package ru.inventos.apps.khl.network;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;
import ru.inventos.apps.khl.utils.Impossibru;
import ru.inventos.apps.khl.utils.crypto.Crypto;

/* loaded from: classes4.dex */
public class TrustedSslContextFactory {
    private static final String[] PINNED_DER_ENCODED_CERTS = {Certs.WS_MEGACDN, Certs.TRUST_ID_X3_ROOT, Certs.ISRG_ROOT_X1_SELF_SIGNED, Certs.ISRG_ROOT_X2_SELF_SIGNED, Certs.ISRG_ROOT_X2_CROSS_SIGNED};

    /* loaded from: classes4.dex */
    public static class UnableToCreateSSlContextException extends Throwable {
        public UnableToCreateSSlContextException(Throwable th) {
            super(th);
        }
    }

    private TrustedSslContextFactory() {
        throw new Impossibru();
    }

    public static SSLContext createSslContext() throws UnableToCreateSSlContextException {
        try {
            TrustManager[] trustManagerArr = {new ExtendedX509TrustManager(pinnedCertsTrustManager(parseCerts(PINNED_DER_ENCODED_CERTS)), platformTrustManager())};
            SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactoryFactory.DEFAULT_PROTOCOL);
            sSLContext.init(null, trustManagerArr, null);
            return sSLContext;
        } catch (Throwable th) {
            throw new UnableToCreateSSlContextException(th);
        }
    }

    private static Certificate[] parseCerts(String[] strArr) throws CertificateException {
        int length = strArr.length;
        Certificate[] certificateArr = new Certificate[length];
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i = 0; i < length; i++) {
            certificateArr[i] = Crypto.parseCertificate(certificateFactory, strArr[i]);
        }
        return certificateArr;
    }

    private static KeyStore pinnedCertsKeyStore(Certificate[] certificateArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        int length = certificateArr.length;
        for (int i = 0; i < length; i++) {
            keyStore.setCertificateEntry("cert" + i, certificateArr[i]);
        }
        return keyStore;
    }

    private static X509TrustManager pinnedCertsTrustManager(Certificate[] certificateArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        return trustManager(pinnedCertsKeyStore(certificateArr));
    }

    private static X509TrustManager platformTrustManager() throws KeyStoreException, NoSuchAlgorithmException {
        return trustManager(null);
    }

    private static X509TrustManager trustManager(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
    }
}
