package com.tunnelbear.android.api;

import android.app.Application;
import android.content.Context;
import android.os.Build;
import com.tunnelbear.android.g.w;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.conscrypt.Conscrypt;

/* compiled from: BearTrust.java */
/* loaded from: classes.dex */
public final class h {
    private final X509TrustManager a;
    private final X509TrustManager b;
    private final X509TrustManager c;

    /* renamed from: d, reason: collision with root package name */
    private SSLSocketFactory f2314d;

    /* renamed from: e, reason: collision with root package name */
    private SSLSocketFactory f2315e;

    /* renamed from: f, reason: collision with root package name */
    private SSLSocketFactory f2316f;

    /* renamed from: g, reason: collision with root package name */
    private SSLSocketFactory f2317g;

    /* renamed from: h, reason: collision with root package name */
    private OkHttpClient f2318h;

    /* renamed from: i, reason: collision with root package name */
    private final Context f2319i;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: BearTrust.java */
    /* loaded from: classes.dex */
    public class a implements HostnameVerifier {
        a(h hVar) {
        }

        /* JADX WARN: Removed duplicated region for block: B:16:0x003e  */
        /* JADX WARN: Removed duplicated region for block: B:18:0x0049  */
        @Override // javax.net.ssl.HostnameVerifier
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public boolean verify(java.lang.String r8, javax.net.ssl.SSLSession r9) {
            /*
                r7 = this;
                okhttp3.internal.tls.OkHostnameVerifier r0 = okhttp3.internal.tls.OkHostnameVerifier.INSTANCE
                r1 = 0
                if (r0 == 0) goto L7f
                boolean r9 = r0.verify(r8, r9)
                if (r9 == 0) goto L7f
                com.tunnelbear.android.api.f$b r9 = com.tunnelbear.android.api.f.f2312f
                java.lang.String r9 = "hostWithScheme"
                i.p.c.k.e(r8, r9)
                java.lang.String r0 = "s3.amazonaws.com"
                r2 = 2
                r3 = 0
                boolean r4 = i.u.a.e(r8, r0, r1, r2, r3)
                java.lang.String r5 = "BearTrust"
                r6 = 1
                if (r4 == 0) goto L25
                java.lang.String r8 = "Regular trust enabled"
                com.tunnelbear.android.g.w.a(r5, r8)
                return r6
            L25:
                i.p.c.k.e(r8, r9)
                java.lang.String r4 = "amazonaws.com"
                boolean r4 = i.u.a.e(r8, r4, r1, r2, r3)
                if (r4 == 0) goto L3b
                i.p.c.k.e(r8, r9)
                boolean r0 = i.u.a.e(r8, r0, r1, r2, r3)
                if (r0 != 0) goto L3b
                r0 = 1
                goto L3c
            L3b:
                r0 = 0
            L3c:
                if (r0 == 0) goto L49
                java.lang.String r8 = "API Gateway enabled"
                com.tunnelbear.android.g.w.a(r5, r8)
                java.lang.String r8 = "BlueBear enabled, trying IP"
                com.tunnelbear.android.g.w.a(r5, r8)
                return r6
            L49:
                i.p.c.k.e(r8, r9)
                java.lang.String r0 = "tunnelbear.com"
                boolean r0 = i.u.a.e(r8, r0, r1, r2, r3)
                if (r0 == 0) goto L5a
                java.lang.String r8 = "Certificate checker trust enabled - without BlueBear"
                com.tunnelbear.android.g.w.a(r5, r8)
                return r6
            L5a:
                i.p.c.k.e(r8, r9)
                java.lang.String r9 = "captive.apple.com"
                boolean r9 = i.u.a.e(r8, r9, r1, r2, r3)
                if (r9 == 0) goto L6b
                java.lang.String r8 = "Certificate checker trust enabled - captive portal"
                com.tunnelbear.android.g.w.a(r5, r8)
                return r6
            L6b:
                java.lang.StringBuilder r9 = new java.lang.StringBuilder
                r9.<init>()
                java.lang.String r0 = "Failed to verify hostname: "
                r9.append(r0)
                r9.append(r8)
                java.lang.String r8 = r9.toString()
                com.tunnelbear.android.g.w.b(r5, r8)
            L7f:
                return r1
            */
            throw new UnsupportedOperationException("Method not decompiled: com.tunnelbear.android.api.h.a.verify(java.lang.String, javax.net.ssl.SSLSession):boolean");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: BearTrust.java */
    /* loaded from: classes.dex */
    public enum b {
        AWS_GATEWAY,
        TUNNELBEAR,
        ESNI,
        DEFAULT
    }

    public h(Application application) {
        if (Build.VERSION.SDK_INT > 21) {
            Security.insertProviderAt(Conscrypt.newProvider(), 1);
        }
        try {
            this.f2319i = application.getApplicationContext();
            this.a = a(f(application));
            this.b = new n(b(), application);
            this.c = b();
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private X509TrustManager a(InputStream inputStream) throws GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            int i2 = 0;
            while (it.hasNext()) {
                keyStore.setCertificateEntry(Integer.toString(i2), it.next());
                i2++;
            }
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            StringBuilder d2 = e.a.a.a.a.d("Unexpected default trust managers:");
            d2.append(Arrays.toString(trustManagers));
            throw new IllegalStateException(d2.toString());
        } catch (IOException e2) {
            throw new AssertionError(e2);
        }
    }

    private X509TrustManager b() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers[0] instanceof X509TrustManager) {
            return (X509TrustManager) trustManagers[0];
        }
        StringBuilder d2 = e.a.a.a.a.d("Unexpected trust managers:");
        d2.append(Arrays.toString(trustManagers));
        throw new IllegalStateException(d2.toString());
    }

    private SSLSocketFactory c(X509TrustManager x509TrustManager, b bVar) throws NoSuchAlgorithmException, KeyManagementException {
        if (Build.VERSION.SDK_INT < 22) {
            try {
                e.d.a.a.d.a.a(this.f2319i);
            } catch (com.google.android.gms.common.d | com.google.android.gms.common.e e2) {
                w.b("BearTrust", e2.getMessage());
            }
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        int ordinal = bVar.ordinal();
        if (ordinal == 0) {
            if (this.f2314d == null) {
                this.f2314d = new com.tunnelbear.android.o.e(sSLContext.getSocketFactory());
            }
            return this.f2314d;
        }
        if (ordinal == 1) {
            if (this.f2315e == null) {
                this.f2315e = new com.tunnelbear.android.o.e(sSLContext.getSocketFactory());
            }
            return this.f2315e;
        }
        if (ordinal != 2) {
            if (this.f2317g == null) {
                this.f2317g = new com.tunnelbear.android.o.e(sSLContext.getSocketFactory());
            }
            return this.f2317g;
        }
        if (this.f2316f == null) {
            SSLContext sSLContext2 = SSLContext.getInstance("TLS");
            sSLContext2.init(null, new TrustManager[]{x509TrustManager}, null);
            this.f2316f = sSLContext2.getSocketFactory();
        }
        return this.f2316f;
    }

    private X509TrustManager e(b bVar) {
        int ordinal = bVar.ordinal();
        return ordinal != 0 ? (ordinal == 1 || ordinal == 2) ? this.b : this.c : this.a;
    }

    private InputStream f(Context context) throws IOException {
        Vector vector = new Vector();
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA1.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA3.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA4.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/BaltimoreCyberTrustCA.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAClass2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAG2.pem")));
        return new SequenceInputStream(vector.elements());
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x00c1 A[Catch: Exception -> 0x0165, TryCatch #0 {Exception -> 0x0165, blocks: (B:3:0x0003, B:6:0x001a, B:9:0x0027, B:11:0x002f, B:12:0x00bd, B:14:0x00c1, B:15:0x00f2, B:17:0x010e, B:20:0x0127, B:22:0x0130, B:24:0x0136, B:27:0x013d, B:29:0x0143, B:30:0x0160, B:32:0x015b, B:33:0x0041, B:35:0x0049, B:37:0x004f, B:40:0x0056, B:42:0x005e, B:44:0x0066, B:46:0x006e, B:48:0x0074, B:51:0x007b, B:52:0x0096, B:53:0x0097, B:54:0x00a2, B:55:0x00b3), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x010e A[Catch: Exception -> 0x0165, TryCatch #0 {Exception -> 0x0165, blocks: (B:3:0x0003, B:6:0x001a, B:9:0x0027, B:11:0x002f, B:12:0x00bd, B:14:0x00c1, B:15:0x00f2, B:17:0x010e, B:20:0x0127, B:22:0x0130, B:24:0x0136, B:27:0x013d, B:29:0x0143, B:30:0x0160, B:32:0x015b, B:33:0x0041, B:35:0x0049, B:37:0x004f, B:40:0x0056, B:42:0x005e, B:44:0x0066, B:46:0x006e, B:48:0x0074, B:51:0x007b, B:52:0x0096, B:53:0x0097, B:54:0x00a2, B:55:0x00b3), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0127 A[Catch: Exception -> 0x0165, TryCatch #0 {Exception -> 0x0165, blocks: (B:3:0x0003, B:6:0x001a, B:9:0x0027, B:11:0x002f, B:12:0x00bd, B:14:0x00c1, B:15:0x00f2, B:17:0x010e, B:20:0x0127, B:22:0x0130, B:24:0x0136, B:27:0x013d, B:29:0x0143, B:30:0x0160, B:32:0x015b, B:33:0x0041, B:35:0x0049, B:37:0x004f, B:40:0x0056, B:42:0x005e, B:44:0x0066, B:46:0x006e, B:48:0x0074, B:51:0x007b, B:52:0x0096, B:53:0x0097, B:54:0x00a2, B:55:0x00b3), top: B:2:0x0003 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public okhttp3.OkHttpClient d(java.lang.String r12, java.lang.String r13, com.tunnelbear.android.api.q.b r14) {
        /*
            Method dump skipped, instructions count: 362
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tunnelbear.android.api.h.d(java.lang.String, java.lang.String, com.tunnelbear.android.api.q.b):okhttp3.OkHttpClient");
    }
}
