package cg;

import ak.t1;
import android.util.Base64;
import cm.p;
import com.surfshark.vpnclient.android.core.data.api.mtls.MtlsData;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.b;
import org.jetbrains.annotations.NotNull;

@Metadata(d1 = {"\u0000\u001e\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\b\u0007\u0018\u0000 \u000b2\u00020\u0001:\u0001\u0005B\u0011\b\u0007\u0012\u0006\u0010\b\u001a\u00020\u0006¢\u0006\u0004\b\t\u0010\nJ\u0014\u0010\u0005\u001a\u0010\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u0004\u0018\u00010\u0002R\u0014\u0010\b\u001a\u00020\u00068\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010\u0007¨\u0006\f"}, d2 = {"Lcg/a;", "", "Lcm/p;", "Ljavax/net/ssl/SSLSocketFactory;", "Ljavax/net/ssl/X509TrustManager;", "a", "Lcom/surfshark/vpnclient/android/core/data/api/mtls/MtlsData;", "Lcom/surfshark/vpnclient/android/core/data/api/mtls/MtlsData;", "mtlsData", "<init>", "(Lcom/surfshark/vpnclient/android/core/data/api/mtls/MtlsData;)V", "b", "app_otherRelease"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes3.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    @NotNull
    private final MtlsData mtlsData;

    public a(@NotNull MtlsData mtlsData) {
        Intrinsics.checkNotNullParameter(mtlsData, "mtlsData");
        this.mtlsData = mtlsData;
    }

    public final p<SSLSocketFactory, X509TrustManager> a() {
        try {
            String b10 = this.mtlsData.b();
            String a10 = this.mtlsData.a();
            String c10 = this.mtlsData.c();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Intrinsics.checkNotNullExpressionValue(certificateFactory, "getInstance(...)");
            byte[] decode = Base64.decode(b10, 0);
            Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
            KeyFactory keyFactory = KeyFactory.getInstance("EC");
            Intrinsics.checkNotNullExpressionValue(keyFactory, "getInstance(...)");
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
            byte[] bytes = a10.getBytes(b.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            Intrinsics.checkNotNullExpressionValue(generateCertificate, "generateCertificate(...)");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(...)");
            char[] charArray = c10.toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
            keyStore.load(null, charArray);
            PrivateKey generatePrivate = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
            char[] charArray2 = c10.toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray2, "this as java.lang.String).toCharArray()");
            keyStore.setKeyEntry("Client", generatePrivate, charArray2, new Certificate[]{generateCertificate});
            byteArrayInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            Intrinsics.checkNotNullExpressionValue(trustManagerFactory, "getInstance(...)");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            Intrinsics.checkNotNullExpressionValue(trustManagers, "getTrustManagers(...)");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            Intrinsics.checkNotNullExpressionValue(keyManagerFactory, "getInstance(...)");
            char[] charArray3 = c10.toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray3, "this as java.lang.String).toCharArray()");
            keyManagerFactory.init(keyStore, charArray3);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            Intrinsics.checkNotNullExpressionValue(keyManagers, "getKeyManagers(...)");
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            Intrinsics.checkNotNullExpressionValue(sSLContext, "getInstance(...)");
            sSLContext.init(keyManagers, trustManagers, new SecureRandom());
            TrustManager trustManager = trustManagers[0];
            Intrinsics.e(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            return new p<>(sSLContext.getSocketFactory(), (X509TrustManager) trustManager);
        } catch (Exception e10) {
            t1.G(e10, null, 1, null);
            return null;
        }
    }
}
