package okhttp3.tls.internal;

import Ae.C0660f;
import Nd.l;
import androidx.autofill.HintConstants;
import androidx.compose.material3.internal.CalendarModelKt;
import java.math.BigInteger;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.a;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.m;
import kotlin.text.Regex;
import mc.g;
import nc.t;
import nc.x;
import okhttp3.internal._HostnamesCommonKt;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.DerReader;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import okio.ByteString;

@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\bÆ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003¨\u0006\u0004"}, d2 = {"Lokhttp3/tls/internal/TlsUtil;", "", "<init>", "()V", "okhttp-tls"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes5.dex */
public final class TlsUtil {

    /* renamed from: a, reason: collision with root package name */
    public static final TlsUtil f74332a = new TlsUtil();

    /* renamed from: b, reason: collision with root package name */
    public static final char[] f74333b;

    /* renamed from: c, reason: collision with root package name */
    public static final g f74334c;

    static {
        char[] charArray = HintConstants.AUTOFILL_HINT_PASSWORD.toCharArray();
        m.f(charArray, "toCharArray(...)");
        f74333b = charArray;
        f74334c = a.b(new Function0<HandshakeCertificates>() { // from class: okhttp3.tls.internal.TlsUtil$localhost$2
            @Override // kotlin.jvm.functions.Function0
            public final HandshakeCertificates invoke() {
                Object obj;
                Object obj2;
                String str;
                Pair pair;
                HeldCertificate.Builder builder = new HeldCertificate.Builder();
                builder.f74324a = "localhost";
                ArrayList arrayList = builder.f74325b;
                arrayList.add("localhost");
                arrayList.add("localhost.localdomain");
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(builder.f74327d);
                keyPairGenerator.initialize(builder.e, new SecureRandom());
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                m.f(generateKeyPair, "run(...)");
                CertificateAdapters.f74383a.getClass();
                BasicDerAdapter<SubjectPublicKeyInfo> basicDerAdapter = CertificateAdapters.f74388g;
                ByteString byteString = ByteString.f74446g0;
                byte[] encoded = generateKeyPair.getPublic().getEncoded();
                m.f(encoded, "getEncoded(...)");
                ByteString d10 = ByteString.a.d(encoded);
                basicDerAdapter.getClass();
                C0660f c0660f = new C0660f();
                c0660f.i1(d10);
                SubjectPublicKeyInfo c2 = basicDerAdapter.c(new DerReader(c0660f));
                ArrayList arrayList2 = new ArrayList();
                String str2 = builder.f74324a;
                if (str2 == null) {
                    str2 = UUID.randomUUID().toString();
                    m.f(str2, "toString(...)");
                }
                arrayList2.add(l.t(new AttributeTypeAndValue("2.5.4.3", str2)));
                AlgorithmIdentifier algorithmIdentifier = generateKeyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier("1.2.840.113549.1.1.11", null) : new AlgorithmIdentifier("1.2.840.10045.4.3.2", ByteString.f74446g0);
                BigInteger bigInteger = BigInteger.ONE;
                m.d(bigInteger);
                long currentTimeMillis = System.currentTimeMillis();
                Validity validity = new Validity(currentTimeMillis, CalendarModelKt.MillisecondsIn24Hours + currentTimeMillis);
                ArrayList arrayList3 = new ArrayList();
                int i = builder.f74326c;
                if (i != -1) {
                    obj = "1.2.840.113549.1.1.11";
                    obj2 = "1.2.840.10045.4.3.2";
                    arrayList3.add(new Extension(new BasicConstraints(true, Long.valueOf(i)), "2.5.29.19", true));
                } else {
                    obj = "1.2.840.113549.1.1.11";
                    obj2 = "1.2.840.10045.4.3.2";
                }
                if (!arrayList.isEmpty()) {
                    ArrayList arrayList4 = new ArrayList(t.F(arrayList, 10));
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        String str3 = (String) it.next();
                        Regex regex = _HostnamesCommonKt.f73766a;
                        m.g(str3, "<this>");
                        if (_HostnamesCommonKt.f73766a.c(str3)) {
                            CertificateAdapters.f74383a.getClass();
                            BasicDerAdapter<ByteString> basicDerAdapter2 = CertificateAdapters.f74386d;
                            ByteString byteString2 = ByteString.f74446g0;
                            byte[] address = InetAddress.getByName(str3).getAddress();
                            m.f(address, "getAddress(...)");
                            pair = new Pair(basicDerAdapter2, ByteString.a.d(address));
                        } else {
                            CertificateAdapters.f74383a.getClass();
                            pair = new Pair(CertificateAdapters.f74385c, str3);
                        }
                        arrayList4.add(pair);
                    }
                    arrayList3.add(new Extension(arrayList4, "2.5.29.17", true));
                }
                Object obj3 = obj2;
                TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger, algorithmIdentifier, arrayList2, validity, arrayList2, c2, null, null, arrayList3);
                String str4 = algorithmIdentifier.f74359a;
                if (str4.equals(obj)) {
                    str = "SHA256WithRSA";
                } else {
                    if (!str4.equals(obj3)) {
                        throw new IllegalStateException("unexpected signature algorithm: ".concat(str4).toString());
                    }
                    str = "SHA256withECDSA";
                }
                Signature signature = Signature.getInstance(str);
                signature.initSign(generateKeyPair.getPrivate());
                CertificateAdapters.f74383a.getClass();
                BasicDerAdapter<TbsCertificate> basicDerAdapter3 = CertificateAdapters.f74389h;
                basicDerAdapter3.getClass();
                signature.update(androidx.camera.core.impl.utils.a.b(basicDerAdapter3, tbsCertificate).C());
                ByteString byteString3 = ByteString.f74446g0;
                byte[] sign = signature.sign();
                m.f(sign, "sign(...)");
                Certificate certificate = new Certificate(tbsCertificate, algorithmIdentifier, new BitString(0, ByteString.a.d(sign)));
                BasicDerAdapter<Certificate> basicDerAdapter4 = CertificateAdapters.i;
                basicDerAdapter4.getClass();
                ByteString b10 = androidx.camera.core.impl.utils.a.b(basicDerAdapter4, certificate);
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    C0660f c0660f2 = new C0660f();
                    c0660f2.i1(b10);
                    Collection<? extends java.security.cert.Certificate> generateCertificates = certificateFactory.generateCertificates(new C0660f.b());
                    m.d(generateCertificates);
                    Object E02 = x.E0(generateCertificates);
                    m.e(E02, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                    X509Certificate x509Certificate = (X509Certificate) E02;
                    HeldCertificate heldCertificate = new HeldCertificate(generateKeyPair, x509Certificate);
                    HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
                    builder2.f74318a = heldCertificate;
                    builder2.f74319b = (X509Certificate[]) Arrays.copyOf(new X509Certificate[0], 0);
                    builder2.f74320c.add(x509Certificate);
                    return builder2.a();
                } catch (IllegalArgumentException e) {
                    throw new IllegalArgumentException("failed to decode certificate", e);
                } catch (GeneralSecurityException e10) {
                    throw new IllegalArgumentException("failed to decode certificate", e10);
                } catch (NoSuchElementException e11) {
                    throw new IllegalArgumentException("failed to decode certificate", e11);
                }
            }
        });
    }

    private TlsUtil() {
    }
}
