package com.adpmobile.android.networking.b;

import android.content.Context;
import com.adpmobile.android.R;
import com.adpmobile.android.q.a;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.TypeCastException;
import kotlin.a.f;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.ab;
import okhttp3.y;

/* compiled from: ADPCertHandler.kt */
/* loaded from: classes.dex */
public final class a {

    /* renamed from: b, reason: collision with root package name */
    private SSLSocketFactory f3870b;

    /* renamed from: c, reason: collision with root package name */
    private X509TrustManager f3871c;
    private final String[] d;
    private boolean e;

    /* renamed from: a, reason: collision with root package name */
    public static final C0114a f3869a = new C0114a(null);
    private static final String f = f;
    private static final String f = f;

    /* compiled from: ADPCertHandler.kt */
    /* renamed from: com.adpmobile.android.networking.b.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static final class C0114a {
        private C0114a() {
        }

        public /* synthetic */ C0114a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public a(Context context, boolean z) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        this.e = z;
        String[] stringArray = context.getResources().getStringArray(R.array.cert_pinned_hosts);
        Intrinsics.checkExpressionValueIsNotNull(stringArray, "context.getResources().g….array.cert_pinned_hosts)");
        this.d = stringArray;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        X509Certificate a2 = a(context, R.raw.digicert_sha2_server_ca);
        X500Principal subjectX500Principal = a2.getSubjectX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal, "ca1.subjectX500Principal");
        keyStore.setCertificateEntry(subjectX500Principal.getName(), a2);
        X509Certificate a3 = a(context, R.raw.symantec_adp_ca);
        X500Principal subjectX500Principal2 = a3.getSubjectX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal2, "ca2.subjectX500Principal");
        keyStore.setCertificateEntry(subjectX500Principal2.getName(), a3);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
        kmf.init(keyStore, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        Intrinsics.checkExpressionValueIsNotNull(trustManagerFactory, "trustManagerFactory");
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        }
        TrustManager trustManager = trustManagers[0];
        if (trustManager == null) {
            throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }
        this.f3871c = (X509TrustManager) trustManager;
        Intrinsics.checkExpressionValueIsNotNull(kmf, "kmf");
        sslContext.init(kmf.getKeyManagers(), trustManagers, null);
        Intrinsics.checkExpressionValueIsNotNull(sslContext, "sslContext");
        SSLSocketFactory socketFactory = sslContext.getSocketFactory();
        Intrinsics.checkExpressionValueIsNotNull(socketFactory, "sslContext.socketFactory");
        this.f3870b = socketFactory;
    }

    private final X509Certificate a(Context context, int i) {
        InputStream openRawResource = context.getResources().openRawResource(i);
        Intrinsics.checkExpressionValueIsNotNull(openRawResource, "context.resources.openRawResource(resource)");
        BufferedInputStream bufferedInputStream = new BufferedInputStream(openRawResource);
        Throwable th = (Throwable) null;
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(bufferedInputStream);
            if (generateCertificate == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            kotlin.io.b.a(bufferedInputStream, th);
            return x509Certificate;
        } catch (Throwable th2) {
            try {
                throw th2;
            } catch (Throwable th3) {
                kotlin.io.b.a(bufferedInputStream, th2);
                throw th3;
            }
        }
    }

    private final boolean a(ab abVar) {
        return abVar != null && f.a(this.d, abVar.a().g());
    }

    public final y a(y okHttpClient, ab abVar) {
        Intrinsics.checkParameterIsNotNull(okHttpClient, "okHttpClient");
        if (!this.e || !a(abVar)) {
            return okHttpClient;
        }
        a.C0136a c0136a = com.adpmobile.android.q.a.f4578a;
        String str = f;
        StringBuilder sb = new StringBuilder();
        sb.append("Pinning cert for host ");
        sb.append(abVar != null ? abVar.a() : null);
        c0136a.a(str, sb.toString());
        y a2 = okHttpClient.B().a(this.f3870b, this.f3871c).a();
        Intrinsics.checkExpressionValueIsNotNull(a2, "okHttpClient.newBuilder(…x509TrustManager).build()");
        return a2;
    }
}
