package e.f.a.e;

import android.content.Context;
import android.os.Build;
import com.google.android.gms.common.d;
import com.google.android.gms.common.e;
import com.tunnelbear.sdk.client.TBLog;
import i.p.c.k;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: CertificateTrustChecker.kt */
/* loaded from: classes.dex */
public final class a {
    public static final X509TrustManager a(InputStream inputStream) throws GeneralSecurityException {
        k.e(inputStream, "inputStream");
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (!(!generateCertificates.isEmpty())) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates".toString());
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            k.d(keyStore, "keyStore");
            k.d(generateCertificates, "certificates");
            Iterator<T> it = generateCertificates.iterator();
            int i2 = 0;
            while (it.hasNext()) {
                keyStore.setCertificateEntry(String.valueOf(i2), (Certificate) it.next());
                i2++;
            }
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            k.d(trustManagerFactory, "trustManagerFactory");
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            k.d(trustManagers, "trustManagers");
            if (((trustManagers.length == 0) ^ true) && (trustManagers[0] instanceof X509TrustManager)) {
                TrustManager trustManager = trustManagers[0];
                Objects.requireNonNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                return (X509TrustManager) trustManager;
            }
            StringBuilder d2 = e.a.a.a.a.d("Unexpected default trust managers:");
            d2.append(Arrays.toString(trustManagers));
            throw new IllegalStateException(d2.toString().toString());
        } catch (IOException e2) {
            throw new AssertionError(e2);
        }
    }

    public static final SSLSocketFactory b(Context context, X509TrustManager x509TrustManager) throws NoSuchAlgorithmException, KeyManagementException {
        k.e(context, "context");
        k.e(x509TrustManager, "trustManager");
        if (Build.VERSION.SDK_INT < 22) {
            try {
                e.d.a.a.d.a.a(context);
            } catch (d e2) {
                TBLog.INSTANCE.e("CertificateTrustChecker", e2.getMessage());
            } catch (e e3) {
                TBLog.INSTANCE.e("CertificateTrustChecker", e3.getMessage());
            }
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        k.d(sSLContext, "sslContext");
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        k.d(socketFactory, "sslContext.socketFactory");
        return new com.tunnelbear.sdk.api.e(socketFactory);
    }
}
