package com.clover.core.di.module;

import android.annotation.SuppressLint;
import com.clover.config.Platform2Internal;
import com.clover.core.interceptor.CloverHeaderInterceptor;
import com.clover.core.interceptor.GzipRequestInterceptor;
import com.clover.core.interceptor.LogInterceptor;
import com.clover.core.model.CloverInfo;
import com.clover.core.util.Tls12SocketFactory;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;

/* loaded from: classes.dex */
public class NetworkModule {
    private static X509Certificate standardizeCert(X509Certificate x509Certificate) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void standardizeCerts(X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr[i] = standardizeCert(x509CertificateArr[i]);
        }
    }

    public String provideBaseURL(CloverInfo cloverInfo) {
        return cloverInfo.getUrl();
    }

    public List<ConnectionSpec> provideConnectionSpec() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).allEnabledCipherSuites().build());
        arrayList.add(ConnectionSpec.CLEARTEXT);
        return arrayList;
    }

    public GzipRequestInterceptor provideGzipRequestInterceptor() {
        return new GzipRequestInterceptor();
    }

    public KeyManagerFactory provideKeyManagerFactory(KeyStore keyStore) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, null);
            return keyManagerFactory;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public LogInterceptor provideLogInterceptor() {
        return new LogInterceptor();
    }

    public OkHttpClient provideOkHttpClient(List<ConnectionSpec> list, X509TrustManager x509TrustManager, SSLSocketFactory sSLSocketFactory, CloverHeaderInterceptor cloverHeaderInterceptor, LogInterceptor logInterceptor, GzipRequestInterceptor gzipRequestInterceptor, HostnameVerifier hostnameVerifier) {
        OkHttpClient.Builder followSslRedirects = new OkHttpClient.Builder().sslSocketFactory(sSLSocketFactory, x509TrustManager).connectionSpecs(list).addInterceptor(cloverHeaderInterceptor).addInterceptor(gzipRequestInterceptor).addInterceptor(logInterceptor).followRedirects(false).followSslRedirects(false);
        TimeUnit timeUnit = TimeUnit.SECONDS;
        return followSslRedirects.readTimeout(30L, timeUnit).writeTimeout(30L, timeUnit).connectTimeout(20L, timeUnit).hostnameVerifier(hostnameVerifier).build();
    }

    public SSLSocketFactory provideSSLSocketFactory(KeyManagerFactory keyManagerFactory, X509TrustManager x509TrustManager) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{x509TrustManager}, null);
            return new Tls12SocketFactory(sSLContext.getSocketFactory());
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @SuppressLint({"CustomX509TrustManager"})
    public X509TrustManager provideTrustManager(KeyStore keyStore) {
        try {
            if (Platform2Internal.IS_CLOVER) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            }
            final HashSet hashSet = new HashSet();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                hashSet.add(standardizeCert((X509Certificate) keyStore.getCertificate(aliases.nextElement())));
            }
            return new X509TrustManager() { // from class: com.clover.core.di.module.NetworkModule.1
                private boolean isValidCertChainWhenPinning(X509Certificate[] x509CertificateArr) {
                    if (x509CertificateArr != null && x509CertificateArr.length != 0) {
                        if (x509CertificateArr.length == 1) {
                            return true;
                        }
                        for (int i = 0; i < x509CertificateArr.length; i++) {
                            try {
                                if (i > 0) {
                                    x509CertificateArr[i - 1].verify(x509CertificateArr[i].getPublicKey());
                                }
                            } catch (Exception unused) {
                            }
                        }
                        return true;
                    }
                    return false;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    throw new CertificateException("Client certificates not accepted");
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    X509Certificate x509Certificate;
                    NetworkModule.standardizeCerts(x509CertificateArr);
                    if (x509CertificateArr.length >= 1) {
                        int length = x509CertificateArr.length;
                        int i = 0;
                        while (true) {
                            if (i >= length) {
                                x509Certificate = null;
                                break;
                            }
                            x509Certificate = x509CertificateArr[i];
                            if (hashSet.contains(x509Certificate)) {
                                break;
                            } else {
                                i++;
                            }
                        }
                        if (x509Certificate == null) {
                            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + 1];
                            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
                            Iterator it = hashSet.iterator();
                            while (it.hasNext()) {
                                x509CertificateArr2[x509CertificateArr.length] = (X509Certificate) it.next();
                                if (isValidCertChainWhenPinning(x509CertificateArr2)) {
                                    return;
                                }
                            }
                        } else if (isValidCertChainWhenPinning(x509CertificateArr)) {
                            return;
                        }
                    }
                    throw new CertificateException("Certificate chain not trusted by Clover: " + Arrays.toString(x509CertificateArr));
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
