package com.paybyphone.parking.appservices.security;

import com.appsflyer.BuildConfig;
import com.paybyphone.parking.appservices.context.AndroidClientContext;
import com.paybyphone.parking.appservices.utilities.ApiUrlProvider;
import com.paybyphone.parking.appservices.utilities.ApplicationFeatureFlags;
import com.paybyphone.parking.appservices.utilities.OffStreetApiUrlProvider;
import com.paybyphone.parking.appservices.utilities.PayByPhoneLogger;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: KeyPinStore.kt */
/* loaded from: classes2.dex */
public final class KeyPinStore {
    public static final Companion Companion = new Companion(null);
    private static HashMap<String, KeyPinStore> keyPinStoreHashMapNew;
    private static HashMap<String, KeyPinStore> keyPinStoreHashMapOld;
    private final SSLContext sslContext;
    private final TlsV12SocketFactory tlsV12SocketFactory;

    /* compiled from: KeyPinStore.kt */
    /* loaded from: classes2.dex */
    public enum CertificateType {
        CertificateNew,
        CertificateOld;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static CertificateType[] valuesCustom() {
            CertificateType[] valuesCustom = values();
            return (CertificateType[]) Arrays.copyOf(valuesCustom, valuesCustom.length);
        }
    }

    /* compiled from: KeyPinStore.kt */
    /* loaded from: classes2.dex */
    public static final class Companion {

        /* compiled from: KeyPinStore.kt */
        /* loaded from: classes2.dex */
        public /* synthetic */ class WhenMappings {
            public static final /* synthetic */ int[] $EnumSwitchMapping$0;

            static {
                int[] iArr = new int[CertificateType.valuesCustom().length];
                iArr[CertificateType.CertificateNew.ordinal()] = 1;
                iArr[CertificateType.CertificateOld.ordinal()] = 2;
                $EnumSwitchMapping$0 = iArr;
            }
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX WARN: Multi-variable type inference failed */
        public final synchronized KeyPinStore getInstance(String baseUrl, CertificateType certificateType) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
            KeyPinStore keyPinStore;
            Intrinsics.checkNotNullParameter(baseUrl, "baseUrl");
            Intrinsics.checkNotNullParameter(certificateType, "certificateType");
            KeyPinStore keyPinStore2 = null;
            Object[] objArr = 0;
            Object[] objArr2 = 0;
            if (baseUrl.length() == 0) {
                return null;
            }
            if (KeyPinStore.keyPinStoreHashMapNew == null) {
                KeyPinStore.keyPinStoreHashMapNew = new HashMap();
            }
            if (KeyPinStore.keyPinStoreHashMapOld == null) {
                KeyPinStore.keyPinStoreHashMapOld = new HashMap();
            }
            int i = WhenMappings.$EnumSwitchMapping$0[certificateType.ordinal()];
            if (i == 1) {
                HashMap hashMap = KeyPinStore.keyPinStoreHashMapNew;
                Intrinsics.checkNotNull(hashMap);
                if (hashMap.containsKey(baseUrl)) {
                    HashMap hashMap2 = KeyPinStore.keyPinStoreHashMapNew;
                    Intrinsics.checkNotNull(hashMap2);
                    return (KeyPinStore) hashMap2.get(baseUrl);
                }
                keyPinStore = new KeyPinStore(baseUrl, certificateType, objArr == true ? 1 : 0);
                HashMap hashMap3 = KeyPinStore.keyPinStoreHashMapNew;
                Intrinsics.checkNotNull(hashMap3);
                hashMap3.put(baseUrl, keyPinStore);
            } else {
                if (i != 2) {
                    return keyPinStore2;
                }
                HashMap hashMap4 = KeyPinStore.keyPinStoreHashMapOld;
                Intrinsics.checkNotNull(hashMap4);
                if (hashMap4.containsKey(baseUrl)) {
                    HashMap hashMap5 = KeyPinStore.keyPinStoreHashMapOld;
                    Intrinsics.checkNotNull(hashMap5);
                    return (KeyPinStore) hashMap5.get(baseUrl);
                }
                keyPinStore = new KeyPinStore(baseUrl, certificateType, objArr2 == true ? 1 : 0);
                HashMap hashMap6 = KeyPinStore.keyPinStoreHashMapOld;
                Intrinsics.checkNotNull(hashMap6);
                hashMap6.put(baseUrl, keyPinStore);
            }
            keyPinStore2 = keyPinStore;
            return keyPinStore2;
        }
    }

    /* compiled from: KeyPinStore.kt */
    /* loaded from: classes2.dex */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[CertificateType.valuesCustom().length];
            iArr[CertificateType.CertificateNew.ordinal()] = 1;
            iArr[CertificateType.CertificateOld.ordinal()] = 2;
            $EnumSwitchMapping$0 = iArr;
        }
    }

    private KeyPinStore(String str, CertificateType certificateType) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        if (shouldPinToRootCertificate(str)) {
            List<String> customRootCertificateList = getCustomRootCertificateList();
            int i = 0;
            int size = customRootCertificateList.size() - 1;
            if (size >= 0) {
                while (true) {
                    int i2 = i + 1;
                    try {
                        InputStream cARootInput = getCARootInput(customRootCertificateList.get(i));
                        try {
                            keyStore.setCertificateEntry(Intrinsics.stringPlus("ca", Integer.toString(i)), certificateFactory.generateCertificate(cARootInput));
                            Unit unit = Unit.INSTANCE;
                            CloseableKt.closeFinally(cARootInput, null);
                        } catch (Throwable th) {
                            try {
                                throw th;
                                break;
                            } catch (Throwable th2) {
                                CloseableKt.closeFinally(cARootInput, th);
                                throw th2;
                                break;
                            }
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                        PayByPhoneLogger payByPhoneLogger = PayByPhoneLogger.INSTANCE;
                        PayByPhoneLogger.debugLog(Intrinsics.stringPlus("ca root failed on index:", Integer.valueOf(i)));
                    }
                    if (i2 > size) {
                        break;
                    } else {
                        i = i2;
                    }
                }
            }
        } else {
            try {
                InputStream cAInput = getCAInput(str, certificateType);
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(cAInput);
                    PayByPhoneLogger payByPhoneLogger2 = PayByPhoneLogger.INSTANCE;
                    if (generateCertificate == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    PayByPhoneLogger.debugLog(Intrinsics.stringPlus("ca=", ((X509Certificate) generateCertificate).getSubjectDN()));
                    keyStore.setCertificateEntry("ca", generateCertificate);
                    Unit unit2 = Unit.INSTANCE;
                    CloseableKt.closeFinally(cAInput, null);
                } finally {
                }
            } catch (IOException unused) {
            }
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        Intrinsics.checkNotNullExpressionValue(sSLContext, "getInstance(\"TLSv1.2\")");
        this.sslContext = sSLContext;
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        Intrinsics.checkNotNullExpressionValue(socketFactory, "sslContext.socketFactory");
        this.tlsV12SocketFactory = new TlsV12SocketFactory(socketFactory);
    }

    public /* synthetic */ KeyPinStore(String str, CertificateType certificateType, DefaultConstructorMarker defaultConstructorMarker) {
        this(str, certificateType);
    }

    private final InputStream getCAInput(String str, CertificateType certificateType) throws IOException {
        BufferedInputStream bufferedInputStream;
        AndroidClientContext androidClientContext = AndroidClientContext.INSTANCE;
        boolean shouldEnableFeatureFor = androidClientContext.getApplicationFeatureFlags().shouldEnableFeatureFor(ApplicationFeatureFlags.FlagType.APIGEE, BuildConfig.FLAVOR, androidClientContext.getCurrentLocationService().getCurrentLocationDetails().getCountryCode());
        int i = WhenMappings.$EnumSwitchMapping$0[certificateType.ordinal()];
        if (i == 1) {
            ApiUrlProvider apiUrlProvider = ApiUrlProvider.INSTANCE;
            if (apiUrlProvider.isQA(str)) {
                bufferedInputStream = new BufferedInputStream(androidClientContext.getAppContext().getAssets().open(shouldEnableFeatureFor ? "certs/consumer_qa_paybyphoneapis_dev.der" : "certs/qa_paybyphone_com.der"));
            } else if (Intrinsics.areEqual(str, apiUrlProvider.getBaseUrl())) {
                bufferedInputStream = new BufferedInputStream(androidClientContext.getAppContext().getAssets().open(shouldEnableFeatureFor ? "certs/consumer_paybyphoneapis_com.der" : "certs/paybyphone_com.der"));
            }
            return bufferedInputStream;
        }
        if (i == 2) {
            ApiUrlProvider apiUrlProvider2 = ApiUrlProvider.INSTANCE;
            if (apiUrlProvider2.isQA(str)) {
                return new BufferedInputStream(androidClientContext.getAppContext().getAssets().open("certs/qa_paybyphone_com.der.old"));
            }
            if (str.compareTo(apiUrlProvider2.getBaseUrl()) == 0) {
                return new BufferedInputStream(androidClientContext.getAppContext().getAssets().open("certs/paybyphone_com.der.old"));
            }
        }
        return null;
    }

    private final InputStream getCARootInput(String str) throws IOException {
        return new BufferedInputStream(AndroidClientContext.INSTANCE.getAppContext().getAssets().open(str));
    }

    private final List<String> getCustomRootCertificateList() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("certs/AmazonRootCA1.der");
        arrayList.add("certs/AmazonRootCA2.der");
        arrayList.add("certs/AmazonRootCA3.der");
        arrayList.add("certs/AmazonRootCA4.der");
        return arrayList;
    }

    private final boolean shouldPinToRootCertificate(String str) {
        if (!Intrinsics.areEqual(str, "https://consumer.corporateaccounts.api.qa.pbp.io") && !Intrinsics.areEqual(str, "https://consumer.corporateaccounts.api.pbp.io") && !Intrinsics.areEqual(str, "https://fpspayments.api.qa.pbp.io") && !Intrinsics.areEqual(str, "https://fpspayments.api.pbp.io")) {
            OffStreetApiUrlProvider offStreetApiUrlProvider = OffStreetApiUrlProvider.INSTANCE;
            if (!Intrinsics.areEqual(str, offStreetApiUrlProvider.getApiQaServerBaseUrl()) && !Intrinsics.areEqual(str, offStreetApiUrlProvider.getApiServerBaseUrl()) && !Intrinsics.areEqual(str, "https://geolocation-edge.api.qa.pbp.io") && !Intrinsics.areEqual(str, "https://geolocation-edge.api.pbp.io") && !Intrinsics.areEqual(str, "https://eligibilities.qa.paybyphoneapis.dev/") && !Intrinsics.areEqual(str, "https://eligibilities.paybyphoneapis.com/") && !Intrinsics.areEqual(str, "https://gateway.profileservice.identity.api.pbp.io") && !Intrinsics.areEqual(str, "https://gateway.profileservice.identity.api.qa.pbp.io")) {
                return false;
            }
        }
        return true;
    }

    public final SSLSocketFactory getSocketFactory() {
        return this.tlsV12SocketFactory;
    }
}
