package ru.mts.mtstv3.common_android.tls;

import android.content.Context;
import java.io.BufferedInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import ru.mts.common.misc.LoggableObject;
import ru.mts.common.misc.Logger;
import ru.mts.mtstv3.common_android.R;
import ru.mts.tls.TlsProviderKt;

/* compiled from: TlsProviderImpl.kt */
@Metadata(d1 = {"\u0000B\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010 \n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0007\u0018\u00002\u00020\u00012\u00020\u0002B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J%\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u000e\u001a\u00020\r2\b\u0010\u000f\u001a\u0004\u0018\u00010\rH\u0002¢\u0006\u0002\u0010\u0010J\u0018\u0010\u0011\u001a\u0004\u0018\u00010\r2\f\u0010\u0012\u001a\b\u0012\u0004\u0012\u00020\n0\u0013H\u0002J\n\u0010\u0014\u001a\u0004\u0018\u00010\u0007H\u0016J\u0012\u0010\u0015\u001a\u00020\r2\b\u0010\u0016\u001a\u0004\u0018\u00010\u0017H\u0002J\u0013\u0010\u0018\u001a\b\u0012\u0004\u0012\u00020\r0\fH\u0016¢\u0006\u0002\u0010\u0019R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\u0006\u001a\u0004\u0018\u00010\u0007X\u0082\u000e¢\u0006\u0002\n\u0000R\u0014\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001a"}, d2 = {"Lru/mts/mtstv3/common_android/tls/TlsProviderImpl;", "Lru/mts/mtstv3/common_android/tls/TlsProvider;", "Lru/mts/common/misc/LoggableObject;", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "sslSocketFactory", "Ljavax/net/ssl/SSLSocketFactory;", "trustedCertificates", "", "Ljava/security/cert/X509Certificate;", "getWrappedTrustManagers", "", "Ljavax/net/ssl/X509TrustManager;", "commonTrustManager", "customTrustManager", "(Ljavax/net/ssl/X509TrustManager;Ljavax/net/ssl/X509TrustManager;)[Ljavax/net/ssl/X509TrustManager;", "provideCustomTrustManager", "certificates", "", "provideSSLSocketFactory", "provideTrustManager", "keyStore", "Ljava/security/KeyStore;", "provideTrustManagers", "()[Ljavax/net/ssl/X509TrustManager;", "common-android_productionRelease"}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes6.dex */
public final class TlsProviderImpl extends LoggableObject implements TlsProvider {
    public static final int $stable = 8;
    private final Context context;
    private SSLSocketFactory sslSocketFactory;
    private final List<X509Certificate> trustedCertificates;

    public TlsProviderImpl(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.context = context;
        this.trustedCertificates = new ArrayList();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Intrinsics.checkNotNullExpressionValue(certificateFactory, "getInstance(CERT_TYPE_X509)");
            Integer[] numArr = {Integer.valueOf(R.raw.tls_external), Integer.valueOf(R.raw.rootca_ssl_rsa2022), Integer.valueOf(R.raw.wincag2)};
            for (int i = 0; i < 3; i++) {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(this.context.getResources().openRawResource(numArr[i].intValue()));
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                    CloseableKt.closeFinally(bufferedInputStream, null);
                    List<X509Certificate> list = this.trustedCertificates;
                    Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                    list.add((X509Certificate) generateCertificate);
                } catch (Throwable th) {
                    try {
                        throw th;
                    } catch (Throwable th2) {
                        CloseableKt.closeFinally(bufferedInputStream, th);
                        throw th2;
                    }
                }
            }
        } catch (Exception e) {
            Logger.DefaultImpls.error$default(getLogger(), "Error certificate", e, false, 4, null);
        }
    }

    private final X509TrustManager[] getWrappedTrustManagers(final X509TrustManager commonTrustManager, final X509TrustManager customTrustManager) {
        return new X509TrustManager[]{new X509TrustManager() { // from class: ru.mts.mtstv3.common_android.tls.TlsProviderImpl$getWrappedTrustManagers$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
                Unit unit;
                try {
                    commonTrustManager.checkClientTrusted(certs, authType);
                } catch (CertificateException e) {
                    X509TrustManager x509TrustManager = customTrustManager;
                    if (x509TrustManager != null) {
                        x509TrustManager.checkClientTrusted(certs, authType);
                        unit = Unit.INSTANCE;
                    } else {
                        unit = null;
                    }
                    if (unit == null) {
                        throw e;
                    }
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
                Unit unit;
                try {
                    commonTrustManager.checkServerTrusted(certs, authType);
                } catch (CertificateException e) {
                    X509TrustManager x509TrustManager = customTrustManager;
                    if (x509TrustManager != null) {
                        x509TrustManager.checkServerTrusted(certs, authType);
                        unit = Unit.INSTANCE;
                    } else {
                        unit = null;
                    }
                    if (unit == null) {
                        throw e;
                    }
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                ArrayList arrayList = new ArrayList();
                X509TrustManager x509TrustManager = commonTrustManager;
                X509TrustManager x509TrustManager2 = customTrustManager;
                ArrayList arrayList2 = arrayList;
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                Intrinsics.checkNotNullExpressionValue(acceptedIssuers, "commonTrustManager.acceptedIssuers");
                CollectionsKt.addAll(arrayList2, acceptedIssuers);
                if (x509TrustManager2 != null) {
                    X509Certificate[] acceptedIssuers2 = x509TrustManager2.getAcceptedIssuers();
                    Intrinsics.checkNotNullExpressionValue(acceptedIssuers2, "it.acceptedIssuers");
                    CollectionsKt.addAll(arrayList2, acceptedIssuers2);
                }
                return (X509Certificate[]) arrayList2.toArray(new X509Certificate[0]);
            }
        }};
    }

    private final X509TrustManager provideCustomTrustManager(List<? extends X509Certificate> certificates) {
        if (certificates.isEmpty()) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(KeyStore.get…    .apply { load(null) }");
        for (X509Certificate x509Certificate : this.trustedCertificates) {
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
        }
        return provideTrustManager(keyStore);
    }

    private final X509TrustManager provideTrustManager(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
        Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        return (X509TrustManager) trustManager;
    }

    @Override // ru.mts.mtstv3.common_android.tls.TlsProvider
    public SSLSocketFactory provideSSLSocketFactory() {
        if (this.trustedCertificates.isEmpty()) {
            return null;
        }
        SSLSocketFactory sSLSocketFactory = this.sslSocketFactory;
        if (sSLSocketFactory == null) {
            try {
                SSLContext sSLContext = SSLContext.getInstance(TlsProviderKt.SSL_VERSION);
                sSLContext.init(null, provideTrustManagers(), null);
                sSLSocketFactory = sSLContext.getSocketFactory();
                this.sslSocketFactory = sSLSocketFactory;
            } catch (Exception e) {
                Logger.DefaultImpls.error$default(getLogger(), "error certificate", e, false, 4, null);
                return null;
            }
        }
        return sSLSocketFactory;
    }

    @Override // ru.mts.mtstv3.common_android.tls.TlsProvider
    public X509TrustManager[] provideTrustManagers() {
        return getWrappedTrustManagers(provideTrustManager(null), provideCustomTrustManager(this.trustedCertificates));
    }
}
