package com.tunnelbear.sdk.client;

import android.content.Context;
import android.support.v4.media.session.k;
import androidx.security.crypto.f;
import com.tunnelbear.sdk.api.PolarbearApi;
import com.tunnelbear.sdk.model.VpnConnectionSpec;
import g9.i;
import g9.n;
import hd.i1;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import ob.c;
import okhttp3.CertificatePinner;
import okhttp3.ConnectionPool;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.logging.HttpLoggingInterceptor;
import org.chromium.net.CronetEngine;
import org.conscrypt.Conscrypt;
import org.conscrypt.PSKKeyManager;
import u8.d;
import u8.h;
import u8.j;
import u8.l;
import vb.e;
import vb.g;
import vb.o;
import x8.b;

/* loaded from: classes.dex */
public final class Provider {
    private static final String TAG = "Provider";
    private static final String TOKEN_KEY = "PolarVpnToken";
    public static final Provider INSTANCE = new Provider();
    private static ConnectionPool connectionPool = new ConnectionPool(0, 1, TimeUnit.NANOSECONDS);

    private Provider() {
    }

    public static /* synthetic */ PolarbearApi api$default(Provider provider, y8.a aVar, String str, e9.a aVar2, InputStream inputStream, Context context, boolean z10, boolean z11, b bVar, boolean z12, int i10, Object obj) {
        return provider.api(aVar, str, aVar2, inputStream, context, z10, (i10 & 64) != 0 ? false : z11, (i10 & 128) != 0 ? null : bVar, (i10 & PSKKeyManager.MAX_KEY_LENGTH_BYTES) != 0 ? false : z12);
    }

    public static final VpnClient client(Context context, g9.a aVar, y8.a aVar2, VpnConnectionSpec vpnConnectionSpec, String str, boolean z10, d dVar, b bVar) {
        c.j(context, "context");
        c.j(aVar, "manager");
        c.j(aVar2, "prefs");
        c.j(vpnConnectionSpec, "connectionSpec");
        c.j(str, "partnerIdentifier");
        c.j(dVar, "apiServicePriorityQueue");
        c.j(bVar, "sSocks");
        return new PolarbearVpnClient(context, aVar, aVar2, vpnConnectionSpec, connectionPool, str, z10, dVar, bVar);
    }

    public static final y8.a encryptedCredential(Context context) {
        c.j(context, "context");
        try {
            androidx.security.crypto.d dVar = new androidx.security.crypto.d(context);
            dVar.b(f.f3149a);
            final androidx.security.crypto.b a10 = androidx.security.crypto.b.a(context, "Encrypted_Prefs", dVar.a());
            return new y8.a() { // from class: com.tunnelbear.sdk.client.Provider$encryptedCredential$1
                @Override // y8.a
                public void clear() {
                    a10.edit().clear().apply();
                }

                @Override // y8.a
                public String get() {
                    String string = a10.getString("PolarVpnToken", HttpUrl.FRAGMENT_ENCODE_SET);
                    return string == null ? HttpUrl.FRAGMENT_ENCODE_SET : string;
                }

                @Override // y8.a
                public void set(String str) {
                    c.j(str, "value");
                    a10.edit().putString("PolarVpnToken", str).apply();
                }
            };
        } catch (IOException e10) {
            TBLog.INSTANCE.e(TAG, e10.getMessage());
            throw new RuntimeException(o.h("Aborting due to catastrophic encryption failure:" + e10.getMessage()));
        } catch (GeneralSecurityException e11) {
            TBLog.INSTANCE.e(TAG, e11.getMessage());
            throw new RuntimeException(o.h("Aborting due to catastrophic encryption failure:" + e11.getMessage()));
        }
    }

    public static final y8.a inMemoryCredential() {
        return new y8.a() { // from class: com.tunnelbear.sdk.client.Provider$inMemoryCredential$1
            private String authToken = HttpUrl.FRAGMENT_ENCODE_SET;

            @Override // y8.a
            public void clear() {
                this.authToken = HttpUrl.FRAGMENT_ENCODE_SET;
            }

            @Override // y8.a
            public String get() {
                return this.authToken;
            }

            public final String getAuthToken() {
                return this.authToken;
            }

            @Override // y8.a
            public void set(String str) {
                c.j(str, "newToken");
                this.authToken = str;
            }

            public final void setAuthToken(String str) {
                c.j(str, "<set-?>");
                this.authToken = str;
            }
        };
    }

    public static final g9.a vpnConnection(Context context) {
        c.j(context, "context");
        return new i(context);
    }

    public static final g9.a wgvpnConnection(Context context) {
        c.j(context, "context");
        return new n(context);
    }

    public final PolarbearApi api(y8.a aVar, String str, e9.a aVar2, InputStream inputStream, Context context, boolean z10, boolean z11, b bVar, boolean z12) {
        boolean z13;
        c.j(aVar, "credentialHolder");
        c.j(str, "hostname");
        c.j(context, "context");
        e eVar = new e("^https?://");
        String str2 = HttpUrl.FRAGMENT_ENCODE_SET;
        String X = g.X(new e("/$").b(eVar.c(str, HttpUrl.FRAGMENT_ENCODE_SET)), "/prod/polarbear", HttpUrl.FRAGMENT_ENCODE_SET, false);
        c.g(aVar2);
        ConnectionPool connectionPool2 = connectionPool;
        c.j(connectionPool2, "connectionPool");
        wc.e eVar2 = j.f15639d;
        if (!(aVar2.c(X) >= 2)) {
            throw new IllegalArgumentException("Certificate set must contain hostname (or a superseding wildcard if hostname is of form x.y.z) and at least one backup pin.".toString());
        }
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        HashMap b3 = aVar2.b();
        CertificatePinner.Builder builder2 = new CertificatePinner.Builder();
        for (String str3 : b3.keySet()) {
            Object obj = b3.get(str3);
            Object obj2 = obj;
            if (obj == null) {
                obj2 = Collections.emptySet();
            }
            for (String str4 : (Set) obj2) {
                if (str4.length() > 0) {
                    builder2.add(str3, str4);
                }
            }
        }
        OkHttpClient.Builder connectionPool3 = builder.certificatePinner(builder2.build()).hostnameVerifier(new u8.e(OkHostnameVerifier.INSTANCE, aVar2.b().keySet())).followRedirects(false).followSslRedirects(false).retryOnConnectionFailure(true).connectionPool(connectionPool2);
        TimeUnit timeUnit = TimeUnit.SECONDS;
        OkHttpClient.Builder pingInterval = connectionPool3.connectTimeout(30L, timeUnit).readTimeout(30L, timeUnit).writeTimeout(30L, timeUnit).pingInterval(1L, timeUnit);
        HttpLoggingInterceptor.Logger logger = null;
        boolean z14 = false;
        if (z11) {
            eVar2 = u8.g.f15636d;
            Security.insertProviderAt(Conscrypt.newProvider(), 1);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            TrustManager trustManager = trustManagers[0];
            if (!(trustManager instanceof X509TrustManager)) {
                throw new IllegalStateException(("Unexpected trust managers:" + Arrays.toString(trustManagers)).toString());
            }
            c.h(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            c.i(socketFactory, "sslContext.socketFactory");
            pingInterval.sslSocketFactory(new w8.c(socketFactory), x509TrustManager);
        }
        if (bVar != null) {
            eVar2 = new u8.i(bVar);
            pingInterval.proxy(bVar.c());
        }
        Matcher matcher = Pattern.compile("([A-Za-z0-9]+)\\.execute-api\\..*\\.amazonaws\\.com", 2).matcher(X);
        if (matcher.matches()) {
            str2 = matcher.group(1);
        }
        if (!(str2 == null || str2.length() == 0)) {
            eVar2 = new u8.f(str2);
        }
        if (z12) {
            eVar2 = h.f15637d;
        }
        if (inputStream != null) {
            try {
                X509TrustManager b10 = k.b(inputStream);
                SSLContext sSLContext2 = SSLContext.getInstance("TLSv1.2");
                sSLContext2.init(null, new TrustManager[]{b10}, null);
                SSLSocketFactory socketFactory2 = sSLContext2.getSocketFactory();
                c.i(socketFactory2, "sslContext.socketFactory");
                pingInterval.sslSocketFactory(new l(socketFactory2), b10);
            } catch (GeneralSecurityException e10) {
                throw new RuntimeException(e10);
            }
        }
        pingInterval.addInterceptor(new u8.k(eVar2, aVar, context));
        if (z10) {
            z13 = true;
            HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(logger, true ? 1 : 0, z14 ? 1 : 0);
            httpLoggingInterceptor.level(HttpLoggingInterceptor.Level.HEADERS);
            pingInterval.addInterceptor(httpLoggingInterceptor);
        } else {
            z13 = true;
        }
        if (z12) {
            pingInterval.addInterceptor(q6.d.d(new CronetEngine.Builder(context).enableBrotli(false).enableHttp2(z13).enableQuic(z13).addQuicHint(X, 443, 443).build()).a());
        }
        OkHttpClient build = pingInterval.build();
        connectionPool = build.connectionPool();
        i1 i1Var = new i1();
        i1Var.d(build);
        i1Var.b(str);
        i1Var.a(id.a.c());
        Object b11 = i1Var.c().b();
        c.i(b11, "Builder()\n            .c…PolarbearApi::class.java)");
        return (PolarbearApi) b11;
    }
}
