package com.kape.vpnprotocol.data.externals.common;

import io.ktor.client.HttpClient;
import io.ktor.client.HttpClientConfig;
import io.ktor.client.HttpClientKt;
import io.ktor.client.engine.okhttp.OkHttp;
import io.ktor.client.engine.okhttp.OkHttpConfig;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.text.Charsets;
import okhttp3.OkHttpClient;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.style.BCStyle;

@Metadata(d1 = {"\u0000<\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0000\u0018\u0000 \u00182\u00020\u0001:\u0002\u0017\u0018B\u0005¢\u0006\u0002\u0010\u0002J\"\u0010\u0003\u001a\u00020\u00042\b\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\b\u001a\u00020\u0006H\u0002J\"\u0010\t\u001a\u00020\n2\b\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\u0007\u001a\u00020\u00062\u0006\u0010\b\u001a\u00020\u0006H\u0002J\u0080\u0001\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\u00060\f2\u0006\u0010\r\u001a\u00020\u00062\u0006\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00062\u0018\u0010\u0011\u001a\u0014\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0006\u0012\u0004\u0012\u00020\u00060\u00130\u00122\u0018\u0010\u0014\u001a\u0014\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0006\u0012\u0004\u0012\u00020\u00060\u00130\u00122\b\u0010\u0005\u001a\u0004\u0018\u00010\u00062\u0006\u0010\b\u001a\u00020\u0006H\u0096@ø\u0001\u0000ø\u0001\u0001ø\u0001\u0002ø\u0001\u0002¢\u0006\u0004\b\u0015\u0010\u0016\u0082\u0002\u000f\n\u0002\b!\n\u0005\b¡\u001e0\u0001\n\u0002\b\u0019¨\u0006\u0019"}, d2 = {"Lcom/kape/vpnprotocol/data/externals/common/NetworkClient;", "Lcom/kape/vpnprotocol/data/externals/common/INetworkClient;", "()V", "getNetworkClient", "Lio/ktor/client/HttpClient;", "certificate", "", "ipOrRootDomain", "commonName", "getPreConfiguredNetworkClient", "Lokhttp3/OkHttpClient;", "performGetRequest", "Lkotlin/Result;", "host", "port", "", "path", "headers", "", "Lkotlin/Pair;", "parameters", "performGetRequest-eH_QyT8", "(Ljava/lang/String;ILjava/lang/String;Ljava/util/List;Ljava/util/List;Ljava/lang/String;Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;", "AccountHostnameVerifier", "Companion", "vpnprotocol_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class NetworkClient implements INetworkClient {
    private static final long REQUEST_TIMEOUT_MS = 3000;

    /* JADX INFO: Access modifiers changed from: private */
    @Metadata(d1 = {"\u0000:\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0012\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\b\u0002\u0018\u00002\u00020\u0001B\u001f\u0012\b\u0010\u0002\u001a\u0004\u0018\u00010\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0005¢\u0006\u0002\u0010\u0007J\u0012\u0010\b\u001a\u0004\u0018\u00010\u00052\u0006\u0010\t\u001a\u00020\nH\u0002J\u0018\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u000eH\u0002J\u001c\u0010\u0010\u001a\u00020\f2\b\u0010\u0011\u001a\u0004\u0018\u00010\u00052\b\u0010\u0012\u001a\u0004\u0018\u00010\u0013H\u0016J\u001a\u0010\u0014\u001a\u00020\f2\b\u0010\u0011\u001a\u0004\u0018\u00010\u00052\u0006\u0010\u0015\u001a\u00020\u0016H\u0002R\u000e\u0010\u0006\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u0010\u0010\u0002\u001a\u0004\u0018\u00010\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0017"}, d2 = {"Lcom/kape/vpnprotocol/data/externals/common/NetworkClient$AccountHostnameVerifier;", "Ljavax/net/ssl/HostnameVerifier;", "trustManager", "Ljavax/net/ssl/X509TrustManager;", "requestHostname", "", "commonName", "(Ljavax/net/ssl/X509TrustManager;Ljava/lang/String;Ljava/lang/String;)V", "certificateCommonName", "name", "Lorg/spongycastle/asn1/x500/X500Name;", "isEqual", "", "a", "", "b", "verify", "hostname", "session", "Ljavax/net/ssl/SSLSession;", "verifyCommonName", "certificate", "Ljava/security/cert/X509Certificate;", "vpnprotocol_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class AccountHostnameVerifier implements HostnameVerifier {
        private final String commonName;
        private final String requestHostname;
        private final X509TrustManager trustManager;

        public AccountHostnameVerifier(X509TrustManager x509TrustManager, String requestHostname, String commonName) {
            Intrinsics.checkNotNullParameter(requestHostname, "requestHostname");
            Intrinsics.checkNotNullParameter(commonName, "commonName");
            this.trustManager = x509TrustManager;
            this.requestHostname = requestHostname;
            this.commonName = commonName;
        }

        private final String certificateCommonName(X500Name name) {
            RDN[] rDNs = name.getRDNs(BCStyle.CN);
            Intrinsics.checkNotNull(rDNs);
            if (rDNs.length == 0) {
                return null;
            }
            return ((RDN) ArraysKt.first(rDNs)).getFirst().getValue().toString();
        }

        private final boolean isEqual(byte[] a, byte[] b) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] bArr = new byte[20];
            new SecureRandom().nextBytes(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(a);
            byte[] digest = messageDigest.digest(byteArrayOutputStream.toByteArray());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(bArr);
            byteArrayOutputStream2.write(b);
            return MessageDigest.isEqual(digest, messageDigest.digest(byteArrayOutputStream2.toByteArray()));
        }

        private final boolean verifyCommonName(String hostname, X509Certificate certificate) {
            boolean isEqual;
            Ref.BooleanRef booleanRef = new Ref.BooleanRef();
            Principal subjectDN = certificate.getSubjectDN();
            Intrinsics.checkNotNull(subjectDN, "null cannot be cast to non-null type javax.security.auth.x500.X500Principal");
            X500Name x500Name = X500Name.getInstance(((X500Principal) subjectDN).getEncoded());
            Intrinsics.checkNotNullExpressionValue(x500Name, "getInstance(...)");
            String certificateCommonName = certificateCommonName(x500Name);
            if (certificateCommonName != null) {
                if (hostname != null) {
                    byte[] bytes = hostname.getBytes(Charsets.UTF_8);
                    Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                    byte[] bytes2 = this.requestHostname.getBytes(Charsets.UTF_8);
                    Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
                    if (isEqual(bytes, bytes2)) {
                        byte[] bytes3 = this.commonName.getBytes(Charsets.UTF_8);
                        Intrinsics.checkNotNullExpressionValue(bytes3, "this as java.lang.String).getBytes(charset)");
                        byte[] bytes4 = certificateCommonName.getBytes(Charsets.UTF_8);
                        Intrinsics.checkNotNullExpressionValue(bytes4, "this as java.lang.String).getBytes(charset)");
                        if (isEqual(bytes3, bytes4)) {
                            isEqual = true;
                            Boolean.valueOf(isEqual).getClass();
                        }
                    }
                    isEqual = false;
                    Boolean.valueOf(isEqual).getClass();
                } else {
                    byte[] bytes5 = this.commonName.getBytes(Charsets.UTF_8);
                    Intrinsics.checkNotNullExpressionValue(bytes5, "this as java.lang.String).getBytes(charset)");
                    byte[] bytes6 = certificateCommonName.getBytes(Charsets.UTF_8);
                    Intrinsics.checkNotNullExpressionValue(bytes6, "this as java.lang.String).getBytes(charset)");
                    isEqual = isEqual(bytes5, bytes6);
                }
                booleanRef.element = isEqual;
            }
            return booleanRef.element;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String hostname, SSLSession session) {
            Certificate[] peerCertificates;
            if (session != null) {
                try {
                    peerCertificates = session.getPeerCertificates();
                } catch (InvalidKeyException e) {
                    e.printStackTrace();
                    return false;
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                    return false;
                } catch (NoSuchProviderException e3) {
                    e3.printStackTrace();
                    return false;
                } catch (SignatureException e4) {
                    e4.printStackTrace();
                    return false;
                } catch (CertificateException e5) {
                    e5.printStackTrace();
                    return false;
                } catch (SSLPeerUnverifiedException e6) {
                    e6.printStackTrace();
                    return false;
                }
            } else {
                peerCertificates = null;
            }
            Intrinsics.checkNotNull(peerCertificates, "null cannot be cast to non-null type kotlin.Array<out java.security.cert.X509Certificate>");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) peerCertificates;
            X509TrustManager x509TrustManager = this.trustManager;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            }
            Certificate[] peerCertificates2 = session.getPeerCertificates();
            Intrinsics.checkNotNullExpressionValue(peerCertificates2, "getPeerCertificates(...)");
            Certificate certificate = (Certificate) ArraysKt.first(peerCertificates2);
            Intrinsics.checkNotNull(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            return verifyCommonName(hostname, (X509Certificate) certificate);
        }
    }

    private final HttpClient getNetworkClient(final String certificate, final String ipOrRootDomain, final String commonName) {
        return HttpClientKt.HttpClient(OkHttp.INSTANCE, new Function1<HttpClientConfig<OkHttpConfig>, Unit>() { // from class: com.kape.vpnprotocol.data.externals.common.NetworkClient$getNetworkClient$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            @Override // kotlin.jvm.functions.Function1
            public /* bridge */ /* synthetic */ Unit invoke(HttpClientConfig<OkHttpConfig> httpClientConfig) {
                invoke2(httpClientConfig);
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2(HttpClientConfig<OkHttpConfig> HttpClient) {
                Intrinsics.checkNotNullParameter(HttpClient, "$this$HttpClient");
                HttpClient.setExpectSuccess(true);
                final NetworkClient networkClient = NetworkClient.this;
                final String str = certificate;
                final String str2 = ipOrRootDomain;
                final String str3 = commonName;
                HttpClient.engine(new Function1<OkHttpConfig, Unit>() { // from class: com.kape.vpnprotocol.data.externals.common.NetworkClient$getNetworkClient$1.1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(1);
                    }

                    @Override // kotlin.jvm.functions.Function1
                    public /* bridge */ /* synthetic */ Unit invoke(OkHttpConfig okHttpConfig) {
                        invoke2(okHttpConfig);
                        return Unit.INSTANCE;
                    }

                    /* renamed from: invoke, reason: avoid collision after fix types in other method */
                    public final void invoke2(OkHttpConfig engine) {
                        OkHttpClient preConfiguredNetworkClient;
                        Intrinsics.checkNotNullParameter(engine, "$this$engine");
                        preConfiguredNetworkClient = NetworkClient.this.getPreConfiguredNetworkClient(str, str2, str3);
                        engine.setPreconfigured(preConfiguredNetworkClient);
                    }
                });
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final OkHttpClient getPreConfiguredNetworkClient(String certificate, String ipOrRootDomain, String commonName) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        if (certificate != null) {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(null);
            byte[] bytes = certificate.getBytes(Charsets.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            keyStore.setCertificateEntry("vpnmanager", CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream));
            byteArrayInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1) {
                TrustManager trustManager = trustManagers[0];
                if (trustManager instanceof X509TrustManager) {
                    Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                    SSLContext sSLContext = SSLContext.getInstance("SSL");
                    sSLContext.init(null, trustManagers, new SecureRandom());
                    SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                    if (socketFactory != null) {
                        builder.sslSocketFactory(socketFactory, x509TrustManager);
                    }
                    builder.hostnameVerifier(new AccountHostnameVerifier(x509TrustManager, ipOrRootDomain, commonName));
                }
            }
            throw new IllegalStateException(("Unexpected default trust managers:" + Arrays.toString(trustManagers)).toString());
        }
        builder.connectTimeout(3000L, TimeUnit.MILLISECONDS);
        return builder.build();
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x00ef A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:22:0x0043  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x002a  */
    @Override // com.kape.vpnprotocol.data.externals.common.INetworkClient
    /* renamed from: performGetRequest-eH_QyT8 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.Object mo11632performGetRequesteH_QyT8(final java.lang.String r15, final int r16, final java.lang.String r17, java.util.List<kotlin.Pair<java.lang.String, java.lang.String>> r18, java.util.List<kotlin.Pair<java.lang.String, java.lang.String>> r19, java.lang.String r20, java.lang.String r21, kotlin.coroutines.Continuation<? super kotlin.Result<java.lang.String>> r22) {
        /*
            Method dump skipped, instructions count: 278
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.kape.vpnprotocol.data.externals.common.NetworkClient.mo11632performGetRequesteH_QyT8(java.lang.String, int, java.lang.String, java.util.List, java.util.List, java.lang.String, java.lang.String, kotlin.coroutines.Continuation):java.lang.Object");
    }
}
