package com.tunnelbear.sdk.client;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import android.util.Log;
import androidx.fragment.app.r;
import b8.p;
import bm.x0;
import com.google.android.gms.internal.measurement.u4;
import com.google.gson.Gson;
import com.tunnelbear.sdk.api.PolarbearApi;
import com.tunnelbear.sdk.model.VpnConnectionSpec;
import fm.d;
import fm.e;
import gj.c;
import gj.k;
import java.io.InputStream;
import java.lang.reflect.Proxy;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Security;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.Regex;
import kotlin.text.q;
import kotlin.text.w;
import okhttp3.CertificatePinner;
import okhttp3.ConnectionPool;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.logging.HttpLoggingInterceptor;
import org.chromium.net.CronetEngine;
import org.conscrypt.Conscrypt;
import org.conscrypt.PSKKeyManager;
import org.jetbrains.annotations.NotNull;
import qo.j0;
import qo.l;
import qo.p0;
import qo.q0;
import ui.f;
import ui.g;
import ui.h;
import ui.i;
import ui.j;
import xi.b;
import yl.c0;
import yl.m0;
import yl.v1;

@Metadata
/* loaded from: classes.dex */
public final class Provider {

    @NotNull
    private static final String TAG = "Provider";

    @NotNull
    private static final String TOKEN_KEY = "secure_token";

    @NotNull
    public static final Provider INSTANCE = new Provider();

    @NotNull
    private static ConnectionPool connectionPool = new ConnectionPool(0, 1, TimeUnit.NANOSECONDS);

    private Provider() {
    }

    public static /* synthetic */ PolarbearApi api$default(Provider provider, yi.a aVar, String str, ej.a aVar2, InputStream inputStream, Context context, boolean z10, boolean z11, b bVar, boolean z12, int i10, Object obj) {
        if ((i10 & 64) != 0) {
            z11 = false;
        }
        if ((i10 & 128) != 0) {
            bVar = null;
        }
        if ((i10 & PSKKeyManager.MAX_KEY_LENGTH_BYTES) != 0) {
            z12 = false;
        }
        return provider.api(aVar, str, aVar2, inputStream, context, z10, z11, bVar, z12);
    }

    @NotNull
    public static final VpnClient client(@NotNull Context context, @NotNull c manager, @NotNull yi.a prefs, @NotNull VpnConnectionSpec connectionSpec, @NotNull String partnerIdentifier, boolean z10, @NotNull ui.c apiServicePriorityQueue, @NotNull b sSocks) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(manager, "manager");
        Intrinsics.checkNotNullParameter(prefs, "prefs");
        Intrinsics.checkNotNullParameter(connectionSpec, "connectionSpec");
        Intrinsics.checkNotNullParameter(partnerIdentifier, "partnerIdentifier");
        Intrinsics.checkNotNullParameter(apiServicePriorityQueue, "apiServicePriorityQueue");
        Intrinsics.checkNotNullParameter(sSocks, "sSocks");
        return new PolarbearVpnClient(context, manager, prefs, connectionSpec, connectionPool, partnerIdentifier, z10, apiServicePriorityQueue, sSocks);
    }

    @NotNull
    public static final yi.a credential(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(PSKKeyManager.MAX_KEY_LENGTH_BYTES);
            final SecretKey generateKey = keyGenerator.generateKey();
            final SharedPreferences sharedPreferences = context.getSharedPreferences("Polarbear", 0);
            final IvParameterSpec ivParameterSpec = new IvParameterSpec(new byte[16]);
            return new yi.a() { // from class: com.tunnelbear.sdk.client.Provider$credential$1
                @Override // yi.a
                public void clear() {
                    sharedPreferences.edit().clear().apply();
                }

                @Override // yi.a
                @NotNull
                public String get() {
                    try {
                        byte[] decode = Base64.decode(sharedPreferences.getString("secure_token", HttpUrl.FRAGMENT_ENCODE_SET), 0);
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher.init(2, generateKey, ivParameterSpec);
                        byte[] decryptedData = cipher.doFinal(decode);
                        Intrinsics.checkNotNullExpressionValue(decryptedData, "decryptedData");
                        return new String(decryptedData, Charsets.UTF_8);
                    } catch (Exception e5) {
                        TBLog.INSTANCE.e("Provider", e5.getMessage());
                        return HttpUrl.FRAGMENT_ENCODE_SET;
                    }
                }

                @Override // yi.a
                public void set(@NotNull String value) {
                    Intrinsics.checkNotNullParameter(value, "value");
                    try {
                        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
                        cipher.init(1, generateKey, ivParameterSpec);
                        byte[] bytes = value.getBytes(Charsets.UTF_8);
                        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                        String encodeToString = Base64.encodeToString(cipher.doFinal(bytes), 0);
                        Log.d("Provider", "Encoded token: " + encodeToString);
                        sharedPreferences.edit().putString("secure_token", encodeToString).apply();
                    } catch (Exception e5) {
                        TBLog.INSTANCE.e("Provider", e5.getMessage());
                    }
                }
            };
        } catch (Exception e5) {
            TBLog.INSTANCE.e(TAG, e5.getMessage());
            throw new RuntimeException(q.c("Aborting due to catastrophic encryption failure:" + e5.getMessage()));
        }
    }

    @NotNull
    public static final yi.a inMemoryCredential() {
        return new yi.a() { // from class: com.tunnelbear.sdk.client.Provider$inMemoryCredential$1

            @NotNull
            private String authToken = HttpUrl.FRAGMENT_ENCODE_SET;

            @Override // yi.a
            public void clear() {
                this.authToken = HttpUrl.FRAGMENT_ENCODE_SET;
            }

            @Override // yi.a
            @NotNull
            public String get() {
                return this.authToken;
            }

            @NotNull
            public final String getAuthToken() {
                return this.authToken;
            }

            @Override // yi.a
            public void set(@NotNull String newToken) {
                Intrinsics.checkNotNullParameter(newToken, "newToken");
                this.authToken = newToken;
            }

            public final void setAuthToken(@NotNull String str) {
                Intrinsics.checkNotNullParameter(str, "<set-?>");
                this.authToken = str;
            }
        };
    }

    @NotNull
    public static final c vpnConnection(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        return new k(context);
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [f9.d, gj.c, java.lang.Object] */
    @NotNull
    public static final c wgV2VpnConnection(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(context, "context");
        ?? obj = new Object();
        v1 e5 = c0.e();
        e eVar = m0.f20679a;
        obj.f8012b = c0.c(kotlin.coroutines.e.c(e5, d.f8159e));
        Context applicationContext = context.getApplicationContext();
        Intrinsics.checkNotNullExpressionValue(applicationContext, "context.applicationContext");
        obj.f8011a = applicationContext;
        obj.f8013c = x0.b(7);
        obj.f8015e = new ArrayList();
        obj.f8016f = new VpnConnectionSpec();
        obj.f8017g = applicationContext.getSharedPreferences("VpnCheck", 0);
        obj.f8018h = new p(obj, 3);
        obj.f8019i = new r(obj, 5);
        return obj;
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [eh.h, gj.c, java.lang.Object] */
    @NotNull
    public static final c wgVpnConnection(@NotNull Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(context, "context");
        ?? obj = new Object();
        v1 e5 = c0.e();
        e eVar = m0.f20679a;
        obj.f7741a = c0.c(kotlin.coroutines.e.c(e5, d.f8159e));
        Context applicationContext = context.getApplicationContext();
        Intrinsics.checkNotNullExpressionValue(applicationContext, "context.applicationContext");
        obj.f7742b = applicationContext;
        obj.f7743c = x0.b(7);
        obj.f7745e = HttpUrl.FRAGMENT_ENCODE_SET;
        obj.f7746f = new ArrayList();
        obj.f7747g = new VpnConnectionSpec();
        obj.f7748h = applicationContext.getSharedPreferences("VpnCheck", 0);
        obj.f7749i = new p(obj, 2);
        obj.f7750j = new r(obj, 4);
        return obj;
    }

    /* JADX WARN: Type inference failed for: r5v14, types: [java.lang.Object, za.j] */
    /* JADX WARN: Type inference failed for: r6v8, types: [qo.b, java.lang.Object] */
    @NotNull
    public final PolarbearApi api(@NotNull yi.a holder, @NotNull String hostname, ej.a certificateSet, InputStream inputStream, @NotNull Context context, boolean z10, boolean z11, b bVar, boolean z12) {
        boolean z13;
        Intrinsics.checkNotNullParameter(holder, "credentialHolder");
        Intrinsics.checkNotNullParameter(hostname, "hostname");
        Intrinsics.checkNotNullParameter(context, "context");
        String hostname2 = w.o(w.o(w.o(new Regex("/$").replace(new Regex("^https?://").d(hostname, HttpUrl.FRAGMENT_ENCODE_SET), HttpUrl.FRAGMENT_ENCODE_SET), "/prod/polarbear", HttpUrl.FRAGMENT_ENCODE_SET, false), "/test/polarbear", HttpUrl.FRAGMENT_ENCODE_SET, false), "/staging/polarbear", HttpUrl.FRAGMENT_ENCODE_SET, false);
        Intrinsics.checkNotNull(certificateSet);
        ConnectionPool connectionPool2 = connectionPool;
        Intrinsics.checkNotNullParameter(holder, "holder");
        Intrinsics.checkNotNullParameter(hostname2, "hostname");
        Intrinsics.checkNotNullParameter(certificateSet, "certificateSet");
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(connectionPool2, "connectionPool");
        l6.e eVar = i.f18074a;
        if (certificateSet.b(hostname2) < 2) {
            throw new IllegalArgumentException("Certificate set must contain hostname (or a superseding wildcard if hostname is of form x.y.z) and at least one backup pin.");
        }
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        HashMap hashMap = certificateSet.f7792a;
        CertificatePinner.Builder builder2 = new CertificatePinner.Builder();
        for (String str : hashMap.keySet()) {
            Object obj = hashMap.get(str);
            Object obj2 = obj;
            if (obj == null) {
                obj2 = Collections.EMPTY_SET;
            }
            for (String str2 : (Set) obj2) {
                if (str2.length() > 0) {
                    builder2.add(str, str2);
                }
            }
        }
        OkHttpClient.Builder connectionPool3 = builder.certificatePinner(builder2.build()).hostnameVerifier(new ui.d(OkHostnameVerifier.INSTANCE, hashMap.keySet())).followRedirects(false).followSslRedirects(false).retryOnConnectionFailure(true).connectionPool(connectionPool2);
        TimeUnit timeUnit = TimeUnit.SECONDS;
        OkHttpClient.Builder pingInterval = connectionPool3.connectTimeout(30L, timeUnit).readTimeout(30L, timeUnit).writeTimeout(30L, timeUnit).pingInterval(1L, timeUnit);
        HttpLoggingInterceptor.Logger logger = null;
        boolean z14 = false;
        if (z11) {
            eVar = f.f18071a;
            Security.insertProviderAt(Conscrypt.newProvider(), 1);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            TrustManager trustManager = trustManagers[0];
            if (!(trustManager instanceof X509TrustManager)) {
                throw new IllegalStateException(("Unexpected trust managers:" + Arrays.toString(trustManagers)).toString());
            }
            Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            Intrinsics.checkNotNullExpressionValue(socketFactory, "sslContext.socketFactory");
            pingInterval.sslSocketFactory(new wi.d(socketFactory), x509TrustManager);
        }
        if (bVar != null) {
            eVar = new h(bVar);
            pingInterval.proxy(bVar.f20102k);
        }
        Matcher matcher = Pattern.compile("([A-Za-z0-9]+)\\.execute-api\\..*\\.amazonaws\\.com", 2).matcher(hostname2);
        String group = matcher.matches() ? matcher.group(1) : HttpUrl.FRAGMENT_ENCODE_SET;
        if (group != null && group.length() != 0) {
            eVar = new ui.e(group);
        }
        if (z12) {
            eVar = g.f18072a;
        }
        if (inputStream != null) {
            try {
                X509TrustManager trustManager2 = u4.c(inputStream);
                Intrinsics.checkNotNullParameter(context, "context");
                Intrinsics.checkNotNullParameter(trustManager2, "trustManager");
                SSLContext sSLContext2 = SSLContext.getInstance("TLSv1.2");
                sSLContext2.init(null, new TrustManager[]{trustManager2}, null);
                SSLSocketFactory socketFactory2 = sSLContext2.getSocketFactory();
                Intrinsics.checkNotNullExpressionValue(socketFactory2, "sslContext.socketFactory");
                pingInterval.sslSocketFactory(new ui.k(socketFactory2), trustManager2);
            } catch (GeneralSecurityException e5) {
                throw new RuntimeException(e5);
            }
        }
        pingInterval.addInterceptor(new j(eVar, holder, context));
        if (z10) {
            z13 = true;
            HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(logger, true ? 1 : 0, z14 ? 1 : 0);
            httpLoggingInterceptor.level(HttpLoggingInterceptor.Level.HEADERS);
            pingInterval.addInterceptor(httpLoggingInterceptor);
        } else {
            z13 = true;
        }
        if (z12) {
            CronetEngine build = new CronetEngine.Builder(context).enableBrotli(false).enableHttp2(z13).enableQuic(z13).addQuicHint(hostname2, 443, 443).build();
            build.getClass();
            if (!za.a.class.equals(za.a.class)) {
                throw new IllegalArgumentException();
            }
            za.c cVar = new za.c(new za.i(build, Executors.newFixedThreadPool(4), new w1.e(new pf.w(27), new u8.d(Executors.newCachedThreadPool())), new Object()));
            Intrinsics.checkNotNullExpressionValue(cVar, "newBuilder(buildCronetEn…ntext, hostname)).build()");
            pingInterval.addInterceptor(cVar);
        }
        OkHttpClient build2 = pingInterval.build();
        connectionPool = build2.connectionPool();
        j0 j0Var = j0.f15609b;
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Objects.requireNonNull(hostname, "baseUrl == null");
        HttpUrl httpUrl = HttpUrl.get(hostname);
        Objects.requireNonNull(httpUrl, "baseUrl == null");
        if (!HttpUrl.FRAGMENT_ENCODE_SET.equals(httpUrl.pathSegments().get(r5.size() - 1))) {
            throw new IllegalArgumentException("baseUrl must end in /: " + httpUrl);
        }
        arrayList.add(new ro.a(new Gson()));
        Executor a10 = j0Var.a();
        ArrayList arrayList3 = new ArrayList(arrayList2);
        arrayList3.addAll(Arrays.asList(qo.h.f15607a, new l(a10)));
        ArrayList arrayList4 = new ArrayList(arrayList.size() + 2);
        ?? obj3 = new Object();
        obj3.f15588a = true;
        arrayList4.add(obj3);
        arrayList4.addAll(arrayList);
        arrayList4.addAll(Collections.singletonList(qo.w.f15706a));
        q0 q0Var = new q0(build2, httpUrl, Collections.unmodifiableList(arrayList4), Collections.unmodifiableList(arrayList3), a10);
        if (!PolarbearApi.class.isInterface()) {
            throw new IllegalArgumentException("API declarations must be interfaces.");
        }
        ArrayDeque arrayDeque = new ArrayDeque(1);
        arrayDeque.add(PolarbearApi.class);
        while (!arrayDeque.isEmpty()) {
            Class cls = (Class) arrayDeque.removeFirst();
            if (cls.getTypeParameters().length != 0) {
                StringBuilder sb2 = new StringBuilder("Type parameters are unsupported on ");
                sb2.append(cls.getName());
                if (cls != PolarbearApi.class) {
                    sb2.append(" which is an interface of ");
                    sb2.append(PolarbearApi.class.getName());
                }
                throw new IllegalArgumentException(sb2.toString());
            }
            Collections.addAll(arrayDeque, cls.getInterfaces());
        }
        Object newProxyInstance = Proxy.newProxyInstance(PolarbearApi.class.getClassLoader(), new Class[]{PolarbearApi.class}, new p0(q0Var));
        Intrinsics.checkNotNullExpressionValue(newProxyInstance, "Builder()\n            .c…PolarbearApi::class.java)");
        return (PolarbearApi) newProxyInstance;
    }
}
