package net.torguard.openvpn.client.config;

import android.content.Context;
import com.google.common.io.BaseEncoding;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public class URLConnections {
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) URLConnections.class);

    public static SSLSocketFactory buildSslSocketFactory(List<Certificate> list) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (Certificate certificate : list) {
            keyStore.setCertificateEntry(Integer.toString(certificate.hashCode()), certificate);
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sSLContext.getSocketFactory();
    }

    public static HttpsURLConnection getUrlConnection(String str) throws IOException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
        httpsURLConnection.setReadTimeout(60000);
        httpsURLConnection.setReadTimeout(60000);
        return httpsURLConnection;
    }

    public static HttpsURLConnection getUrlConnectionForOurTrustedCaCerts(String str, Context context) throws IOException {
        HttpsURLConnection urlConnection = getUrlConnection(str);
        try {
            List<Certificate> list = new TorGuardConfigImpl(context).configProperties.trustedCaCertificates;
            if (list.isEmpty()) {
                LOGGER.debug("No trusted certs found in configuration. Use standard ones.");
            } else {
                LOGGER.debug("Adding {} certificates to the trusted certificate list", Integer.valueOf(list.size()));
                urlConnection.setSSLSocketFactory(buildSslSocketFactory(list));
            }
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOGGER.error("Error loading our list of trusted certificates", e);
            LOGGER.warn("We will use the default list of trusted certificates...");
        }
        return urlConnection;
    }

    public static InputStream getVerifiedContentWithTimeouts(URL url, int i) throws IOException, ConfigSourceException {
        LOGGER.info("Reading content from {}", url);
        if ((("file".equals(url.getProtocol()) || "jar".equals(url.getProtocol())) ? false : true) && "".equals(url.getHost())) {
            throw new ConfigSourceException("host-invalid");
        }
        URLConnection openConnection = url.openConnection();
        openConnection.setConnectTimeout(45000);
        openConnection.setReadTimeout(45000);
        openConnection.setDoInput(true);
        openConnection.setDoOutput(false);
        InputStream inputStream = openConnection.getInputStream();
        try {
            byte[] bArr = new byte[i];
            int i2 = i;
            while (i2 > 0) {
                int i3 = i - i2;
                int read = inputStream.read(bArr, i3, i2);
                if (read == -1) {
                    byte[] copyOf = Arrays.copyOf(bArr, i3);
                    String headerField = openConnection.getHeaderField("X-Content-Signature-2");
                    inputStream.close();
                    if (headerField == null || headerField.trim().isEmpty()) {
                        LOGGER.warn("Content signature is missing");
                        throw new ConfigSourceException("content-signature-invalid");
                    }
                    if (copyOf.length >= i) {
                        LOGGER.warn("Content is larger than expected: maxContentSize={}", Integer.valueOf(i));
                        throw new ConfigSourceException("content-to-large");
                    }
                    LOGGER.info("Content signature: {}", headerField);
                    byte[][] bArr2 = {BaseEncoding.BASE64.decode(headerField), copyOf};
                    int i4 = 0;
                    for (int i5 = 0; i5 < 2; i5++) {
                        i4 += bArr2[i5].length;
                    }
                    byte[] bArr3 = new byte[i4];
                    int i6 = 0;
                    for (int i7 = 0; i7 < 2; i7++) {
                        byte[] bArr4 = bArr2[i7];
                        System.arraycopy(bArr4, 0, bArr3, i6, bArr4.length);
                        i6 += bArr4.length;
                    }
                    if (TweetNaclFast.crypto_sign_open(new byte[i4], bArr3, 0, i4, BaseEncoding.BASE64.decode("PXbnIubGTd2VN8p/0MpGVav4TNWppDp32IzOZMNTA/s=")) == 0) {
                        LOGGER.warn("Content signature is valid");
                        return new ByteArrayInputStream(copyOf);
                    }
                    LOGGER.warn("Content signature is invalid");
                    throw new ConfigSourceException("content-signature-invalid");
                }
                i2 -= read;
            }
            throw new ConfigSourceException("content-to-large");
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
