package com.tunnelbear.android.api;

import android.app.Application;
import android.content.Context;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.chromium.net.CronetEngine;
import org.conscrypt.Conscrypt;

/* compiled from: BearTrust.java */
/* loaded from: classes.dex */
public final class f {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f6818a;

    /* renamed from: b, reason: collision with root package name */
    private final j f6819b;

    /* renamed from: c, reason: collision with root package name */
    private final X509TrustManager f6820c;

    /* renamed from: d, reason: collision with root package name */
    private g6.e f6821d;

    /* renamed from: e, reason: collision with root package name */
    private g6.e f6822e;

    /* renamed from: f, reason: collision with root package name */
    private g6.e f6823f;
    private m6.b g;

    /* renamed from: h, reason: collision with root package name */
    private OkHttpClient f6824h;

    /* renamed from: i, reason: collision with root package name */
    private final Context f6825i;

    /* renamed from: j, reason: collision with root package name */
    private final CronetEngine f6826j;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: BearTrust.java */
    /* loaded from: classes.dex */
    public final class a implements HostnameVerifier {
        a() {
        }

        /* JADX WARN: Removed duplicated region for block: B:16:0x0036  */
        /* JADX WARN: Removed duplicated region for block: B:18:0x0041  */
        @Override // javax.net.ssl.HostnameVerifier
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final boolean verify(java.lang.String r5, javax.net.ssl.SSLSession r6) {
            /*
                r4 = this;
                okhttp3.internal.tls.OkHostnameVerifier r0 = okhttp3.internal.tls.OkHostnameVerifier.INSTANCE
                r1 = 0
                if (r0 == 0) goto L71
                boolean r6 = r0.verify(r5, r6)
                if (r6 == 0) goto L71
                com.tunnelbear.android.api.e$a r6 = com.tunnelbear.android.api.e.f6812c
                java.lang.String r6 = "hostWithScheme"
                m8.l.f(r5, r6)
                java.lang.String r6 = "s3.amazonaws.com"
                boolean r0 = t8.f.z(r5, r6)
                r2 = 1
                java.lang.String r3 = "BearTrust"
                if (r0 == 0) goto L23
                java.lang.String r5 = "Regular trust enabled"
                s3.t.g(r3, r5)
                return r2
            L23:
                java.lang.String r0 = "amazonaws.com"
                boolean r0 = t8.f.z(r5, r0)
                if (r0 == 0) goto L33
                boolean r6 = t8.f.z(r5, r6)
                if (r6 != 0) goto L33
                r6 = r2
                goto L34
            L33:
                r6 = r1
            L34:
                if (r6 == 0) goto L41
                java.lang.String r5 = "API Gateway enabled"
                s3.t.g(r3, r5)
                java.lang.String r5 = "BlueBear enabled, trying IP"
                s3.t.g(r3, r5)
                return r2
            L41:
                java.lang.String r6 = "tunnelbear.com"
                boolean r6 = t8.f.z(r5, r6)
                if (r6 == 0) goto L4f
                java.lang.String r5 = "Certificate checker trust enabled - without BlueBear"
                s3.t.g(r3, r5)
                return r2
            L4f:
                java.lang.String r6 = "captive.apple.com"
                boolean r6 = t8.f.z(r5, r6)
                if (r6 == 0) goto L5d
                java.lang.String r5 = "Certificate checker trust enabled - captive portal"
                s3.t.g(r3, r5)
                return r2
            L5d:
                java.lang.StringBuilder r6 = new java.lang.StringBuilder
                r6.<init>()
                java.lang.String r0 = "Failed to verify hostname: "
                r6.append(r0)
                r6.append(r5)
                java.lang.String r5 = r6.toString()
                s3.t.h(r3, r5)
            L71:
                return r1
            */
            throw new UnsupportedOperationException("Method not decompiled: com.tunnelbear.android.api.f.a.verify(java.lang.String, javax.net.ssl.SSLSession):boolean");
        }
    }

    public f(Application application) {
        Security.insertProviderAt(Conscrypt.newProvider(), 1);
        try {
            this.f6825i = application.getApplicationContext();
            this.f6818a = a(f(application));
            this.f6819b = new j(b(), application);
            this.f6820c = b();
            this.f6826j = new CronetEngine.Builder(application).enableHttp2(true).enableBrotli(false).enableQuic(true).addQuicHint(new URL("https://api.tunnelbear.com/").getAuthority(), 443, 443).build();
        } catch (Exception e10) {
            throw new RuntimeException(e10);
        }
    }

    private X509TrustManager a(InputStream inputStream) throws GeneralSecurityException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
        if (generateCertificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            Iterator<? extends Certificate> it = generateCertificates.iterator();
            int i10 = 0;
            while (it.hasNext()) {
                keyStore.setCertificateEntry(Integer.toString(i10), it.next());
                i10++;
            }
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            StringBuilder d10 = a1.i.d("Unexpected default trust managers:");
            d10.append(Arrays.toString(trustManagers));
            throw new IllegalStateException(d10.toString());
        } catch (IOException e10) {
            throw new AssertionError(e10);
        }
    }

    private X509TrustManager b() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers[0] instanceof X509TrustManager) {
            return (X509TrustManager) trustManagers[0];
        }
        StringBuilder d10 = a1.i.d("Unexpected trust managers:");
        d10.append(Arrays.toString(trustManagers));
        throw new IllegalStateException(d10.toString());
    }

    private SSLSocketFactory c(X509TrustManager x509TrustManager, int i10) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
        if (i10 == 0) {
            throw null;
        }
        int i11 = i10 - 1;
        if (i11 == 0) {
            if (this.f6821d == null) {
                this.f6821d = new g6.e(sSLContext.getSocketFactory());
            }
            return this.f6821d;
        }
        if (i11 == 1) {
            if (this.f6822e == null) {
                this.f6822e = new g6.e(sSLContext.getSocketFactory());
            }
            return this.f6822e;
        }
        if (i11 != 2) {
            if (this.f6823f == null) {
                this.f6823f = new g6.e(sSLContext.getSocketFactory());
            }
            return this.f6823f;
        }
        if (this.g == null) {
            SSLContext sSLContext2 = SSLContext.getInstance("TLSv1.3");
            sSLContext2.init(null, new TrustManager[]{x509TrustManager}, null);
            this.g = new m6.b(sSLContext2.getSocketFactory());
        }
        return this.g;
    }

    private X509TrustManager e(int i10) {
        if (i10 == 0) {
            throw null;
        }
        int i11 = i10 - 1;
        return i11 != 0 ? (i11 == 1 || i11 == 2) ? this.f6819b : this.f6820c : this.f6818a;
    }

    private InputStream f(Context context) throws IOException {
        Vector vector = new Vector();
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA1.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA3.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/AmazonRootCA4.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/BaltimoreCyberTrustCA.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAClass2.pem")));
        vector.add(new BufferedInputStream(context.getAssets().open("certificates/SFSRootCAG2.pem")));
        return new SequenceInputStream(vector.elements());
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x00c6 A[Catch: Exception -> 0x0172, TryCatch #0 {Exception -> 0x0172, blocks: (B:3:0x0006, B:6:0x0024, B:9:0x002e, B:11:0x0036, B:12:0x00c2, B:14:0x00c6, B:15:0x00f7, B:16:0x0119, B:27:0x016d, B:30:0x0152, B:31:0x0162, B:32:0x0168, B:33:0x011d, B:36:0x0125, B:39:0x012d, B:42:0x0135, B:45:0x013d, B:48:0x0046, B:50:0x004e, B:52:0x0054, B:54:0x005a, B:57:0x0061, B:59:0x0069, B:61:0x0071, B:63:0x0079, B:65:0x007f, B:68:0x0086, B:69:0x00a1, B:70:0x00a2, B:71:0x00ab, B:72:0x00ba), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x011c  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x011d A[Catch: Exception -> 0x0172, TryCatch #0 {Exception -> 0x0172, blocks: (B:3:0x0006, B:6:0x0024, B:9:0x002e, B:11:0x0036, B:12:0x00c2, B:14:0x00c6, B:15:0x00f7, B:16:0x0119, B:27:0x016d, B:30:0x0152, B:31:0x0162, B:32:0x0168, B:33:0x011d, B:36:0x0125, B:39:0x012d, B:42:0x0135, B:45:0x013d, B:48:0x0046, B:50:0x004e, B:52:0x0054, B:54:0x005a, B:57:0x0061, B:59:0x0069, B:61:0x0071, B:63:0x0079, B:65:0x007f, B:68:0x0086, B:69:0x00a1, B:70:0x00a2, B:71:0x00ab, B:72:0x00ba), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:36:0x0125 A[Catch: Exception -> 0x0172, TryCatch #0 {Exception -> 0x0172, blocks: (B:3:0x0006, B:6:0x0024, B:9:0x002e, B:11:0x0036, B:12:0x00c2, B:14:0x00c6, B:15:0x00f7, B:16:0x0119, B:27:0x016d, B:30:0x0152, B:31:0x0162, B:32:0x0168, B:33:0x011d, B:36:0x0125, B:39:0x012d, B:42:0x0135, B:45:0x013d, B:48:0x0046, B:50:0x004e, B:52:0x0054, B:54:0x005a, B:57:0x0061, B:59:0x0069, B:61:0x0071, B:63:0x0079, B:65:0x007f, B:68:0x0086, B:69:0x00a1, B:70:0x00a2, B:71:0x00ab, B:72:0x00ba), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:39:0x012d A[Catch: Exception -> 0x0172, TryCatch #0 {Exception -> 0x0172, blocks: (B:3:0x0006, B:6:0x0024, B:9:0x002e, B:11:0x0036, B:12:0x00c2, B:14:0x00c6, B:15:0x00f7, B:16:0x0119, B:27:0x016d, B:30:0x0152, B:31:0x0162, B:32:0x0168, B:33:0x011d, B:36:0x0125, B:39:0x012d, B:42:0x0135, B:45:0x013d, B:48:0x0046, B:50:0x004e, B:52:0x0054, B:54:0x005a, B:57:0x0061, B:59:0x0069, B:61:0x0071, B:63:0x0079, B:65:0x007f, B:68:0x0086, B:69:0x00a1, B:70:0x00a2, B:71:0x00ab, B:72:0x00ba), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0135 A[Catch: Exception -> 0x0172, TryCatch #0 {Exception -> 0x0172, blocks: (B:3:0x0006, B:6:0x0024, B:9:0x002e, B:11:0x0036, B:12:0x00c2, B:14:0x00c6, B:15:0x00f7, B:16:0x0119, B:27:0x016d, B:30:0x0152, B:31:0x0162, B:32:0x0168, B:33:0x011d, B:36:0x0125, B:39:0x012d, B:42:0x0135, B:45:0x013d, B:48:0x0046, B:50:0x004e, B:52:0x0054, B:54:0x005a, B:57:0x0061, B:59:0x0069, B:61:0x0071, B:63:0x0079, B:65:0x007f, B:68:0x0086, B:69:0x00a1, B:70:0x00a2, B:71:0x00ab, B:72:0x00ba), top: B:2:0x0006 }] */
    /* JADX WARN: Removed duplicated region for block: B:45:0x013d A[Catch: Exception -> 0x0172, TryCatch #0 {Exception -> 0x0172, blocks: (B:3:0x0006, B:6:0x0024, B:9:0x002e, B:11:0x0036, B:12:0x00c2, B:14:0x00c6, B:15:0x00f7, B:16:0x0119, B:27:0x016d, B:30:0x0152, B:31:0x0162, B:32:0x0168, B:33:0x011d, B:36:0x0125, B:39:0x012d, B:42:0x0135, B:45:0x013d, B:48:0x0046, B:50:0x004e, B:52:0x0054, B:54:0x005a, B:57:0x0061, B:59:0x0069, B:61:0x0071, B:63:0x0079, B:65:0x007f, B:68:0x0086, B:69:0x00a1, B:70:0x00a2, B:71:0x00ab, B:72:0x00ba), top: B:2:0x0006 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final okhttp3.OkHttpClient d(java.lang.String r17, java.lang.String r18, java.net.Proxy r19) {
        /*
            Method dump skipped, instructions count: 398
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tunnelbear.android.api.f.d(java.lang.String, java.lang.String, java.net.Proxy):okhttp3.OkHttpClient");
    }
}
