package com.xmqvip.xiaomaiquan.net;

import com.xmqvip.xiaomaiquan.utils.KQLog;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class KLX509TrustManager extends X509ExtendedTrustManager {
    private X509Certificate mCertificate = loadRootCertificate();
    private X509TrustManager mSystemDefaultTrustManager = systemDefaultTrustManager();

    public KLX509TrustManager() {
        KQLog.d("RoyDebug", "KLX509TrustManager mCertificate:\n" + this.mCertificate);
    }

    private byte[] getOcspDataFromSession(SSLSession sSLSession) {
        List list;
        Object invoke;
        try {
            Method declaredMethod = sSLSession.getClass().getDeclaredMethod("getStatusResponses", new Class[0]);
            declaredMethod.setAccessible(true);
            invoke = declaredMethod.invoke(sSLSession, new Object[0]);
        } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException unused) {
        } catch (InvocationTargetException e) {
            throw new RuntimeException(e.getCause());
        }
        if (invoke instanceof List) {
            list = (List) invoke;
            if (list != null || list.isEmpty()) {
                return null;
            }
            return (byte[]) list.get(0);
        }
        list = null;
        if (list != null) {
        }
        return null;
    }

    private byte[] getTlsSctDataFromSession(SSLSession sSLSession) {
        try {
            Method declaredMethod = sSLSession.getClass().getDeclaredMethod("getPeerSignedCertificateTimestamp", new Class[0]);
            declaredMethod.setAccessible(true);
            Object invoke = declaredMethod.invoke(sSLSession, new Object[0]);
            if (invoke instanceof byte[]) {
                return (byte[]) invoke;
            }
            return null;
        } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException unused) {
            return null;
        } catch (InvocationTargetException e) {
            throw new RuntimeException(e.getCause());
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x0040, code lost:
    
        if (r3 == null) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x002d, code lost:
    
        if (r3 == null) goto L31;
     */
    /* JADX WARN: Not initialized variable reg: 3, insn: 0x0046: MOVE (r1 I:??[OBJECT, ARRAY]) = (r3 I:??[OBJECT, ARRAY]), block:B:32:0x0046 */
    /* JADX WARN: Removed duplicated region for block: B:35:0x0049 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.X509Certificate loadRootCertificate() {
        /*
            r4 = this;
            java.lang.String r0 = "xmqvip.crt"
            r1 = 0
            java.lang.String r2 = "X.509"
            java.security.cert.CertificateFactory r2 = java.security.cert.CertificateFactory.getInstance(r2)     // Catch: java.lang.Throwable -> L26 java.lang.Throwable -> L28 java.security.cert.CertificateException -> L33 java.io.IOException -> L3b
            byte[] r0 = com.idonans.lang.util.AssetUtil.readAll(r0, r1, r1)     // Catch: java.lang.Throwable -> L26 java.lang.Throwable -> L28 java.security.cert.CertificateException -> L33 java.io.IOException -> L3b
            byte[] r0 = com.xmqvip.xiaomaiquan.utils.ZLibUtils.decompress(r0)     // Catch: java.lang.Throwable -> L26 java.lang.Throwable -> L28 java.security.cert.CertificateException -> L33 java.io.IOException -> L3b
            java.io.ByteArrayInputStream r3 = new java.io.ByteArrayInputStream     // Catch: java.lang.Throwable -> L26 java.lang.Throwable -> L28 java.security.cert.CertificateException -> L33 java.io.IOException -> L3b
            r3.<init>(r0)     // Catch: java.lang.Throwable -> L26 java.lang.Throwable -> L28 java.security.cert.CertificateException -> L33 java.io.IOException -> L3b
            java.security.cert.Certificate r0 = r2.generateCertificate(r3)     // Catch: java.lang.Throwable -> L20 java.security.cert.CertificateException -> L22 java.io.IOException -> L24 java.lang.Throwable -> L45
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.lang.Throwable -> L20 java.security.cert.CertificateException -> L22 java.io.IOException -> L24 java.lang.Throwable -> L45
            r3.close()     // Catch: java.io.IOException -> L44
            goto L44
        L20:
            r0 = move-exception
            goto L2a
        L22:
            r0 = move-exception
            goto L35
        L24:
            r0 = move-exception
            goto L3d
        L26:
            r0 = move-exception
            goto L47
        L28:
            r0 = move-exception
            r3 = r1
        L2a:
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L45
            if (r3 == 0) goto L43
        L2f:
            r3.close()     // Catch: java.io.IOException -> L43
            goto L43
        L33:
            r0 = move-exception
            r3 = r1
        L35:
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L45
            if (r3 == 0) goto L43
            goto L2f
        L3b:
            r0 = move-exception
            r3 = r1
        L3d:
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L45
            if (r3 == 0) goto L43
            goto L2f
        L43:
            r0 = r1
        L44:
            return r0
        L45:
            r0 = move-exception
            r1 = r3
        L47:
            if (r1 == 0) goto L4c
            r1.close()     // Catch: java.io.IOException -> L4c
        L4c:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.xmqvip.xiaomaiquan.net.KLX509TrustManager.loadRootCertificate():java.security.cert.X509Certificate");
    }

    private X509TrustManager systemDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        } catch (GeneralSecurityException unused) {
            throw new AssertionError();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        KQLog.d("RoyDebug", "KLX509TrustManager checkClientTrusted:" + x509CertificateArr + " authType:" + str);
        this.mSystemDefaultTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        KQLog.d("RoyDebug", "KLX509TrustManager checkClientTrusted cert:\n" + x509CertificateArr[0] + "\n authType:" + str + " socket:" + socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        KQLog.d("RoyDebug", "KLX509TrustManager checkServerTrusted chain:" + x509CertificateArr[0] + "\n authType:" + str + " engine:" + sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        KQLog.d("RoyDebug", "KLX509TrustManager checkServerTrusted:" + x509CertificateArr + " authType:" + str);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.verify(this.mCertificate.getPublicKey());
                return;
            } catch (InvalidKeyException e) {
                e.printStackTrace();
            } catch (NoSuchAlgorithmException e2) {
                e2.printStackTrace();
            } catch (NoSuchProviderException e3) {
                e3.printStackTrace();
            } catch (SignatureException e4) {
                e4.printStackTrace();
            }
        }
        this.mSystemDefaultTrustManager.checkServerTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        String endpointIdentificationAlgorithm;
        KQLog.d("RoyDebug", "KLX509TrustManager checkServerTrusted cert:\n" + x509CertificateArr[0] + "\nauthType:" + str + " socket:" + socket);
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession handshakeSession = sSLSocket.getHandshakeSession();
            SSLParameters sSLParameters = sSLSocket.getSSLParameters();
            String str2 = null;
            if (handshakeSession != null) {
                str2 = handshakeSession.getPeerHost();
                getOcspDataFromSession(handshakeSession);
                getTlsSctDataFromSession(handshakeSession);
            }
            if (handshakeSession != null && sSLParameters != null && (endpointIdentificationAlgorithm = sSLParameters.getEndpointIdentificationAlgorithm()) != null && "HTTPS".equals(endpointIdentificationAlgorithm.toUpperCase(Locale.US)) && !HttpsURLConnection.getDefaultHostnameVerifier().verify(str2, handshakeSession)) {
                throw new CertificateException("No subjectAltNames on the certificate match");
            }
            if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
                throw new IllegalArgumentException("null or zero-length parameter");
            }
            new HashSet();
            new ArrayList();
            new ArrayList();
            X509Certificate x509Certificate = x509CertificateArr[0];
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        KQLog.d("RoyDebug", "KLX509TrustManager checkServerTrusted chain:" + x509CertificateArr[0] + "\n authType:" + str + " engine:" + sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.mSystemDefaultTrustManager.getAcceptedIssuers();
        StringBuilder sb = new StringBuilder();
        sb.append("KLX509TrustManager getAcceptedIssuers:\n");
        sb.append(acceptedIssuers[0]);
        KQLog.d("RoyDebug", sb.toString());
        X509Certificate[] x509CertificateArr = new X509Certificate[acceptedIssuers.length + 1];
        for (int i = 0; i < acceptedIssuers.length; i++) {
            x509CertificateArr[i] = acceptedIssuers[i];
        }
        x509CertificateArr[acceptedIssuers.length] = this.mCertificate;
        return x509CertificateArr;
    }
}
