package com.tunnelbear.android.api;

import android.content.Context;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* compiled from: BearTrust.java */
/* loaded from: classes.dex */
public final class i {

    /* renamed from: a, reason: collision with root package name */
    private X509TrustManager f3339a;

    /* renamed from: b, reason: collision with root package name */
    private X509TrustManager f3340b;

    /* renamed from: c, reason: collision with root package name */
    private X509TrustManager f3341c;

    /* renamed from: d, reason: collision with root package name */
    private SSLSocketFactory f3342d;

    /* renamed from: e, reason: collision with root package name */
    private SSLSocketFactory f3343e;

    /* renamed from: f, reason: collision with root package name */
    private SSLSocketFactory f3344f;

    /* renamed from: g, reason: collision with root package name */
    private OkHttpClient f3345g;

    /* renamed from: h, reason: collision with root package name */
    private Context f3346h;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: BearTrust.java */
    /* loaded from: classes.dex */
    public enum a {
        CERTIFICATE_PINNED,
        TUNNELBEAR,
        DEFAULT
    }

    public i(Context context) {
        try {
            this.f3346h = context;
            this.f3339a = a(a(context));
            this.f3340b = new k(a(), context);
            this.f3341c = a();
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private InputStream a(Context context) throws IOException {
        Vector vector = new Vector();
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA1.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA3.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA4.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/BaltimoreCyberTrustCA.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAClass2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAG2.pem")));
        return new SequenceInputStream(vector.elements());
    }

    private SSLSocketFactory a(X509TrustManager x509TrustManager, a aVar) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext;
        try {
            sSLContext = SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException unused) {
            sSLContext = SSLContext.getInstance("TLS");
        }
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        int ordinal = aVar.ordinal();
        if (ordinal == 0) {
            if (this.f3342d == null) {
                this.f3342d = sSLContext.getSocketFactory();
            }
            return this.f3342d;
        }
        if (ordinal != 1) {
            if (this.f3344f == null) {
                this.f3344f = sSLContext.getSocketFactory();
            }
            return this.f3344f;
        }
        if (this.f3343e == null) {
            this.f3343e = sSLContext.getSocketFactory();
        }
        return this.f3343e;
    }

    private X509TrustManager a() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers[0] instanceof X509TrustManager) {
            return (X509TrustManager) trustManagers[0];
        }
        StringBuilder a2 = c.a.a.a.a.a("Unexpected trust managers:");
        a2.append(Arrays.toString(trustManagers));
        throw new IllegalStateException(a2.toString());
    }

    private X509TrustManager a(a aVar) {
        int ordinal = aVar.ordinal();
        return ordinal != 0 ? ordinal != 1 ? this.f3341c : this.f3340b : this.f3339a;
    }

    private X509TrustManager a(InputStream inputStream) throws GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            int i = 0;
            while (it.hasNext()) {
                keyStore.setCertificateEntry(Integer.toString(i), it.next());
                i++;
            }
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            StringBuilder a2 = c.a.a.a.a.a("Unexpected default trust managers:");
            a2.append(Arrays.toString(trustManagers));
            throw new IllegalStateException(a2.toString());
        } catch (IOException e2) {
            throw new AssertionError(e2);
        }
    }

    public OkHttpClient a(String str) {
        X509TrustManager a2;
        SSLSocketFactory a3;
        try {
            if (g.e(str)) {
                a2 = a(a.DEFAULT);
                a3 = a(a2, a.DEFAULT);
            } else if (g.f(str)) {
                a2 = a(a.TUNNELBEAR);
                ((k) a2).a(str);
                a3 = a(a2, a.TUNNELBEAR);
            } else {
                if (!g.b(str) && !g.c(str)) {
                    throw new RuntimeException("Unknown host (" + str + ") used in trust creation.");
                }
                a2 = a(a.CERTIFICATE_PINNED);
                a3 = a(a2, a.CERTIFICATE_PINNED);
            }
            if (this.f3345g == null) {
                this.f3345g = new OkHttpClient.Builder().connectionPool(g.c()).followRedirects(false).followSslRedirects(false).hostnameVerifier(new h(this)).build();
            }
            return this.f3345g.newBuilder().addInterceptor(new j(this.f3346h, str)).sslSocketFactory(a3, a2).build();
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }
}
