package cn.com.infosec.mobile;

import android.text.TextUtils;
import android.util.Base64;
import cn.com.infosec.BuildConfig;
import cn.com.infosec.jce.provider.InfosecProvider;
import cn.com.infosec.jce.provider.JCESM2PrivateKey;
import cn.com.infosec.mobile.gm.tls.SSLContextImpl;
import cn.com.infosec.mobile.gm.tls.SSLSocketFactoryImpl;
import cn.com.infosec.mobile.netcert.framework.crypto.IHSM;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec;
import okhttp3.OkHttpClient;

/* loaded from: classes.dex */
public class OkHttpHelper {
    private String encKeyPasswd;
    private String encPFXPasswd;
    private String encPFXPath;
    private String signKeyPasswd;
    private String signPFXPasswd;
    private String signPFXPath;
    private String[] trustCerts;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: cn.com.infosec.mobile.OkHttpHelper$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$cn$com$infosec$mobile$SSL_PROTOCOL = new int[SSL_PROTOCOL.values().length];

        static {
            try {
                $SwitchMap$cn$com$infosec$mobile$SSL_PROTOCOL[SSL_PROTOCOL.GM.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$cn$com$infosec$mobile$SSL_PROTOCOL[SSL_PROTOCOL.GJ.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class MyHostNameVerifier implements HostnameVerifier {
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public final class MyX509TrustManager implements X509TrustManager {
        private MyX509TrustManager() {
        }

        /* synthetic */ MyX509TrustManager(OkHttpHelper okHttpHelper, AnonymousClass1 anonymousClass1) {
            this();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            try {
                X509Certificate[] x509CertificateArr = new X509Certificate[OkHttpHelper.this.trustCerts.length];
                for (int i = 0; i < OkHttpHelper.this.trustCerts.length; i++) {
                    x509CertificateArr[i] = (X509Certificate) CertificateFactory.getInstance("X.509", IHSM.INFOSEC).generateCertificate(new ByteArrayInputStream(Base64.decode(OkHttpHelper.this.trustCerts[i], 2)));
                }
                return x509CertificateArr;
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
                return null;
            } catch (CertificateException e2) {
                e2.printStackTrace();
                return null;
            }
        }
    }

    static {
        Security.insertProviderAt(new InfosecProvider(), 99);
    }

    private SSLSocketFactory createGJSSLSocketFactory() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, UnrecoverableKeyException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        int i = 0;
        while (true) {
            String[] strArr = this.trustCerts;
            if (i >= strArr.length) {
                break;
            }
            keyStore.setCertificateEntry("CACert" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(strArr[i], 2))));
            i++;
        }
        KeyStore keyStore2 = KeyStore.getInstance("AndroidCAStore");
        keyStore2.load(null);
        Enumeration<String> aliases = keyStore2.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            keyStore.setCertificateEntry(nextElement, keyStore2.getCertificate(nextElement));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        KeyManager[] keyManagerArr = new KeyManager[0];
        if (!TextUtils.isEmpty(this.signPFXPath) && !TextUtils.isEmpty(this.signPFXPasswd) && !TextUtils.isEmpty(this.signKeyPasswd)) {
            try {
                KeyStore keyStore3 = KeyStore.getInstance("PKCS12");
                keyStore3.load(new FileInputStream(this.signPFXPath), this.signPFXPasswd.toCharArray());
                keyManagerFactory.init(keyStore3, this.signKeyPasswd.toCharArray());
                keyManagerArr = keyManagerFactory.getKeyManagers();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        sSLContext.init(keyManagerArr, trustManagerFactory.getTrustManagers(), SecureRandom.getInstance("SHA1PRNG"));
        return sSLContext.getSocketFactory();
    }

    private SSLSocketFactoryImpl createGMSSLSocketFactory() throws CertificateException, NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
        SSLContextImpl sSLContextImpl = new SSLContextImpl();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", IHSM.INFOSEC);
        X509Certificate[] x509CertificateArr = new X509Certificate[this.trustCerts.length];
        int i = 0;
        while (true) {
            String[] strArr = this.trustCerts;
            if (i >= strArr.length) {
                break;
            }
            x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(strArr[i], 2)));
            i++;
        }
        sSLContextImpl.setTrustStore(new cn.com.infosec.mobile.gm.tls.crypto.KeyStore(x509CertificateArr));
        if (!TextUtils.isEmpty(this.signPFXPath) && !TextUtils.isEmpty(this.signPFXPasswd) && !TextUtils.isEmpty(this.signKeyPasswd) && !TextUtils.isEmpty(this.encPFXPath) && !TextUtils.isEmpty(this.encPFXPasswd) && !TextUtils.isEmpty(this.encKeyPasswd)) {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", InfosecProvider.PROVIDER_NAME);
            keyStore.load(new FileInputStream(this.signPFXPath), this.signPFXPasswd.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            Certificate certificate = null;
            Certificate certificate2 = null;
            byte[] bArr = null;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class)) {
                    Key key = keyStore.getKey(nextElement, this.signKeyPasswd.toCharArray());
                    if (key instanceof JCESM2PrivateKey) {
                        bArr = ((JCESM2PrivateKey) key).getD();
                    }
                    certificate2 = keyStore.getCertificate(nextElement);
                }
            }
            sSLContextImpl.setSignStore(new cn.com.infosec.mobile.gm.tls.crypto.KeyStore((X509Certificate) certificate2, bArr));
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12", InfosecProvider.PROVIDER_NAME);
            keyStore2.load(new FileInputStream(this.encPFXPath), this.encPFXPasswd.toCharArray());
            Enumeration<String> aliases2 = keyStore2.aliases();
            byte[] bArr2 = null;
            while (aliases2.hasMoreElements()) {
                String nextElement2 = aliases2.nextElement();
                if (keyStore2.entryInstanceOf(nextElement2, KeyStore.PrivateKeyEntry.class)) {
                    Key key2 = keyStore2.getKey(nextElement2, this.encKeyPasswd.toCharArray());
                    if (key2 instanceof JCESM2PrivateKey) {
                        bArr2 = ((JCESM2PrivateKey) key2).getD();
                    }
                    certificate = keyStore2.getCertificate(nextElement2);
                }
            }
            sSLContextImpl.setEncStore(new cn.com.infosec.mobile.gm.tls.crypto.KeyStore((X509Certificate) certificate, bArr2));
        }
        return new SSLSocketFactoryImpl(sSLContextImpl);
    }

    private ArrayList<ConnectionSpec> getConnectionSpecs(SSL_PROTOCOL ssl_protocol) {
        ArrayList<ConnectionSpec> arrayList = new ArrayList<>();
        int i = AnonymousClass1.$SwitchMap$cn$com$infosec$mobile$SSL_PROTOCOL[ssl_protocol.ordinal()];
        if (i == 1) {
            arrayList.add(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions("TLSv1.1").cipherSuites("TLS_ECC_WITH_SM4_128_CBC_SM3").build());
        } else {
            if (i != 2) {
                throw new IllegalArgumentException("protocol not supported " + ssl_protocol);
            }
            arrayList.add(ConnectionSpec.MODERN_TLS);
        }
        return arrayList;
    }

    public static String version() {
        return BuildConfig.VERSION_NAME;
    }

    public OkHttpHelper clientCerts(String str, String str2, String str3, String str4, String str5, String str6) {
        this.signPFXPath = str;
        this.signPFXPasswd = str2;
        this.signKeyPasswd = str3;
        this.encPFXPath = str4;
        this.encPFXPasswd = str5;
        this.encKeyPasswd = str6;
        return this;
    }

    public OkHttpClient.Builder createBuilder(SSL_PROTOCOL ssl_protocol) throws Exception {
        return new OkHttpClient.Builder().sslSocketFactory(createSSLSocketFactory(ssl_protocol), new MyX509TrustManager(this, null)).connectionSpecs(getConnectionSpecs(ssl_protocol)).hostnameVerifier(new MyHostNameVerifier());
    }

    public SSLSocketFactory createSSLSocketFactory(SSL_PROTOCOL ssl_protocol) throws Exception {
        int i = AnonymousClass1.$SwitchMap$cn$com$infosec$mobile$SSL_PROTOCOL[ssl_protocol.ordinal()];
        if (i == 1) {
            return createGMSSLSocketFactory();
        }
        if (i == 2) {
            return createGJSSLSocketFactory();
        }
        throw new IllegalArgumentException("protocol not supported " + ssl_protocol);
    }

    public OkHttpHelper trustCerts(String[] strArr) {
        this.trustCerts = strArr;
        return this;
    }
}
