package com.souche.android.sai2.sai;

import android.app.Application;
import android.content.Context;
import android.text.TextUtils;
import android.util.Log;
import com.souche.android.sai2.R;
import com.souche.android.sai2.sai.bean.CertificateChecker;
import com.souche.android.sai2.sai.bean.CustomHeaderOption;
import com.souche.android.sai2.utils.DebugSignRequestListener;
import defpackage.lc;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;
import retrofit2.ext.X509TrustManagerBuilder;

/* loaded from: classes2.dex */
public final class Sai {
    private static final List<CertificateChecker> e = Arrays.asList(new CertificateChecker("charles"), new CertificateChecker("fiddler"), new CertificateChecker("anyproxy"), new CertificateChecker("httpcanary"), new CertificateChecker("packet"), new CertificateChecker("capture"), new CertificateChecker("networkdiagnosis"));
    private X509Certificate a;
    private final List<String> b;
    private final DebugSignRequestListener c;
    private final CustomHeaderOption d;

    /* loaded from: classes2.dex */
    public static final class Builder {
        private Application a;
        private CustomHeaderOption b;
        private boolean c = false;
        private boolean d = false;
        private List<String> e;
        private DebugSignRequestListener f;

        public Builder(Application application) {
            this.a = application;
        }

        public Sai build() {
            return new Sai(this);
        }

        @Deprecated
        public Builder debugCallBack(DebugSignRequestListener debugSignRequestListener) {
            this.f = debugSignRequestListener;
            return this;
        }

        public Builder enableRNInterceptor(boolean z) {
            this.c = z;
            return this;
        }

        public Builder enableRNSSlCheck(boolean z) {
            this.d = z;
            return this;
        }

        public Builder setCustomHeaderOption(CustomHeaderOption customHeaderOption) {
            this.b = customHeaderOption;
            return this;
        }

        public Builder whiteList(List<String> list) {
            if (list == null) {
                throw new NullPointerException();
            }
            this.e = list;
            return this;
        }
    }

    private Sai(Builder builder) {
        this.b = new ArrayList(builder.e);
        this.c = builder.f;
        this.d = builder.b;
        Application application = builder.a;
        if (builder.c) {
            lc.a a = new lc.a().a(generateSaiHttpInterceptor());
            if (builder.d) {
                a.a(generateFilteredSSLSocketFactory()).a(generateSaiTrustManager());
            }
            lc.a(application, a);
        }
        try {
            this.a = a(builder.a);
        } catch (CertificateException unused) {
        }
    }

    private X509Certificate a(Context context) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(context.getResources().openRawResource(R.raw.scs_ca_pem));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Request a(Request request) {
        Map<String, String> option = this.d != null ? this.d.option(getOptionParams(request.url())) : null;
        if (option == null) {
            option = new HashMap<>();
        }
        Request.Builder newBuilder = request.newBuilder();
        for (Map.Entry<String, String> entry : option.entrySet()) {
            newBuilder.header(entry.getKey(), entry.getValue());
        }
        return newBuilder.build();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(X509Certificate[] x509CertificateArr) throws CertificateException {
        boolean z = false;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            Iterator<CertificateChecker> it = e.iterator();
            while (it.hasNext()) {
                if (it.next().isContainsFlag(x509Certificate)) {
                    z = true;
                }
            }
        }
        if (z && !b(x509CertificateArr)) {
            throw new CertificateException();
        }
    }

    private boolean b(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate.getIssuerDN().toString().contains("EMAILADDRESS=scs@souche.com")) {
                try {
                    x509Certificate.verify(this.a.getPublicKey());
                } catch (Exception unused) {
                    return false;
                }
            }
        }
        return true;
    }

    public static String getOptionParams(HttpUrl httpUrl) {
        Set<String> queryParameterNames = httpUrl.queryParameterNames();
        if (queryParameterNames.size() == 0) {
            return "";
        }
        TreeSet treeSet = new TreeSet(queryParameterNames);
        StringBuilder sb = new StringBuilder();
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            List<String> queryParameterValues = httpUrl.queryParameterValues(str);
            for (String str2 : queryParameterValues) {
                sb.append(str);
                if (!TextUtils.isEmpty(str2)) {
                    sb.append("=");
                    sb.append(str2);
                }
                if (queryParameterValues.indexOf(str2) < queryParameterValues.size() - 1) {
                    sb.append("&");
                }
            }
            sb.append("&");
        }
        return sb.toString();
    }

    public SSLSocketFactory generateFilteredSSLSocketFactory() {
        return X509TrustManagerBuilder.createSSLSocketFactory(generateSaiTrustManager());
    }

    public Interceptor generateSaiHttpInterceptor() {
        return new Interceptor() { // from class: com.souche.android.sai2.sai.Sai.1
            @Override // okhttp3.Interceptor
            public Response intercept(Interceptor.Chain chain) throws IOException {
                Request request = chain.request();
                HttpUrl url = request.url();
                String str = url.host() + url.encodedPath();
                Request a = Sai.this.b.isEmpty() ? Sai.this.a(request) : Sai.this.b.contains(str) ? Sai.this.a(request) : null;
                if (Sai.this.c != null) {
                    Sai.this.c.onSignedCallBack(request, a);
                }
                if (a == null) {
                    return chain.proceed(request);
                }
                try {
                    return chain.proceed(a);
                } catch (Exception e2) {
                    Log.d("SAI-SSL", str);
                    throw e2;
                }
            }
        };
    }

    public X509TrustManager generateSaiTrustManager() {
        final X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.souche.android.sai2.sai.Sai.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                Sai.this.a(x509CertificateArr);
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return Sai.this.a != null ? new X509Certificate[]{Sai.this.a} : new X509Certificate[0];
            }
        };
        final X509TrustManager build = new X509TrustManagerBuilder().trustWhatSystemTrust().build();
        return new X509TrustManager() { // from class: com.souche.android.sai2.sai.Sai.3
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                build.checkClientTrusted(x509CertificateArr, str);
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                build.checkServerTrusted(x509CertificateArr, str);
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return build.getAcceptedIssuers();
            }
        };
    }
}
