package at.bitfire.davdroid.network;

import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import at.bitfire.cert4android.CustomCertManager;
import at.bitfire.dav4jvm.BasicDigestAuthHandler;
import at.bitfire.dav4jvm.UrlUtils;
import at.bitfire.davdroid.BuildConfig;
import at.bitfire.davdroid.db.Credentials;
import at.bitfire.davdroid.network.BearerAuthInterceptor;
import at.bitfire.davdroid.network.HttpClient;
import at.bitfire.davdroid.settings.AccountSettings;
import at.bitfire.davdroid.settings.Settings;
import at.bitfire.davdroid.settings.SettingsManager;
import dagger.hilt.android.EntryPointAccessors;
import java.io.File;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.SynchronizedLazyImpl;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt__CollectionsKt;
import kotlin.collections.CollectionsKt___CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.flow.MutableStateFlow;
import kotlinx.coroutines.flow.StateFlowKt;
import net.openid.appauth.AuthState;
import net.openid.appauth.AuthorizationService;
import okhttp3.Cache;
import okhttp3.ConnectionSpec;
import okhttp3.CookieJar;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.brotli.BrotliInterceptor;
import okhttp3.internal.Util;
import okhttp3.internal.platform.Platform;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.logging.HttpLoggingInterceptor;

/* compiled from: HttpClient.kt */
/* loaded from: classes.dex */
public final class HttpClient implements AutoCloseable {
    public static final long DISK_CACHE_MAX_SIZE = 10485760;
    private AuthorizationService authService;
    private final OkHttpClient okHttpClient;
    public static final Companion Companion = new Companion(null);
    public static final int $stable = 8;

    /* compiled from: HttpClient.kt */
    /* loaded from: classes.dex */
    public static final class Builder {
        public static final int $stable = 8;
        private MutableStateFlow<Boolean> appInForeground;
        private AuthorizationService authService;
        private CertManagerProducer certManagerProducer;
        private String certificateAlias;
        private final Context context;
        private CookieJar cookieStore;
        private final Logger logger;
        private final HttpLoggingInterceptor.Level loggerLevel;
        private boolean offerCompression;
        private final OkHttpClient.Builder orig;

        /* compiled from: HttpClient.kt */
        /* loaded from: classes.dex */
        public interface CertManagerProducer {
            CustomCertManager certManager();
        }

        public Builder(Context context, final AccountSettings accountSettings, Logger logger, HttpLoggingInterceptor.Level loggerLevel) {
            Proxy proxy;
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(loggerLevel, "loggerLevel");
            this.context = context;
            this.logger = logger;
            this.loggerLevel = loggerLevel;
            this.appInForeground = StateFlowKt.MutableStateFlow(Boolean.FALSE);
            this.cookieStore = new MemoryCookieStore();
            OkHttpClient.Builder baseBuilder = HttpClient.Companion.baseBuilder();
            this.orig = baseBuilder;
            if (logger != null && logger.isLoggable(Level.FINEST)) {
                HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(new HttpClient$Builder$$ExternalSyntheticLambda0(this));
                httpLoggingInterceptor.level = loggerLevel;
                baseBuilder.networkInterceptors.add(httpLoggingInterceptor);
            }
            final SettingsManager settingsManager = ((HttpClientEntryPoint) EntryPointAccessors.fromApplication(context, HttpClientEntryPoint.class)).settingsManager();
            try {
                int i = settingsManager.getInt(Settings.PROXY_TYPE);
                if (i != -1) {
                    SynchronizedLazyImpl lazy = LazyKt__LazyJVMKt.lazy(new Function0<InetSocketAddress>() { // from class: at.bitfire.davdroid.network.HttpClient$Builder$address$2
                        {
                            super(0);
                        }

                        @Override // kotlin.jvm.functions.Function0
                        public final InetSocketAddress invoke() {
                            return new InetSocketAddress(SettingsManager.this.getString(Settings.PROXY_HOST), SettingsManager.this.getInt(Settings.PROXY_PORT));
                        }
                    });
                    if (i == 0) {
                        proxy = Proxy.NO_PROXY;
                    } else if (i == 1) {
                        proxy = new Proxy(Proxy.Type.HTTP, _init_$lambda$1(lazy));
                    } else {
                        if (i != 2) {
                            throw new IllegalArgumentException("Invalid proxy type");
                        }
                        proxy = new Proxy(Proxy.Type.SOCKS, _init_$lambda$1(lazy));
                    }
                    Intrinsics.areEqual(proxy, baseBuilder.proxy);
                    baseBuilder.proxy = proxy;
                    at.bitfire.davdroid.log.Logger.INSTANCE.getLog().log(Level.INFO, "Using proxy setting", proxy);
                }
            } catch (Exception e) {
                at.bitfire.davdroid.log.Logger.INSTANCE.getLog().log(Level.SEVERE, "Can't set proxy, ignoring", (Throwable) e);
            }
            customCertManager(new CertManagerProducer() { // from class: at.bitfire.davdroid.network.HttpClient$Builder$$ExternalSyntheticLambda1
                @Override // at.bitfire.davdroid.network.HttpClient.Builder.CertManagerProducer
                public final CustomCertManager certManager() {
                    CustomCertManager _init_$lambda$2;
                    _init_$lambda$2 = HttpClient.Builder._init_$lambda$2(SettingsManager.this, this);
                    return _init_$lambda$2;
                }
            });
            if (accountSettings != null) {
                addAuthentication$default(this, null, accountSettings.credentials(), false, new BearerAuthInterceptor.AuthStateUpdateCallback() { // from class: at.bitfire.davdroid.network.HttpClient$Builder$$ExternalSyntheticLambda2
                    @Override // at.bitfire.davdroid.network.BearerAuthInterceptor.AuthStateUpdateCallback
                    public final void onUpdate(AuthState authState) {
                        HttpClient.Builder._init_$lambda$3(AccountSettings.this, authState);
                    }
                }, 4, null);
            }
        }

        public /* synthetic */ Builder(Context context, AccountSettings accountSettings, Logger logger, HttpLoggingInterceptor.Level level, int i, DefaultConstructorMarker defaultConstructorMarker) {
            this(context, (i & 2) != 0 ? null : accountSettings, (i & 4) != 0 ? at.bitfire.davdroid.log.Logger.INSTANCE.getLog() : logger, (i & 8) != 0 ? HttpLoggingInterceptor.Level.BODY : level);
        }

        /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
        public Builder(Context context, String str, Credentials credentials) {
            this(context, null, null, null, 14, null);
            Intrinsics.checkNotNullParameter(context, "context");
            if (credentials != null) {
                addAuthentication$default(this, str, credentials, false, null, 12, null);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void _init_$lambda$0(Builder this$0, String message) {
            Intrinsics.checkNotNullParameter(this$0, "this$0");
            Intrinsics.checkNotNullParameter(message, "message");
            this$0.logger.finest(message);
        }

        private static final InetSocketAddress _init_$lambda$1(Lazy<? extends InetSocketAddress> lazy) {
            return lazy.getValue();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final CustomCertManager _init_$lambda$2(SettingsManager settings, Builder this$0) {
            Intrinsics.checkNotNullParameter(settings, "$settings");
            Intrinsics.checkNotNullParameter(this$0, "this$0");
            return new CustomCertManager(this$0.context, !settings.getBoolean(Settings.DISTRUST_SYSTEM_CERTIFICATES), this$0.appInForeground);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static final void _init_$lambda$3(AccountSettings accountSettings, AuthState authState) {
            Intrinsics.checkNotNullParameter(authState, "authState");
            accountSettings.credentials(new Credentials(null, null, null, authState, 7, null));
        }

        public static /* synthetic */ Builder addAuthentication$default(Builder builder, String str, Credentials credentials, boolean z, BearerAuthInterceptor.AuthStateUpdateCallback authStateUpdateCallback, int i, Object obj) {
            if ((i & 4) != 0) {
                z = false;
            }
            if ((i & 8) != 0) {
                authStateUpdateCallback = null;
            }
            return builder.addAuthentication(str, credentials, z, authStateUpdateCallback);
        }

        public final Builder addAuthentication(String str, Credentials credentials, boolean z, BearerAuthInterceptor.AuthStateUpdateCallback authStateUpdateCallback) {
            Intrinsics.checkNotNullParameter(credentials, "credentials");
            if (credentials.getUsername() != null && credentials.getPassword() != null) {
                BasicDigestAuthHandler basicDigestAuthHandler = new BasicDigestAuthHandler(UrlUtils.INSTANCE.hostToDomain(str), credentials.getUsername(), credentials.getPassword(), z);
                OkHttpClient.Builder builder = this.orig;
                builder.networkInterceptors.add(basicDigestAuthHandler);
                builder.authenticator = basicDigestAuthHandler;
            }
            if (credentials.getCertificateAlias() != null) {
                this.certificateAlias = credentials.getCertificateAlias();
            }
            AuthState authState = credentials.getAuthState();
            if (authState != null) {
                AuthorizationService authorizationService = ((HttpClientEntryPoint) EntryPointAccessors.fromApplication(this.context, HttpClientEntryPoint.class)).authorizationService();
                this.authService = authorizationService;
                BearerAuthInterceptor fromAuthState = BearerAuthInterceptor.Companion.fromAuthState(authorizationService, authState, authStateUpdateCallback);
                if (fromAuthState != null) {
                    this.orig.networkInterceptors.add(fromAuthState);
                }
            }
            return this;
        }

        public final Builder allowCompression(boolean z) {
            this.offerCompression = z;
            return this;
        }

        public final HttpClient build() {
            X509ExtendedKeyManager x509ExtendedKeyManager;
            X509TrustManager x509TrustManager;
            final X509Certificate[] certificateChain;
            final PrivateKey privateKey;
            CookieJar cookieJar = this.cookieStore;
            if (cookieJar != null) {
                OkHttpClient.Builder builder = this.orig;
                builder.getClass();
                builder.cookieJar = cookieJar;
            }
            if (this.offerCompression) {
                OkHttpClient.Builder builder2 = this.orig;
                BrotliInterceptor brotliInterceptor = BrotliInterceptor.INSTANCE;
                builder2.getClass();
                builder2.interceptors.add(brotliInterceptor);
            }
            final String str = this.certificateAlias;
            DefaultConstructorMarker defaultConstructorMarker = null;
            if (str == null || (certificateChain = KeyChain.getCertificateChain(this.context, str)) == null || (privateKey = KeyChain.getPrivateKey(this.context, str)) == null) {
                x509ExtendedKeyManager = null;
            } else {
                Logger logger = this.logger;
                if (logger != null) {
                    logger.fine("Using provider certificate " + str + " for authentication (chain length: " + certificateChain.length + ")");
                }
                x509ExtendedKeyManager = new X509ExtendedKeyManager() { // from class: at.bitfire.davdroid.network.HttpClient$Builder$build$2$1
                    @Override // javax.net.ssl.X509KeyManager
                    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                        return str;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public /* bridge */ /* synthetic */ String chooseServerAlias(String str2, Principal[] principalArr, Socket socket) {
                        return (String) chooseServerAlias(str2, principalArr, socket);
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public Void chooseServerAlias(String str2, Principal[] principalArr, Socket socket) {
                        return null;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public X509Certificate[] getCertificateChain(String str2) {
                        X509Certificate[] x509CertificateArr = certificateChain;
                        if (Intrinsics.areEqual(str2, str)) {
                            return x509CertificateArr;
                        }
                        return null;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public String[] getClientAliases(String str2, Principal[] principalArr) {
                        return new String[]{str};
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public PrivateKey getPrivateKey(String str2) {
                        PrivateKey privateKey2 = privateKey;
                        if (Intrinsics.areEqual(str2, str)) {
                            return privateKey2;
                        }
                        return null;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public String[] getServerAliases(String str2, Principal[] principalArr) {
                        return null;
                    }
                };
                OkHttpClient.Builder builder3 = this.orig;
                Protocol protocol = Protocol.HTTP_1_1;
                List listOf = CollectionsKt__CollectionsKt.listOf(protocol);
                builder3.getClass();
                ArrayList mutableList = CollectionsKt___CollectionsKt.toMutableList((Collection) listOf);
                Protocol protocol2 = Protocol.H2_PRIOR_KNOWLEDGE;
                if (!mutableList.contains(protocol2) && !mutableList.contains(protocol)) {
                    throw new IllegalArgumentException(("protocols must contain h2_prior_knowledge or http/1.1: " + mutableList).toString());
                }
                if (mutableList.contains(protocol2) && mutableList.size() > 1) {
                    throw new IllegalArgumentException(("protocols containing h2_prior_knowledge cannot use other protocols: " + mutableList).toString());
                }
                if (!(!mutableList.contains(Protocol.HTTP_1_0))) {
                    throw new IllegalArgumentException(("protocols must not contain http/1.0: " + mutableList).toString());
                }
                if (!(!mutableList.contains(null))) {
                    throw new IllegalArgumentException("protocols must not contain null".toString());
                }
                mutableList.remove(Protocol.SPDY_3);
                Intrinsics.areEqual(mutableList, builder3.protocols);
                List<? extends Protocol> unmodifiableList = Collections.unmodifiableList(mutableList);
                Intrinsics.checkNotNullExpressionValue(unmodifiableList, "unmodifiableList(protocolsCopy)");
                builder3.protocols = unmodifiableList;
            }
            CertManagerProducer certManagerProducer = this.certManagerProducer;
            if (certManagerProducer != null || x509ExtendedKeyManager != null) {
                CustomCertManager certManager = certManagerProducer != null ? certManagerProducer.certManager() : null;
                if (certManager != null) {
                    x509TrustManager = certManager;
                } else {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init((KeyStore) null);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    Intrinsics.checkNotNullExpressionValue(trustManagers, "getTrustManagers(...)");
                    Object first = ArraysKt___ArraysKt.first(trustManagers);
                    Intrinsics.checkNotNull(first, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                    x509TrustManager = (X509TrustManager) first;
                }
                HostnameVerifier hostnameVerifier = OkHostnameVerifier.INSTANCE;
                if (certManager != null) {
                    hostnameVerifier = new CustomCertManager.HostnameVerifier(hostnameVerifier);
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(x509ExtendedKeyManager != null ? new KeyManager[]{x509ExtendedKeyManager} : null, new X509TrustManager[]{x509TrustManager}, null);
                OkHttpClient.Builder builder4 = this.orig;
                SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                Intrinsics.checkNotNullExpressionValue(socketFactory, "getSocketFactory(...)");
                builder4.getClass();
                if (Intrinsics.areEqual(socketFactory, builder4.sslSocketFactoryOrNull)) {
                    Intrinsics.areEqual(x509TrustManager, builder4.x509TrustManagerOrNull);
                }
                builder4.sslSocketFactoryOrNull = socketFactory;
                Platform platform = Platform.platform;
                builder4.certificateChainCleaner = Platform.platform.buildCertificateChainCleaner(x509TrustManager);
                builder4.x509TrustManagerOrNull = x509TrustManager;
                OkHttpClient.Builder builder5 = this.orig;
                builder5.getClass();
                Intrinsics.areEqual(hostnameVerifier, builder5.hostnameVerifier);
                builder5.hostnameVerifier = hostnameVerifier;
            }
            OkHttpClient.Builder builder6 = this.orig;
            builder6.getClass();
            return new HttpClient(new OkHttpClient(builder6), this.authService, defaultConstructorMarker);
        }

        public final Builder cookieStore(CookieJar cookieJar) {
            this.cookieStore = cookieJar;
            return this;
        }

        public final void customCertManager(CertManagerProducer producer) {
            Intrinsics.checkNotNullParameter(producer, "producer");
            this.certManagerProducer = producer;
        }

        public final Builder followRedirects(boolean z) {
            this.orig.followRedirects = z;
            return this;
        }

        public final Context getContext() {
            return this.context;
        }

        public final Logger getLogger() {
            return this.logger;
        }

        public final HttpLoggingInterceptor.Level getLoggerLevel() {
            return this.loggerLevel;
        }

        public final Builder setForeground(boolean z) {
            MutableStateFlow<Boolean> mutableStateFlow = this.appInForeground;
            if (mutableStateFlow != null) {
                mutableStateFlow.setValue(Boolean.valueOf(z));
            }
            return this;
        }

        public final Builder withDiskCache() {
            Iterator it = ArraysKt___ArraysKt.filterNotNull(new File[]{this.context.getExternalCacheDir(), this.context.getCacheDir()}).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                File file = (File) it.next();
                if (file.exists() && file.canWrite()) {
                    File file2 = new File(file, "HttpClient");
                    file2.mkdir();
                    at.bitfire.davdroid.log.Logger.INSTANCE.getLog().fine("Using disk cache: " + file2);
                    this.orig.cache = new Cache(file2);
                    break;
                }
            }
            return this;
        }
    }

    /* compiled from: HttpClient.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final OkHttpClient.Builder baseBuilder() {
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            TimeUnit unit = TimeUnit.SECONDS;
            Intrinsics.checkNotNullParameter(unit, "unit");
            builder.connectTimeout = Util.checkDuration("timeout", 15L, unit);
            builder.writeTimeout = Util.checkDuration("timeout", 30L, unit);
            builder.readTimeout = Util.checkDuration("timeout", 120L, unit);
            builder.pingInterval = Util.checkDuration("interval", 45L, unit);
            List listOf = CollectionsKt__CollectionsKt.listOf((Object[]) new ConnectionSpec[]{ConnectionSpec.CLEARTEXT, ConnectionSpec.COMPATIBLE_TLS});
            Intrinsics.areEqual(listOf, builder.connectionSpecs);
            builder.connectionSpecs = Util.toImmutableList(listOf);
            builder.followRedirects = false;
            UserAgentInterceptor interceptor = UserAgentInterceptor.INSTANCE;
            Intrinsics.checkNotNullParameter(interceptor, "interceptor");
            builder.interceptors.add(interceptor);
            return builder;
        }
    }

    /* compiled from: HttpClient.kt */
    /* loaded from: classes.dex */
    public interface HttpClientEntryPoint {
        AuthorizationService authorizationService();

        SettingsManager settingsManager();
    }

    /* compiled from: HttpClient.kt */
    /* loaded from: classes.dex */
    public static final class UserAgentInterceptor implements Interceptor {
        public static final int $stable;
        public static final UserAgentInterceptor INSTANCE = new UserAgentInterceptor();
        private static final String userAgent;
        private static final String userAgentDate;
        private static final SimpleDateFormat userAgentDateFormat;

        static {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy/MM/dd", Locale.ROOT);
            userAgentDateFormat = simpleDateFormat;
            String format = simpleDateFormat.format(new Date(BuildConfig.buildTime));
            userAgentDate = format;
            String str = "DAVx5/4.3.16-gplay (" + format + "; dav4jvm; okhttp/4.12.0) Android/" + Build.VERSION.RELEASE;
            userAgent = str;
            at.bitfire.davdroid.log.Logger.INSTANCE.getLog().info("Will set \"User-Agent: " + str + "\" for further requests");
            $stable = 8;
        }

        private UserAgentInterceptor() {
        }

        public final String getUserAgent() {
            return userAgent;
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) {
            Intrinsics.checkNotNullParameter(chain, "chain");
            Locale locale = Locale.getDefault();
            Request.Builder newBuilder = chain.request().newBuilder();
            newBuilder.header("User-Agent", userAgent);
            newBuilder.header("Accept-Language", locale.getLanguage() + "-" + locale.getCountry() + ", " + locale.getLanguage() + ";q=0.7, *;q=0.5");
            return chain.proceed(newBuilder.build());
        }
    }

    private HttpClient(OkHttpClient okHttpClient, AuthorizationService authorizationService) {
        this.okHttpClient = okHttpClient;
        this.authService = authorizationService;
    }

    public /* synthetic */ HttpClient(OkHttpClient okHttpClient, AuthorizationService authorizationService, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(okHttpClient, (i & 2) != 0 ? null : authorizationService);
    }

    public /* synthetic */ HttpClient(OkHttpClient okHttpClient, AuthorizationService authorizationService, DefaultConstructorMarker defaultConstructorMarker) {
        this(okHttpClient, authorizationService);
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        AuthorizationService authorizationService = this.authService;
        if (authorizationService != null) {
            authorizationService.dispose();
        }
        Cache cache = this.okHttpClient.cache;
        if (cache != null) {
            cache.close();
        }
    }

    public final OkHttpClient getOkHttpClient() {
        return this.okHttpClient;
    }
}
