package com.pax.gl.commhelper.impl;

import android.os.Build;
import com.pax.gl.commhelper.ISslKeyStore;
import com.pax.gl.commhelper.exception.CommException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
class t extends SSLSocketFactory {
    private static final String TAG = t.class.getSimpleName();
    private String[] bI;
    private String bK;
    SSLContext cf;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class a implements X509TrustManager {
        private X509TrustManager cg;

        public a(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
            this.cg = null;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 0) {
                throw new NoSuchAlgorithmException("no trust manager found");
            }
            this.cg = (X509TrustManager) trustManagers[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            GLCommDebug.d(t.TAG, "call checkClientTrusted");
            this.cg.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                GLCommDebug.d(t.TAG, "standard trust manager verify");
                this.cg.checkServerTrusted(x509CertificateArr, str);
                GLCommDebug.d(t.TAG, "standard trust manager verify success");
            } catch (CertificateException e) {
                GLCommDebug.w(t.TAG, "standard trust manager verify fail, try self verify...");
                X509Certificate[] acceptedIssuers = this.cg.getAcceptedIssuers();
                if (acceptedIssuers == null || (acceptedIssuers != null && acceptedIssuers.length == 0)) {
                    GLCommDebug.w(t.TAG, "no client certificates!");
                    throw new CertificateException("no client certificates!");
                }
                if (x509CertificateArr == null || (x509CertificateArr != null && x509CertificateArr.length == 0)) {
                    GLCommDebug.w(t.TAG, "no server certificates!");
                    throw new CertificateException("no server certificates!");
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + acceptedIssuers.length];
                GLCommDebug.d(t.TAG, "clientCertificates length = " + acceptedIssuers.length);
                GLCommDebug.d(t.TAG, "server certificates length = " + x509CertificateArr.length);
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
                System.arraycopy(acceptedIssuers, 0, x509CertificateArr2, x509CertificateArr.length, acceptedIssuers.length);
                if (!t.b(x509CertificateArr2)) {
                    t.c(x509CertificateArr2);
                    if (!t.b(x509CertificateArr2)) {
                        throw e;
                    }
                }
                GLCommDebug.d(t.TAG, "self verify success");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            GLCommDebug.d(t.TAG, "getAcceptedIssuers");
            return this.cg.getAcceptedIssuers();
        }
    }

    public t(ISslKeyStore iSslKeyStore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException, CommException {
        super(iSslKeyStore != null ? iSslKeyStore.getKeyStore() : null, iSslKeyStore != null ? iSslKeyStore.getKeyStorePassword() : null, iSslKeyStore != null ? iSslKeyStore.getTrustStore() : null);
        this.cf = SSLContext.getInstance("TLS");
        if (iSslKeyStore == null || (iSslKeyStore.getTrustStore() == null && iSslKeyStore.getKeyStore() == null && (iSslKeyStore.getTrustCertificateChain() == null || iSslKeyStore.getTrustCertificateChain().length == 0))) {
            GLCommDebug.e(TAG, "sslkeyStore cannot be null. TrustStore,KeyStore and CertificateChain cannot be null at the same time !");
            throw new CommException(8, "sslkeyStore cannot be null. TrustStore,KeyStore and CertificateChain cannot be null at the same time !");
        }
        KeyStore keyStore = iSslKeyStore.getKeyStore();
        KeyStore trustStore = iSslKeyStore.getTrustStore();
        if (iSslKeyStore.getTrustCertificateChain() != null && iSslKeyStore.getTrustCertificateChain().length > 0) {
            GLCommDebug.d(TAG, "use puk certchain");
            trustStore = a(iSslKeyStore.getTrustCertificateChain());
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        boolean z = false;
        if (keyStore != null) {
            GLCommDebug.d(TAG, "get key manager - server verify client");
            keyManagerFactory.init(iSslKeyStore.getKeyStore(), iSslKeyStore.getKeyStorePassword() != null ? iSslKeyStore.getKeyStorePassword().toCharArray() : null);
            z = true;
        }
        this.cf.init(z ? keyManagerFactory.getKeyManagers() : null, a(trustStore), null);
    }

    public t(ISslKeyStore iSslKeyStore, String str) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException, CommException {
        this(iSslKeyStore);
        this.bK = str;
    }

    public t(ISslKeyStore iSslKeyStore, String[] strArr) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException, CommException {
        this(iSslKeyStore);
        this.bI = strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Socket a(Socket socket) {
        GLCommDebug.w(TAG, "SDK version < 20, enable tls protocols manually");
        String[] strArr = {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"};
        if (socket instanceof SSLSocket) {
            ((SSLSocket) socket).setEnabledProtocols(strArr);
        }
        return socket;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Socket a(Socket socket, String str) {
        if (Build.VERSION.SDK_INT <= 23) {
            try {
                socket.getClass().getMethod("setHostname", String.class).invoke(socket, str);
                GLCommDebug.d(TAG, "setHostNameMethod end");
            } catch (IllegalAccessException e) {
                e.printStackTrace();
            } catch (IllegalArgumentException e2) {
                e2.printStackTrace();
            } catch (NoSuchMethodException e3) {
                e3.printStackTrace();
            } catch (InvocationTargetException e4) {
                e4.printStackTrace();
            }
        }
        return socket;
    }

    static KeyStore a(Certificate certificate) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("trust", certificate);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStore a(Certificate[] certificateArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
        if (certificateArr == null || (certificateArr != null && certificateArr.length == 0)) {
            GLCommDebug.w(TAG, "no certificate, return null ");
            return null;
        }
        String str = TAG;
        GLCommDebug.d(str, "verify Input CertChain, certInputStreams length = " + certificateArr.length);
        if (b(certificateArr)) {
            GLCommDebug.d(str, "#verify Input CertChain success");
            return a(certificateArr[0]);
        }
        c(certificateArr);
        if (b(certificateArr)) {
            GLCommDebug.d(str, "##verify Input CertChain success");
            return a(certificateArr[0]);
        }
        GLCommDebug.e(str, "verify Input CertChain fail");
        throw new CertificateException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(Socket socket, String[] strArr) {
        if (strArr == null || strArr.length <= 0 || !(socket instanceof SSLSocket)) {
            return;
        }
        ((SSLSocket) socket).setEnabledCipherSuites(strArr);
        GLCommDebug.d(TAG, "setEnabledCipherSuites");
    }

    static boolean a(Certificate certificate, Certificate certificate2) {
        try {
            ((X509Certificate) certificate).checkValidity();
            ((X509Certificate) certificate2).checkValidity();
            certificate.verify(certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            return false;
        } catch (SignatureException e4) {
            e4.printStackTrace();
            return false;
        } catch (CertificateException e5) {
            e5.printStackTrace();
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManager[] a(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        if (keyStore == null) {
            GLCommDebug.w(TAG, "trustStore == null");
            return null;
        }
        String str = TAG;
        GLCommDebug.d(str, "get trust manager - client verify server");
        int i = Build.VERSION.SDK_INT;
        GLCommDebug.d(str, "current api version=" + i);
        if (i >= 24) {
            GLCommDebug.w(str, "api version >= 24, get trust manager from EasyX509TrustManager");
            return new TrustManager[]{new a(keyStore)};
        }
        GLCommDebug.d(str, "api version < 24 - get trust manager from cert");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    static boolean b(Certificate[] certificateArr) {
        GLCommDebug.d(TAG, "verifyCertChain...");
        if (certificateArr != null && (certificateArr == null || certificateArr.length != 1)) {
            int i = 0;
            while (i < certificateArr.length - 1) {
                String str = TAG;
                StringBuilder sb = new StringBuilder();
                sb.append("[verify ");
                sb.append(i);
                sb.append(" and ");
                int i2 = i + 1;
                sb.append(i2);
                sb.append("]");
                GLCommDebug.d(str, sb.toString());
                if (!a((X509Certificate) certificateArr[i], (X509Certificate) certificateArr[i2])) {
                    GLCommDebug.e(str, "verify fail");
                    return false;
                }
                i = i2;
            }
        }
        return true;
    }

    static void c(Certificate[] certificateArr) {
        GLCommDebug.d(TAG, "resort cert chain");
        int length = certificateArr.length;
        int i = 0;
        while (true) {
            int i2 = length - 1;
            if (i >= i2) {
                return;
            }
            int i3 = 0;
            while (i3 < i2 - i) {
                int i4 = i3 + 1;
                if (!a(certificateArr[i3], certificateArr[i4])) {
                    Certificate certificate = certificateArr[i3];
                    certificateArr[i3] = certificateArr[i4];
                    certificateArr[i4] = certificate;
                }
                i3 = i4;
            }
            i++;
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        int i = Build.VERSION.SDK_INT;
        GLCommDebug.w(TAG, "current api version=" + i);
        Socket createSocket = i > 19 ? this.cf.getSocketFactory().createSocket() : a(this.cf.getSocketFactory().createSocket());
        a(createSocket, this.bI);
        return a(createSocket, this.bK);
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        int i2 = Build.VERSION.SDK_INT;
        GLCommDebug.w(TAG, "current api version=" + i2);
        Socket createSocket = i2 > 19 ? this.cf.getSocketFactory().createSocket(socket, str, i, z) : a(this.cf.getSocketFactory().createSocket(socket, str, i, z));
        a(createSocket, this.bI);
        return a(createSocket, str);
    }
}
