package com.hugoapp.client.common.extensions;

import android.util.Base64;
import com.hugoapp.client.BuildConfig;
import com.hugoapp.client.common.Keys;
import java.io.ByteArrayInputStream;
import java.net.Proxy;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt__CollectionsJVMKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.Regex;
import kotlin.text.StringsKt__StringsJVMKt;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;
import org.conscrypt.Conscrypt;
import org.jetbrains.annotations.NotNull;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\u001a\n\u0010\u0002\u001a\u00020\u0001*\u00020\u0000\u001a\f\u0010\u0003\u001a\u00020\u0001*\u00020\u0000H\u0002\u001a+\u0010\n\u001a\u00020\t2\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00070\u0004H\u0002¢\u0006\u0004\b\n\u0010\u000b\u001a\u0015\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u00070\u0004H\u0002¢\u0006\u0004\b\f\u0010\r\u001a\u001d\u0010\u0010\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u000f\u001a\u00020\u000eH\u0002¢\u0006\u0004\b\u0010\u0010\u0011¨\u0006\u0012"}, d2 = {"Lokhttp3/OkHttpClient$Builder;", "", "setSecurityConfig", "setFactorySSL", "", "Ljavax/net/ssl/KeyManager;", "keyManagers", "Ljavax/net/ssl/TrustManager;", "trustManagers", "Ljavax/net/ssl/SSLSocketFactory;", "getSocketFactory", "([Ljavax/net/ssl/KeyManager;[Ljavax/net/ssl/TrustManager;)Ljavax/net/ssl/SSLSocketFactory;", "getTrustManagers", "()[Ljavax/net/ssl/TrustManager;", "Ljava/security/KeyStore;", "keyStore", "getKeysManagers", "(Ljava/security/KeyStore;)[Ljavax/net/ssl/KeyManager;", "hugo-client-android-v2_V4.9.1_Code424_master_hugoProductionGmsRelease"}, k = 2, mv = {1, 5, 1})
/* loaded from: classes4.dex */
public final class SecurityExtensionsKt {
    private static final KeyManager[] getKeysManagers(KeyStore keyStore) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        String secretKey = Keys.INSTANCE.secretKey();
        Objects.requireNonNull(secretKey, "null cannot be cast to non-null type java.lang.String");
        char[] charArray = secretKey.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
        keyManagerFactory.init(keyStore, charArray);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        Intrinsics.checkNotNullExpressionValue(keyManagers, "keyManagerFactory.keyManagers");
        return keyManagers;
    }

    private static final SSLSocketFactory getSocketFactory(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        Keys keys = Keys.INSTANCE;
        SSLContext sSLContext = SSLContext.getInstance(keys.engineKey(), keys.conscrypt());
        sSLContext.init(keyManagerArr, trustManagerArr, new SecureRandom());
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        Intrinsics.checkNotNullExpressionValue(socketFactory, "sslContext.socketFactory");
        return socketFactory;
    }

    private static final TrustManager[] getTrustManagers() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        Intrinsics.checkNotNullExpressionValue(trustManagers, "trustManagerFactory.trustManagers");
        return trustManagers;
    }

    private static final void setFactorySSL(OkHttpClient.Builder builder) {
        String replace$default;
        String replace$default2;
        Keys keys = Keys.INSTANCE;
        CertificateFactory certificateFactory = CertificateFactory.getInstance(keys.instanceKey());
        String checkCertP = keys.checkCertP();
        Charset charset = Charsets.UTF_8;
        Objects.requireNonNull(checkCertP, "null cannot be cast to non-null type java.lang.String");
        byte[] bytes = checkCertP.getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
        byte[] bArr = new byte[byteArrayInputStream.available()];
        byteArrayInputStream.read(bArr);
        Charset defaultCharset = Charset.defaultCharset();
        Intrinsics.checkNotNullExpressionValue(defaultCharset, "defaultCharset()");
        replace$default = StringsKt__StringsJVMKt.replace$default(new String(bArr, defaultCharset), "-----BEGIN PRIVATE KEY-----", "", false, 4, (Object) null);
        String lineSeparator = System.lineSeparator();
        Intrinsics.checkNotNullExpressionValue(lineSeparator, "lineSeparator()");
        replace$default2 = StringsKt__StringsJVMKt.replace$default(new Regex(lineSeparator).replace(replace$default, ""), "-----END PRIVATE KEY-----", "", false, 4, (Object) null);
        byte[] decode = Base64.decode(replace$default2, 0);
        Intrinsics.checkNotNullExpressionValue(decode, "decode(privateKeyContent, Base64.DEFAULT)");
        KeyFactory keyFactory = KeyFactory.getInstance(keys.factoryKey());
        Intrinsics.checkNotNullExpressionValue(keyFactory, "getInstance(Keys.factoryKey())");
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
        String checkCert = keys.checkCert();
        Objects.requireNonNull(checkCert, "null cannot be cast to non-null type java.lang.String");
        byte[] bytes2 = checkCert.getBytes(charset);
        Intrinsics.checkNotNullExpressionValue(bytes2, "(this as java.lang.String).getBytes(charset)");
        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bytes2);
        Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream2);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        String secretKey = keys.secretKey();
        Objects.requireNonNull(secretKey, "null cannot be cast to non-null type java.lang.String");
        char[] charArray = secretKey.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
        keyStore.load(null, charArray);
        String userKey = keys.userKey();
        PrivateKey generatePrivate = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        String secretKey2 = keys.secretKey();
        Objects.requireNonNull(secretKey2, "null cannot be cast to non-null type java.lang.String");
        char[] charArray2 = secretKey2.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray2, "(this as java.lang.String).toCharArray()");
        keyStore.setKeyEntry(userKey, generatePrivate, charArray2, new Certificate[]{generateCertificate});
        byteArrayInputStream2.close();
        TrustManager[] trustManagers = getTrustManagers();
        Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
        builder.sslSocketFactory(getSocketFactory(getKeysManagers(keyStore), trustManagers), (X509TrustManager) trustManagers[0]);
    }

    public static final void setSecurityConfig(@NotNull OkHttpClient.Builder builder) {
        List<ConnectionSpec> listOf;
        Intrinsics.checkNotNullParameter(builder, "<this>");
        if (Intrinsics.areEqual(BuildConfig.FLAVOR_environment, BuildConfig.FLAVOR_environment) || Intrinsics.areEqual(BuildConfig.FLAVOR_environment, "staging")) {
            Security.insertProviderAt(Conscrypt.newProvider(), 1);
            ConnectionSpec build = new ConnectionSpec.Builder(ConnectionSpec.RESTRICTED_TLS).tlsVersions(TlsVersion.TLS_1_3).build();
            builder.proxy(Proxy.NO_PROXY);
            listOf = CollectionsKt__CollectionsJVMKt.listOf(build);
            builder.connectionSpecs(listOf);
            setFactorySSL(builder);
        }
    }
}
