package com.bochklaunchflow.okhttp.https;

import com.bochklaunchflow.BOCHKLaunchFlow;
import com.bochklaunchflow.base.AppSecuityConfig;
import com.bochklaunchflow.utils.BOCLFLogUtil;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class HttpsManager {
    private static final String TAG = "BOCHKLaunchFlow";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class BlockServerSelfSignedTrustManager implements X509TrustManager {
        private X509TrustManager defaultBlockSelfSignedTrustManager;
        private X509TrustManager localCertTrustManager;

        public BlockServerSelfSignedTrustManager(KeyStore keyStore) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    this.defaultBlockSelfSignedTrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory2.init(TrustedKeyStoreConfig.getTrustedKeyStore());
            for (TrustManager trustManager2 : trustManagerFactory2.getTrustManagers()) {
                if (trustManager2 instanceof X509TrustManager) {
                    this.localCertTrustManager = (X509TrustManager) trustManager2;
                    return;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            boolean z = false;
            try {
                this.defaultBlockSelfSignedTrustManager.checkClientTrusted(x509CertificateArr, str);
                z = true;
                this.localCertTrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (z) {
                    BOCLFLogUtil.d("BOCHKLaunchFlow", "checkClientTrusted#2 -> server cert is NOT self-signed but failed in cert pinning");
                    throw e;
                }
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkClientTrusted#4 -> server cert is self-signed and is not included in local certs");
                throw new ServerSelfSignedException();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            boolean z = false;
            try {
                this.defaultBlockSelfSignedTrustManager.checkServerTrusted(x509CertificateArr, str);
                z = true;
                this.localCertTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (AppSecuityConfig.SHOW_PRINT_STACK) {
                    e.printStackTrace();
                }
                if (z) {
                    BOCLFLogUtil.d("BOCHKLaunchFlow", "checkServerTrusted#2 -> server cert is NOT self-signed but failed in cert pinning");
                    throw e;
                }
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkServerTrusted#4 -> server cert is self-signed and is not included in local certs");
                throw new ServerSelfSignedException();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.localCertTrustManager.getAcceptedIssuers();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ForSitHttpsTrustManager implements X509TrustManager {
        private ForSitHttpsTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes.dex */
    public static class SSLParams {
        public SSLSocketFactory sSLSocketFactory;
        public X509TrustManager trustManager;
    }

    /* loaded from: classes.dex */
    static class ServerSelfSignedException extends CertificateException {
        public ServerSelfSignedException() {
            super("ServerSelfSignedException:Certificate in server is self-signed.");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ServerSelfSignedTrustManager implements X509TrustManager {
        private X509TrustManager localCertTrustManager;

        public ServerSelfSignedTrustManager(KeyStore keyStore) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(TrustedKeyStoreConfig.getTrustedKeyStore());
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.localCertTrustManager = (X509TrustManager) trustManager;
                    return;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                this.localCertTrustManager.checkClientTrusted(x509CertificateArr, str);
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkClientTrusted#1 -> server cert is self-signed but included in local certs");
                throw new ServerSelfSignedException();
            } catch (ServerSelfSignedException unused) {
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkClientTrusted#2 -> ServerSelfSignedException");
            } catch (CertificateException e) {
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkClientTrusted#3 -> server cert is self-signed and is not included in local certs");
                throw e;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                this.localCertTrustManager.checkServerTrusted(x509CertificateArr, str);
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkServerTrusted#1 -> server cert is self-signed but included in local certs");
                throw new ServerSelfSignedException();
            } catch (ServerSelfSignedException unused) {
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkServerTrusted#2 -> ServerSelfSignedException");
            } catch (CertificateException e) {
                BOCLFLogUtil.d("BOCHKLaunchFlow", "checkServerTrusted#3 -> server cert is self-signed and is not included in local certs");
                throw e;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.localCertTrustManager.getAcceptedIssuers();
        }
    }

    public static SSLParams getSSLParams() {
        SSLParams sSLParams = new SSLParams();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            ForSitHttpsTrustManager forSitHttpsTrustManager = new ForSitHttpsTrustManager();
            sSLContext.init(null, new TrustManager[]{forSitHttpsTrustManager}, null);
            sSLParams.sSLSocketFactory = sSLContext.getSocketFactory();
            sSLParams.trustManager = forSitHttpsTrustManager;
            return sSLParams;
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static SSLParams getSSLParams(KeyStore keyStore) {
        SSLParams sSLParams = new SSLParams();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            X509TrustManager blockServerSelfSignedTrustManager = BOCHKLaunchFlow.getBlockSelfSignedCert() ? new BlockServerSelfSignedTrustManager(keyStore) : new ServerSelfSignedTrustManager(keyStore);
            sSLContext.init(null, new TrustManager[]{blockServerSelfSignedTrustManager}, null);
            sSLParams.sSLSocketFactory = sSLContext.getSocketFactory();
            sSLParams.trustManager = blockServerSelfSignedTrustManager;
            return sSLParams;
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return null;
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            return null;
        }
    }
}
