package fp;

import android.os.Build;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes3.dex */
public class c extends SSLSocketFactory {

    /* renamed from: b, reason: collision with root package name */
    public static final String f27734b = "c";

    /* renamed from: a, reason: collision with root package name */
    public SSLContext f27735a;

    /* loaded from: classes3.dex */
    public class a implements X509TrustManager {
        public a() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes3.dex */
    public class b implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        public X509TrustManager f27737a;

        public b(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
            this.f27737a = null;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 0) {
                throw new NoSuchAlgorithmException("no trust manager found");
            }
            this.f27737a = (X509TrustManager) trustManagers[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            e.a(c.f27734b, "call checkClientTrusted");
            this.f27737a.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                e.a(c.f27734b, "standard trust manager verify");
                this.f27737a.checkServerTrusted(x509CertificateArr, str);
                e.a(c.f27734b, "standard trust manager verify success");
            } catch (CertificateException unused) {
                e.b(c.f27734b, "standard trust manager verify fail, try self verify...");
                X509Certificate[] acceptedIssuers = this.f27737a.getAcceptedIssuers();
                if (acceptedIssuers == null || acceptedIssuers.length == 0) {
                    e.b(c.f27734b, "no client certificates!");
                    throw new CertificateException();
                }
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    e.b(c.f27734b, "no server certificates!");
                    throw new CertificateException();
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + acceptedIssuers.length];
                e.a(c.f27734b, "clientCertificates length = " + acceptedIssuers.length);
                e.a(c.f27734b, "server certificates length = " + x509CertificateArr.length);
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
                System.arraycopy(acceptedIssuers, 0, x509CertificateArr2, x509CertificateArr.length, acceptedIssuers.length);
                if (!c.this.g(x509CertificateArr2)) {
                    c.this.h(x509CertificateArr2);
                    if (!c.this.g(x509CertificateArr2)) {
                        throw new CertificateException();
                    }
                }
                e.a(c.f27734b, "self verify success");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            e.a(c.f27734b, "getAcceptedIssuers");
            return this.f27737a.getAcceptedIssuers();
        }
    }

    public c(dp.h hVar) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
        super(hVar != null ? hVar.b() : null, hVar != null ? hVar.a() : null, hVar != null ? hVar.d() : null);
        boolean z11;
        this.f27735a = SSLContext.getInstance(SSLSocketFactory.TLS);
        if (hVar == null) {
            e.b(f27734b, "ssl keyStore is null, assuming trust all!");
            this.f27735a.init(null, j(), null);
            return;
        }
        KeyStore b11 = hVar.b();
        KeyStore d11 = hVar.d();
        if (hVar.c() != null && hVar.c().length > 0) {
            e.a(f27734b, "use puk certchain");
            d11 = b(hVar.c());
        }
        if (b11 == null && d11 == null) {
            e.b(f27734b, "key store && trust store are null, assuming trust all!");
            this.f27735a.init(null, j(), null);
            return;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        if (b11 != null) {
            e.a(f27734b, "get key manager - server verify client");
            keyManagerFactory.init(hVar.b(), hVar.a() != null ? hVar.a().toCharArray() : null);
            z11 = true;
        } else {
            z11 = false;
        }
        this.f27735a.init(z11 ? keyManagerFactory.getKeyManagers() : null, e(d11), null);
    }

    public final KeyStore a(Certificate certificate) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("trust", certificate);
        return keyStore;
    }

    public final KeyStore b(Certificate[] certificateArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
        if (certificateArr == null || certificateArr.length == 0) {
            e.b(f27734b, "no certificate, return null ");
            return null;
        }
        String str = f27734b;
        e.a(str, "verify Input CertChain, certInputStreams length = " + certificateArr.length);
        if (g(certificateArr)) {
            e.a(str, "#verify Input CertChain success");
            return a(certificateArr[0]);
        }
        h(certificateArr);
        if (g(certificateArr)) {
            e.a(str, "##verify Input CertChain success");
            return a(certificateArr[0]);
        }
        e.c(str, "verify Input CertChain fail");
        throw new CertificateException();
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        int i11 = Build.VERSION.SDK_INT;
        e.b(f27734b, "current api version=" + i11);
        return this.f27735a.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i11, boolean z11) throws IOException, UnknownHostException {
        int i12 = Build.VERSION.SDK_INT;
        e.b(f27734b, "current api version=" + i12);
        return this.f27735a.getSocketFactory().createSocket(socket, str, i11, z11);
    }

    public final boolean d(Certificate certificate, Certificate certificate2) {
        try {
            ((X509Certificate) certificate).checkValidity();
            ((X509Certificate) certificate2).checkValidity();
            certificate.verify(certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException e11) {
            e11.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e12) {
            e12.printStackTrace();
            return false;
        } catch (NoSuchProviderException e13) {
            e13.printStackTrace();
            return false;
        } catch (SignatureException e14) {
            e14.printStackTrace();
            return false;
        } catch (CertificateException e15) {
            e15.printStackTrace();
            return false;
        }
    }

    public final TrustManager[] e(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        if (keyStore == null) {
            e.b(f27734b, "trustStore == null");
            return null;
        }
        String str = f27734b;
        e.a(str, "get trust manager - client verify server");
        e.a(str, "current api version=" + Build.VERSION.SDK_INT);
        e.b(str, "api version >= 24, get trust manager from EasyX509TrustManager");
        return new TrustManager[]{new b(keyStore)};
    }

    public final boolean g(Certificate[] certificateArr) {
        e.a(f27734b, "verifyCertChain...");
        if (certificateArr == null || certificateArr.length == 1) {
            return true;
        }
        int i11 = 0;
        while (i11 < certificateArr.length - 1) {
            String str = f27734b;
            StringBuilder sb2 = new StringBuilder("[verify ");
            sb2.append(i11);
            sb2.append(" and ");
            int i12 = i11 + 1;
            sb2.append(i12);
            sb2.append("]");
            e.a(str, sb2.toString());
            if (!d((X509Certificate) certificateArr[i11], (X509Certificate) certificateArr[i12])) {
                e.c(str, "verify fail");
                return false;
            }
            i11 = i12;
        }
        return true;
    }

    public final void h(Certificate[] certificateArr) {
        e.a(f27734b, "resort cert chain");
        int length = certificateArr.length;
        int i11 = 0;
        while (true) {
            int i12 = length - 1;
            if (i11 >= i12) {
                return;
            }
            int i13 = 0;
            while (i13 < i12 - i11) {
                int i14 = i13 + 1;
                if (!d(certificateArr[i13], certificateArr[i14])) {
                    Certificate certificate = certificateArr[i13];
                    certificateArr[i13] = certificateArr[i14];
                    certificateArr[i14] = certificate;
                }
                i13 = i14;
            }
            i11++;
        }
    }

    public final TrustManager[] j() {
        return new TrustManager[]{new a()};
    }
}
