package com.eventbrite.shared.utilities;

import android.content.Context;
import android.graphics.Bitmap;
import android.net.http.SslCertificate;
import android.net.http.SslError;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.webkit.SslErrorHandler;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import com.eventbrite.shared.R;
import com.eventbrite.shared.api.transport.HttpConnectionUtility;
import com.eventbrite.shared.components.StateLayout;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Cache;
import okhttp3.CertificatePinner;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

/* loaded from: classes.dex */
public class HttpClientFactory {
    private static KeyStore sKeyStore;
    private static OkHttpClient sOkHttpClient;

    /* renamed from: com.eventbrite.shared.utilities.HttpClientFactory$1 */
    /* loaded from: classes.dex */
    public static class AnonymousClass1 implements X509TrustManager {
        AnonymousClass1() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes.dex */
    public static class CertificateAwareWebViewClient extends WebViewClient {

        @Nullable
        StateLayout mStateLayout;

        public CertificateAwareWebViewClient(@Nullable StateLayout stateLayout) {
            this.mStateLayout = stateLayout;
        }

        @Override // android.webkit.WebViewClient
        public void onPageFinished(WebView webView, String str) {
            ELog.i("onPageFinished: " + str);
            if (this.mStateLayout != null) {
                this.mStateLayout.showContentState();
            }
            super.onPageFinished(webView, str);
        }

        @Override // android.webkit.WebViewClient
        public void onPageStarted(WebView webView, String str, Bitmap bitmap) {
            ELog.i("onPageStarted: " + str);
            if (this.mStateLayout != null) {
                this.mStateLayout.showLoadingState();
            }
            super.onPageStarted(webView, str, bitmap);
        }

        @Override // android.webkit.WebViewClient
        public void onReceivedSslError(WebView webView, SslErrorHandler sslErrorHandler, SslError sslError) {
            ELog.i("SSL error on page " + sslError.toString());
            if (sslError.getPrimaryError() != 3) {
                ELog.i("Error is weird - just showing error state.");
                this.mStateLayout.showErrorState(HttpClientFactory$CertificateAwareWebViewClient$$Lambda$1.lambdaFactory$(webView));
                sslErrorHandler.cancel();
                return;
            }
            if (!Tweak.SSL_PINNING.enabled(webView.getContext())) {
                ELog.i("Ignoring SSL error because Tweak.SSL_PINNING is disabled");
                sslErrorHandler.proceed();
                return;
            }
            try {
                TrustManager[] internalTrustManager = HttpClientFactory.getInternalTrustManager(webView.getContext());
                SslCertificate certificate = sslError.getCertificate();
                Field declaredField = certificate.getClass().getDeclaredField("mX509Certificate");
                declaredField.setAccessible(true);
                X509Certificate[] x509CertificateArr = {(X509Certificate) declaredField.get(certificate)};
                for (TrustManager trustManager : internalTrustManager) {
                    if (trustManager instanceof X509TrustManager) {
                        try {
                            ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, "generic");
                            ELog.i("Verified certificate aginst evbops certificate");
                            sslErrorHandler.proceed();
                            return;
                        } catch (Exception e) {
                            ELog.i("Failed to verify page against evbops certificate");
                        }
                    }
                }
                ELog.i("Failed to find a suitable trust manager");
            } catch (Exception e2) {
                ELog.e("Exception verifying certificate", e2);
            }
            this.mStateLayout.showErrorState(HttpClientFactory$CertificateAwareWebViewClient$$Lambda$2.lambdaFactory$(webView));
        }
    }

    private static SSLSocketFactory dangerousSocketFactory() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.eventbrite.shared.utilities.HttpClientFactory.1
            AnonymousClass1() {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            ELog.e("error", e);
            return null;
        }
    }

    private static Certificate getCertificate(Context context, int i) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            BufferedInputStream bufferedInputStream = new BufferedInputStream(context.getResources().openRawResource(i));
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                ELog.i("Loaded certificate ca=" + ((X509Certificate) generateCertificate).getSubjectDN());
                return generateCertificate;
            } finally {
                bufferedInputStream.close();
            }
        } catch (IOException | CertificateException e) {
            ELog.e("can't load certificate", e);
            return null;
        }
    }

    private static TrustManager[] getDefaultTrustManager(Context context) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return trustManagerFactory.getTrustManagers();
    }

    public static TrustManager[] getInternalTrustManager(Context context) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(getKeyStore(context));
        return trustManagerFactory.getTrustManagers();
    }

    private static synchronized KeyStore getKeyStore(Context context) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore;
        synchronized (HttpClientFactory.class) {
            if (sKeyStore == null) {
                sKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                sKeyStore.load(null, null);
                sKeyStore.setCertificateEntry("qa", getCertificate(context, R.raw.qacert));
            }
            keyStore = sKeyStore;
        }
        return keyStore;
    }

    public static synchronized OkHttpClient getOkHttpClient(Context context, boolean z) {
        Interceptor interceptor;
        OkHttpClient build;
        synchronized (HttpClientFactory.class) {
            if (sOkHttpClient == null || z) {
                OkHttpClient.Builder followSslRedirects = new OkHttpClient.Builder().connectTimeout(30L, TimeUnit.SECONDS).readTimeout(30L, TimeUnit.SECONDS).writeTimeout(30L, TimeUnit.SECONDS).followRedirects(z).followSslRedirects(z);
                interceptor = HttpClientFactory$$Lambda$1.instance;
                OkHttpClient.Builder cache = followSslRedirects.addInterceptor(interceptor).cache(new Cache(context.getCacheDir(), 10485760L));
                if (Tweak.SSL_PINNING.enabled(context)) {
                    cache.sslSocketFactory(initializeSSLContext(context).getSocketFactory());
                    cache.certificatePinner(new CertificatePinner.Builder().add("www.eventbrite.com", "sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=").add("www.eventbriteapi.com", "sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=").add("www.evbstage.com", "sha256/+o1D84+MvTU49beh1+Yi2DDcj6QodoggjV6cL7O1o3E=").add("www.evbstageapi.com", "sha256/+o1D84+MvTU49beh1+Yi2DDcj6QodoggjV6cL7O1o3E=").add("www.evbqa.com", "sha256/+o1D84+MvTU49beh1+Yi2DDcj6QodoggjV6cL7O1o3E=").add("www.evbqaapi.com", "sha256/+o1D84+MvTU49beh1+Yi2DDcj6QodoggjV6cL7O1o3E=").add("www.evbqaapi.com", "sha256/k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=").build());
                } else {
                    cache.sslSocketFactory(dangerousSocketFactory());
                }
                if (z) {
                    build = cache.build();
                } else {
                    sOkHttpClient = cache.build();
                }
            }
            build = sOkHttpClient;
        }
        return build;
    }

    private static X509TrustManager getTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    @NonNull
    private static SSLContext initializeSSLContext(Context context) {
        try {
            CompositeX509TrustManager compositeX509TrustManager = new CompositeX509TrustManager(Arrays.asList(getTrustManager(getDefaultTrustManager(context)), getTrustManager(getInternalTrustManager(context))));
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{compositeX509TrustManager}, new SecureRandom());
            return sSLContext;
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            ELog.e("Failed to initialize SSL context", e);
            throw new NullPointerException("Can't create an SSL Context");
        }
    }

    public static /* synthetic */ Response lambda$getOkHttpClient$0(Interceptor.Chain chain) throws IOException {
        Request.Builder newBuilder = chain.request().newBuilder();
        newBuilder.header("User-Agent", HttpConnectionUtility.getUserAgent());
        return chain.proceed(newBuilder.build());
    }

    public static void resetOkHttpClient() {
        sOkHttpClient = null;
    }
}
