package de.careoline.careforms.repository.sync;

import android.net.http.SslCertificate;
import com.microsoft.appcenter.Constants;
import de.careoline.careforms.crossconcern.Z;
import java.io.ByteArrayInputStream;
import java.net.Inet4Address;
import java.net.InetAddress;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Comparator;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.comparisons.ComparisonsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import okhttp3.Dns;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;

/* compiled from: Net.kt */
@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\b\n\u0002\b\u0003\n\u0002\u0010\t\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\b\u0004\bÆ\u0002\u0018\u00002\u00020\u0001:\u0003-./B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\b\u0010\u001c\u001a\u00020\u0019H\u0002J\u0012\u0010\u001d\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u001e\u001a\u00020\u001fH\u0002J\b\u0010 \u001a\u00020!H\u0002J\u000e\u0010\"\u001a\u00020#2\u0006\u0010$\u001a\u00020\u0004J\u0016\u0010%\u001a\u00020#2\u0006\u0010&\u001a\u00020\u00042\u0006\u0010'\u001a\u00020\nJ\u000e\u0010(\u001a\u00020#2\u0006\u0010)\u001a\u00020\bJ\u0010\u0010*\u001a\u00020\b2\b\u0010+\u001a\u0004\u0018\u00010,J\u0010\u0010*\u001a\u00020\b2\b\u0010+\u001a\u0004\u0018\u00010\u001fR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\nX\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\nX\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\f\u001a\u00020\nX\u0086T¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0010\u001a\u00020\bX\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0011\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0014\u001a\u00020\u0015X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0016\u001a\u00020\u0017X\u0082\u0004¢\u0006\u0002\n\u0000R\u0011\u0010\u0018\u001a\u00020\u0019¢\u0006\b\n\u0000\u001a\u0004\b\u001a\u0010\u001b¨\u00060"}, d2 = {"Lde/careoline/careforms/repository/sync/Net;", "", "()V", "ACCEPT_HEADER", "", "CERTIFICATE_THUMBPRINT_MCSH", "CONNECTION_HEADER", "DEBUG", "", "ERROR_BAD_REQUEST", "", "ERROR_NOT_FOUND", "ERROR_UNAUTHORIZED", "TIMEOUT_SECONDS", "", "USER_AGENT", "VERBOSE", "X509_BUNDLE_KEY", "authInterceptor", "Lde/careoline/careforms/repository/sync/Net$AuthInterceptor;", "dnsSelector", "Lde/careoline/careforms/repository/sync/Net$DnsSelector;", "hostSelectionInterceptor", "Lde/careoline/careforms/repository/sync/Net$HostSelectionInterceptor;", "httpClient", "Lokhttp3/OkHttpClient;", "getHttpClient", "()Lokhttp3/OkHttpClient;", "createHttpClient", "getThumbprint", "cert", "Ljava/security/cert/X509Certificate;", "pinnedCertificateTrustManager", "Ljavax/net/ssl/X509TrustManager;", "setAuthentication", "", "token", "setHost", "host", "port", "setPreferIPv4", "preferIPv4", "validateCertificate", "certificate", "Landroid/net/http/SslCertificate;", "AuthInterceptor", "DnsSelector", "HostSelectionInterceptor", "app_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class Net {
    private static final String ACCEPT_HEADER = "application/json";
    private static final String CERTIFICATE_THUMBPRINT_MCSH = "C2C93A4AF9310452DCA933903B610F7E7D86C694";
    private static final String CONNECTION_HEADER = "close";
    private static final boolean DEBUG = false;
    public static final int ERROR_BAD_REQUEST = 400;
    public static final int ERROR_NOT_FOUND = 404;
    public static final int ERROR_UNAUTHORIZED = 403;
    public static final Net INSTANCE;
    private static final long TIMEOUT_SECONDS = 30;
    private static final String USER_AGENT = "CAREOLINE";
    private static final boolean VERBOSE = true;
    private static final String X509_BUNDLE_KEY = "x509-certificate";
    private static final AuthInterceptor authInterceptor;
    private static final DnsSelector dnsSelector;
    private static final HostSelectionInterceptor hostSelectionInterceptor;
    private static final OkHttpClient httpClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: Net.kt */
    @Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0002\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0010\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0016R\u001a\u0010\u0002\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\u0004¨\u0006\f"}, d2 = {"Lde/careoline/careforms/repository/sync/Net$AuthInterceptor;", "Lokhttp3/Interceptor;", "token", "", "(Ljava/lang/String;)V", "getToken", "()Ljava/lang/String;", "setToken", "intercept", "Lokhttp3/Response;", "chain", "Lokhttp3/Interceptor$Chain;", "app_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class AuthInterceptor implements Interceptor {
        private String token;

        public AuthInterceptor(String token) {
            Intrinsics.checkNotNullParameter(token, "token");
            this.token = token;
        }

        public final String getToken() {
            return this.token;
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) {
            Intrinsics.checkNotNullParameter(chain, "chain");
            Request request = chain.request();
            if (this.token.length() > 0) {
                request = request.newBuilder().header(Constants.AUTHORIZATION_HEADER, "Bearer " + this.token).build();
            }
            return chain.proceed(request);
        }

        public final void setToken(String str) {
            Intrinsics.checkNotNullParameter(str, "<set-?>");
            this.token = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: Net.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0007\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\b\u0002\u0018\u00002\u00020\u0001B\u0017\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0001¢\u0006\u0002\u0010\u0005J\u0016\u0010\n\u001a\b\u0012\u0004\u0012\u00020\f0\u000b2\u0006\u0010\r\u001a\u00020\u000eH\u0016R\u000e\u0010\u0004\u001a\u00020\u0001X\u0082\u0004¢\u0006\u0002\n\u0000R\u001a\u0010\u0002\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0006\u0010\u0007\"\u0004\b\b\u0010\t¨\u0006\u000f"}, d2 = {"Lde/careoline/careforms/repository/sync/Net$DnsSelector;", "Lokhttp3/Dns;", "preferIPv4", "", "delegate", "(ZLokhttp3/Dns;)V", "getPreferIPv4", "()Z", "setPreferIPv4", "(Z)V", "lookup", "", "Ljava/net/InetAddress;", "hostname", "", "app_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class DnsSelector implements Dns {
        private final Dns delegate;
        private boolean preferIPv4;

        public DnsSelector(boolean z, Dns delegate) {
            Intrinsics.checkNotNullParameter(delegate, "delegate");
            this.preferIPv4 = z;
            this.delegate = delegate;
        }

        public /* synthetic */ DnsSelector(boolean z, Dns dns, int i, DefaultConstructorMarker defaultConstructorMarker) {
            this((i & 1) != 0 ? true : z, dns);
        }

        public final boolean getPreferIPv4() {
            return this.preferIPv4;
        }

        @Override // okhttp3.Dns
        public List<InetAddress> lookup(String hostname) {
            Intrinsics.checkNotNullParameter(hostname, "hostname");
            List<InetAddress> lookup = this.delegate.lookup(hostname);
            return this.preferIPv4 ? CollectionsKt.sortedWith(lookup, new Comparator() { // from class: de.careoline.careforms.repository.sync.Net$DnsSelector$lookup$$inlined$sortedByDescending$1
                /* JADX WARN: Multi-variable type inference failed */
                @Override // java.util.Comparator
                public final int compare(T t, T t2) {
                    return ComparisonsKt.compareValues(Boolean.valueOf(Inet4Address.class.isInstance((InetAddress) t2)), Boolean.valueOf(Inet4Address.class.isInstance((InetAddress) t)));
                }
            }) : lookup;
        }

        public final void setPreferIPv4(boolean z) {
            this.preferIPv4 = z;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: Net.kt */
    @Metadata(d1 = {"\u0000$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\n\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0002\u0018\u00002\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0016R\u001a\u0010\u0002\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0007\u0010\b\"\u0004\b\t\u0010\nR\u001a\u0010\u0004\u001a\u00020\u0005X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u000b\u0010\f\"\u0004\b\r\u0010\u000e¨\u0006\u0013"}, d2 = {"Lde/careoline/careforms/repository/sync/Net$HostSelectionInterceptor;", "Lokhttp3/Interceptor;", "host", "", "port", "", "(Ljava/lang/String;I)V", "getHost", "()Ljava/lang/String;", "setHost", "(Ljava/lang/String;)V", "getPort", "()I", "setPort", "(I)V", "intercept", "Lokhttp3/Response;", "chain", "Lokhttp3/Interceptor$Chain;", "app_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class HostSelectionInterceptor implements Interceptor {
        private String host;
        private int port;

        public HostSelectionInterceptor(String host, int i) {
            Intrinsics.checkNotNullParameter(host, "host");
            this.host = host;
            this.port = i;
        }

        public final String getHost() {
            return this.host;
        }

        public final int getPort() {
            return this.port;
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) {
            Intrinsics.checkNotNullParameter(chain, "chain");
            Request request = chain.request();
            if (!(this.host.length() == 0)) {
                request = request.newBuilder().url(request.url().newBuilder().host(this.host).port(this.port).build()).build();
            }
            return chain.proceed(request);
        }

        public final void setHost(String str) {
            Intrinsics.checkNotNullParameter(str, "<set-?>");
            this.host = str;
        }

        public final void setPort(int i) {
            this.port = i;
        }
    }

    static {
        Net net = new Net();
        INSTANCE = net;
        authInterceptor = new AuthInterceptor("");
        hostSelectionInterceptor = new HostSelectionInterceptor("", Connection.DEFAULT_PORT);
        dnsSelector = new DnsSelector(false, Dns.SYSTEM);
        httpClient = net.createHttpClient();
    }

    private Net() {
    }

    private final OkHttpClient createHttpClient() {
        X509TrustManager pinnedCertificateTrustManager = pinnedCertificateTrustManager();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new X509TrustManager[]{pinnedCertificateTrustManager}, null);
        SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
        OkHttpClient.Builder addInterceptor = new OkHttpClient.Builder().protocols(CollectionsKt.listOf(Protocol.HTTP_1_1)).addInterceptor(hostSelectionInterceptor).addInterceptor(new Interceptor() { // from class: de.careoline.careforms.repository.sync.Net$$ExternalSyntheticLambda0
            @Override // okhttp3.Interceptor
            public final Response intercept(Interceptor.Chain chain) {
                Response createHttpClient$lambda$0;
                createHttpClient$lambda$0 = Net.createHttpClient$lambda$0(chain);
                return createHttpClient$lambda$0;
            }
        }).addInterceptor(authInterceptor);
        Intrinsics.checkNotNull(socketFactory);
        OkHttpClient build = addInterceptor.sslSocketFactory(socketFactory, pinnedCertificateTrustManager).hostnameVerifier(new HostnameVerifier() { // from class: de.careoline.careforms.repository.sync.Net$$ExternalSyntheticLambda1
            @Override // javax.net.ssl.HostnameVerifier
            public final boolean verify(String str, SSLSession sSLSession) {
                boolean createHttpClient$lambda$1;
                createHttpClient$lambda$1 = Net.createHttpClient$lambda$1(str, sSLSession);
                return createHttpClient$lambda$1;
            }
        }).followRedirects(false).followSslRedirects(false).callTimeout(0L, TimeUnit.SECONDS).connectTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS).readTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS).writeTimeout(TIMEOUT_SECONDS, TimeUnit.SECONDS).retryOnConnectionFailure(false).dns(dnsSelector).build();
        build.dispatcher().setMaxRequestsPerHost(1);
        return build;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final Response createHttpClient$lambda$0(Interceptor.Chain chain) {
        Intrinsics.checkNotNullParameter(chain, "chain");
        return chain.proceed(chain.request().newBuilder().header("User-Agent", USER_AGENT).header("Accept", ACCEPT_HEADER).header("Connection", CONNECTION_HEADER).build());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean createHttpClient$lambda$1(String str, SSLSession sSLSession) {
        return StringsKt.equals(sSLSession.getPeerHost(), str, true);
    }

    private final String getThumbprint(X509Certificate cert) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(cert.getEncoded());
            byte[] digest = messageDigest.digest();
            Z z = Z.INSTANCE;
            Intrinsics.checkNotNull(digest);
            String hex = z.toHex(digest);
            Locale ROOT = Locale.ROOT;
            Intrinsics.checkNotNullExpressionValue(ROOT, "ROOT");
            String upperCase = hex.toUpperCase(ROOT);
            Intrinsics.checkNotNullExpressionValue(upperCase, "toUpperCase(...)");
            return upperCase;
        } catch (NoSuchAlgorithmException | CertificateEncodingException unused) {
            return null;
        }
    }

    private final X509TrustManager pinnedCertificateTrustManager() {
        return new X509TrustManager() { // from class: de.careoline.careforms.repository.sync.Net$pinnedCertificateTrustManager$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                Intrinsics.checkNotNullParameter(chain, "chain");
                Intrinsics.checkNotNullParameter(authType, "authType");
                for (X509Certificate x509Certificate : chain) {
                    System.out.println((Object) "Client certificate information:");
                    System.out.println((Object) ("Subject DN:" + x509Certificate.getSubjectDN()));
                    System.out.println((Object) ("Issuer DN:" + x509Certificate.getIssuerDN()));
                    System.out.println((Object) ("Serial number:" + x509Certificate.getSerialNumber()));
                    System.out.println();
                }
                throw new CertificateException();
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                Intrinsics.checkNotNullParameter(chain, "chain");
                Intrinsics.checkNotNullParameter(authType, "authType");
                for (X509Certificate x509Certificate : chain) {
                    if (Net.INSTANCE.validateCertificate(x509Certificate)) {
                        return;
                    }
                }
                throw new CertificateException();
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    public final OkHttpClient getHttpClient() {
        return httpClient;
    }

    public final void setAuthentication(String token) {
        Intrinsics.checkNotNullParameter(token, "token");
        authInterceptor.setToken(token);
    }

    public final void setHost(String host, int port) {
        Intrinsics.checkNotNullParameter(host, "host");
        HostSelectionInterceptor hostSelectionInterceptor2 = hostSelectionInterceptor;
        hostSelectionInterceptor2.setHost(host);
        hostSelectionInterceptor2.setPort(port);
    }

    public final void setPreferIPv4(boolean preferIPv4) {
        dnsSelector.setPreferIPv4(preferIPv4);
    }

    public final boolean validateCertificate(SslCertificate certificate) {
        byte[] byteArray;
        if (certificate == null || (byteArray = SslCertificate.saveState(certificate).getByteArray(X509_BUNDLE_KEY)) == null) {
            return false;
        }
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
        return validateCertificate(generateCertificate instanceof X509Certificate ? (X509Certificate) generateCertificate : null);
    }

    public final boolean validateCertificate(X509Certificate certificate) {
        if (certificate == null) {
            return false;
        }
        String thumbprint = getThumbprint(certificate);
        Intrinsics.checkNotNull(thumbprint);
        return StringsKt.equals(CERTIFICATE_THUMBPRINT_MCSH, thumbprint, true);
    }
}
