package com.microsoft.powerlift.http;

import com.microsoft.powerlift.util.StreamUtil;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* loaded from: classes2.dex */
public class CertPinningHttpClientFactory implements HttpClientFactory {
    private final int connectTimeoutSeconds;
    private final int readTimeoutSeconds;
    private final int writeTimeoutSeconds;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class SslConfig {
        final KeyStore keyStore;
        final SSLSocketFactory socketFactory;
        final X509TrustManager trustManager;

        SslConfig(KeyStore keyStore, X509TrustManager x509TrustManager, SSLSocketFactory sSLSocketFactory) {
            this.keyStore = keyStore;
            this.trustManager = x509TrustManager;
            this.socketFactory = sSLSocketFactory;
        }
    }

    public CertPinningHttpClientFactory() {
        this(60, 60, 60);
    }

    public CertPinningHttpClientFactory(int i, int i2, int i3) {
        this.connectTimeoutSeconds = i;
        this.readTimeoutSeconds = i2;
        this.writeTimeoutSeconds = i3;
    }

    private KeyStore makeCertPinningKeyStore() {
        InputStream inputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("BKS");
                inputStream = getClass().getClassLoader().getResourceAsStream("com/microsoft/powerlift/acompli_cacerts.bks");
                keyStore.load(inputStream, "kwijybo".toCharArray());
                return keyStore;
            } catch (IOException e) {
                throw new RuntimeException(e);
            } catch (KeyStoreException e2) {
                e = e2;
                throw new AssertionError(e);
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
                throw new AssertionError(e);
            } catch (CertificateException e4) {
                e = e4;
                throw new AssertionError(e);
            }
        } finally {
            StreamUtil.safelyClose(inputStream);
        }
    }

    private SSLSocketFactory makeSslSocketFactory(TrustManagerFactory trustManagerFactory) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private X509TrustManager makeTrustManager(TrustManagerFactory trustManagerFactory) {
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        throw new IllegalStateException("Missing X509 trust manager");
    }

    private TrustManagerFactory makeTrustManagerFactory(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private SslConfig newSslConfig() {
        KeyStore makeCertPinningKeyStore = makeCertPinningKeyStore();
        TrustManagerFactory makeTrustManagerFactory = makeTrustManagerFactory(makeCertPinningKeyStore);
        return new SslConfig(makeCertPinningKeyStore, makeTrustManager(makeTrustManagerFactory), makeSslSocketFactory(makeTrustManagerFactory));
    }

    @Override // com.microsoft.powerlift.http.HttpClientFactory
    public OkHttpClient makeClient() {
        SslConfig newSslConfig = newSslConfig();
        return new OkHttpClient.Builder().sslSocketFactory(newSslConfig.socketFactory, newSslConfig.trustManager).connectTimeout(this.connectTimeoutSeconds, TimeUnit.SECONDS).readTimeout(this.readTimeoutSeconds, TimeUnit.SECONDS).writeTimeout(this.writeTimeoutSeconds, TimeUnit.SECONDS).build();
    }
}
