package com.tunnelbear.android.api;

import android.content.Context;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* compiled from: BearTrust.java */
/* loaded from: classes.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    private X509TrustManager f1243a;

    /* renamed from: b, reason: collision with root package name */
    private X509TrustManager f1244b;
    private X509TrustManager c;
    private SSLSocketFactory d;
    private SSLSocketFactory e;
    private SSLSocketFactory f;
    private OkHttpClient g;
    private Context h;

    public d(Context context) {
        try {
            this.h = context;
            Vector vector = new Vector();
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA1.pem")));
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA2.pem")));
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA3.pem")));
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA4.pem")));
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/BaltimoreCyberTrustCA.pem")));
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAClass2.pem")));
            vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAG2.pem")));
            this.f1243a = a(new SequenceInputStream(vector.elements()));
            this.f1244b = new i(a(), context);
            this.c = a();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private SSLSocketFactory a(X509TrustManager x509TrustManager, int i) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext;
        try {
            sSLContext = SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException unused) {
            sSLContext = SSLContext.getInstance("TLS");
        }
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        switch (f.f1246a[i - 1]) {
            case 1:
                if (this.d == null) {
                    this.d = sSLContext.getSocketFactory();
                }
                return this.d;
            case 2:
                if (this.e == null) {
                    this.e = sSLContext.getSocketFactory();
                }
                return this.e;
            default:
                if (this.f == null) {
                    this.f = sSLContext.getSocketFactory();
                }
                return this.f;
        }
    }

    private static X509TrustManager a() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers[0] instanceof X509TrustManager) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Unexpected trust managers:" + Arrays.toString(trustManagers));
    }

    private X509TrustManager a(int i) {
        switch (f.f1246a[i - 1]) {
            case 1:
                return this.f1243a;
            case 2:
                return this.f1244b;
            default:
                return this.c;
        }
    }

    private static X509TrustManager a(InputStream inputStream) throws GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }
        KeyStore b2 = b();
        Iterator<? extends Certificate> it = generateCertificates.iterator();
        int i = 0;
        while (it.hasNext()) {
            b2.setCertificateEntry(Integer.toString(i), it.next());
            i++;
        }
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(b2, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(b2);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
    }

    private static KeyStore b() throws GeneralSecurityException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            return keyStore;
        } catch (IOException e) {
            throw new AssertionError(e);
        }
    }

    public final OkHttpClient a(String str) {
        X509TrustManager a2;
        SSLSocketFactory a3;
        try {
            if (a.c(str)) {
                a2 = a(g.c);
                a3 = a(a2, g.c);
            } else if (a.d(str)) {
                a2 = a(g.f1248b);
                ((i) a2).a(str);
                a3 = a(a2, g.f1248b);
            } else {
                if (!a.b(str) && !a.a(str)) {
                    throw new RuntimeException("Unknown host (" + str + ") used in trust creation.");
                }
                a2 = a(g.f1247a);
                a3 = a(a2, g.f1247a);
            }
            if (this.g == null) {
                this.g = new OkHttpClient.Builder().connectionPool(a.a()).followRedirects(false).followSslRedirects(false).hostnameVerifier(new e(this)).build();
            }
            return this.g.newBuilder().addInterceptor(new h(this.h, str)).sslSocketFactory(a3, a2).build();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }
}
