package de.idnow.sdk.network;

import android.os.Build;
import de.idnow.sdk.IDnowSDK;
import de.idnow.sdk.network.IDnowSocketFactory;
import de.idnow.sdk.util.Util_Log;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;

/* loaded from: classes.dex */
public class IDnowOkHttpFactory {
    private static final String LOGTAG = "IDNOW_OKHTTP_FACTORY";

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OkHttpClient createOkHttpClient(IDnowSocketFactory.SOCKET_TYPE socket_type, int i4, int i5, int i6) {
        return createOkHttpClient(socket_type, i4, i5, i6, null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OkHttpClient createOkHttpClient(IDnowSocketFactory.SOCKET_TYPE socket_type, int i4, int i5, int i6, Interceptor interceptor, Interceptor interceptor2) {
        OkHttpClient.Builder builder;
        String[] strArr = {"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"};
        Util_Log.i(LOGTAG, "API LEVEL" + Build.VERSION.SDK_INT);
        try {
            ConnectionSpec build = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).cipherSuites(strArr).build();
            if (!IDnowSDK.getAllowInvalidCertificates()) {
                OkHttpClient.Builder connectionSpecs = new OkHttpClient.Builder().sslSocketFactory(defaultSSLSocketFactory(), new IDNowDefaultTrustManager()).connectionSpecs(Collections.singletonList(build));
                long j4 = i4;
                TimeUnit timeUnit = TimeUnit.SECONDS;
                builder = connectionSpecs.readTimeout(j4, timeUnit).connectTimeout(i5, timeUnit).writeTimeout(i6, timeUnit);
            } else if (IDnowSDK.getAllowHttpConnections()) {
                OkHttpClient.Builder connectionSpecs2 = new OkHttpClient.Builder().hostnameVerifier(customHostnameVerifier()).connectionSpecs(Collections.singletonList(new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build()));
                long j5 = i4;
                TimeUnit timeUnit2 = TimeUnit.SECONDS;
                builder = connectionSpecs2.readTimeout(j5, timeUnit2).connectTimeout(i5, timeUnit2).writeTimeout(i6, timeUnit2);
            } else {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, trustAllManagers(), new SecureRandom());
                OkHttpClient.Builder connectionSpecs3 = new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustAllManagers()[0]).hostnameVerifier(customHostnameVerifier()).connectionSpecs(Collections.singletonList(build));
                long j6 = i4;
                TimeUnit timeUnit3 = TimeUnit.SECONDS;
                builder = connectionSpecs3.readTimeout(j6, timeUnit3).connectTimeout(i5, timeUnit3).writeTimeout(i6, timeUnit3);
            }
        } catch (Exception unused) {
            Util_Log.d(LOGTAG, "could not create okhttp client");
            builder = null;
        }
        if (builder == null) {
            return null;
        }
        if (interceptor != null) {
            builder.addNetworkInterceptor(interceptor);
        }
        if (interceptor2 != null && IDnowSDK.isLoggingEnabled().booleanValue()) {
            builder.addInterceptor(interceptor2);
        }
        return builder.build();
    }

    public static OkHttpClient createOkHttpRestClient() {
        return createOkHttpClient(IDnowSocketFactory.SOCKET_TYPE.REST, 60, 10, 10);
    }

    private static HostnameVerifier customHostnameVerifier() {
        return new HostnameVerifier() { // from class: de.idnow.sdk.network.IDnowOkHttpFactory.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        };
    }

    private static SSLSocketFactory defaultSSLSocketFactory() {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(new IDNowKeyManager[]{new IDNowKeyManager("client")}, new TrustManager[]{new IDNowDefaultTrustManager()}, null);
        return sSLContext.getSocketFactory();
    }

    private static X509TrustManager systemTrustManager() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    private static TrustManager[] trustAllManagers() {
        return new TrustManager[]{new X509TrustManager() { // from class: de.idnow.sdk.network.IDnowOkHttpFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) {
                checkServerTrusted(x509CertificateArr, str);
                return Arrays.asList(x509CertificateArr);
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }
}
