package de.idnow.sdk;

import android.os.Build;
import de.idnow.sdk.IDnowSocketFactory;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;

/* loaded from: classes7.dex */
public class IDnowOkHttpFactory {
    private static String LOGTAG = "IDNOW_OKHTTP_FACTORY";

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OkHttpClient createOkHttpClient(IDnowSocketFactory.SOCKET_TYPE socket_type, int i, int i2, int i3) {
        OkHttpClient okHttpClient = null;
        String[] strArr = {"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"};
        int i4 = Build.VERSION.SDK_INT;
        Util_Log.i(LOGTAG, "API LEVEL" + Build.VERSION.SDK_INT);
        if (i4 < 21) {
            try {
                okHttpClient = IDnowSDK.getAllowHttpConnections() ? new OkHttpClient.Builder().connectionSpecs(Collections.singletonList(new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build())).connectTimeout(i2, TimeUnit.SECONDS).readTimeout(i, TimeUnit.SECONDS).writeTimeout(i3, TimeUnit.SECONDS).build() : new OkHttpClient.Builder().sslSocketFactory(new IDnowSocketFactory(IDnowSocketFactory.SOCKET_TYPE.REST), defaultTrustManager()).connectionSpecs(Collections.singletonList(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).cipherSuites(strArr).build())).connectTimeout(i2, TimeUnit.SECONDS).readTimeout(i, TimeUnit.SECONDS).writeTimeout(i3, TimeUnit.SECONDS).build();
            } catch (Exception e) {
                Util_Log.d(LOGTAG, "could not create okhttp client");
            }
        } else {
            try {
                ConnectionSpec build = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.TLS_1_2).cipherSuites(strArr).build();
                if (!IDnowSDK.getAllowInvalidCertificates()) {
                    okHttpClient = new OkHttpClient.Builder().sslSocketFactory(HttpsURLConnection.getDefaultSSLSocketFactory(), defaultTrustManager()).connectionSpecs(Collections.singletonList(build)).readTimeout(i, TimeUnit.SECONDS).connectTimeout(i2, TimeUnit.SECONDS).writeTimeout(i3, TimeUnit.SECONDS).build();
                } else if (IDnowSDK.getAllowHttpConnections()) {
                    okHttpClient = new OkHttpClient.Builder().hostnameVerifier(customHostnameVerifier()).connectionSpecs(Collections.singletonList(new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build())).readTimeout(i, TimeUnit.SECONDS).connectTimeout(i2, TimeUnit.SECONDS).writeTimeout(i3, TimeUnit.SECONDS).build();
                } else {
                    SSLContext sSLContext = SSLContext.getInstance("SSL");
                    sSLContext.init(null, customTrustManager(), new SecureRandom());
                    okHttpClient = new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) customTrustManager()[0]).hostnameVerifier(customHostnameVerifier()).connectionSpecs(Collections.singletonList(build)).readTimeout(i, TimeUnit.SECONDS).connectTimeout(i2, TimeUnit.SECONDS).writeTimeout(i3, TimeUnit.SECONDS).build();
                }
            } catch (Exception e2) {
                Util_Log.d(LOGTAG, "could not create okhttp client");
            }
        }
        return okHttpClient;
    }

    private static HostnameVerifier customHostnameVerifier() {
        return new HostnameVerifier() { // from class: de.idnow.sdk.IDnowOkHttpFactory.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        };
    }

    private static TrustManager[] customTrustManager() throws GeneralSecurityException {
        return new TrustManager[]{new X509TrustManager() { // from class: de.idnow.sdk.IDnowOkHttpFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }

    private static X509TrustManager defaultTrustManager() throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }
}
