package com.surfeasy.sdk.api;

import android.os.Build;
import com.surfeasy.sdk.api.ssl.TLSSocketFactory;
import com.surfeasy.sdk.dns.DnsRequest;
import com.surfeasy.sdk.dns.DnssecRequest;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import timber.log.Timber;

/* loaded from: classes.dex */
public class SurfEasyApiUnblocker {
    private SurfEasyApiUnblockConfigClient client;
    private KeyStore keyStore;
    private static final Integer TIMEOUT = 10;
    private static final Integer MAX_SUBSET_SIZE = 3;
    private ApiHost unblockedHost = null;
    private volatile boolean isUnblocking = false;
    private ExecutorService executorService = Executors.newSingleThreadExecutor();
    private List<UnblockObserver> observers = new CopyOnWriteArrayList();
    private CountDownLatch syncSignal = new CountDownLatch(1);

    /* loaded from: classes.dex */
    public interface UnblockObserver {
        void onFailure();

        void onSuccess(ApiHost apiHost);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SurfEasyApiUnblocker(SurfEasyApiUnblockConfigClient surfEasyApiUnblockConfigClient, KeyStore keyStore) {
        this.client = surfEasyApiUnblockConfigClient;
        this.keyStore = keyStore;
    }

    private boolean addSslPinning(OkHttpClient.Builder builder, final ApiHost apiHost) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry(apiHost.trust(), this.keyStore.getCertificate(apiHost.trust()));
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                builder.sslSocketFactory(new TLSSocketFactory(trustManagerFactory.getTrustManagers()), (X509TrustManager) trustManagers[0]);
                builder.hostnameVerifier(new HostnameVerifier() { // from class: com.surfeasy.sdk.api.SurfEasyApiUnblocker.2
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return str.contentEquals(apiHost.server());
                    }
                });
                return true;
            }
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        } catch (IOException e) {
            Timber.e(e, "Failed to setup trust store", new Object[0]);
            return false;
        } catch (KeyManagementException e2) {
            Timber.e(e2, "Failed to setup socket factory", new Object[0]);
            return false;
        } catch (KeyStoreException e3) {
            Timber.e(e3, "Failed to setup trust store", new Object[0]);
            return false;
        } catch (NoSuchAlgorithmException e4) {
            Timber.e(e4, "Failed to setup trust manager", new Object[0]);
            return false;
        } catch (CertificateException e5) {
            Timber.e(e5, "Failed to setup trust store", new Object[0]);
            return false;
        }
    }

    private void checkFallbackDomains(List<ApiHost> list) throws InterruptedException {
        CountDownLatch countDownLatch = new CountDownLatch(list.size());
        for (ApiHost apiHost : list) {
            if (verifyDomain(apiHost.server())) {
                performChecklive(apiHost, countDownLatch);
            } else {
                countDownLatch.countDown();
            }
        }
        countDownLatch.await(TIMEOUT.intValue(), TimeUnit.SECONDS);
    }

    private void checkFrontedDomains(List<ApiHost> list) throws InterruptedException {
        CountDownLatch countDownLatch = new CountDownLatch(list.size());
        Iterator<ApiHost> it = list.iterator();
        while (it.hasNext()) {
            performChecklive(it.next(), countDownLatch);
        }
        countDownLatch.await(TIMEOUT.intValue(), TimeUnit.SECONDS);
    }

    private void checkIps(List<ApiHost> list) throws InterruptedException {
        CountDownLatch countDownLatch = new CountDownLatch(list.size());
        Iterator<ApiHost> it = list.iterator();
        while (it.hasNext()) {
            performChecklive(it.next(), countDownLatch);
        }
        countDownLatch.await(TIMEOUT.intValue(), TimeUnit.SECONDS);
    }

    private void checkPrimaryDomain(ApiHost apiHost) throws InterruptedException {
        CountDownLatch countDownLatch = new CountDownLatch(1);
        if (verifyDomain(apiHost.server())) {
            performChecklive(apiHost, countDownLatch);
        } else {
            countDownLatch.countDown();
        }
        countDownLatch.await(TIMEOUT.intValue(), TimeUnit.SECONDS);
    }

    private List<ApiHost> findNewDomains(List<ApiHost> list) {
        List<ApiHost> list2 = this.client.getConfig().domains;
        if (list2 == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(list2);
        arrayList.removeAll(list);
        return arrayList;
    }

    private void notifyComplete() {
        ApiHost apiHost = this.unblockedHost;
        if (apiHost != null) {
            notifySuccess(apiHost);
            this.syncSignal.countDown();
        } else {
            Timber.w("Failed to unblock api", new Object[0]);
            notifyFailure();
        }
    }

    private void notifyFailure() {
        for (UnblockObserver unblockObserver : this.observers) {
            unblockObserver.onFailure();
            this.observers.remove(unblockObserver);
        }
    }

    private void notifySuccess(ApiHost apiHost) {
        for (UnblockObserver unblockObserver : this.observers) {
            unblockObserver.onSuccess(apiHost);
            this.observers.remove(unblockObserver);
        }
    }

    private void performChecklive(final ApiHost apiHost, final CountDownLatch countDownLatch) {
        OkHttpClient.Builder writeTimeout = new OkHttpClient.Builder().connectTimeout(TIMEOUT.intValue(), TimeUnit.SECONDS).readTimeout(TIMEOUT.intValue(), TimeUnit.SECONDS).writeTimeout(TIMEOUT.intValue(), TimeUnit.SECONDS);
        if (APIRequest.DEBUG) {
            writeTimeout.addInterceptor(new LoggingInterceptor());
        }
        if (!addSslPinning(writeTimeout, apiHost)) {
            countDownLatch.countDown();
        }
        OkHttpClient build = writeTimeout.build();
        if (APIRequest.DEBUG) {
            Timber.d("Try to unblock with: %s", apiHost.server());
        }
        build.newCall(new Request.Builder().url(new HttpUrl.Builder().scheme("https").host(apiHost.server()).addPathSegment("check_live").build()).header("User-Agent", "SurfEasy Android Client/1.0").header("Accept", "application/json").header("SE-Operating-System", Build.VERSION.RELEASE).header("SE-Platform-ID", "android-" + Build.CPU_ABI + "-32").header("Host", apiHost.host()).build()).enqueue(new Callback() { // from class: com.surfeasy.sdk.api.SurfEasyApiUnblocker.3
            @Override // okhttp3.Callback
            public void onFailure(Call call, IOException iOException) {
                Timber.e("ERROR CONNECTING: %s", iOException.toString());
                while (countDownLatch.getCount() != 0) {
                    countDownLatch.countDown();
                }
            }

            @Override // okhttp3.Callback
            public void onResponse(Call call, Response response) throws IOException {
                if (response.isSuccessful()) {
                    if (SurfEasyApiUnblocker.this.isUnblocking) {
                        SurfEasyApiUnblocker.this.unblockedHost = apiHost;
                    }
                    while (countDownLatch.getCount() != 0) {
                        countDownLatch.countDown();
                    }
                } else {
                    countDownLatch.countDown();
                }
                response.body().close();
            }
        });
    }

    private List<ApiHost> shuffledSubset(List<ApiHost> list) {
        Collections.shuffle(list);
        while (list.size() > MAX_SUBSET_SIZE.intValue()) {
            list.remove(0);
        }
        return list;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ApiHost unblockApi() throws InterruptedException {
        this.unblockedHost = null;
        this.isUnblocking = true;
        SurfEasyApiUnblockConfig config = this.client.getConfig();
        if (config.staging) {
            this.unblockedHost = this.client.getPrimaryHost();
            this.isUnblocking = false;
            notifyComplete();
            return this.unblockedHost;
        }
        checkPrimaryDomain(this.client.getPrimaryHost());
        if (this.unblockedHost == null && config.cachedIps != null && config.cachedIps.size() > 0) {
            Timber.d("Trying cached ips...", new Object[0]);
            checkIps(shuffledSubset(config.cachedIps));
        }
        if (this.unblockedHost == null && config.hardcodedIps != null && config.hardcodedIps.size() > 0) {
            Timber.d("Trying hardcoded ips...", new Object[0]);
            checkIps(shuffledSubset(config.hardcodedIps));
        }
        if (this.unblockedHost == null && config.domains != null && config.domains.size() > 1) {
            Timber.d("Trying fallback domains...", new Object[0]);
            checkFallbackDomains(config.domains.subList(1, config.domains.size()));
        }
        if (this.unblockedHost == null && config.frontedDomains != null && config.frontedDomains.size() > 0) {
            Timber.d("Trying fronted domains...", new Object[0]);
            checkFrontedDomains(config.frontedDomains);
        }
        List<ApiHost> list = config.domains;
        if (this.unblockedHost == null && config.remote != null && this.client.updateConfig()) {
            Timber.d("Trying newly found domains...", new Object[0]);
            checkFallbackDomains(findNewDomains(list));
        }
        this.isUnblocking = false;
        notifyComplete();
        return this.unblockedHost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<ApiHost> getApiDomains() {
        return this.client.getConfig().getDomains();
    }

    public ApiHost unblock() {
        try {
            if (!this.isUnblocking) {
                this.unblockedHost = unblockApi();
            }
            if (this.isUnblocking) {
                this.syncSignal.await();
            }
            return this.unblockedHost;
        } catch (InterruptedException e) {
            Timber.e(e, "Failed to unblock", new Object[0]);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unblockAsync(UnblockObserver unblockObserver) {
        this.observers.add(unblockObserver);
        if (this.isUnblocking) {
            return;
        }
        this.executorService.submit(new Callable() { // from class: com.surfeasy.sdk.api.SurfEasyApiUnblocker.1
            @Override // java.util.concurrent.Callable
            public ApiHost call() throws Exception {
                SurfEasyApiUnblocker.this.unblockApi();
                return SurfEasyApiUnblocker.this.unblockedHost;
            }
        });
    }

    protected boolean verifyDomain(String str) {
        DnsRequest dnsRequest = new DnsRequest();
        Set<String> set = new DnssecRequest().doDnssecLookup(str).ips;
        Timber.d("Dnssec results: %s ", String.valueOf(set));
        Set<String> set2 = dnsRequest.doLookup(str).ips;
        Timber.d("RegularDnsLookup results: %s", String.valueOf(set2));
        return (set2 == null || set == null || !set.containsAll(set2)) ? false : true;
    }
}
