package com.citi.mobile.framework.network.impl;

import android.content.Context;
import android.text.TextUtils;
import com.citi.mobile.framework.common.utils.logger.Logger;
import com.citi.mobile.framework.network.di.OkHttpBuilderModule;
import com.citi.mobile.framework.security.certs.models.CertConfig;
import com.citi.mobile.framework.security.utils.Constants;
import com.citi.mobile.framework.storage.base.IKeyValueStore;
import java.io.BufferedInputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import okhttp3.CertificatePinner;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import runtime.Strings.StringIndexer;

/* loaded from: classes3.dex */
public class OkHttpBuilderService implements OkHttpBuilderModule {
    IKeyValueStore keyValueStore;
    private CertConfig mCertConfig;

    public OkHttpBuilderService(IKeyValueStore iKeyValueStore, CertConfig certConfig) {
        this.keyValueStore = iKeyValueStore;
        this.mCertConfig = certConfig;
    }

    private JSONArray getShaPin(String str) {
        try {
            JSONObject blockingGet = this.keyValueStore.retrieveJSONObject(Constants.Certs.KEY_PINNING_CERTS, new JSONObject()).blockingGet();
            if (blockingGet == null || !blockingGet.has(str)) {
                return null;
            }
            return blockingGet.getJSONArray(str);
        } catch (JSONException e) {
            Logger.e("getShaPin JSONException " + e.getMessage(), new Object[0]);
            return null;
        }
    }

    private boolean isHostEligibility(String str) {
        try {
            JSONArray shaPin = getShaPin(str);
            if (shaPin != null && shaPin.length() > 0) {
                Logger.d("isHostEligibility length " + shaPin.length(), new Object[0]);
                JSONObject jSONObject = shaPin.getJSONObject(0);
                if (jSONObject.has(Constants.Certs.HOST_ELIGIBLE)) {
                    Logger.d("isHostEligibility eligible " + jSONObject.optBoolean(Constants.Certs.HOST_ELIGIBLE), new Object[0]);
                    return jSONObject.optBoolean(Constants.Certs.HOST_ELIGIBLE);
                }
            }
        } catch (JSONException e) {
            Logger.e("getShaPin JSONException " + e.getMessage(), new Object[0]);
        }
        return false;
    }

    private boolean isReqEligibleForCertPinning(String str) {
        try {
            Logger.d("isReqEligibleForCertPinning===>" + this.mCertConfig.isEnabledInRule() + StringIndexer._getString("3740") + this.mCertConfig.isEnabledInWebConfig(), new Object[0]);
            if (this.mCertConfig.isEnabledInRule() && this.mCertConfig.isEnabledInWebConfig()) {
                return isHostEligibility(str);
            }
            return false;
        } catch (Exception e) {
            Logger.e("isReqEligibleForCertPinning Exception " + e.getMessage(), new Object[0]);
            return false;
        }
    }

    @Override // com.citi.mobile.framework.network.di.OkHttpBuilderModule
    public CertificatePinner.Builder getCertificatBuilder(String str, String str2) {
        JSONArray shaPin;
        try {
            URL url = new URL(str);
            Logger.d("getCertificatBuilder baseurl===" + str, new Object[0]);
            CertificatePinner.Builder builder = new CertificatePinner.Builder();
            try {
                if (isReqEligibleForCertPinning(str2) && (shaPin = getShaPin(str2)) != null) {
                    for (int i = 0; i < shaPin.length(); i++) {
                        JSONObject jSONObject = shaPin.getJSONObject(i);
                        if (jSONObject != null && jSONObject.has(Constants.Certs.KEY_CERTIFICATE)) {
                            Logger.d("getCertificatBuilder OkHttpClientManager cert pinner===" + jSONObject.getString(Constants.Certs.KEY_CERTIFICATE), new Object[0]);
                            builder = builder.add(url.getHost(), jSONObject.getString(Constants.Certs.KEY_CERTIFICATE));
                        }
                    }
                }
                return builder;
            } catch (JSONException e) {
                Logger.e("Exception in getCertificatBuilder===" + e.getMessage(), new Object[0]);
                return null;
            }
        } catch (MalformedURLException e2) {
            Logger.e("Exception in getCertificatBuilder===" + e2.getMessage(), new Object[0]);
            return null;
        } catch (Exception e3) {
            Logger.e("Exception in getCertificatBuilder===" + e3.getMessage(), new Object[0]);
            return null;
        }
    }

    @Override // com.citi.mobile.framework.network.di.OkHttpBuilderModule
    public CertificatePinner.Builder getCertificatBuilderFromBundle(String str, String str2, Context context) {
        try {
            if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
                return null;
            }
            URL url = new URL(str);
            Logger.d("getCertificatBuilder baseurl===" + str, new Object[0]);
            CertificatePinner.Builder builder = new CertificatePinner.Builder();
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new BufferedInputStream(context.getAssets().open(str2)));
            Logger.d("getCertificatBuilder certificate===" + generateCertificate.toString(), new Object[0]);
            return builder.add(url.getHost(), CertificatePinner.pin(generateCertificate));
        } catch (MalformedURLException e) {
            Logger.e("Exception in getCertificatBuilder===" + e.getMessage(), new Object[0]);
            return null;
        } catch (Exception e2) {
            Logger.e("Exception in getCertificatBuilder===" + e2.getMessage(), new Object[0]);
            return null;
        }
    }
}
