package ru.mts.legacy_data_utils_api.data.impl;

import android.util.Base64;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import org.bouncycastle.jcajce.spec.SkeinParameterSpec;
import org.jetbrains.annotations.NotNull;
import ru.mts.legacy_data_utils_api.data.ConstantsKt;
import ru.mts.legacy_data_utils_api.data.entities.SslSource;
import ru.mts.legacy_data_utils_api.data.interfaces.PaymentChannelProvider;

/* compiled from: SSLContextProviderImpl.kt */
@Metadata(d1 = {"\u0000D\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0010\u0018\u0000 $2\u00020\u0001:\u0001$B)\b\u0007\u0012\u0006\u0010\u0003\u001a\u00020\u0002\u0012\u0006\u0010\u0005\u001a\u00020\u0004\u0012\u0006\u0010\u0007\u001a\u00020\u0006\u0012\u0006\u0010\t\u001a\u00020\b¢\u0006\u0004\b\n\u0010\u000bJ\u000f\u0010\r\u001a\u00020\fH\u0002¢\u0006\u0004\b\r\u0010\u000eJ\u001d\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00120\u00112\u0006\u0010\u0010\u001a\u00020\u000fH\u0002¢\u0006\u0004\b\u0013\u0010\u0014J\u000f\u0010\u0016\u001a\u00020\u0015H\u0002¢\u0006\u0004\b\u0016\u0010\u0017J\u000f\u0010\u0018\u001a\u00020\u0015H\u0003¢\u0006\u0004\b\u0018\u0010\u0017J\u000f\u0010\u0019\u001a\u00020\u000fH\u0002¢\u0006\u0004\b\u0019\u0010\u001aJ\u000f\u0010\u001b\u001a\u00020\fH\u0016¢\u0006\u0004\b\u001b\u0010\u000eJ\u000f\u0010\u001c\u001a\u00020\u0015H\u0016¢\u0006\u0004\b\u001c\u0010\u0017R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0003\u0010\u001dR\u0014\u0010\u0005\u001a\u00020\u00048\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010\u001eR\u0014\u0010\u0007\u001a\u00020\u00068\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010\u001fR\u0016\u0010 \u001a\u00020\f8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b \u0010!R\u0014\u0010\"\u001a\u00020\u00158\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\"\u0010#¨\u0006%"}, d2 = {"Lru/mts/legacy_data_utils_api/data/impl/SSLContextProviderImpl;", "Lru/mts/network/util/b;", "Lru/mts/legacy_data_utils_api/data/impl/EnvironmentManager;", "environmentManager", "Lru/mts/legacy_data_utils_api/data/interfaces/PaymentChannelProvider;", "paymentChannelProvider", "Lru/mts/core_api/backend/ssl/a;", "keyStoreManager", "Lru/mts/network/util/security/f;", "trustManagerProvider", "<init>", "(Lru/mts/legacy_data_utils_api/data/impl/EnvironmentManager;Lru/mts/legacy_data_utils_api/data/interfaces/PaymentChannelProvider;Lru/mts/core_api/backend/ssl/a;Lru/mts/network/util/security/f;)V", "Ljavax/net/ssl/SSLContext;", "createSSLContext", "()Ljavax/net/ssl/SSLContext;", "Lru/mts/legacy_data_utils_api/data/entities/SslSource;", "sslSource", "", "Ljavax/net/ssl/KeyManager;", "provideKeyManagers", "(Lru/mts/legacy_data_utils_api/data/entities/SslSource;)[Ljavax/net/ssl/KeyManager;", "Ljavax/net/ssl/X509TrustManager;", "provideComboTrustManager", "()Ljavax/net/ssl/X509TrustManager;", "provideUnsafeTrustManager", "provideSslSource", "()Lru/mts/legacy_data_utils_api/data/entities/SslSource;", "getSSLContext", "provideTrustManager", "Lru/mts/legacy_data_utils_api/data/impl/EnvironmentManager;", "Lru/mts/legacy_data_utils_api/data/interfaces/PaymentChannelProvider;", "Lru/mts/core_api/backend/ssl/a;", "instance", "Ljavax/net/ssl/SSLContext;", "x509TrustManager", "Ljavax/net/ssl/X509TrustManager;", "Companion", "legacy-data-utils-api_release"}, k = 1, mv = {2, 1, 0}, xi = SkeinParameterSpec.PARAM_TYPE_MESSAGE)
/* loaded from: classes4.dex */
public final class SSLContextProviderImpl implements ru.mts.network.util.b {

    @NotNull
    private static final Companion Companion = new Companion(null);

    @Deprecated
    @NotNull
    public static final String TRUSTED_DNS_PART = "mtsmoney-test";

    @NotNull
    private final EnvironmentManager environmentManager;

    @NotNull
    private SSLContext instance;

    @NotNull
    private final ru.mts.core_api.backend.ssl.a keyStoreManager;

    @NotNull
    private final PaymentChannelProvider paymentChannelProvider;

    @NotNull
    private final X509TrustManager x509TrustManager;

    /* compiled from: SSLContextProviderImpl.kt */
    @Metadata(d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0000\b\u0082\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u000e\u0010\u0004\u001a\u00020\u0005X\u0086T¢\u0006\u0002\n\u0000¨\u0006\u0006"}, d2 = {"Lru/mts/legacy_data_utils_api/data/impl/SSLContextProviderImpl$Companion;", "", "<init>", "()V", "TRUSTED_DNS_PART", "", "legacy-data-utils-api_release"}, k = 1, mv = {2, 1, 0}, xi = SkeinParameterSpec.PARAM_TYPE_MESSAGE)
    /* loaded from: classes4.dex */
    private static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public SSLContextProviderImpl(@NotNull EnvironmentManager environmentManager, @NotNull PaymentChannelProvider paymentChannelProvider, @NotNull ru.mts.core_api.backend.ssl.a keyStoreManager, @NotNull ru.mts.network.util.security.f trustManagerProvider) {
        Intrinsics.checkNotNullParameter(environmentManager, "environmentManager");
        Intrinsics.checkNotNullParameter(paymentChannelProvider, "paymentChannelProvider");
        Intrinsics.checkNotNullParameter(keyStoreManager, "keyStoreManager");
        Intrinsics.checkNotNullParameter(trustManagerProvider, "trustManagerProvider");
        this.environmentManager = environmentManager;
        this.paymentChannelProvider = paymentChannelProvider;
        this.keyStoreManager = keyStoreManager;
        this.x509TrustManager = trustManagerProvider.b();
        this.instance = createSSLContext();
    }

    private final SSLContext createSSLContext() {
        SslSource provideSslSource = provideSslSource();
        if (provideSslSource.isEmpty().booleanValue() && ru.mts.mtskit.controller.base.b.a.c()) {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, new X509TrustManager[]{provideUnsafeTrustManager()}, null);
            Intrinsics.checkNotNull(sSLContext);
            return sSLContext;
        }
        KeyManager[] provideKeyManagers = provideKeyManagers(provideSslSource);
        X509TrustManager[] x509TrustManagerArr = {getX509TrustManager()};
        SSLContext sSLContext2 = SSLContext.getInstance("TLSv1.2");
        sSLContext2.init(provideKeyManagers, x509TrustManagerArr, null);
        Intrinsics.checkNotNull(sSLContext2);
        return sSLContext2;
    }

    /* renamed from: provideComboTrustManager, reason: from getter */
    private final X509TrustManager getX509TrustManager() {
        return this.x509TrustManager;
    }

    private final KeyManager[] provideKeyManagers(SslSource sslSource) {
        byte[] decode = Base64.decode(sslSource.clientKeystorePwd, 0);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
        KeyStore a = this.keyStoreManager.a(sslSource.clientKeystoreRawResourceId, sslSource.clientKeystoreType, new String(decode, Charsets.UTF_8));
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String clientKeystorePwd = sslSource.clientKeystorePwd;
        Intrinsics.checkNotNullExpressionValue(clientKeystorePwd, "clientKeystorePwd");
        char[] charArray = clientKeystorePwd.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
        keyManagerFactory.init(a, charArray);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        Intrinsics.checkNotNullExpressionValue(keyManagers, "getKeyManagers(...)");
        return keyManagers;
    }

    private final SslSource provideSslSource() {
        SslSource sslSource = new SslSource();
        sslSource.trustKeystoreType = ConstantsKt.SSL_KEYSTORE_TRUST_TYPE;
        sslSource.clientKeystoreType = ConstantsKt.SSL_KEYSTORE_CLIENT_TYPE;
        sslSource.trustKeystoreRawResourceId = ConstantsKt.getSSL_KEYSTORE_TRUST_RAW_NEW();
        sslSource.trustKeystorePwd = ConstantsKt.SSL_KEYSTORE_TRUST_PWD_NEW;
        sslSource.clientKeystoreRawResourceId = ConstantsKt.getSSL_KEYSTORE_CLIENT_RAW_NEW();
        sslSource.clientKeystorePwd = ConstantsKt.SSL_KEYSTORE_CLIENT_PWD_NEW;
        return sslSource;
    }

    private final X509TrustManager provideUnsafeTrustManager() {
        return new X509TrustManager() { // from class: ru.mts.legacy_data_utils_api.data.impl.SSLContextProviderImpl$provideUnsafeTrustManager$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                Intrinsics.checkNotNullParameter(chain, "chain");
                Intrinsics.checkNotNullParameter(authType, "authType");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                Intrinsics.checkNotNullParameter(chain, "chain");
                Intrinsics.checkNotNullParameter(authType, "authType");
                for (X509Certificate x509Certificate : chain) {
                    String name = x509Certificate.getSubjectDN().getName();
                    Intrinsics.checkNotNullExpressionValue(name, "getName(...)");
                    if (StringsKt.contains$default((CharSequence) name, (CharSequence) SSLContextProviderImpl.TRUSTED_DNS_PART, false, 2, (Object) null)) {
                        return;
                    }
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    Intrinsics.checkNotNullExpressionValue(subjectAlternativeNames, "getSubjectAlternativeNames(...)");
                    ArrayList arrayList = new ArrayList();
                    for (Object obj : subjectAlternativeNames) {
                        if (obj instanceof String) {
                            arrayList.add(obj);
                        }
                    }
                    if (!arrayList.isEmpty()) {
                        Iterator it = arrayList.iterator();
                        while (it.hasNext()) {
                            if (StringsKt.contains$default((CharSequence) it.next(), (CharSequence) SSLContextProviderImpl.TRUSTED_DNS_PART, false, 2, (Object) null)) {
                                return;
                            }
                        }
                    }
                }
                throw new CertificateException();
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    @Override // ru.mts.network.util.b
    @NotNull
    /* renamed from: getSSLContext, reason: from getter */
    public SSLContext getInstance() {
        return this.instance;
    }

    @Override // ru.mts.network.util.b
    @NotNull
    public X509TrustManager provideTrustManager() {
        return getX509TrustManager();
    }
}
