package premiumcard.app.api;

import android.net.Uri;
import android.util.Base64;
import java.io.IOException;
import java.net.ConnectException;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import premiumcard.app.BaseApplication;
import premiumcard.app.api.rep.ApiRepositoryNetwork;
import premiumcard.app.utilities.l;
import premiumcard.app.utilities.m;

/* loaded from: classes.dex */
public class SSLHandler {
    private static int checkForSecureConnectionCounter;
    private static int sslRenewalRetryCounter;
    ApiRepositoryNetwork apiRepositoryNetwork;
    SSLRouterCallBack sslRouterCallBack;

    /* loaded from: classes.dex */
    public interface SSLRouterCallBack {
        void onInternetConnectionFailure();

        void onSSLFailure(Exception exc);

        void onSuccess();
    }

    public SSLHandler(SSLRouterCallBack sSLRouterCallBack) {
        this.sslRouterCallBack = sSLRouterCallBack;
        if (((String) m.c().d(m.a.HASH, String.class)) == null) {
            renewCertificate();
        } else {
            checkForSecureConnection();
        }
    }

    static /* synthetic */ int access$008() {
        int i2 = checkForSecureConnectionCounter;
        checkForSecureConnectionCounter = i2 + 1;
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkToRenewCertificateIfPossible(Exception exc) {
        if ((exc instanceof UnknownHostException) || (exc instanceof ConnectException)) {
            this.sslRouterCallBack.onInternetConnectionFailure();
            return;
        }
        int i2 = sslRenewalRetryCounter;
        if (i2 < 3) {
            sslRenewalRetryCounter = i2 + 1;
            renewCertificate();
            return;
        }
        this.sslRouterCallBack.onSSLFailure(exc);
        l.b("SSL Exception " + exc.getMessage());
    }

    private String extractHash(X509Certificate x509Certificate) {
        try {
            return "sha256/" + new String(Base64.encode(MessageDigest.getInstance("SHA-256").digest(x509Certificate.getPublicKey().getEncoded()), 0)).replace(" ", "").replace("\n", "");
        } catch (Exception e2) {
            e2.printStackTrace();
            return "";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void pinCertificate(ResponseBody responseBody) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(responseBody.byteStream());
            String extractHash = extractHash(x509Certificate);
            k.a.a.b("Encoded 256 Hash %s", extractHash);
            m.c().e(m.a.CERT_PUBLIC_KEY, x509Certificate.getPublicKey().toString());
            m.c().e(m.a.HASH, extractHash);
            BaseApplication.h();
            checkForSecureConnection();
        } catch (Exception e2) {
            e2.printStackTrace();
            checkToRenewCertificateIfPossible(e2);
        }
    }

    private void renewCertificate() {
        l.e("Renew Certificate " + sslRenewalRetryCounter);
        final String host = Uri.parse("https://ssl.34ml.com/certs/pc.34ml.com.pem").getHost();
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(BaseApplication.g().getAssets().open("cert.pem"));
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("server", generateCertificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            X509TrustManager x509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            OkHttpClient.Builder hostnameVerifier = new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), x509TrustManager).hostnameVerifier(new HostnameVerifier() { // from class: premiumcard.app.api.a
                @Override // javax.net.ssl.HostnameVerifier
                public final boolean verify(String str, SSLSession sSLSession) {
                    boolean equals;
                    equals = str.equals(host);
                    return equals;
                }
            });
            TimeUnit timeUnit = TimeUnit.MINUTES;
            hostnameVerifier.connectTimeout(1L, timeUnit).readTimeout(1L, timeUnit).writeTimeout(1L, timeUnit).build().newCall(new Request.Builder().url("https://ssl.34ml.com/certs/pc.34ml.com.pem").build()).enqueue(new Callback() { // from class: premiumcard.app.api.SSLHandler.2
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    iOException.printStackTrace();
                    l.e("Failed certificate renewal call " + call.request().body());
                    SSLHandler.this.checkToRenewCertificateIfPossible(iOException);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    SSLHandler.this.pinCertificate(response.body());
                }
            });
        } catch (Exception e2) {
            e2.printStackTrace();
            l.e(e2.getMessage());
            l.b("RenewCertificate Exception");
            this.sslRouterCallBack.onSSLFailure(e2);
        }
    }

    public void checkForSecureConnection() {
        l.e("CheckForSecureConnection " + checkForSecureConnectionCounter);
        BaseApplication.e().c(this);
        this.apiRepositoryNetwork.checkConnection(new QuickCallBack() { // from class: premiumcard.app.api.SSLHandler.1
            @Override // premiumcard.app.api.QuickCallBack
            public void onDone() {
                l.e("CheckForSecureConnection Success");
                SSLHandler.this.sslRouterCallBack.onSuccess();
            }

            @Override // premiumcard.app.api.QuickCallBack
            public void onFailed(Exception exc) {
                exc.printStackTrace();
                if (SSLHandler.checkForSecureConnectionCounter >= 3) {
                    SSLHandler.this.checkToRenewCertificateIfPossible(exc);
                } else {
                    SSLHandler.this.checkForSecureConnection();
                    SSLHandler.access$008();
                }
            }
        });
    }
}
