package com.privateinternetaccess.csi.internals;

import Dd.c;
import com.adapty.internal.utils.HashingHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.collections.AbstractC6303n;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Ref$BooleanRef;
import kotlin.jvm.internal.t;
import kotlin.text.C6400e;
import okhttp3.x;

/* loaded from: classes3.dex */
abstract class a {

    /* renamed from: a, reason: collision with root package name */
    public static final b f57786a = new b(null);

    /* renamed from: com.privateinternetaccess.csi.internals.a$a, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    private static final class C0794a implements HostnameVerifier {

        /* renamed from: a, reason: collision with root package name */
        private final X509TrustManager f57787a;

        /* renamed from: b, reason: collision with root package name */
        private final String f57788b;

        /* renamed from: c, reason: collision with root package name */
        private final String f57789c;

        public C0794a(X509TrustManager x509TrustManager, String requestHostname, String commonName) {
            t.h(requestHostname, "requestHostname");
            t.h(commonName, "commonName");
            this.f57787a = x509TrustManager;
            this.f57788b = requestHostname;
            this.f57789c = commonName;
        }

        private final String a(c cVar) {
            Dd.b[] v10 = cVar.v(Ed.b.f1460g);
            t.e(v10);
            if (v10.length == 0) {
                return null;
            }
            return ((Dd.b) AbstractC6303n.j0(v10)).r().s().toString();
        }

        private final boolean b(byte[] bArr, byte[] bArr2) {
            MessageDigest messageDigest = MessageDigest.getInstance(HashingHelper.SHA_256);
            byte[] bArr3 = new byte[20];
            new SecureRandom().nextBytes(bArr3);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr3);
            byteArrayOutputStream.write(bArr);
            byte[] digest = messageDigest.digest(byteArrayOutputStream.toByteArray());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(bArr3);
            byteArrayOutputStream2.write(bArr2);
            return MessageDigest.isEqual(digest, messageDigest.digest(byteArrayOutputStream2.toByteArray()));
        }

        private final boolean c(String str, X509Certificate x509Certificate) {
            boolean b10;
            Ref$BooleanRef ref$BooleanRef = new Ref$BooleanRef();
            Principal subjectDN = x509Certificate.getSubjectDN();
            t.f(subjectDN, "null cannot be cast to non-null type javax.security.auth.x500.X500Principal");
            c r10 = c.r(((X500Principal) subjectDN).getEncoded());
            t.g(r10, "getInstance(...)");
            String a10 = a(r10);
            if (a10 != null) {
                if (str != null) {
                    Charset charset = C6400e.f66312b;
                    byte[] bytes = str.getBytes(charset);
                    t.g(bytes, "getBytes(...)");
                    byte[] bytes2 = this.f57788b.getBytes(charset);
                    t.g(bytes2, "getBytes(...)");
                    if (b(bytes, bytes2)) {
                        byte[] bytes3 = this.f57789c.getBytes(charset);
                        t.g(bytes3, "getBytes(...)");
                        byte[] bytes4 = a10.getBytes(charset);
                        t.g(bytes4, "getBytes(...)");
                        if (b(bytes3, bytes4)) {
                            b10 = true;
                        }
                    }
                    b10 = false;
                } else {
                    String str2 = this.f57789c;
                    Charset charset2 = C6400e.f66312b;
                    byte[] bytes5 = str2.getBytes(charset2);
                    t.g(bytes5, "getBytes(...)");
                    byte[] bytes6 = a10.getBytes(charset2);
                    t.g(bytes6, "getBytes(...)");
                    b10 = b(bytes5, bytes6);
                }
                ref$BooleanRef.element = b10;
            }
            return ref$BooleanRef.element;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            Certificate[] peerCertificates;
            if (sSLSession != null) {
                try {
                    peerCertificates = sSLSession.getPeerCertificates();
                } catch (InvalidKeyException e10) {
                    e10.printStackTrace();
                    return false;
                } catch (NoSuchAlgorithmException e11) {
                    e11.printStackTrace();
                    return false;
                } catch (NoSuchProviderException e12) {
                    e12.printStackTrace();
                    return false;
                } catch (SignatureException e13) {
                    e13.printStackTrace();
                    return false;
                } catch (CertificateException e14) {
                    e14.printStackTrace();
                    return false;
                } catch (SSLPeerUnverifiedException e15) {
                    e15.printStackTrace();
                    return false;
                }
            } else {
                peerCertificates = null;
            }
            t.f(peerCertificates, "null cannot be cast to non-null type kotlin.Array<out java.security.cert.X509Certificate>");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) peerCertificates;
            X509TrustManager x509TrustManager = this.f57787a;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            }
            Certificate[] peerCertificates2 = sSLSession.getPeerCertificates();
            t.g(peerCertificates2, "getPeerCertificates(...)");
            Certificate certificate = (Certificate) AbstractC6303n.j0(peerCertificates2);
            t.f(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            return c(str, (X509Certificate) certificate);
        }
    }

    /* loaded from: classes3.dex */
    public static final class b {
        private b() {
        }

        public /* synthetic */ b(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final x a(String certificate, String requestHostname, String commonName) {
            t.h(certificate, "certificate");
            t.h(requestHostname, "requestHostname");
            t.h(commonName, "commonName");
            x.a aVar = new x.a();
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(null);
            byte[] bytes = certificate.getBytes(C6400e.f66312b);
            t.g(bytes, "getBytes(...)");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            keyStore.setCertificateEntry("csi", CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream));
            byteArrayInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1) {
                TrustManager trustManager = trustManagers[0];
                if (trustManager instanceof X509TrustManager) {
                    t.f(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                    SSLContext sSLContext = SSLContext.getInstance("SSL");
                    sSLContext.init(null, trustManagers, new SecureRandom());
                    SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                    aVar.g(3000L, TimeUnit.MILLISECONDS);
                    if (socketFactory != null) {
                        aVar.Z(socketFactory, x509TrustManager);
                    }
                    aVar.S(new C0794a(x509TrustManager, requestHostname, commonName));
                    return aVar.c();
                }
            }
            throw new IllegalStateException(("Unexpected default trust managers:" + Arrays.toString(trustManagers)).toString());
        }
    }
}
