package ru.sberbank.mobile.core.u.c;

import android.content.res.Resources;
import android.net.Uri;
import com.google.common.io.Closeables;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes3.dex */
public class a implements ru.sberbank.mobile.core.u.c.b {

    /* renamed from: a, reason: collision with root package name */
    private static final String f12939a = "SecureConnectionValidator";

    /* renamed from: b, reason: collision with root package name */
    private static final long f12940b = 5;

    /* renamed from: c, reason: collision with root package name */
    private static final String f12941c = "X.509";
    private static final String d = "TLS";
    private static final Collection<String> e = e.a();
    private final Resources f;
    private final ExecutorService g = Executors.newCachedThreadPool();
    private volatile SSLSocketFactory h;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: ru.sberbank.mobile.core.u.c.a$a, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public class CallableC0356a implements Callable<b> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ String f12942a;

        CallableC0356a(String str) {
            this.f12942a = str;
        }

        @Override // java.util.concurrent.Callable
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public b call() throws Exception {
            return a.this.b(this.f12942a);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public boolean f12944a;

        /* renamed from: b, reason: collision with root package name */
        public UnknownHostException f12945b;

        private b() {
        }
    }

    public a(Resources resources) {
        this.f = resources;
    }

    private static SSLContext a(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance(d);
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } catch (KeyManagementException e2) {
            throw new ru.sberbank.mobile.core.n.a("SSLContext is always created", e2);
        } catch (KeyStoreException e3) {
            throw new ru.sberbank.mobile.core.n.a("Factory is always created", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new ru.sberbank.mobile.core.n.a("Default algorithm of TrustManagerFactory and TLS protocol are supported by every Android device", e4);
        }
    }

    private static void a(CertificateFactory certificateFactory, KeyStore keyStore, Resources resources, int i) {
        InputStream inputStream = null;
        try {
            try {
                inputStream = resources.openRawResource(i);
                keyStore.setCertificateEntry(resources.getResourceName(i), certificateFactory.generateCertificate(inputStream));
            } catch (KeyStoreException e2) {
                throw new ru.sberbank.mobile.core.n.a("KeyStore is inited already, aliases aren't repeated certainly", e2);
            } catch (CertificateException e3) {
                throw new ru.sberbank.mobile.core.n.a("Certificate is certainly valid", e3);
            }
        } finally {
            Closeables.closeQuietly(inputStream);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public b b(String str) {
        b bVar = new b();
        try {
            bVar.f12944a = e.contains(InetAddress.getByName(Uri.parse(str).getHost()).getHostAddress());
            if (!bVar.f12944a) {
                ru.sberbank.mobile.core.s.d.e(f12939a, "check dns: invalid; url = " + str);
            }
        } catch (UnknownHostException e2) {
            ru.sberbank.mobile.core.s.d.c(f12939a, "check dns internal ex", e2);
            bVar.f12945b = e2;
        }
        return bVar;
    }

    private void b() {
        if (this.h == null) {
            synchronized (this) {
                if (this.h == null) {
                    c();
                }
            }
        }
    }

    private Future<b> c(String str) {
        return this.g.submit(new CallableC0356a(str));
    }

    private void c() {
        CertificateFactory d2 = d();
        KeyStore e2 = e();
        Iterator<Integer> it = f.a().iterator();
        while (it.hasNext()) {
            a(d2, e2, this.f, it.next().intValue());
        }
        this.h = new d(a(e2).getSocketFactory(), true);
    }

    private static CertificateFactory d() {
        try {
            return CertificateFactory.getInstance(f12941c);
        } catch (CertificateException e2) {
            throw new RuntimeException("X.509 is supported everywhere", e2);
        }
    }

    private static KeyStore e() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e2) {
            throw new ru.sberbank.mobile.core.n.a("There must be no error with this KeyStore's format", e2);
        } catch (KeyStoreException e3) {
            throw new ru.sberbank.mobile.core.n.a("KeyStore with default type can be always created", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new ru.sberbank.mobile.core.n.a("KeyStore is empty now, there is no need for integrity checking algorithm", e4);
        } catch (CertificateException e5) {
            throw new ru.sberbank.mobile.core.n.a("There are no certificates in KeyStore, so no exception may be thrown", e5);
        }
    }

    @Override // ru.sberbank.mobile.core.u.c.b
    public SSLSocketFactory a() throws ru.sberbank.mobile.core.u.a {
        b();
        return this.h;
    }

    @Override // ru.sberbank.mobile.core.u.c.b
    public void a(String str) throws ru.sberbank.mobile.core.u.a {
        Future<b> c2 = c(str);
        try {
            try {
                try {
                    b bVar = c2.get(5L, TimeUnit.SECONDS);
                    if (!bVar.f12944a) {
                        throw new ru.sberbank.mobile.core.u.a(ru.sberbank.mobile.core.u.b.DNS_ATTACK);
                    }
                    if (bVar.f12945b != null) {
                        throw new ru.sberbank.mobile.core.u.a(bVar.f12945b, ru.sberbank.mobile.core.u.b.DNS_ERROR);
                    }
                } catch (InterruptedException e2) {
                    ru.sberbank.mobile.core.s.d.c(f12939a, "check dns ex", e2);
                    throw new ru.sberbank.mobile.core.u.a(e2, ru.sberbank.mobile.core.u.b.DNS_ERROR);
                }
            } catch (ExecutionException e3) {
                ru.sberbank.mobile.core.s.d.c(f12939a, "check dns ex", e3);
                throw new ru.sberbank.mobile.core.n.a("Our Callable doesn't throw exceptions", e3);
            } catch (TimeoutException e4) {
                ru.sberbank.mobile.core.s.d.c(f12939a, "check dns ex", e4);
                throw new ru.sberbank.mobile.core.u.a(e4, ru.sberbank.mobile.core.u.b.DNS_ERROR);
            }
        } finally {
            c2.cancel(true);
        }
    }
}
