keyManagers)).toString());
    }

    @JvmStatic
    @IgnoreJRERequirement
    public static final X509TrustManager c(String str, List<? extends X509Certificate> list, List<String> list2) {
        X509TrustManager bVar;
        KeyStore a2 = c.a(str);
        int size = list.size();
        for (int i2 = 0; i2 < size; i2++) {
            a2.setCertificateEntry("cert_" + i2, list.get(i2));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(a2);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (!(trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager))) {
            throw new IllegalStateException(("Unexpected trust managers: " + Arrays.toString(trustManagers)).toString());
        }
        TrustManager trustManager = trustManagers[0];
        Objects.requireNonNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
        if (list2.isEmpty()) {
            return x509TrustManager;
        }
        if (okhttp3.d0.h.h.Companion.h()) {
            bVar = new a(x509TrustManager, list2);
        } else {
            Objects.requireNonNull(x509TrustManager, "null cannot be cast to non-null type javax.net.ssl.X509ExtendedTrustManager");
            bVar = new b((X509ExtendedTrustManager) x509TrustManager, list2);
        }
        return bVar;
    }
}
