package com.heyue.framework.protocol.retrofit;

import android.util.Log;
import android.widget.Toast;
import com.heyue.framework.protocol.configs.HttpConfig;
import d.g.a.f.a;
import d.g.a.f.c;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import k.n;
import k.q.a.h;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;

/* loaded from: classes.dex */
public class HeYueHttpCreator {
    public static final String[] certLists = {"WoSign.cer", "der.cer", "baltimoreCyber.cer", "STAR_ycic-factoring_com.crt"};

    /* loaded from: classes.dex */
    public static final class HttpStoreHolder {
        public static final HttpStore REST_SERVICE = (HttpStore) RetrofitHolder.RETROFIT_CLIENT.g(HttpStore.class);
    }

    /* loaded from: classes.dex */
    public static final class OkHttpHolder {
        public static final int TIME_OUT = 30;
        public static final OkHttpClient.Builder BUILDER = new OkHttpClient.Builder();
        public static final ArrayList<Interceptor> INTERCEPTORS = (ArrayList) c.b(a.INTERCEPTOR);
        public static final OkHttpClient OK_HTTP_CLIENT = addInterceptor().connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).build();
        public static final OkHttpClient OK_HTTP_CLIENT_NO_INTERCEPTOR = new OkHttpClient.Builder().connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).build();
        public static final OkHttpClient OK_HTTPS_CLIENT = httpsBuilder(true).connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).build();
        public static final OkHttpClient OK_HTTPS_CLIENT_NO_INTERCEPTOR = httpsBuilder(false).connectTimeout(30, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).writeTimeout(30, TimeUnit.SECONDS).build();

        public static OkHttpClient.Builder addInterceptor() {
            ArrayList<Interceptor> arrayList = INTERCEPTORS;
            if (arrayList != null && !arrayList.isEmpty()) {
                Iterator<Interceptor> it = INTERCEPTORS.iterator();
                while (it.hasNext()) {
                    BUILDER.addInterceptor(it.next());
                }
            }
            return BUILDER;
        }

        public static TrustManager[] buildTrustManagers() {
            return new TrustManager[]{new X509TrustManager() { // from class: com.heyue.framework.protocol.retrofit.HeYueHttpCreator.OkHttpHolder.2
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    Log.i("HeYueHttpClien", "-- Client");
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    int i2;
                    if (x509CertificateArr.length > 1) {
                        int i3 = 0;
                        i2 = 0;
                        while (i3 < x509CertificateArr.length) {
                            X509Certificate x509Certificate = x509CertificateArr[i3];
                            i3++;
                            if (i3 != x509CertificateArr.length) {
                                X509Certificate x509Certificate2 = x509CertificateArr[i3];
                                if (x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                                    try {
                                        x509Certificate.verify(x509Certificate2.getPublicKey());
                                        i2 = x509CertificateArr.length - 1;
                                    } catch (InvalidKeyException e2) {
                                        e2.printStackTrace();
                                        Toast.makeText(c.a(), "证书链校验失败！", 0).show();
                                        return;
                                    } catch (NoSuchAlgorithmException e3) {
                                        e3.printStackTrace();
                                        Toast.makeText(c.a(), "证书链校验失败！", 0).show();
                                        return;
                                    } catch (NoSuchProviderException e4) {
                                        e4.printStackTrace();
                                        Toast.makeText(c.a(), "证书链校验失败！", 0).show();
                                        return;
                                    } catch (SignatureException e5) {
                                        e5.printStackTrace();
                                        Toast.makeText(c.a(), "证书链校验失败！", 0).show();
                                        return;
                                    }
                                } else {
                                    x509Certificate2.verify(x509Certificate.getPublicKey());
                                    i2 = 0;
                                }
                            }
                        }
                    } else {
                        i2 = 0;
                    }
                    try {
                        X509Certificate x509Certificate3 = x509CertificateArr[i2];
                        Principal issuerDN = x509Certificate3.getIssuerDN();
                        for (int i4 = 0; i4 < HeYueHttpCreator.certLists.length; i4++) {
                            X509Certificate[] x509Certificate4 = TrustCerUtils.getX509Certificate(c.a().getAssets().open(HeYueHttpCreator.certLists[i4]));
                            if (x509Certificate4[0].getIssuerDN().equals(issuerDN)) {
                                if ((!x509Certificate4[0].getSerialNumber().equals(x509Certificate3.getSerialNumber()) || !x509Certificate4[0].getSubjectDN().equals(x509Certificate3.getSubjectDN()) || !x509Certificate4[0].getIssuerDN().equals(x509Certificate3.getIssuerDN())) && !TrustCerUtils.verify(x509Certificate4[0], x509Certificate3)) {
                                    throw new CertificateException();
                                }
                                return;
                            }
                        }
                        throw new CertificateException();
                    } catch (Exception e6) {
                        throw new CertificateException(e6);
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
        }

        public static OkHttpClient.Builder httpsBuilder(boolean z) {
            try {
                TrustManager[] buildTrustManagers = buildTrustManagers();
                SSLContext sSLContext = SSLContext.getInstance("SSL");
                sSLContext.init(null, buildTrustManagers, new SecureRandom());
                SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                OkHttpClient.Builder builder = new OkHttpClient.Builder();
                if (z && INTERCEPTORS != null && !INTERCEPTORS.isEmpty()) {
                    Iterator<Interceptor> it = INTERCEPTORS.iterator();
                    while (it.hasNext()) {
                        builder.addInterceptor(it.next());
                    }
                }
                builder.sslSocketFactory(socketFactory, (X509TrustManager) buildTrustManagers[0]);
                builder.hostnameVerifier(new HostnameVerifier() { // from class: com.heyue.framework.protocol.retrofit.HeYueHttpCreator.OkHttpHolder.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        return true;
                    }
                });
                return builder;
            } catch (KeyManagementException | NoSuchAlgorithmException e2) {
                e2.printStackTrace();
                return new OkHttpClient.Builder();
            }
        }
    }

    /* loaded from: classes.dex */
    public static final class RetrofitHolder {
        public static final n RETROFIT_CLIENT = new n.b().c(HttpConfig.getInstance().getBASE_URL()).h(HeYueHttpCreator.getHttpsClient(true, HttpConfig.getInstance().getBASE_URL())).b(k.r.a.a.f()).a(h.d()).e();
    }

    public static HttpStore getHttpStore() {
        return HttpStoreHolder.REST_SERVICE;
    }

    public static OkHttpClient getHttpsClient(boolean z, String str) {
        return z ? str.startsWith("http://") ? OkHttpHolder.OK_HTTP_CLIENT : OkHttpHolder.OK_HTTPS_CLIENT : str.startsWith("http://") ? OkHttpHolder.OK_HTTP_CLIENT_NO_INTERCEPTOR : OkHttpHolder.OK_HTTPS_CLIENT_NO_INTERCEPTOR;
    }
}
