package com.authy.authy.api.client;

import android.content.Context;
import com.authy.authy.R;
import com.authy.authy.api.requestInterceptors.AuthyErrorHandler;
import com.authy.authy.api.requestInterceptors.UserAgentInterceptor;
import com.authy.authy.util.DeviceHelper;
import com.authy.authy.util.Log;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.CertificatePinner;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.logging.HttpLoggingInterceptor;

/* compiled from: AuthyOkHttpClient.kt */
@Metadata(d1 = {"\u0000$\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\u001a\u0010\u0010\u0000\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u0003H\u0002\u001a\u0010\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u0001H\u0002\u001a\u000e\u0010\u0007\u001a\u00020\b2\u0006\u0010\u0002\u001a\u00020\u0003\u001a\u0010\u0010\t\u001a\u00020\n2\u0006\u0010\u0006\u001a\u00020\u0001H\u0002\u001a\u0014\u0010\u000b\u001a\u00020\b*\u00020\b2\u0006\u0010\f\u001a\u00020\nH\u0002¨\u0006\r"}, d2 = {"loadCertificates", "Ljava/security/KeyStore;", "context", "Landroid/content/Context;", "setupCertificatePinner", "Lokhttp3/CertificatePinner;", "keyStore", "setupOkHttpClient", "Lokhttp3/OkHttpClient$Builder;", "trustManagerForCertificates", "Ljavax/net/ssl/X509TrustManager;", "enableTls", "trustManager", "authy-android_authyRelease"}, k = 2, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class AuthyOkHttpClientKt {
    private static final OkHttpClient.Builder enableTls(OkHttpClient.Builder builder, X509TrustManager x509TrustManager) {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new X509TrustManager[]{x509TrustManager}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        Intrinsics.checkNotNullExpressionValue(socketFactory, "getSocketFactory(...)");
        builder.sslSocketFactory(socketFactory, x509TrustManager);
        return builder;
    }

    private static final KeyStore loadCertificates(Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            InputStream openRawResource = context.getResources().openRawResource(R.raw.debiancacerts);
            Intrinsics.checkNotNullExpressionValue(openRawResource, "openRawResource(...)");
            InputStream inputStream = openRawResource;
            try {
                InputStream inputStream2 = inputStream;
                char[] charArray = "changeit".toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
                keyStore.load(openRawResource, charArray);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(inputStream, null);
                Intrinsics.checkNotNull(keyStore);
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            Exception exc = e;
            Log.logException(exc);
            throw new RuntimeException(exc);
        }
    }

    private static final CertificatePinner setupCertificatePinner(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            Intrinsics.checkNotNullExpressionValue(aliases, "aliases(...)");
            ArrayList list = Collections.list(aliases);
            Intrinsics.checkNotNullExpressionValue(list, "list(...)");
            ArrayList arrayList = new ArrayList();
            for (Object obj : list) {
                if (keyStore.isCertificateEntry((String) obj)) {
                    arrayList.add(obj);
                }
            }
            ArrayList<String> arrayList2 = arrayList;
            ArrayList arrayList3 = new ArrayList(CollectionsKt.collectionSizeOrDefault(arrayList2, 10));
            for (String str : arrayList2) {
                CertificatePinner.Companion companion = CertificatePinner.INSTANCE;
                Certificate certificate = keyStore.getCertificate(str);
                Intrinsics.checkNotNullExpressionValue(certificate, "getCertificate(...)");
                arrayList3.add(companion.pin(certificate));
            }
            CertificatePinner.Builder builder = new CertificatePinner.Builder();
            String host = new URL("https://api.authy.com").getHost();
            Intrinsics.checkNotNullExpressionValue(host, "getHost(...)");
            String[] strArr = (String[]) arrayList3.toArray(new String[0]);
            return builder.add(host, (String[]) Arrays.copyOf(strArr, strArr.length)).build();
        } catch (Exception e) {
            Exception exc = e;
            Log.logException(exc);
            throw new RuntimeException(exc);
        }
    }

    public static final OkHttpClient.Builder setupOkHttpClient(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        KeyStore loadCertificates = loadCertificates(context);
        OkHttpClient.Builder protocols = enableTls(new OkHttpClient.Builder(), trustManagerForCertificates(loadCertificates)).certificatePinner(setupCertificatePinner(loadCertificates)).protocols(CollectionsKt.listOf(Protocol.HTTP_1_1));
        String userAgent = DeviceHelper.getUserAgent(context);
        Intrinsics.checkNotNullExpressionValue(userAgent, "getUserAgent(...)");
        OkHttpClient.Builder addInterceptor = protocols.addInterceptor(new UserAgentInterceptor(userAgent));
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(null, 1, null);
        httpLoggingInterceptor.level(HttpLoggingInterceptor.Level.NONE);
        return addInterceptor.addInterceptor(httpLoggingInterceptor).addInterceptor(new AuthyErrorHandler(context));
    }

    private static final X509TrustManager trustManagerForCertificates(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 1) {
            TrustManager trustManager = trustManagers[0];
            if (trustManager instanceof X509TrustManager) {
                Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException(("Unexpected default trust managers:" + Arrays.toString(trustManagers)).toString());
    }
}
