package se.leap.bitmaskclient;

import android.content.SharedPreferences;
import android.content.res.Resources;
import android.os.Build;
import android.support.annotation.NonNull;
import android.text.TextUtils;
import java.io.IOException;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import okhttp3.CipherSuite;
import okhttp3.ConnectionSpec;
import okhttp3.Cookie;
import okhttp3.CookieJar;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;
import org.json.JSONException;
import org.json.JSONObject;
import se.leap.bitmaskclient.utils.ConfigHelper;

/* loaded from: classes.dex */
public class OkHttpClientGenerator {
    Resources resources;

    public OkHttpClientGenerator(SharedPreferences sharedPreferences, Resources resources) {
        this.resources = resources;
    }

    private void addErrorMessageToJson(JSONObject jSONObject, String str) {
        try {
            jSONObject.put("errors", str);
        } catch (JSONException e) {
            e.printStackTrace();
        }
    }

    @NonNull
    private ConnectionSpec getConnectionSpec() {
        ConnectionSpec.Builder tlsVersions = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2, TlsVersion.TLS_1_3);
        if (Build.VERSION.SDK_INT >= 22) {
            tlsVersions.cipherSuites(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
        }
        return tlsVersions.build();
    }

    @NonNull
    private CookieJar getCookieJar() {
        return new CookieJar() { // from class: se.leap.bitmaskclient.OkHttpClientGenerator.1
            private final HashMap<String, List<Cookie>> cookieStore = new HashMap<>();

            @Override // okhttp3.CookieJar
            public List<Cookie> loadForRequest(HttpUrl httpUrl) {
                List<Cookie> list = this.cookieStore.get(httpUrl.host());
                return list != null ? list : new ArrayList();
            }

            @Override // okhttp3.CookieJar
            public void saveFromResponse(HttpUrl httpUrl, List<Cookie> list) {
                this.cookieStore.put(httpUrl.host(), list);
            }
        };
    }

    private OkHttpClient initHttpClient(JSONObject jSONObject, String str) {
        try {
            ConnectionSpec connectionSpec = getConnectionSpec();
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            (!TextUtils.isEmpty(str) ? new TLSCompatSocketFactory(str) : new TLSCompatSocketFactory()).initSSLSocketFactory(builder);
            builder.cookieJar(getCookieJar()).connectionSpecs(Collections.singletonList(connectionSpec));
            return builder.build();
        } catch (IOException e) {
            e.printStackTrace();
            addErrorMessageToJson(jSONObject, this.resources.getString(org.calyxinstitute.vpn.R.string.error_io_exception_user_message));
            return null;
        } catch (IllegalArgumentException e2) {
            e2.printStackTrace();
            addErrorMessageToJson(jSONObject, ConfigHelper.getProviderFormattedString(this.resources, org.calyxinstitute.vpn.R.string.certificate_error));
            return null;
        } catch (IllegalStateException e3) {
            e = e3;
            e.printStackTrace();
            addErrorMessageToJson(jSONObject, String.format(this.resources.getString(org.calyxinstitute.vpn.R.string.keyChainAccessError), e.getLocalizedMessage()));
            return null;
        } catch (UnknownHostException e4) {
            e4.printStackTrace();
            addErrorMessageToJson(jSONObject, this.resources.getString(org.calyxinstitute.vpn.R.string.server_unreachable_message));
            return null;
        } catch (KeyManagementException e5) {
            e = e5;
            e.printStackTrace();
            addErrorMessageToJson(jSONObject, String.format(this.resources.getString(org.calyxinstitute.vpn.R.string.keyChainAccessError), e.getLocalizedMessage()));
            return null;
        } catch (KeyStoreException e6) {
            e = e6;
            e.printStackTrace();
            addErrorMessageToJson(jSONObject, String.format(this.resources.getString(org.calyxinstitute.vpn.R.string.keyChainAccessError), e.getLocalizedMessage()));
            return null;
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            e.printStackTrace();
            addErrorMessageToJson(jSONObject, this.resources.getString(org.calyxinstitute.vpn.R.string.error_no_such_algorithm_exception_user_message));
            return null;
        } catch (NoSuchProviderException e8) {
            e = e8;
            e.printStackTrace();
            addErrorMessageToJson(jSONObject, this.resources.getString(org.calyxinstitute.vpn.R.string.error_no_such_algorithm_exception_user_message));
            return null;
        } catch (CertificateException e9) {
            e9.printStackTrace();
            addErrorMessageToJson(jSONObject, ConfigHelper.getProviderFormattedString(this.resources, org.calyxinstitute.vpn.R.string.certificate_error));
            return null;
        }
    }

    public OkHttpClient initCommercialCAHttpClient(JSONObject jSONObject) {
        return initHttpClient(jSONObject, null);
    }

    public OkHttpClient initSelfSignedCAHttpClient(String str, JSONObject jSONObject) {
        return initHttpClient(jSONObject, str);
    }
}
