package de.telekom.tpd.fmc.networking.platform;

import android.content.Context;
import de.telekom.tpd.fmc.assistant.platform.SpeechFormatter;
import de.telekom.tpd.fmc.networking.domain.Pin;
import java.io.BufferedInputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.OkHttpClient;
import org.apache.http.conn.ssl.SSLSocketFactory;
import timber.log.Timber;

/* compiled from: NetworkingExtensions.kt */
@Metadata(d1 = {"\u0000$\n\u0000\n\u0002\u0010\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a\"\u0010\u0000\u001a\u00020\u0001*\u00020\u00022\u0006\u0010\u0003\u001a\u00020\u00042\f\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006H\u0002\u001a \u0010\b\u001a\u00020\u0001*\u00020\t2\u0006\u0010\u0003\u001a\u00020\u00042\f\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006\u001a\n\u0010\n\u001a\u00020\u0001*\u00020\t¨\u0006\u000b"}, d2 = {"addCertificates", "", "Ljava/security/KeyStore;", "context", "Landroid/content/Context;", "certificates", "", "Lde/telekom/tpd/fmc/networking/domain/Pin;", "pinCertificates", "Lokhttp3/OkHttpClient$Builder;", "trustAllCertificates", "android-common_officialRelease"}, k = 2, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class NetworkingExtensionsKt {
    private static final void addCertificates(KeyStore keyStore, Context context, List<Pin> list) {
        for (Pin pin : list) {
            String alias = pin.getAlias();
            BufferedInputStream bufferedInputStream = new BufferedInputStream(context.getResources().openRawResource(pin.getResource()));
            try {
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(bufferedInputStream);
                CloseableKt.closeFinally(bufferedInputStream, null);
                Timber.INSTANCE.i("Pin certificate " + alias + SpeechFormatter.SPACE, new Object[0]);
                keyStore.setCertificateEntry(alias, generateCertificate);
            } finally {
            }
        }
    }

    public static final void pinCertificates(OkHttpClient.Builder builder, Context context, List<Pin> certificates) {
        Intrinsics.checkNotNullParameter(builder, "<this>");
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(certificates, "certificates");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            Intrinsics.checkNotNull(keyStore);
            addCertificates(keyStore, context, certificates);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.TLS);
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            javax.net.ssl.SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            Intrinsics.checkNotNullExpressionValue(socketFactory, "getSocketFactory(...)");
            TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
            Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            builder.sslSocketFactory(socketFactory, (X509TrustManager) trustManager);
        } catch (Exception e) {
            Timber.INSTANCE.e(e, "Failed to pin certificates", new Object[0]);
        }
    }

    public static final void trustAllCertificates(OkHttpClient.Builder builder) {
        Intrinsics.checkNotNullParameter(builder, "<this>");
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: de.telekom.tpd.fmc.networking.platform.NetworkingExtensionsKt$trustAllCertificates$trustAllCerts$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] chain, String authType) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] chain, String authType) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactory.SSL);
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        javax.net.ssl.SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        Intrinsics.checkNotNull(socketFactory);
        TrustManager trustManager = trustManagerArr[0];
        Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        builder.sslSocketFactory(socketFactory, (X509TrustManager) trustManager);
    }
}
