package com.vk.core.network.security;

import android.net.http.X509TrustManagerExtensions;
import com.vk.core.network.Network;
import com.vk.core.util.ThreadUtils;
import com.vk.log.L;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.LazyThreadSafetyMode;
import kotlin.collections.ArraysKt___ArraysKt;
import n.d;
import n.f;
import n.q.c.j;
import n.q.c.l;
import q.x;
import ru.vtoster2.prefs.VTPref;

/* compiled from: NetworkTrustManager.kt */
/* loaded from: classes3.dex */
public class NetworkTrustManager implements X509TrustManager {
    public static final a Companion = new a(null);
    public static final String TAG;
    public final d factory$delegate;
    public X509TrustManagerExtensions trustManagerExtensions;
    public TrustManager[] trustManagers;
    public X509TrustManager wrappedTrustManager;

    /* compiled from: NetworkTrustManager.kt */
    /* loaded from: classes3.dex */
    public static final class a {
        public a() {
        }

        public /* synthetic */ a(j jVar) {
            this();
        }

        public final void a(x.a aVar, NetworkTrustManager networkTrustManager) {
            l.c(aVar, "client");
            l.c(networkTrustManager, "manager");
            if (ThreadUtils.d()) {
                L.b("error! don't call from main thread!");
            }
            try {
                aVar.a(networkTrustManager.getFactory(), networkTrustManager);
            } catch (Exception e2) {
                L.e(NetworkTrustManager.TAG, e2);
            }
        }
    }

    static {
        String simpleName = NetworkTrustManager.class.getSimpleName();
        l.b(simpleName, "NetworkTrustManager::class.java.simpleName");
        TAG = simpleName;
    }

    public NetworkTrustManager() {
        X509TrustManager x509TrustManager = this.wrappedTrustManager;
        this.trustManagerExtensions = x509TrustManager != null ? new X509TrustManagerExtensions(x509TrustManager) : null;
        this.factory$delegate = f.a(LazyThreadSafetyMode.SYNCHRONIZED, new n.q.b.a<SSLSocketFactory>() { // from class: com.vk.core.network.security.NetworkTrustManager$factory$2
            {
                super(0);
            }

            @Override // n.q.b.a
            public final SSLSocketFactory invoke() {
                X509TrustManager systemDefaultTrustManager;
                SSLSocketFactory createSslSocketFactory;
                systemDefaultTrustManager = NetworkTrustManager.this.systemDefaultTrustManager();
                NetworkTrustManager.this.wrappedTrustManager = systemDefaultTrustManager;
                NetworkTrustManager.this.trustManagerExtensions = new X509TrustManagerExtensions(systemDefaultTrustManager);
                NetworkTrustManager networkTrustManager = NetworkTrustManager.this;
                createSslSocketFactory = networkTrustManager.createSslSocketFactory(networkTrustManager);
                return createSslSocketFactory;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final SSLSocketFactory createSslSocketFactory(TrustManager trustManager) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{trustManager}, null);
            l.b(sSLContext, "context");
            SSLSessionContext clientSessionContext = sSLContext.getClientSessionContext();
            l.b(clientSessionContext, "context.clientSessionContext");
            clientSessionContext.setSessionCacheSize(0);
            SSLSessionContext clientSessionContext2 = sSLContext.getClientSessionContext();
            l.b(clientSessionContext2, "context.clientSessionContext");
            clientSessionContext2.setSessionTimeout(900);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            l.b(socketFactory, "context.socketFactory");
            return socketFactory;
        } catch (Exception e2) {
            throw new AssertionError(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final SSLSocketFactory getFactory() {
        return (SSLSocketFactory) this.factory$delegate.getValue();
    }

    public static final void sslSocketFactory(x.a aVar, NetworkTrustManager networkTrustManager) {
        Companion.a(aVar, networkTrustManager);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final X509TrustManager systemDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            if (Network.f3820p.f().b()) {
                trustManagerFactory.init(Network.f3820p.f().c());
            } else {
                trustManagerFactory.init((KeyStore) null);
            }
            l.b(trustManagerFactory, "trustManagerFactory");
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            this.trustManagers = trustManagers;
            l.a(trustManagers);
            if (trustManagers.length == 1) {
                TrustManager[] trustManagerArr = this.trustManagers;
                l.a(trustManagerArr);
                if (trustManagerArr[0] instanceof X509TrustManager) {
                    TrustManager[] trustManagerArr2 = this.trustManagers;
                    l.a(trustManagerArr2);
                    TrustManager trustManager = trustManagerArr2[0];
                    if (trustManager != null) {
                        return (X509TrustManager) trustManager;
                    }
                    throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                }
            }
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(this.trustManagers));
        } catch (GeneralSecurityException unused) {
            throw new AssertionError();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager;
        if (VTPref.sslpinning() || (x509TrustManager = this.wrappedTrustManager) == null) {
            return;
        }
        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        List<X509Certificate> l2;
        if (VTPref.sslpinning()) {
            return null;
        }
        l.c(str, "authType");
        X509TrustManagerExtensions x509TrustManagerExtensions = this.trustManagerExtensions;
        if (x509TrustManagerExtensions == null || (l2 = x509TrustManagerExtensions.checkServerTrusted(x509CertificateArr, str, str2)) == null) {
            l2 = x509CertificateArr != null ? ArraysKt___ArraysKt.l(x509CertificateArr) : null;
        }
        return l2 != null ? l2 : n.l.l.a();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager;
        if (VTPref.sslpinning() || (x509TrustManager = this.wrappedTrustManager) == null) {
            return;
        }
        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = this.wrappedTrustManager;
        if (x509TrustManager != null) {
            return x509TrustManager.getAcceptedIssuers();
        }
        return null;
    }
}
