package com.windscribe.vpn.api;

import com.google.gson.Gson;
import com.windscribe.vpn.constants.NetworkKeyConstants;
import com.windscribe.vpn.encoding.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlinx.coroutines.d0;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import r8.c0;
import z7.v;

/* loaded from: classes.dex */
public final class WindCustomApiFactory {
    private Logger logger;
    private final v.a okHttpClient;
    private c0 retrofit;
    private final c0.a retrofitBuilder;

    public WindCustomApiFactory(c0.a retrofitBuilder, v.a okHttpClient) {
        kotlin.jvm.internal.j.f(retrofitBuilder, "retrofitBuilder");
        kotlin.jvm.internal.j.f(okHttpClient, "okHttpClient");
        this.retrofitBuilder = retrofitBuilder;
        this.okHttpClient = okHttpClient;
        this.logger = LoggerFactory.getLogger("static_api");
        v.a unsafeOkHttpClient = getUnsafeOkHttpClient();
        if (unsafeOkHttpClient != null) {
            retrofitBuilder.a(NetworkKeyConstants.INSTANCE.getAPI_ENDPOINT());
            retrofitBuilder.f8643e.add(new s8.h());
            retrofitBuilder.d.add(new t8.a(new Gson()));
            retrofitBuilder.f8641b = new v(unsafeOkHttpClient);
            this.retrofit = retrofitBuilder.b();
        }
    }

    private final v.a getUnsafeOkHttpClient() {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        kotlin.jvm.internal.j.e(certificateFactory, "getInstance(\"X.509\")");
        if ("".length() == 0) {
            return null;
        }
        byte[] decode = Base64.decode("");
        kotlin.jvm.internal.j.e(decode, "decode(BuildConfig.API_STATIC_CERT)");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            kotlin.jvm.internal.j.d(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            X509Certificate x509Certificate = (X509Certificate) generateCertificate;
            d0.o(byteArrayInputStream, null);
            System.out.println("ca=" + x509Certificate.getSubjectDN());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", x509Certificate);
            String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            kotlin.jvm.internal.j.e(defaultAlgorithm, "getDefaultAlgorithm()");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: com.windscribe.vpn.api.l
                @Override // javax.net.ssl.HostnameVerifier
                public final boolean verify(String str, SSLSession sSLSession) {
                    boolean unsafeOkHttpClient$lambda$6;
                    unsafeOkHttpClient$lambda$6 = WindCustomApiFactory.getUnsafeOkHttpClient$lambda$6(WindCustomApiFactory.this, str, sSLSession);
                    return unsafeOkHttpClient$lambda$6;
                }
            };
            v.a aVar = this.okHttpClient;
            aVar.getClass();
            if (!kotlin.jvm.internal.j.a(hostnameVerifier, aVar.f10749s)) {
                aVar.z = null;
            }
            aVar.f10749s = hostnameVerifier;
            SSLSocketFactory sslSocketFactory = sSLContext.getSocketFactory();
            TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
            kotlin.jvm.internal.j.d(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            v.a aVar2 = this.okHttpClient;
            kotlin.jvm.internal.j.e(sslSocketFactory, "sslSocketFactory");
            aVar2.a(sslSocketFactory, (X509TrustManager) trustManager);
            return this.okHttpClient;
        } finally {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean getUnsafeOkHttpClient$lambda$6(WindCustomApiFactory this$0, String str, SSLSession sSLSession) {
        kotlin.jvm.internal.j.f(this$0, "this$0");
        HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
        this$0.logger.debug(sSLSession.getPeerHost());
        return defaultHostnameVerifier.verify("138.197.150.76", sSLSession) || defaultHostnameVerifier.verify("198.211.122.90", sSLSession);
    }

    public final ApiService createCustomCertApi(String url) {
        ApiService apiService;
        kotlin.jvm.internal.j.f(url, "url");
        c0 c0Var = this.retrofit;
        if (c0Var != null) {
            c0.a aVar = new c0.a(c0Var);
            aVar.a(url);
            apiService = (ApiService) aVar.b().b();
        } else {
            apiService = null;
        }
        kotlin.jvm.internal.j.c(apiService);
        return apiService;
    }
}
