package okhttp3.tls.internal;

import androidx.compose.foundation.layout.WindowInsetsSides;
import java.math.BigInteger;
import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import okhttp3.internal.Util;
import okhttp3.tls.HandshakeCertificates;
import okhttp3.tls.HeldCertificate;
import okhttp3.tls.internal.der.AlgorithmIdentifier;
import okhttp3.tls.internal.der.AttributeTypeAndValue;
import okhttp3.tls.internal.der.BasicConstraints;
import okhttp3.tls.internal.der.BasicDerAdapter;
import okhttp3.tls.internal.der.BitString;
import okhttp3.tls.internal.der.Certificate;
import okhttp3.tls.internal.der.CertificateAdapters;
import okhttp3.tls.internal.der.DerReader;
import okhttp3.tls.internal.der.DerWriter;
import okhttp3.tls.internal.der.Extension;
import okhttp3.tls.internal.der.SubjectPublicKeyInfo;
import okhttp3.tls.internal.der.TbsCertificate;
import okhttp3.tls.internal.der.Validity;
import okio.Buffer$inputStream$1;
import okio.ByteString;

@Metadata(d1 = {"\u0000\b\n\u0000\n\u0002\u0018\u0002\n\u0000\u0010\u0000\u001a\u00020\u0001H\n¢\u0006\u0002\b\u0002"}, d2 = {"<anonymous>", "Lokhttp3/tls/HandshakeCertificates;", "invoke"}, k = 3, mv = {1, 6, 0}, xi = WindowInsetsSides.f)
/* loaded from: classes3.dex */
public final class TlsUtil$localhost$2 extends Lambda implements Function0<HandshakeCertificates> {

    /* renamed from: a, reason: collision with root package name */
    public static final TlsUtil$localhost$2 f24453a = new Lambda(0);

    /* JADX WARN: Type inference failed for: r2v4, types: [okio.Buffer, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v1, types: [okio.Buffer, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v6, types: [okio.Buffer, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r5v7, types: [okio.Buffer, java.lang.Object] */
    @Override // kotlin.jvm.functions.Function0
    public final Object e() {
        Object obj;
        Object obj2;
        String str;
        Pair pair;
        HeldCertificate.Builder builder = new HeldCertificate.Builder();
        builder.f24447a = "localhost";
        String canonicalHostName = InetAddress.getByName("localhost").getCanonicalHostName();
        Intrinsics.e(canonicalHostName, "getByName(\"localhost\").canonicalHostName");
        ArrayList arrayList = builder.b;
        arrayList.add(canonicalHostName);
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(builder.f24449d);
        keyPairGenerator.initialize(builder.e, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.e(generateKeyPair, "getInstance(keyAlgorithm…generateKeyPair()\n      }");
        BasicDerAdapter basicDerAdapter = CertificateAdapters.f;
        ByteString byteString = ByteString.f24532d;
        byte[] encoded = generateKeyPair.getPublic().getEncoded();
        Intrinsics.e(encoded, "subjectKeyPair.public.encoded");
        ByteString c2 = ByteString.Companion.c(encoded);
        basicDerAdapter.getClass();
        ?? obj3 = new Object();
        obj3.b0(c2);
        SubjectPublicKeyInfo subjectPublicKeyInfo = (SubjectPublicKeyInfo) basicDerAdapter.b(new DerReader(obj3));
        ArrayList arrayList2 = new ArrayList();
        String str2 = builder.f24447a;
        if (str2 == null) {
            str2 = UUID.randomUUID().toString();
            Intrinsics.e(str2, "randomUUID().toString()");
        }
        arrayList2.add(CollectionsKt.K(new AttributeTypeAndValue(str2, "2.5.4.3")));
        AlgorithmIdentifier algorithmIdentifier = generateKeyPair.getPrivate() instanceof RSAPrivateKey ? new AlgorithmIdentifier(null, "1.2.840.113549.1.1.11") : new AlgorithmIdentifier(ByteString.f24532d, "1.2.840.10045.4.3.2");
        BigInteger bigInteger = BigInteger.ONE;
        Intrinsics.e(bigInteger, "serialNumber ?: BigInteger.ONE");
        long currentTimeMillis = System.currentTimeMillis();
        Validity validity = new Validity(currentTimeMillis, 86400000 + currentTimeMillis);
        ArrayList arrayList3 = new ArrayList();
        int i = builder.f24448c;
        if (i != -1) {
            obj = "1.2.840.113549.1.1.11";
            obj2 = "1.2.840.10045.4.3.2";
            arrayList3.add(new Extension(new BasicConstraints(true, Long.valueOf(i)), "2.5.29.19", true));
        } else {
            obj = "1.2.840.113549.1.1.11";
            obj2 = "1.2.840.10045.4.3.2";
        }
        if (!arrayList.isEmpty()) {
            ArrayList arrayList4 = new ArrayList(CollectionsKt.s(arrayList));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str3 = (String) it.next();
                byte[] bArr = Util.f24264a;
                Intrinsics.f(str3, "<this>");
                if (Util.f.c(str3)) {
                    BasicDerAdapter basicDerAdapter2 = CertificateAdapters.f24483c;
                    ByteString byteString2 = ByteString.f24532d;
                    byte[] address = InetAddress.getByName(str3).getAddress();
                    Intrinsics.e(address, "getByName(it).address");
                    pair = new Pair(basicDerAdapter2, ByteString.Companion.c(address));
                } else {
                    pair = new Pair(CertificateAdapters.b, str3);
                }
                arrayList4.add(pair);
            }
            arrayList3.add(new Extension(arrayList4, "2.5.29.17", true));
        }
        Object obj4 = obj2;
        TbsCertificate tbsCertificate = new TbsCertificate(2L, bigInteger, algorithmIdentifier, arrayList2, validity, arrayList2, subjectPublicKeyInfo, null, null, arrayList3);
        String str4 = algorithmIdentifier.f24468a;
        if (Intrinsics.a(str4, obj)) {
            str = "SHA256WithRSA";
        } else {
            if (!Intrinsics.a(str4, obj4)) {
                throw new IllegalStateException(Intrinsics.k(str4, "unexpected signature algorithm: ").toString());
            }
            str = "SHA256withECDSA";
        }
        Signature signature = Signature.getInstance(str);
        signature.initSign(generateKeyPair.getPrivate());
        BasicDerAdapter basicDerAdapter3 = CertificateAdapters.g;
        basicDerAdapter3.getClass();
        ?? obj5 = new Object();
        basicDerAdapter3.d(new DerWriter(obj5), tbsCertificate);
        signature.update(obj5.y(obj5.b).x());
        ByteString byteString3 = ByteString.f24532d;
        byte[] sign = signature.sign();
        Intrinsics.e(sign, "sign()");
        Certificate certificate = new Certificate(tbsCertificate, algorithmIdentifier, new BitString(ByteString.Companion.c(sign), 0));
        BasicDerAdapter basicDerAdapter4 = CertificateAdapters.h;
        basicDerAdapter4.getClass();
        ?? obj6 = new Object();
        basicDerAdapter4.d(new DerWriter(obj6), certificate);
        ByteString y = obj6.y(obj6.b);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ?? obj7 = new Object();
            obj7.b0(y);
            Collection<? extends java.security.cert.Certificate> certificates = certificateFactory.generateCertificates(new Buffer$inputStream$1(obj7));
            Intrinsics.e(certificates, "certificates");
            Object c0 = CollectionsKt.c0(certificates);
            if (c0 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) c0;
            HeldCertificate heldCertificate = new HeldCertificate(generateKeyPair, x509Certificate);
            HandshakeCertificates.Builder builder2 = new HandshakeCertificates.Builder();
            builder2.f24443a = heldCertificate;
            builder2.b = (X509Certificate[]) Arrays.copyOf(new X509Certificate[0], 0);
            builder2.f24444c.add(x509Certificate);
            return builder2.a();
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException("failed to decode certificate", e);
        } catch (GeneralSecurityException e2) {
            throw new IllegalArgumentException("failed to decode certificate", e2);
        } catch (NoSuchElementException e3) {
            throw new IllegalArgumentException("failed to decode certificate", e3);
        }
    }
}
