package com.crazyant.sdk.android.code.network;

import android.annotation.TargetApi;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import com.crazyant.android.common.Log;
import com.crazyant.sdk.android.code.R;
import com.crazyant.sdk.android.code.base.IOperator;
import io.grpc.ManagedChannel;
import io.grpc.internal.GrpcUtil;
import io.grpc.okhttp.NegotiationType;
import io.grpc.okhttp.OkHttpChannelBuilder;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
class CAChannelBuilder {
    CAChannelBuilder() {
    }

    public static ManagedChannel builder(IOperator iOperator, boolean z, String str) {
        String host = iOperator.getConfig().getHost();
        int port = iOperator.getConfig().getPort();
        OkHttpChannelBuilder forAddress = OkHttpChannelBuilder.forAddress(host, port);
        if (z) {
            try {
                InputStream openRawResource = iOperator.getContext().getResources().openRawResource(R.raw.selfsigned);
                SSLSocketFactory sslCertificateSocketFactory = str != null ? getSslCertificateSocketFactory(openRawResource, str) : getSslSocketFactory(openRawResource);
                forAddress.overrideAuthority(GrpcUtil.authorityFromHostAndPort("gateway.crazyant.com", port));
                forAddress.negotiationType(NegotiationType.TLS);
                forAddress.sslSocketFactory(sslCertificateSocketFactory);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        } else {
            forAddress.usePlaintext(true);
        }
        return forAddress.build();
    }

    @TargetApi(14)
    private static SSLCertificateSocketFactory getSslCertificateSocketFactory(InputStream inputStream, String str) throws Exception {
        if (Build.VERSION.SDK_INT < 14) {
            throw new RuntimeException("android_socket_factory_tls doesn't work with API level less than 14.");
        }
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(5000);
        byte[][] bArr = {"h2".getBytes()};
        if (str.equals("alpn")) {
            sSLCertificateSocketFactory.getClass().getDeclaredMethod("setAlpnProtocols", byte[][].class).invoke(sSLCertificateSocketFactory, bArr);
        } else {
            if (!str.equals("npn")) {
                throw new RuntimeException("Unknown protocol: " + str);
            }
            sSLCertificateSocketFactory.getClass().getDeclaredMethod("setNpnProtocols", byte[][].class).invoke(sSLCertificateSocketFactory, bArr);
        }
        if (inputStream != null) {
            sSLCertificateSocketFactory.setTrustManagers(getTrustManagers(inputStream));
        }
        return sSLCertificateSocketFactory;
    }

    private static SSLSocketFactory getSslSocketFactory(InputStream inputStream) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, getTrustManagers(inputStream), null);
            return sSLContext.getSocketFactory();
        } catch (Throwable th) {
            Log.d(th.getMessage());
            th.printStackTrace();
            return (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
    }

    private static TrustManager[] getTrustManagers(InputStream inputStream) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }
}
