package com.cloudflare.app.vpnservice.resolvers.overtls;

import android.content.Context;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import kotlin.TypeCastException;
import kotlin.d.b.g;

/* compiled from: SslSocketFactoryProvider.kt */
/* loaded from: classes.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final SSLSocketFactory f1650a;
    private final InputStream b;
    private final CertificateFactory c;
    private final X509Certificate d;
    private final String e;
    private final KeyStore f;
    private final TrustManagerFactory g;
    private final SSLContext h;

    public d(Context context) {
        g.b(context, "cxt");
        this.b = context.getAssets().open("DigiCertGlobalRootCA.crt");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        g.a((Object) certificateFactory, "CertificateFactory.getInstance(\"X.509\")");
        this.c = certificateFactory;
        InputStream inputStream = this.b;
        try {
            Certificate generateCertificate = this.c.generateCertificate(inputStream);
            if (generateCertificate == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            kotlin.io.a.a(inputStream, null);
            this.d = x509Certificate;
            this.e = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(this.e);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", this.d);
            this.f = keyStore;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.f);
            g.a((Object) trustManagerFactory, "TrustManagerFactory\n    ….apply { init(keyStore) }");
            this.g = trustManagerFactory;
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, this.g.getTrustManagers(), new SecureRandom());
            g.a((Object) sSLContext, "SSLContext.getInstance(\"…rs, SecureRandom())\n    }");
            this.h = sSLContext;
            SSLSocketFactory socketFactory = this.h.getSocketFactory();
            g.a((Object) socketFactory, "cloudflareSslContext.socketFactory");
            this.f1650a = socketFactory;
        } catch (Throwable th) {
            kotlin.io.a.a(inputStream, null);
            throw th;
        }
    }
}
