package com.tunnelbear.sdk.api;

import android.content.Context;
import android.os.Build;
import com.tunnelbear.sdk.client.TBLog;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.TlsVersion;
import okhttp3.g;
import okhttp3.j;
import okhttp3.k;
import okhttp3.x;

/* loaded from: classes3.dex */
public final class b {
    private static HostnameVerifier a(final Set<String> set) {
        return new HostnameVerifier() { // from class: com.tunnelbear.sdk.api.b.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                boolean z;
                okhttp3.internal.g.d dVar = okhttp3.internal.g.d.a;
                if (dVar != null && dVar.verify(str, sSLSession)) {
                    for (String str2 : set) {
                        if (str.contains(str2) || (str.split("\\.").length > 2 && str2.contains(str.replaceFirst("\\w+\\.", "*\\.")))) {
                            z = true;
                            break;
                        }
                    }
                }
                z = false;
                if (!z) {
                    TBLog.e("PolarOkHttpClient", "Could not verify hostname " + str);
                }
                return z;
            }
        };
    }

    private static g a(Map<String, Set<String>> map) {
        g.a aVar = new g.a();
        for (String str : map.keySet()) {
            Iterator<String> it = map.get(str).iterator();
            while (it.hasNext()) {
                aVar.a(str, it.next());
            }
        }
        return aVar.a();
    }

    public static x.a a(com.tunnelbear.sdk.a.a aVar, String str, com.tunnelbear.sdk.security.c cVar, InputStream inputStream, Context context, j jVar) {
        if (cVar.a(str) < 2) {
            throw new IllegalArgumentException("Certificate set must contain hostname (or a superseding wildcard if hostname is of form x.y.z) and at least one backup pin.");
        }
        x.a d = new x.a().a(a(cVar.a())).a(a(cVar.a().keySet())).b(false).a(false).c(true).a(jVar).a(new c(aVar, context)).a(30L, TimeUnit.SECONDS).b(30L, TimeUnit.SECONDS).c(30L, TimeUnit.SECONDS).d(1L, TimeUnit.SECONDS);
        try {
            X509TrustManager a = com.tunnelbear.sdk.security.a.a(inputStream);
            SSLSocketFactory a2 = com.tunnelbear.sdk.security.a.a(context, a);
            if (Build.VERSION.SDK_INT < 22) {
                try {
                    d.a(a2, a);
                    k a3 = new k.a(k.b).a(TlsVersion.TLS_1_2).a();
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(a3);
                    arrayList.add(k.c);
                    arrayList.add(k.d);
                    d.a(arrayList);
                } catch (Exception unused) {
                }
            } else {
                d.a(a2, a);
            }
            return d;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }
}
