package com.tunnelbear.sdk.api;

import android.content.Context;
import android.os.Build;
import com.tunnelbear.sdk.auth.Credential;
import com.tunnelbear.sdk.security.CertificateTrustChecker;
import com.tunnelbear.sdk.security.PinnedHostCertificateSet;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.CertificatePinner;
import okhttp3.ConnectionPool;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;
import okhttp3.internal.tls.OkHostnameVerifier;
import okhttp3.logging.HttpLoggingInterceptor;

/* loaded from: classes5.dex */
public final class PolarOkHttpClient {
    private PolarOkHttpClient() {
    }

    private static CertificatePinner a(Map<String, Set<String>> map) {
        CertificatePinner.Builder builder = new CertificatePinner.Builder();
        for (String str : map.keySet()) {
            Iterator<String> it = map.get(str).iterator();
            while (it.hasNext()) {
                builder.add(str, it.next());
            }
        }
        return builder.build();
    }

    public static OkHttpClient.Builder builder(Credential credential, String str, PinnedHostCertificateSet pinnedHostCertificateSet, InputStream inputStream, Context context, ConnectionPool connectionPool, Boolean bool) {
        if (pinnedHostCertificateSet.getPinCount(str) < 2) {
            throw new IllegalArgumentException("Certificate set must contain hostname (or a superseding wildcard if hostname is of form x.y.z) and at least one backup pin.");
        }
        OkHttpClient.Builder pingInterval = new OkHttpClient.Builder().certificatePinner(a(pinnedHostCertificateSet.getCertificateSet())).hostnameVerifier(new PolarHostnameVerifier(OkHostnameVerifier.INSTANCE, pinnedHostCertificateSet.getCertificateSet().keySet())).followRedirects(false).followSslRedirects(false).retryOnConnectionFailure(true).connectionPool(connectionPool).addInterceptor(new PolarbearInterceptor(credential, context)).connectTimeout(30L, TimeUnit.SECONDS).readTimeout(30L, TimeUnit.SECONDS).writeTimeout(30L, TimeUnit.SECONDS).pingInterval(1L, TimeUnit.SECONDS);
        if (bool.booleanValue()) {
            HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor();
            httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
            pingInterval.addInterceptor(httpLoggingInterceptor);
        }
        try {
            X509TrustManager buildCertificateCheckingTrustManager = CertificateTrustChecker.buildCertificateCheckingTrustManager(inputStream);
            SSLSocketFactory sSLSocketFactory = CertificateTrustChecker.getSSLSocketFactory(context, buildCertificateCheckingTrustManager);
            if (Build.VERSION.SDK_INT < 22) {
                try {
                    pingInterval.sslSocketFactory(sSLSocketFactory, buildCertificateCheckingTrustManager);
                    ConnectionSpec build = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).build();
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(build);
                    arrayList.add(ConnectionSpec.COMPATIBLE_TLS);
                    arrayList.add(ConnectionSpec.CLEARTEXT);
                    pingInterval.connectionSpecs(arrayList);
                } catch (Exception unused) {
                }
            } else {
                pingInterval.sslSocketFactory(sSLSocketFactory, buildCertificateCheckingTrustManager);
            }
            return pingInterval;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }
}
