package com.tunnelbear.sdk.client;

import a1.i;
import android.content.Context;
import android.content.SharedPreferences;
import androidx.security.crypto.b;
import com.tunnelbear.sdk.api.PolarbearApi;
import com.tunnelbear.sdk.model.VpnConnectionSpec;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import k6.c;
import k6.d;
import k6.e;
import m8.l;
import o6.a;
import okhttp3.CertificatePinner;
import okhttp3.ConnectionPool;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.logging.HttpLoggingInterceptor;
import org.conscrypt.Conscrypt;
import t8.e;
import t8.f;
import w6.b;
import y9.a0;

/* compiled from: Provider.kt */
/* loaded from: classes.dex */
public final class Provider {
    private static final String TAG = "Provider";
    private static final String TOKEN_KEY = "PolarVpnToken";
    public static final Provider INSTANCE = new Provider();
    private static ConnectionPool connectionPool = new ConnectionPool(0, 1, TimeUnit.NANOSECONDS);

    private Provider() {
    }

    public static final VpnClient client(Context context, b bVar, a aVar, VpnConnectionSpec vpnConnectionSpec, String str, boolean z10, c cVar, n6.a aVar2) {
        l.f(context, "context");
        l.f(bVar, "manager");
        l.f(aVar, "prefs");
        l.f(vpnConnectionSpec, "connectionSpec");
        l.f(str, "partnerIdentifier");
        l.f(cVar, "apiServicePriorityQueue");
        l.f(aVar2, "sSocks");
        return new PolarbearVpnClient(context, bVar, aVar, vpnConnectionSpec, connectionPool, str, z10, cVar, aVar2);
    }

    public static final a encryptedCredential(Context context) {
        l.f(context, "context");
        try {
            b.a aVar = new b.a(context);
            aVar.b(androidx.security.crypto.c.f2787a);
            final SharedPreferences a10 = androidx.security.crypto.a.a(context, "Encrypted_Prefs", aVar.a());
            return new a() { // from class: com.tunnelbear.sdk.client.Provider$encryptedCredential$1
                @Override // o6.a
                public void clear() {
                    a10.edit().clear().apply();
                }

                @Override // o6.a
                public String get() {
                    String string = a10.getString("PolarVpnToken", HttpUrl.FRAGMENT_ENCODE_SET);
                    return string == null ? HttpUrl.FRAGMENT_ENCODE_SET : string;
                }

                @Override // o6.a
                public void set(String str) {
                    l.f(str, "value");
                    a10.edit().putString("PolarVpnToken", str).apply();
                }
            };
        } catch (IOException e10) {
            TBLog.INSTANCE.e(TAG, e10.getMessage());
            StringBuilder d10 = i.d("Aborting due to catastrophic encryption failure:");
            d10.append(e10.getMessage());
            throw new RuntimeException(f.e(d10.toString()));
        } catch (GeneralSecurityException e11) {
            TBLog.INSTANCE.e(TAG, e11.getMessage());
            StringBuilder d11 = i.d("Aborting due to catastrophic encryption failure:");
            d11.append(e11.getMessage());
            throw new RuntimeException(f.e(d11.toString()));
        }
    }

    public static final a inMemoryCredential() {
        return new a() { // from class: com.tunnelbear.sdk.client.Provider$inMemoryCredential$1
            private String authToken = HttpUrl.FRAGMENT_ENCODE_SET;

            @Override // o6.a
            public void clear() {
                this.authToken = HttpUrl.FRAGMENT_ENCODE_SET;
            }

            @Override // o6.a
            public String get() {
                return this.authToken;
            }

            public final String getAuthToken() {
                return this.authToken;
            }

            @Override // o6.a
            public void set(String str) {
                l.f(str, "newToken");
                this.authToken = str;
            }

            public final void setAuthToken(String str) {
                l.f(str, "<set-?>");
                this.authToken = str;
            }
        };
    }

    public static final w6.b vpnConnection(Context context) {
        l.f(context, "context");
        return new w6.c(context);
    }

    public static final w6.b wgvpnConnection(Context context) {
        l.f(context, "context");
        return new com.tunnelbear.sdk.vpnservice.a(context);
    }

    public final PolarbearApi api(a aVar, String str, u6.b bVar, InputStream inputStream, Context context, boolean z10, boolean z11, n6.a aVar2) {
        l.f(aVar, "credentialHolder");
        l.f(str, "hostname");
        l.f(context, "context");
        e eVar = new e("^https?://");
        String str2 = HttpUrl.FRAGMENT_ENCODE_SET;
        String M = f.M(new e("/$").b(eVar.c(str, HttpUrl.FRAGMENT_ENCODE_SET)), "/prod/polarbear", HttpUrl.FRAGMENT_ENCODE_SET);
        l.c(bVar);
        ConnectionPool connectionPool2 = connectionPool;
        l.f(connectionPool2, "connectionPool");
        e.a aVar3 = e.a.d.f9307a;
        if (!(bVar.c(M) >= 2)) {
            throw new IllegalArgumentException("Certificate set must contain hostname (or a superseding wildcard if hostname is of form x.y.z) and at least one backup pin.".toString());
        }
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        Map<String, Set<String>> b7 = bVar.b();
        CertificatePinner.Builder builder2 = new CertificatePinner.Builder();
        HashMap hashMap = (HashMap) b7;
        for (String str3 : hashMap.keySet()) {
            Object obj = hashMap.get(str3);
            if (obj == null) {
                obj = Collections.emptySet();
            }
            for (String str4 : (Set) obj) {
                if (str4.length() > 0) {
                    builder2.add(str3, str4);
                    str2 = str2;
                }
            }
        }
        String str5 = str2;
        OkHttpClient.Builder connectionPool3 = builder.certificatePinner(builder2.build()).hostnameVerifier(new d(OkHostnameVerifier.INSTANCE, ((HashMap) bVar.b()).keySet())).followRedirects(false).followSslRedirects(false).retryOnConnectionFailure(true).connectionPool(connectionPool2);
        TimeUnit timeUnit = TimeUnit.SECONDS;
        OkHttpClient.Builder pingInterval = connectionPool3.connectTimeout(30L, timeUnit).readTimeout(30L, timeUnit).writeTimeout(30L, timeUnit).pingInterval(1L, timeUnit);
        if (z11) {
            aVar3 = e.a.b.f9305a;
            Security.insertProviderAt(Conscrypt.newProvider(), 1);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (!(trustManagers[0] instanceof X509TrustManager)) {
                StringBuilder d10 = i.d("Unexpected trust managers:");
                d10.append(Arrays.toString(trustManagers));
                throw new IllegalStateException(d10.toString().toString());
            }
            TrustManager trustManager = trustManagers[0];
            l.d(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            l.e(socketFactory, "sslContext.socketFactory");
            pingInterval.sslSocketFactory(new m6.b(socketFactory), x509TrustManager);
        }
        if (aVar2 != null) {
            aVar3 = new e.a.c(aVar2);
            pingInterval.proxy(aVar2.c());
        }
        Matcher matcher = Pattern.compile("([A-Za-z0-9]+)\\.execute-api\\..*\\.amazonaws\\.com", 2).matcher(M);
        String group = matcher.matches() ? matcher.group(1) : str5;
        if (!(group == null || group.length() == 0)) {
            aVar3 = new e.a.C0167a(group);
        }
        if (inputStream != null) {
            try {
                X509TrustManager a10 = u6.a.a(inputStream);
                SSLContext sSLContext2 = SSLContext.getInstance("TLSv1.2");
                sSLContext2.init(null, new TrustManager[]{a10}, null);
                SSLSocketFactory socketFactory2 = sSLContext2.getSocketFactory();
                l.e(socketFactory2, "sslContext.socketFactory");
                pingInterval.sslSocketFactory(new k6.f(socketFactory2), a10);
            } catch (GeneralSecurityException e10) {
                throw new RuntimeException(e10);
            }
        }
        pingInterval.addInterceptor(new k6.e(aVar3, aVar, context));
        if (z10) {
            HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(null, 1, null);
            httpLoggingInterceptor.level(HttpLoggingInterceptor.Level.HEADERS);
            pingInterval.addInterceptor(httpLoggingInterceptor);
        }
        OkHttpClient build = pingInterval.build();
        connectionPool = build.connectionPool();
        a0.b bVar2 = new a0.b();
        bVar2.e(build);
        bVar2.c(str);
        bVar2.b(z9.a.c());
        Object c3 = bVar2.d().c(PolarbearApi.class);
        l.e(c3, "Builder()\n            .c…PolarbearApi::class.java)");
        return (PolarbearApi) c3;
    }
}
