package br.com.dekra.smart.library.services;

import com.google.firebase.crashlytics.internal.common.AbstractSpiCall;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.CertificatePinner;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.commons.net.imap.IMAPSClient;

/* loaded from: classes3.dex */
public class SecuritySSL {
    private ArrayList<CertPinner> certPinners;
    private InputStream inCert;

    /* loaded from: classes3.dex */
    public static class CertPinner {
        String domain;
        String pinner;

        String getDomain() {
            return this.domain;
        }

        String getPinner() {
            return this.pinner;
        }

        public void setDomain(String str) {
            this.domain = str;
        }

        public void setPinner(String str) {
            this.pinner = str;
        }
    }

    private ArrayList<CertPinner> getCertPinners() {
        return this.certPinners;
    }

    private SSLSocketFactory getGlobalSSlFactory() {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream inCert = getInCert();
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(inCert);
                inCert.close();
                KeyStore keyStore = KeyStore.getInstance("BKS");
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", generateCertificate);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                SSLContext sSLContext = SSLContext.getInstance(IMAPSClient.DEFAULT_PROTOCOL);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                return sSLContext.getSocketFactory();
            } catch (Throwable th) {
                inCert.close();
                throw th;
            }
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private InputStream getInCert() {
        return this.inCert;
    }

    public OkHttpClient getUnsafeOkHttpClient() {
        SSLSocketFactory socketFactory;
        try {
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: br.com.dekra.smart.library.services.SecuritySSL.2
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            if (getInCert() != null) {
                socketFactory = getGlobalSSlFactory();
            } else {
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                socketFactory = sSLContext.getSocketFactory();
            }
            CertificatePinner.Builder builder = new CertificatePinner.Builder();
            Iterator<CertPinner> it = getCertPinners().iterator();
            while (it.hasNext()) {
                CertPinner next = it.next();
                builder.add(next.getDomain(), "sha256/" + next.getPinner());
            }
            CertificatePinner build = builder.build();
            OkHttpClient.Builder builder2 = new OkHttpClient.Builder();
            builder2.networkInterceptors().add(new Interceptor() { // from class: br.com.dekra.smart.library.services.SecuritySSL.3
                @Override // okhttp3.Interceptor
                public Response intercept(Interceptor.Chain chain) throws IOException {
                    Request.Builder newBuilder = chain.request().newBuilder();
                    newBuilder.header("Content-Type", AbstractSpiCall.ACCEPT_JSON_VALUE);
                    newBuilder.header(AbstractSpiCall.HEADER_ACCEPT, AbstractSpiCall.ACCEPT_JSON_VALUE);
                    newBuilder.header("Cache-Control", "no-store");
                    newBuilder.header("Content-Security-Policy", "frame-ancestors");
                    newBuilder.header("Strict-Transport-Security", "max-age=31536000");
                    newBuilder.header("X-Content-Type-Options", "nosniff");
                    newBuilder.header("X-Frame-Options", "DENY");
                    return chain.proceed(newBuilder.build());
                }
            });
            builder2.certificatePinner(build);
            builder2.connectTimeout(1L, TimeUnit.MINUTES);
            builder2.readTimeout(30L, TimeUnit.SECONDS);
            builder2.writeTimeout(15L, TimeUnit.SECONDS);
            builder2.sslSocketFactory(socketFactory, (X509TrustManager) trustManagerArr[0]);
            builder2.hostnameVerifier(new HostnameVerifier() { // from class: br.com.dekra.smart.library.services.SecuritySSL.4
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
            return builder2.build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void init() {
        try {
            SSLContext.getInstance("SSL").init(null, new TrustManager[]{new X509TrustManager() { // from class: br.com.dekra.smart.library.services.SecuritySSL.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }}, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(getGlobalSSlFactory());
        } catch (Exception e) {
            System.out.println(e);
        }
    }

    public void setCertPinners(ArrayList<CertPinner> arrayList) {
        this.certPinners = arrayList;
    }

    public void setInCert(InputStream inputStream) {
        this.inCert = inputStream;
    }
}
