package de.rki.covpass.http;

import de.rki.covpass.http.retry.RetryInterceptor;
import de.rki.covpass.logging.Lumber;
import io.ktor.client.HttpClient;
import io.ktor.client.HttpClientConfig;
import io.ktor.client.HttpClientKt;
import io.ktor.client.engine.okhttp.OkHttp;
import io.ktor.client.engine.okhttp.OkHttpConfig;
import io.ktor.client.features.DefaultRequestKt;
import io.ktor.client.features.HttpTimeout;
import io.ktor.client.features.UserAgent;
import io.ktor.client.request.HttpRequestBuilder;
import io.ktor.http.URLBuilder;
import io.ktor.http.URLProtocol;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt__CollectionsJVMKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.CertificatePinner;
import okhttp3.CipherSuite;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;
import okhttp3.TlsVersion;
import okhttp3.logging.HttpLoggingInterceptor;
import timber.log.Timber;

/* compiled from: Config.kt */
/* loaded from: classes.dex */
final class DefaultHttpConfig implements HttpConfig {
    private final CertificatePinner.Builder certPinnerBuilder;
    private boolean frozen;
    private final Lazy okHttpClient$delegate;
    private final Lazy sslContext$delegate;
    private final Lazy sslSocketFactory$delegate;
    private final Lazy trustManager$delegate;
    private String userAgent;
    private HttpLogLevel logging = HttpLogLevel.NONE;
    private final ConnectionSpec connectionSpec = new ConnectionSpec.Builder(ConnectionSpec.RESTRICTED_TLS).tlsVersions(TlsVersion.TLS_1_3, TlsVersion.TLS_1_2).cipherSuites(CipherSuite.TLS_AES_256_GCM_SHA384, CipherSuite.TLS_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256).build();

    public DefaultHttpConfig() {
        Lazy lazy;
        Lazy lazy2;
        Lazy lazy3;
        Lazy lazy4;
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<CustomTrustManager>() { // from class: de.rki.covpass.http.DefaultHttpConfig$trustManager$2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // kotlin.jvm.functions.Function0
            public final CustomTrustManager invoke() {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                    TrustManager trustManager = trustManagers[0];
                    if (trustManager != null) {
                        return new CustomTrustManager((X509TrustManager) trustManager);
                    }
                    throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                }
                throw new IllegalStateException(("Unexpected default trust managers: " + trustManagers).toString());
            }
        });
        this.trustManager$delegate = lazy;
        lazy2 = LazyKt__LazyJVMKt.lazy(new Function0<SSLContext>() { // from class: de.rki.covpass.http.DefaultHttpConfig$sslContext$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final SSLContext invoke() {
                X509TrustManager trustManager;
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                trustManager = DefaultHttpConfig.this.getTrustManager();
                sSLContext.init(null, new X509TrustManager[]{trustManager}, new SecureRandom());
                return sSLContext;
            }
        });
        this.sslContext$delegate = lazy2;
        lazy3 = LazyKt__LazyJVMKt.lazy(new Function0<SSLSocketFactory>() { // from class: de.rki.covpass.http.DefaultHttpConfig$sslSocketFactory$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final SSLSocketFactory invoke() {
                SSLContext sslContext;
                sslContext = DefaultHttpConfig.this.getSslContext();
                return sslContext.getSocketFactory();
            }
        });
        this.sslSocketFactory$delegate = lazy3;
        this.certPinnerBuilder = new CertificatePinner.Builder();
        lazy4 = LazyKt__LazyJVMKt.lazy(new Function0<OkHttpClient>() { // from class: de.rki.covpass.http.DefaultHttpConfig$okHttpClient$2

            /* compiled from: Config.kt */
            /* loaded from: classes.dex */
            public /* synthetic */ class WhenMappings {
                public static final /* synthetic */ int[] $EnumSwitchMapping$0;

                static {
                    int[] iArr = new int[HttpLogLevel.values().length];
                    iArr[HttpLogLevel.NONE.ordinal()] = 1;
                    iArr[HttpLogLevel.HEADERS.ordinal()] = 2;
                    iArr[HttpLogLevel.BODY.ordinal()] = 3;
                    $EnumSwitchMapping$0 = iArr;
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            /* JADX WARN: Multi-variable type inference failed */
            @Override // kotlin.jvm.functions.Function0
            public final OkHttpClient invoke() {
                ConnectionSpec connectionSpec;
                List<ConnectionSpec> listOf;
                CertificatePinner.Builder builder;
                SSLSocketFactory sslSocketFactory;
                X509TrustManager trustManager;
                HttpLogLevel httpLogLevel;
                int i = 1;
                DefaultHttpConfig.this.frozen = true;
                OkHttpClient.Builder builder2 = new OkHttpClient.Builder();
                DefaultHttpConfig defaultHttpConfig = DefaultHttpConfig.this;
                builder2.followRedirects(false);
                connectionSpec = defaultHttpConfig.connectionSpec;
                listOf = CollectionsKt__CollectionsJVMKt.listOf(connectionSpec);
                builder2.connectionSpecs(listOf);
                builder = defaultHttpConfig.certPinnerBuilder;
                builder2.certificatePinner(builder.build());
                sslSocketFactory = defaultHttpConfig.getSslSocketFactory();
                trustManager = defaultHttpConfig.getTrustManager();
                builder2.sslSocketFactory(sslSocketFactory, trustManager);
                httpLogLevel = defaultHttpConfig.logging;
                int i2 = WhenMappings.$EnumSwitchMapping$0[httpLogLevel.ordinal()];
                if (i2 != 1) {
                    HttpLoggingInterceptor.Logger logger = null;
                    Object[] objArr = 0;
                    Object[] objArr2 = 0;
                    Object[] objArr3 = 0;
                    if (i2 == 2) {
                        builder2.addInterceptor(new HttpLoggingInterceptor(objArr2 == true ? 1 : 0, i, objArr == true ? 1 : 0).setLevel(HttpLoggingInterceptor.Level.HEADERS));
                    } else {
                        if (i2 != 3) {
                            throw new NoWhenBranchMatchedException();
                        }
                        builder2.addInterceptor(new HttpLoggingInterceptor(logger, i, objArr3 == true ? 1 : 0).setLevel(HttpLoggingInterceptor.Level.BODY));
                    }
                } else {
                    Unit unit = Unit.INSTANCE;
                }
                return builder2.build();
            }
        });
        this.okHttpClient$delegate = lazy4;
    }

    private final void checkFrozen() {
        if (this.frozen) {
            throw new IllegalStateException("The HttpConfig is frozen already. Please enable logging only at app launch.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final SSLContext getSslContext() {
        Object value = this.sslContext$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-sslContext>(...)");
        return (SSLContext) value;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final SSLSocketFactory getSslSocketFactory() {
        Object value = this.sslSocketFactory$delegate.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-sslSocketFactory>(...)");
        return (SSLSocketFactory) value;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final X509TrustManager getTrustManager() {
        return (X509TrustManager) this.trustManager$delegate.getValue();
    }

    public OkHttpClient getOkHttpClient() {
        return (OkHttpClient) this.okHttpClient$delegate.getValue();
    }

    @Override // de.rki.covpass.http.HttpConfig
    public HttpClient ktorClient(final Function1<? super HttpClientConfig<OkHttpConfig>, Unit> block) {
        Intrinsics.checkNotNullParameter(block, "block");
        return HttpClientKt.HttpClient(OkHttp.INSTANCE, new Function1<HttpClientConfig<OkHttpConfig>, Unit>() { // from class: de.rki.covpass.http.DefaultHttpConfig$ktorClient$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            /* JADX WARN: Multi-variable type inference failed */
            {
                super(1);
            }

            @Override // kotlin.jvm.functions.Function1
            public /* bridge */ /* synthetic */ Unit invoke(HttpClientConfig<OkHttpConfig> httpClientConfig) {
                invoke2(httpClientConfig);
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2(HttpClientConfig<OkHttpConfig> HttpClient) {
                final String str;
                Intrinsics.checkNotNullParameter(HttpClient, "$this$HttpClient");
                final DefaultHttpConfig defaultHttpConfig = DefaultHttpConfig.this;
                HttpClient.engine(new Function1<OkHttpConfig, Unit>() { // from class: de.rki.covpass.http.DefaultHttpConfig$ktorClient$1.1
                    {
                        super(1);
                    }

                    @Override // kotlin.jvm.functions.Function1
                    public /* bridge */ /* synthetic */ Unit invoke(OkHttpConfig okHttpConfig) {
                        invoke2(okHttpConfig);
                        return Unit.INSTANCE;
                    }

                    /* renamed from: invoke, reason: avoid collision after fix types in other method */
                    public final void invoke2(OkHttpConfig engine) {
                        Intrinsics.checkNotNullParameter(engine, "$this$engine");
                        OkHttpClient.Builder newBuilder = DefaultHttpConfig.this.getOkHttpClient().newBuilder();
                        TimeUnit timeUnit = TimeUnit.MILLISECONDS;
                        engine.setPreconfigured(newBuilder.connectTimeout(0L, timeUnit).readTimeout(0L, timeUnit).writeTimeout(0L, timeUnit).addInterceptor(new RetryInterceptor()).build());
                    }
                });
                HttpClient.setFollowRedirects(false);
                HttpClient.install(HttpTimeout.Feature, new Function1<HttpTimeout.HttpTimeoutCapabilityConfiguration, Unit>() { // from class: de.rki.covpass.http.DefaultHttpConfig$ktorClient$1.2
                    @Override // kotlin.jvm.functions.Function1
                    public /* bridge */ /* synthetic */ Unit invoke(HttpTimeout.HttpTimeoutCapabilityConfiguration httpTimeoutCapabilityConfiguration) {
                        invoke2(httpTimeoutCapabilityConfiguration);
                        return Unit.INSTANCE;
                    }

                    /* renamed from: invoke, reason: avoid collision after fix types in other method */
                    public final void invoke2(HttpTimeout.HttpTimeoutCapabilityConfiguration install) {
                        Intrinsics.checkNotNullParameter(install, "$this$install");
                        install.setConnectTimeoutMillis(15000L);
                        install.setRequestTimeoutMillis(15000L);
                        install.setSocketTimeoutMillis(15000L);
                    }
                });
                str = DefaultHttpConfig.this.userAgent;
                if (str != null) {
                    HttpClient.install(UserAgent.Feature, new Function1<UserAgent.Config, Unit>() { // from class: de.rki.covpass.http.DefaultHttpConfig$ktorClient$1$3$1
                        /* JADX INFO: Access modifiers changed from: package-private */
                        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                        {
                            super(1);
                        }

                        @Override // kotlin.jvm.functions.Function1
                        public /* bridge */ /* synthetic */ Unit invoke(UserAgent.Config config) {
                            invoke2(config);
                            return Unit.INSTANCE;
                        }

                        /* renamed from: invoke, reason: avoid collision after fix types in other method */
                        public final void invoke2(UserAgent.Config install) {
                            Intrinsics.checkNotNullParameter(install, "$this$install");
                            install.setAgent(str);
                        }
                    });
                }
                DefaultRequestKt.defaultRequest(HttpClient, new Function1<HttpRequestBuilder, Unit>() { // from class: de.rki.covpass.http.DefaultHttpConfig$ktorClient$1.4
                    @Override // kotlin.jvm.functions.Function1
                    public /* bridge */ /* synthetic */ Unit invoke(HttpRequestBuilder httpRequestBuilder) {
                        invoke2(httpRequestBuilder);
                        return Unit.INSTANCE;
                    }

                    /* renamed from: invoke, reason: avoid collision after fix types in other method */
                    public final void invoke2(HttpRequestBuilder defaultRequest) {
                        Intrinsics.checkNotNullParameter(defaultRequest, "$this$defaultRequest");
                        defaultRequest.url(new Function2<URLBuilder, URLBuilder, Unit>() { // from class: de.rki.covpass.http.DefaultHttpConfig.ktorClient.1.4.1
                            @Override // kotlin.jvm.functions.Function2
                            public /* bridge */ /* synthetic */ Unit invoke(URLBuilder uRLBuilder, URLBuilder uRLBuilder2) {
                                invoke2(uRLBuilder, uRLBuilder2);
                                return Unit.INSTANCE;
                            }

                            /* renamed from: invoke, reason: avoid collision after fix types in other method */
                            public final void invoke2(URLBuilder url, URLBuilder it) {
                                Intrinsics.checkNotNullParameter(url, "$this$url");
                                Intrinsics.checkNotNullParameter(it, "it");
                                url.setProtocol(URLProtocol.Companion.getHTTPS());
                            }
                        });
                    }
                });
                block.invoke(HttpClient);
            }
        });
    }

    @Override // de.rki.covpass.http.HttpConfig
    public void pinPublicKey(String pattern, String pin) {
        Intrinsics.checkNotNullParameter(pattern, "pattern");
        Intrinsics.checkNotNullParameter(pin, "pin");
        checkFrozen();
        if (Lumber.INSTANCE.getEnabled()) {
            Timber.Forest.d(null, "Pinning host pattern " + pattern + " to public key " + pin, new Object[0]);
        }
        this.certPinnerBuilder.add(pattern, pin);
    }
}
