package com.tunnelbear.android.api;

import android.app.Application;
import android.content.Context;
import android.os.Build;
import com.tunnelbear.android.api.d;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.internal.l;
import okhttp3.OkHttpClient;
import okhttp3.internal.tls.OkHostnameVerifier;
import org.conscrypt.Conscrypt;

/* compiled from: BearTrust.java */
/* loaded from: classes.dex */
public final class e {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f4933a;

    /* renamed from: b, reason: collision with root package name */
    private final X509TrustManager f4934b;

    /* renamed from: c, reason: collision with root package name */
    private final X509TrustManager f4935c;

    /* renamed from: d, reason: collision with root package name */
    private SSLSocketFactory f4936d;

    /* renamed from: e, reason: collision with root package name */
    private SSLSocketFactory f4937e;

    /* renamed from: f, reason: collision with root package name */
    private SSLSocketFactory f4938f;

    /* renamed from: g, reason: collision with root package name */
    private SSLSocketFactory f4939g;

    /* renamed from: h, reason: collision with root package name */
    private OkHttpClient f4940h;

    /* renamed from: i, reason: collision with root package name */
    private final Context f4941i;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: BearTrust.java */
    /* loaded from: classes.dex */
    public class a implements HostnameVerifier {
        a(e eVar) {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String hostWithScheme, SSLSession sSLSession) {
            OkHostnameVerifier okHostnameVerifier = OkHostnameVerifier.INSTANCE;
            if (okHostnameVerifier != null && okHostnameVerifier.verify(hostWithScheme, sSLSession)) {
                d.b bVar = d.f4929f;
                l.e(hostWithScheme, "hostWithScheme");
                if (f6.f.u(hostWithScheme, "s3.amazonaws.com", false, 2, null)) {
                    m.b.b("BearTrust", "Regular trust enabled");
                    return true;
                }
                if (f6.f.u(hostWithScheme, "amazonaws.com", false, 2, null) && !f6.f.u(hostWithScheme, "s3.amazonaws.com", false, 2, null)) {
                    m.b.b("BearTrust", "API Gateway enabled");
                    m.b.b("BearTrust", "BlueBear enabled, trying IP");
                    return true;
                }
                if (f6.f.u(hostWithScheme, "tunnelbear.com", false, 2, null)) {
                    m.b.b("BearTrust", "Certificate checker trust enabled - without BlueBear");
                    return true;
                }
                if (f6.f.u(hostWithScheme, "captive.apple.com", false, 2, null)) {
                    m.b.b("BearTrust", "Certificate checker trust enabled - captive portal");
                    return true;
                }
                m.b.c("BearTrust", "Failed to verify hostname: " + hostWithScheme);
            }
            return false;
        }
    }

    public e(Application application) {
        if (Build.VERSION.SDK_INT > 21) {
            Security.insertProviderAt(Conscrypt.newProvider(), 1);
        }
        try {
            this.f4941i = application.getApplicationContext();
            this.f4933a = a(f(application));
            this.f4934b = new j(b(), application);
            this.f4935c = b();
        } catch (Exception e7) {
            throw new RuntimeException(e7);
        }
    }

    private X509TrustManager a(InputStream inputStream) throws GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            int i7 = 0;
            while (it.hasNext()) {
                keyStore.setCertificateEntry(Integer.toString(i7), it.next());
                i7++;
            }
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            StringBuilder b8 = android.support.v4.media.c.b("Unexpected default trust managers:");
            b8.append(Arrays.toString(trustManagers));
            throw new IllegalStateException(b8.toString());
        } catch (IOException e7) {
            throw new AssertionError(e7);
        }
    }

    private X509TrustManager b() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers[0] instanceof X509TrustManager) {
            return (X509TrustManager) trustManagers[0];
        }
        StringBuilder b8 = android.support.v4.media.c.b("Unexpected trust managers:");
        b8.append(Arrays.toString(trustManagers));
        throw new IllegalStateException(b8.toString());
    }

    private SSLSocketFactory c(X509TrustManager x509TrustManager, int i7) throws NoSuchAlgorithmException, KeyManagementException {
        if (Build.VERSION.SDK_INT < 22) {
            try {
                z1.a.a(this.f4941i);
            } catch (j1.b | j1.c e7) {
                m.b.c("BearTrust", e7.getMessage());
            }
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        if (i7 == 0) {
            throw null;
        }
        int i8 = i7 - 1;
        if (i8 == 0) {
            if (this.f4936d == null) {
                this.f4936d = new y3.e(sSLContext.getSocketFactory());
            }
            return this.f4936d;
        }
        if (i8 == 1) {
            if (this.f4937e == null) {
                this.f4937e = new y3.e(sSLContext.getSocketFactory());
            }
            return this.f4937e;
        }
        if (i8 != 2) {
            if (this.f4939g == null) {
                this.f4939g = new y3.e(sSLContext.getSocketFactory());
            }
            return this.f4939g;
        }
        if (this.f4938f == null) {
            SSLContext sSLContext2 = SSLContext.getInstance("TLS");
            sSLContext2.init(null, new TrustManager[]{x509TrustManager}, null);
            this.f4938f = sSLContext2.getSocketFactory();
        }
        return this.f4938f;
    }

    private X509TrustManager e(int i7) {
        if (i7 == 0) {
            throw null;
        }
        int i8 = i7 - 1;
        return i8 != 0 ? (i8 == 1 || i8 == 2) ? this.f4934b : this.f4935c : this.f4933a;
    }

    private InputStream f(Context context) throws IOException {
        Vector vector = new Vector();
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA1.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA3.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA4.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/BaltimoreCyberTrustCA.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAClass2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAG2.pem")));
        return new SequenceInputStream(vector.elements());
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x00bc A[Catch: Exception -> 0x0160, TryCatch #0 {Exception -> 0x0160, blocks: (B:3:0x0001, B:6:0x001a, B:9:0x0024, B:11:0x002c, B:12:0x00b8, B:14:0x00bc, B:15:0x00ed, B:17:0x0109, B:20:0x0122, B:22:0x012b, B:24:0x0131, B:27:0x0138, B:29:0x013e, B:30:0x015b, B:32:0x0156, B:33:0x003d, B:35:0x0045, B:37:0x004b, B:40:0x0052, B:42:0x005a, B:44:0x0062, B:46:0x006a, B:48:0x0070, B:51:0x0077, B:52:0x0092, B:53:0x0093, B:54:0x009d, B:55:0x00af), top: B:2:0x0001 }] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0109 A[Catch: Exception -> 0x0160, TryCatch #0 {Exception -> 0x0160, blocks: (B:3:0x0001, B:6:0x001a, B:9:0x0024, B:11:0x002c, B:12:0x00b8, B:14:0x00bc, B:15:0x00ed, B:17:0x0109, B:20:0x0122, B:22:0x012b, B:24:0x0131, B:27:0x0138, B:29:0x013e, B:30:0x015b, B:32:0x0156, B:33:0x003d, B:35:0x0045, B:37:0x004b, B:40:0x0052, B:42:0x005a, B:44:0x0062, B:46:0x006a, B:48:0x0070, B:51:0x0077, B:52:0x0092, B:53:0x0093, B:54:0x009d, B:55:0x00af), top: B:2:0x0001 }] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0122 A[Catch: Exception -> 0x0160, TryCatch #0 {Exception -> 0x0160, blocks: (B:3:0x0001, B:6:0x001a, B:9:0x0024, B:11:0x002c, B:12:0x00b8, B:14:0x00bc, B:15:0x00ed, B:17:0x0109, B:20:0x0122, B:22:0x012b, B:24:0x0131, B:27:0x0138, B:29:0x013e, B:30:0x015b, B:32:0x0156, B:33:0x003d, B:35:0x0045, B:37:0x004b, B:40:0x0052, B:42:0x005a, B:44:0x0062, B:46:0x006a, B:48:0x0070, B:51:0x0077, B:52:0x0092, B:53:0x0093, B:54:0x009d, B:55:0x00af), top: B:2:0x0001 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public okhttp3.OkHttpClient d(java.lang.String r13, java.lang.String r14, b3.b r15) {
        /*
            Method dump skipped, instructions count: 357
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tunnelbear.android.api.e.d(java.lang.String, java.lang.String, b3.b):okhttp3.OkHttpClient");
    }
}
