package atws.shared.app;

import android.net.http.X509TrustManagerExtensions;
import atws.activity.fxconversion.BaseCloseCurrencyBottomSheetFragment;
import atws.shared.R$string;
import atws.shared.app.Analytics;
import atws.shared.i18n.L;
import atws.shared.persistent.Config;
import com.connection.util.BaseUtils;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import utils.S;

/* loaded from: classes2.dex */
public abstract class HostnameVerifier {
    public static boolean s_simulateBadCertificate = false;

    /* loaded from: classes2.dex */
    public static class HostnameVerificationException extends CertificateException {
        public final X509Certificate m_certificate;
        public final List m_errors;

        public HostnameVerificationException(X509Certificate x509Certificate, List list) {
            this.m_certificate = x509Certificate;
            this.m_errors = list;
        }

        public X509Certificate certificate() {
            return this.m_certificate;
        }

        @Override // java.lang.Throwable
        public String getMessage() {
            ArrayList<String> arrayList = new ArrayList(this.m_errors);
            StringBuilder sb = new StringBuilder();
            int i = 0;
            for (String str : arrayList) {
                if (sb.length() > 0) {
                    sb.append("\n");
                }
                if (arrayList.size() > 1) {
                    i++;
                    sb.append(i);
                    sb.append(". ");
                }
                sb.append(str);
            }
            return sb.toString();
        }
    }

    public static void addCNNames(Collection collection, X509Certificate x509Certificate) {
        String name;
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (subjectX500Principal == null || (name = subjectX500Principal.getName()) == null) {
            return;
        }
        parseName(collection, name);
    }

    public static void addSubjectAlternateNames(Collection collection, X509Certificate x509Certificate) {
        int intValue;
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (list.size() >= 2) {
                        Object obj = list.get(0);
                        Object obj2 = list.get(1);
                        if ((obj instanceof Integer) && (obj2 instanceof String) && ((intValue = ((Integer) obj).intValue()) == 2 || intValue == 7)) {
                            collection.add(obj2.toString());
                        }
                    }
                }
            }
        } catch (CertificateParsingException e) {
            S.err("Certificate has an invalid SAN", e);
        }
    }

    public static void checkDefaultServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            CertificateException certificateException = null;
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers == null) {
                throw new CertificateException("Missing trust manager");
            }
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
                    try {
                        checkServerTrusted(x509CertificateArr, x509TrustManager, str);
                    } catch (CertificateException e) {
                        S.err("checkServerTrusted error: " + e);
                        reportCrashlyticsEvent(e, null);
                        certificateException = e;
                    }
                    if (certificateException != null) {
                        try {
                            checkServerTrustedWithHost(x509CertificateArr, x509TrustManager, str, str2);
                            return;
                        } catch (CertificateException e2) {
                            S.err("checkServerTrustedWithHost error: " + e2);
                            reportCrashlyticsEvent(e2, "fallback");
                            Throwable cause = e2.getCause();
                            StringBuilder sb = new StringBuilder();
                            sb.append("Invalid certificate:");
                            sb.append(cause != null ? cause.getMessage() : e2.getMessage());
                            throw new CertificateException(sb.toString(), e2);
                        }
                    }
                    return;
                }
            }
        } catch (KeyStoreException e3) {
            throw new CertificateException("SSL KeyStore invalid", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new CertificateException("SSL server trust problem", e4);
        }
    }

    public static void checkServerTrusted(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager, String str) {
        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    public static void checkServerTrustedWithHost(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager, String str, String str2) {
        new X509TrustManagerExtensions(x509TrustManager).checkServerTrusted(x509CertificateArr, str, str2);
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [atws.shared.app.HostnameVerifier$1RegexQuotedStringBuilder] */
    public static Pattern createPatternFromCertificateHostname(String str) {
        ?? r0 = new Object() { // from class: atws.shared.app.HostnameVerifier.1RegexQuotedStringBuilder
            public StringBuilder m_patternStr = new StringBuilder();
            public boolean m_quoted = false;

            public void appendChar(char c) {
                if (!this.m_quoted) {
                    this.m_patternStr.append("\\Q");
                    this.m_quoted = true;
                }
                this.m_patternStr.append(c);
            }

            public void appendMetachars(String str2) {
                if (this.m_quoted) {
                    this.m_patternStr.append("\\E");
                    this.m_quoted = false;
                }
                this.m_patternStr.append(str2);
            }

            public String toString() {
                String sb = this.m_patternStr.toString();
                if (!this.m_quoted) {
                    return sb;
                }
                return sb + "\\E";
            }
        };
        for (char c : str.toCharArray()) {
            if (c == '*') {
                r0.appendMetachars("[^.]*(\\.[^.]*)?");
            } else if (c == '.') {
                r0.appendMetachars("\\.");
            } else if (c != '?') {
                r0.appendChar(c);
            } else {
                r0.appendMetachars("[^.]");
            }
        }
        return Pattern.compile(r0.toString(), 2);
    }

    public static boolean doesCertificateHostnameMatch(Certificate certificate, String str) {
        for (String str2 : getCertficateHostnameList(certificate)) {
            S.log("Checking " + str + " against " + str2);
            if (verifyHostname(str2, str)) {
                return true;
            }
        }
        return false;
    }

    public static String[] getCertficateHostnameList(Certificate certificate) {
        HashSet hashSet = new HashSet();
        if (certificate instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            addSubjectAlternateNames(hashSet, x509Certificate);
            addCNNames(hashSet, x509Certificate);
            S.log("getCertficateHostnameList: " + hashSet);
        }
        return (String[]) hashSet.toArray(new String[hashSet.size()]);
    }

    public static void parseName(Collection collection, String str) {
        int indexOf;
        int indexOf2;
        int i = 0;
        while (i != -1 && (indexOf = str.indexOf("CN=", i)) != -1) {
            int i2 = indexOf;
            while (true) {
                indexOf2 = str.indexOf(BaseCloseCurrencyBottomSheetFragment.SYMBOLS_SEPARATOR, i2);
                if (indexOf2 == -1 || str.charAt(indexOf2 - 1) != '\\') {
                    break;
                } else {
                    i2 = indexOf2 + 1;
                }
            }
            String[] split = str.substring(indexOf + 3, indexOf2 == -1 ? str.length() : indexOf2).trim().replace("\\,", BaseCloseCurrencyBottomSheetFragment.SYMBOLS_SEPARATOR).split(BaseCloseCurrencyBottomSheetFragment.SYMBOLS_SEPARATOR);
            for (int i3 = 0; i3 < split.length; i3++) {
                split[i3] = split[i3].trim();
            }
            collection.addAll(Arrays.asList(split));
            i = indexOf2;
        }
    }

    public static void reportCrashlyticsEvent(Exception exc, String str) {
        String str2;
        if (BaseUtils.notNull(exc.getMessage()).toLowerCase().contains("checkServerTrusted".toLowerCase())) {
            HashMap hashMap = new HashMap();
            hashMap.put(Analytics.Param.METHOD.id(), Analytics.encrypt(Config.INSTANCE.username()));
            String id = Analytics.Param.ERROR.id();
            Object[] objArr = new Object[2];
            if (BaseUtils.isNotNull(str)) {
                str2 = "(" + str + ")";
            } else {
                str2 = "";
            }
            objArr[0] = str2;
            objArr[1] = exc;
            hashMap.put(id, String.format("SSL certificate%s: %s", objArr));
            Analytics.logCrashlyticsEvent(Analytics.Event.CRASH, exc, hashMap);
        }
    }

    public static SocketFactory sslSocketFactory(final String str) {
        try {
            X509TrustManager x509TrustManager = new X509TrustManager() { // from class: atws.shared.app.HostnameVerifier.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) {
                    boolean equals = str.equals("10.0.2.2");
                    ArrayList arrayList = new ArrayList();
                    if (!equals) {
                        try {
                            HostnameVerifier.checkDefaultServerTrusted(x509CertificateArr, str2, str);
                        } catch (CertificateException e) {
                            S.err(e);
                            arrayList.add(e.getMessage());
                        }
                    }
                    X509Certificate x509Certificate = x509CertificateArr[0];
                    if (!HostnameVerifier.doesCertificateHostnameMatch(x509Certificate, str)) {
                        S.log("certificate does not match hostname=" + str);
                        arrayList.add(L.getString(R$string.HOSTNAME_DOES_NOT_MATCH));
                    }
                    if (!arrayList.isEmpty()) {
                        throwIfNotAccepted(str, x509Certificate, arrayList);
                        return;
                    }
                    if (HostnameVerifier.s_simulateBadCertificate) {
                        throwIfNotAccepted(str, x509Certificate, arrayList);
                        return;
                    }
                    S.log("got valid certificate for hostname=" + str);
                    SslHandshakeManager.okCertificate(str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                public void throwIfNotAccepted(String str2, X509Certificate x509Certificate, List list) {
                    if (!SslHandshakeManager.isAccepted(str2, x509Certificate)) {
                        throw new HostnameVerificationException(x509Certificate, list);
                    }
                    S.log("Bad certificate, but accepted by user for hostName=" + str2);
                }
            };
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            return sSLContext.getSocketFactory();
        } catch (Exception e) {
            throw new IOException("Unable to initialize SSL Factory: " + e);
        }
    }

    public static boolean verifyHostname(String str, String str2) {
        return BaseUtils.isNotNull(str) && createPatternFromCertificateHostname(str).matcher(str2).matches();
    }
}
