package com.tunnelbear.sdk.security;

import android.content.Context;
import android.os.Build;
import com.google.android.gms.common.GooglePlayServicesNotAvailableException;
import com.google.android.gms.common.GooglePlayServicesRepairableException;
import com.google.android.gms.security.ProviderInstaller;
import com.tunnelbear.sdk.api.PolarbearSSLSocketFactory;
import com.tunnelbear.sdk.client.TBLog;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000.\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\bÀ\u0002\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0010\u0010\u0011J\u000f\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u0003\u0010\u0004J\u0015\u0010\b\u001a\u00020\u00072\u0006\u0010\u0006\u001a\u00020\u0005¢\u0006\u0004\b\b\u0010\tJ\u001d\u0010\u000e\u001a\u00020\r2\u0006\u0010\u000b\u001a\u00020\n2\u0006\u0010\f\u001a\u00020\u0007¢\u0006\u0004\b\u000e\u0010\u000f¨\u0006\u0012"}, d2 = {"Lcom/tunnelbear/sdk/security/CertificateTrustChecker;", "", "Ljava/security/KeyStore;", "a", "()Ljava/security/KeyStore;", "Ljava/io/InputStream;", "inputStream", "Ljavax/net/ssl/X509TrustManager;", "buildCertificateCheckingTrustManager", "(Ljava/io/InputStream;)Ljavax/net/ssl/X509TrustManager;", "Landroid/content/Context;", "context", "trustManager", "Ljavax/net/ssl/SSLSocketFactory;", "getSSLSocketFactory", "(Landroid/content/Context;Ljavax/net/ssl/X509TrustManager;)Ljavax/net/ssl/SSLSocketFactory;", "<init>", "()V", "sdk_release"}, k = 1, mv = {1, 4, 2})
/* loaded from: classes6.dex */
public final class CertificateTrustChecker {

    @NotNull
    public static final CertificateTrustChecker INSTANCE = new CertificateTrustChecker();

    private CertificateTrustChecker() {
    }

    private final KeyStore a() throws GeneralSecurityException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
            return keyStore;
        } catch (IOException e) {
            throw new AssertionError(e);
        }
    }

    @NotNull
    public final X509TrustManager buildCertificateCheckingTrustManager(@NotNull InputStream inputStream) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(inputStream, "inputStream");
        Collection<? extends Certificate> certificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (!(!certificates.isEmpty())) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates".toString());
        }
        KeyStore a2 = a();
        Intrinsics.checkNotNullExpressionValue(certificates, "certificates");
        Iterator<T> it = certificates.iterator();
        int i = 0;
        while (it.hasNext()) {
            a2.setCertificateEntry(String.valueOf(i), (Certificate) it.next());
            i++;
        }
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(a2, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(a2);
        Intrinsics.checkNotNullExpressionValue(trustManagerFactory, "trustManagerFactory");
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        Intrinsics.checkNotNullExpressionValue(trustManagers, "trustManagers");
        if (((trustManagers.length == 0) ^ true) && (trustManagers[0] instanceof X509TrustManager)) {
            TrustManager trustManager = trustManagers[0];
            Objects.requireNonNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            return (X509TrustManager) trustManager;
        }
        throw new IllegalStateException(("Unexpected default trust managers:" + Arrays.toString(trustManagers)).toString());
    }

    @NotNull
    public final SSLSocketFactory getSSLSocketFactory(@NotNull Context context, @NotNull X509TrustManager trustManager) throws NoSuchAlgorithmException, KeyManagementException {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(trustManager, "trustManager");
        if (Build.VERSION.SDK_INT < 22) {
            try {
                ProviderInstaller.installIfNeeded(context);
            } catch (GooglePlayServicesNotAvailableException e) {
                TBLog.INSTANCE.e("CertificateTrustChecker", e.getMessage());
            } catch (GooglePlayServicesRepairableException e2) {
                TBLog.INSTANCE.e("CertificateTrustChecker", e2.getMessage());
            }
        }
        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(null, new TrustManager[]{trustManager}, null);
        Intrinsics.checkNotNullExpressionValue(sslContext, "sslContext");
        SSLSocketFactory socketFactory = sslContext.getSocketFactory();
        Intrinsics.checkNotNullExpressionValue(socketFactory, "sslContext.socketFactory");
        return new PolarbearSSLSocketFactory(socketFactory);
    }
}
