package com.hootsuite.core.network.ssl;

import android.content.Context;
import com.hootsuite.core.R;
import com.hootsuite.tool.dependencyinjection.qualifiers.ForApplication;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import okhttp3.OkHttpClient;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public class SSLPinnedOkHttpClientFactory {
    private static final String KEYSTORE_TYPE_BOUNCY_CASTLE = "BKS";
    private final Context mContext;

    public SSLPinnedOkHttpClientFactory(@ForApplication Context context) {
        this.mContext = context;
    }

    public OkHttpClient.Builder addSSLPinning(OkHttpClient.Builder builder) {
        InputStream openRawResource = this.mContext.getResources().openRawResource(R.raw.keystore);
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE_BOUNCY_CASTLE);
            char[] charArray = this.mContext.getString(R.string.bks_keystore_unlock).toCharArray();
            keyStore.load(openRawResource, charArray);
            openRawResource.close();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            TrustManager[] trustManagerArr = {new CustomTrustManager(keyStore)};
            keyManagerFactory.init(keyStore, charArray);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, null);
            builder.hostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
            builder.sslSocketFactory(sSLContext.getSocketFactory());
            return builder;
        } catch (Throwable th) {
            openRawResource.close();
            throw th;
        }
    }
}
