package com.tunnelbear.sdk.client;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import com.tunnelbear.sdk.api.PolarbearApi;
import com.tunnelbear.sdk.api.b;
import com.tunnelbear.sdk.api.d;
import com.tunnelbear.sdk.model.VpnConnectionSpec;
import d.n.a.a;
import d.n.a.b;
import d.n.a.c;
import e.f.a.f.a;
import i.p.c.k;
import i.u.e;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import k.c0;
import k.h0.a.g;
import okhttp3.CertificatePinner;
import okhttp3.ConnectionPool;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.logging.HttpLoggingInterceptor;

/* compiled from: Provider.kt */
/* loaded from: classes.dex */
public final class Provider {
    private static final String TAG = "Provider";
    private static final String TOKEN_KEY = "PolarVpnToken";
    public static final Provider INSTANCE = new Provider();
    private static ConnectionPool connectionPool = new ConnectionPool(0, 1, TimeUnit.NANOSECONDS);

    private Provider() {
    }

    public static final VpnClient client(Context context, a aVar, e.f.a.b.a aVar2, VpnConnectionSpec vpnConnectionSpec, String str, boolean z, b bVar) {
        k.e(context, "context");
        k.e(aVar, "manager");
        k.e(aVar2, "prefs");
        k.e(vpnConnectionSpec, "connectionSpec");
        k.e(str, "partnerIdentifier");
        k.e(bVar, "apiServicePriorityQueue");
        return new PolarbearVpnClient(context, aVar, aVar2, vpnConnectionSpec, connectionPool, str, z, bVar);
    }

    public static final e.f.a.b.a encryptedCredential(Context context) {
        d.n.a.b a;
        k.e(context, "context");
        try {
            if (Build.VERSION.SDK_INT >= 23) {
                b.a aVar = new b.a(context);
                aVar.b(c.a);
                a = aVar.a();
                k.d(a, "MasterKey.Builder(contex….AES256_GCM_SPEC).build()");
            } else {
                b.a aVar2 = new b.a(context);
                aVar2.c(b.EnumC0081b.AES256_GCM);
                a = aVar2.a();
                k.d(a, "MasterKey.Builder(contex…cheme.AES256_GCM).build()");
            }
            final SharedPreferences a2 = d.n.a.a.a(context, "Encrypted_Prefs", a, a.c.AES256_SIV, a.d.AES256_GCM);
            k.d(a2, "EncryptedSharedPreferenc….AES256_GCM\n            )");
            return new e.f.a.b.a() { // from class: com.tunnelbear.sdk.client.Provider$encryptedCredential$1
                @Override // e.f.a.b.a
                public void clear() {
                    a2.edit().clear().apply();
                }

                @Override // e.f.a.b.a
                public String get() {
                    String string = a2.getString("PolarVpnToken", "");
                    return string != null ? string : "";
                }

                @Override // e.f.a.b.a
                public void set(String str) {
                    k.e(str, "value");
                    a2.edit().putString("PolarVpnToken", str).apply();
                }
            };
        } catch (IOException e2) {
            TBLog.INSTANCE.e(TAG, e2.getMessage());
            StringBuilder d2 = e.a.a.a.a.d("Aborting due to catastrophic encryption failure:");
            d2.append(e2.getMessage());
            throw new RuntimeException(i.u.a.L(d2.toString()));
        } catch (GeneralSecurityException e3) {
            TBLog.INSTANCE.e(TAG, e3.getMessage());
            StringBuilder d3 = e.a.a.a.a.d("Aborting due to catastrophic encryption failure:");
            d3.append(e3.getMessage());
            throw new RuntimeException(i.u.a.L(d3.toString()));
        }
    }

    public static final e.f.a.b.a inMemoryCredential() {
        return new e.f.a.b.a() { // from class: com.tunnelbear.sdk.client.Provider$inMemoryCredential$1
            private String authToken = "";

            @Override // e.f.a.b.a
            public void clear() {
                this.authToken = "";
            }

            @Override // e.f.a.b.a
            public String get() {
                return this.authToken;
            }

            public final String getAuthToken() {
                return this.authToken;
            }

            @Override // e.f.a.b.a
            public void set(String str) {
                k.e(str, "newToken");
                this.authToken = str;
            }

            public final void setAuthToken(String str) {
                k.e(str, "<set-?>");
                this.authToken = str;
            }
        };
    }

    public static final e.f.a.f.a vpnConnection(Context context) {
        k.e(context, "context");
        return new e.f.a.f.b(context);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final PolarbearApi api(e.f.a.b.a aVar, String str, e.f.a.e.b bVar, InputStream inputStream, Context context, boolean z) {
        k.e(aVar, "credentialHolder");
        k.e(str, "hostname");
        k.e(context, "context");
        String z2 = i.u.a.z(new e("/$").b(new e("^https?://").c(str, ""), ""), "/prod/polarbear", "", false, 4, null);
        k.c(bVar);
        ConnectionPool connectionPool2 = connectionPool;
        k.e(aVar, "holder");
        k.e(z2, "hostname");
        k.e(bVar, "certificateSet");
        k.e(context, "context");
        k.e(connectionPool2, "connectionPool");
        int i2 = 1;
        if (!(bVar.c(z2) >= 2)) {
            throw new IllegalArgumentException("Certificate set must contain hostname (or a superseding wildcard if hostname is of form x.y.z) and at least one backup pin.".toString());
        }
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        Map<String, Set<String>> b = bVar.b();
        CertificatePinner.Builder builder2 = new CertificatePinner.Builder();
        for (String str2 : b.keySet()) {
            Set<String> set = b.get(str2);
            if (set == null) {
                set = Collections.emptySet();
            }
            for (String str3 : set) {
                if (str3.length() > 0) {
                    builder2.add(str2, str3);
                }
            }
        }
        OkHttpClient.Builder addInterceptor = builder.certificatePinner(builder2.build()).hostnameVerifier(new com.tunnelbear.sdk.api.c(OkHostnameVerifier.INSTANCE, bVar.b().keySet())).followRedirects(false).followSslRedirects(false).retryOnConnectionFailure(true).connectionPool(connectionPool2).addInterceptor(new d(aVar, context));
        TimeUnit timeUnit = TimeUnit.SECONDS;
        OkHttpClient.Builder pingInterval = addInterceptor.connectTimeout(30L, timeUnit).readTimeout(30L, timeUnit).writeTimeout(30L, timeUnit).pingInterval(1L, timeUnit);
        if (z) {
            HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(null, i2, 0 == true ? 1 : 0);
            httpLoggingInterceptor.level(HttpLoggingInterceptor.Level.BASIC);
            pingInterval.addInterceptor(httpLoggingInterceptor);
        }
        if (inputStream != null) {
            try {
                X509TrustManager a = e.f.a.e.a.a(inputStream);
                SSLSocketFactory b2 = e.f.a.e.a.b(context, a);
                if (Build.VERSION.SDK_INT < 22) {
                    try {
                        pingInterval.sslSocketFactory(b2, a);
                        pingInterval.connectionSpecs(i.l.d.t(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).build(), ConnectionSpec.COMPATIBLE_TLS, ConnectionSpec.CLEARTEXT));
                    } catch (Exception e2) {
                        TBLog.INSTANCE.e("PolarOkHttpClient", e2.getLocalizedMessage());
                    }
                } else {
                    pingInterval.sslSocketFactory(b2, a);
                }
            } catch (GeneralSecurityException e3) {
                throw new RuntimeException(e3);
            }
        }
        OkHttpClient build = pingInterval.build();
        connectionPool = build.connectionPool();
        c0.b bVar2 = new c0.b();
        bVar2.e(build);
        bVar2.c(str);
        bVar2.a(g.d());
        bVar2.b(k.i0.a.a.c());
        Object c = bVar2.d().c(PolarbearApi.class);
        k.d(c, "Retrofit.Builder()\n     …PolarbearApi::class.java)");
        return (PolarbearApi) c;
    }
}
