package okhttp3.internal.tls;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.tls.HeldCertificate;

/* loaded from: classes2.dex */
public final class SslClient {
    private static SslClient localhost;
    public final SSLSocketFactory socketFactory;
    public final SSLContext sslContext;
    public final X509TrustManager trustManager;

    /* loaded from: classes2.dex */
    public static class Builder {
        private KeyPair keyPair;
        private final List<X509Certificate> chainCertificates = new ArrayList();
        private final List<X509Certificate> certificates = new ArrayList();
        private String keyStoreType = KeyStore.getDefaultType();

        private KeyStore newEmptyKeyStore(char[] cArr) {
            try {
                KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
                keyStore.load(null, cArr);
                return keyStore;
            } catch (IOException e) {
                throw new AssertionError(e);
            }
        }

        public Builder addTrustedCertificate(X509Certificate x509Certificate) {
            this.certificates.add(x509Certificate);
            return this;
        }

        public SslClient build() {
            try {
                char[] charArray = "password".toCharArray();
                KeyStore newEmptyKeyStore = newEmptyKeyStore(charArray);
                if (this.keyPair != null) {
                    newEmptyKeyStore.setKeyEntry("private", this.keyPair.getPrivate(), charArray, (Certificate[]) this.chainCertificates.toArray(new Certificate[this.chainCertificates.size()]));
                }
                for (int i = 0; i < this.certificates.size(); i++) {
                    newEmptyKeyStore.setCertificateEntry("cert_" + i, this.certificates.get(i));
                }
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(newEmptyKeyStore, charArray);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(newEmptyKeyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagers, new SecureRandom());
                    return new SslClient(sSLContext, (X509TrustManager) trustManagers[0]);
                }
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            } catch (GeneralSecurityException e) {
                throw new AssertionError(e);
            }
        }

        public Builder certificateChain(KeyPair keyPair, X509Certificate x509Certificate, X509Certificate... x509CertificateArr) {
            this.keyPair = keyPair;
            this.chainCertificates.add(x509Certificate);
            this.chainCertificates.addAll(Arrays.asList(x509CertificateArr));
            this.certificates.addAll(Arrays.asList(x509CertificateArr));
            return this;
        }

        public Builder certificateChain(HeldCertificate heldCertificate, HeldCertificate... heldCertificateArr) {
            X509Certificate[] x509CertificateArr = new X509Certificate[heldCertificateArr.length];
            for (int i = 0; i < heldCertificateArr.length; i++) {
                x509CertificateArr[i] = heldCertificateArr[i].certificate;
            }
            return certificateChain(heldCertificate.keyPair, heldCertificate.certificate, x509CertificateArr);
        }

        public Builder keyStoreType(String str) {
            this.keyStoreType = str;
            return this;
        }
    }

    private SslClient(SSLContext sSLContext, X509TrustManager x509TrustManager) {
        this.sslContext = sSLContext;
        this.socketFactory = sSLContext.getSocketFactory();
        this.trustManager = x509TrustManager;
    }

    public static synchronized SslClient localhost() {
        synchronized (SslClient.class) {
            if (localhost != null) {
                return localhost;
            }
            try {
                HeldCertificate build = new HeldCertificate.Builder().serialNumber("1").commonName(InetAddress.getByName("localhost").getHostName()).build();
                localhost = new Builder().certificateChain(build.keyPair, build.certificate, new X509Certificate[0]).addTrustedCertificate(build.certificate).build();
                return localhost;
            } catch (UnknownHostException | GeneralSecurityException e) {
                throw new RuntimeException(e);
            }
        }
    }
}
