package com.tencent.qqmail.utilities.qmnetwork.b;

import android.app.Activity;
import android.app.PendingIntent;
import android.text.TextUtils;
import c.q;
import com.tencent.androidqqmail.R;
import com.tencent.moai.database.sqlite.SQLiteDatabase;
import com.tencent.qqmail.LaunchWebPush;
import com.tencent.qqmail.QMApplicationContext;
import com.tencent.qqmail.dg;
import com.tencent.qqmail.model.mail.oj;
import com.tencent.qqmail.qmui.dialog.QMUIDialogAction;
import com.tencent.qqmail.utilities.log.QMLog;
import com.tencent.qqmail.utilities.qmnetwork.QMNetworkUtils;
import com.tencent.qqmail.utilities.ui.cb;
import com.xiaomi.mipush.sdk.Constants;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.Socket;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import moai.patch.BuildConfig;

/* loaded from: classes2.dex */
public final class b extends a {
    private static final Map<Integer, Object> cWJ = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void a(int i, q qVar) {
        moai.d.a.bL(new double[0]);
        QMLog.log(4, "SafeSSLStrategy", "cancle id:" + i);
        if (qVar != null) {
            qVar.wR();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void a(int i, String str, String str2, q qVar) {
        Activity sV = dg.sU().sV();
        if (sV == null) {
            if (qVar != null) {
                qVar.wR();
                return;
            }
            return;
        }
        com.tencent.qqmail.qmui.dialog.a amL = new com.tencent.qqmail.qmui.dialog.f(sV).p(str2 + "服务器证书来自不可信任的授权中心，是否信任并继续").a(R.string.af, new k()).c(new QMUIDialogAction(sV, "查看证书详情", new h(sV, str))).c(new QMUIDialogAction(sV, 0, "继续", 0, 2, new j(i, str2, qVar))).amL();
        amL.setCanceledOnTouchOutside(false);
        amL.setOnDismissListener(new l(i, qVar));
        amL.show();
        moai.d.a.ag(new double[0]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void a(b bVar, X509Certificate[] x509CertificateArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            sb.append(i).append(" X509Certificate:\n");
            sb.append("S:").append(x509CertificateArr[i].getSubjectDN().getName()).append("\nI:").append(x509CertificateArr[i].getIssuerX500Principal()).append("\nNot Before:").append(x509CertificateArr[i].getNotBefore()).append("\nNot After:").append(x509CertificateArr[i].getNotAfter()).append("\nSerial Number:").append(x509CertificateArr[i].getSerialNumber());
        }
        QMLog.log(4, "SafeSSLStrategy", "host:" + bVar.cWH + "\n" + sb.toString());
    }

    private static void a(String str, String str2, List<String> list, boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append("key:").append(str);
        sb.append(",address:").append(str2);
        sb.append(",names:");
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(Constants.ACCEPT_TIME_SEPARATOR_SP);
        }
        sb.append(",result:").append(z);
        QMLog.log(4, "SafeSSLStrategy", sb.toString());
    }

    private static void a(String str, SSLSession sSLSession) {
        Certificate[] certificateArr;
        StringBuilder sb = new StringBuilder();
        sb.append("time:").append(new Date()).append(",host:").append(str).append(",verify cers:");
        try {
            certificateArr = sSLSession.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            certificateArr = null;
        }
        if (certificateArr != null) {
            for (Certificate certificate : certificateArr) {
                sb.append(certificate).append("\n\n");
            }
        }
        sb.append("\nnetwork wifi:").append(QMNetworkUtils.auR()).append(",mobile:").append(QMNetworkUtils.auT()).append(",airplane:").append(QMNetworkUtils.aG(QMApplicationContext.sharedInstance()));
        QMLog.log(3, "SafeSSLStrategy", sb.toString());
    }

    private boolean a(int i, X509Certificate x509Certificate, CertificateException certificateException) throws CertificateException {
        if (com.tencent.qqmail.utilities.a.aoo()) {
            if (new Date().getTime() - oj.ZI().abA() > 600000) {
                oj.ZI().abz();
                cb.azK().a("安全提示", "服务器证书来自不可信任的授权中心", BuildConfig.FLAVOR, PendingIntent.getActivity(QMApplicationContext.sharedInstance(), 0, LaunchWebPush.sN(), SQLiteDatabase.CREATE_IF_NECESSARY));
                moai.d.a.E(new double[0]);
            }
            com.tencent.qqmail.utilities.ac.g.qP("unconfirmed_certificate").putString(new StringBuilder().append(i).toString(), c(x509Certificate)).apply();
            com.tencent.qqmail.utilities.ac.g.qP("unconfirmed_host").putString(new StringBuilder().append(i).toString(), this.cWH).apply();
            if (certificateException != null) {
                throw new CertificateException("QMCertificateException", certificateException);
            }
            return false;
        }
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        if (ox(i)) {
            QMLog.log(4, "SafeSSLStrategy", "waitToAskIfTrust id:" + i + ", err:" + certificateException);
            c.h.aT(c.h.aJn()).a(c.a.b.a.aJx()).c(new d(this, x509Certificate, i)).a(com.tencent.qqmail.utilities.af.b.ayP()).a(new c(this, i, atomicBoolean)).aJp();
        }
        Object obj = cWJ.get(Integer.valueOf(i));
        synchronized (obj) {
            if (!atomicBoolean.get()) {
                com.tencent.qqmail.utilities.af.f.aQ(obj);
            }
        }
        if (ow(i)) {
            return true;
        }
        QMLog.log(4, "SafeSSLStrategy", "id:" + i + ", throw err");
        if (certificateException != null) {
            throw new CertificateException("QMCertificateException", certificateException);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean a(X509Certificate x509Certificate, CertificateException certificateException) throws CertificateException {
        if (x509Certificate != null) {
            if (!a(x509Certificate)) {
                return a(b(x509Certificate), x509Certificate, certificateException);
            }
        } else if (!qs(this.cWH)) {
            return a(qt(this.cWH), (X509Certificate) null, certificateException);
        }
        return true;
    }

    public static synchronized void awr() {
        synchronized (b.class) {
            HashMap hashMap = new HashMap(com.tencent.qqmail.utilities.ac.g.qO("unconfirmed_certificate").getAll());
            HashMap hashMap2 = new HashMap(com.tencent.qqmail.utilities.ac.g.qO("unconfirmed_host").getAll());
            com.tencent.qqmail.utilities.ac.g.qP("unconfirmed_certificate").clear().apply();
            com.tencent.qqmail.utilities.ac.g.qP("unconfirmed_host").clear().apply();
            Set keySet = hashMap.keySet();
            new StringBuilder("unconfirmedCertificate ids size:").append(keySet.size());
            c.h.b(500L, TimeUnit.MILLISECONDS).a(c.a.b.a.aJx()).c(new g(keySet)).b(new f(hashMap, hashMap2)).aJp();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ X509Certificate b(b bVar, X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return null;
        }
        return x509CertificateArr[0];
    }

    private boolean b(String str, SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            QMLog.log(3, "SafeSSLStrategy", "appVerify certificates len:" + peerCertificates.length);
            return verify(str, (X509Certificate) peerCertificates[0]);
        } catch (SSLException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String c(X509Certificate x509Certificate) {
        StringBuilder sb = new StringBuilder();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy/MM/dd");
        sb.append("颁发给：").append(qu(x509Certificate.getSubjectX500Principal().getName())).append("\n颁发者：").append(qu(x509Certificate.getIssuerX500Principal().getName())).append("\n有效期：").append(simpleDateFormat.format(x509Certificate.getNotBefore())).append("至").append(simpleDateFormat.format(x509Certificate.getNotAfter())).append("\n证书指纹：\n").append(d(x509Certificate)).append("\n");
        return sb.toString();
    }

    private static String d(X509Certificate x509Certificate) {
        int i = 0;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            char[] encodeHex = com.tencent.qqmail.utilities.ad.b.encodeHex(messageDigest.digest());
            if (encodeHex == null || encodeHex.length == 0) {
                return BuildConfig.FLAVOR;
            }
            char[] cArr = new char[(encodeHex.length + (encodeHex.length / 2)) - 1];
            int i2 = 0;
            while (i2 < encodeHex.length) {
                cArr[i] = encodeHex[i2];
                if (i2 % 2 == 1 && (i = i + 1) < cArr.length) {
                    cArr[i] = ' ';
                }
                i2++;
                i++;
            }
            return new String(cArr).toUpperCase();
        } catch (Throwable th) {
            return BuildConfig.FLAVOR;
        }
    }

    private static List<String> getSubjectAltNames(X509Certificate x509Certificate, int i) {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() >= 2 && (num = (Integer) list.get(0)) != null && num.intValue() == i && (str = (String) list.get(1)) != null) {
                    arrayList.add(str);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean ow(int i) {
        return com.tencent.qqmail.utilities.ac.g.qO("trusted_certificate").getBoolean(new StringBuilder().append(i).toString(), false);
    }

    private static synchronized boolean ox(int i) {
        boolean z;
        synchronized (b.class) {
            z = !cWJ.containsKey(Integer.valueOf(i));
            if (z) {
                cWJ.put(Integer.valueOf(i), new Object());
            }
        }
        return z;
    }

    private static String qu(String str) {
        if (TextUtils.isEmpty(str)) {
            return str;
        }
        int indexOf = str.indexOf("CN=") + 3;
        int indexOf2 = str.indexOf(Constants.ACCEPT_TIME_SEPARATOR_SP, indexOf);
        if (indexOf2 == -1) {
            indexOf2 = str.length();
        }
        return str.substring(indexOf, indexOf2);
    }

    private boolean verify(String str, X509Certificate x509Certificate) {
        try {
            Method declaredMethod = InetAddress.class.getDeclaredMethod("isNumeric", String.class);
            declaredMethod.setAccessible(true);
            boolean booleanValue = ((Boolean) declaredMethod.invoke(null, str)).booleanValue();
            QMLog.log(3, "SafeSSLStrategy", "verify host:" + str + Constants.ACCEPT_TIME_SEPARATOR_SP + booleanValue);
            return booleanValue ? verifyIpAddress(str, x509Certificate) : verifyHostName(str, x509Certificate);
        } catch (IllegalAccessException e) {
            QMLog.log(5, "SafeSSLStrategy", "verify host fail IllegalAccessException:" + e.toString());
            return false;
        } catch (NoSuchMethodException e2) {
            QMLog.log(5, "SafeSSLStrategy", "verify host fail NoSuchMethodException:" + e2.toString());
            return false;
        } catch (InvocationTargetException e3) {
            QMLog.log(5, "SafeSSLStrategy", "verify host fail InvocationTargetException:" + e3.toString());
            return false;
        }
    }

    private boolean verifyHostName(String str, X509Certificate x509Certificate) {
        boolean z;
        String lowerCase = str.toLowerCase(Locale.US);
        List<String> subjectAltNames = getSubjectAltNames(x509Certificate, 2);
        boolean z2 = false;
        for (String str2 : subjectAltNames) {
            if (lowerCase == null || lowerCase.isEmpty() || str2 == null || str2.isEmpty()) {
                z = false;
            } else {
                String lowerCase2 = str2.toLowerCase(Locale.US);
                if (!lowerCase2.contains("*")) {
                    z = lowerCase.equals(lowerCase2);
                } else if (lowerCase2.startsWith("*.") && lowerCase.equals(lowerCase2.substring(2))) {
                    z = true;
                } else {
                    int indexOf = lowerCase2.indexOf(42);
                    if (indexOf > lowerCase2.indexOf(46)) {
                        z = false;
                    } else if (lowerCase.regionMatches(0, lowerCase2, 0, indexOf)) {
                        int length = lowerCase2.length() - (indexOf + 1);
                        int length2 = lowerCase.length() - length;
                        z = (lowerCase.indexOf(46, indexOf) >= length2 || lowerCase.endsWith(".clients.google.com")) ? lowerCase.regionMatches(length2, lowerCase2, indexOf + 1, length) : false;
                    } else {
                        z = false;
                    }
                }
            }
            z2 = z ? true : z2;
        }
        a("verifyHostName", lowerCase, subjectAltNames, z2);
        return z2;
    }

    private boolean verifyIpAddress(String str, X509Certificate x509Certificate) {
        boolean z = false;
        List<String> subjectAltNames = getSubjectAltNames(x509Certificate, 7);
        Iterator<String> it = subjectAltNames.iterator();
        while (true) {
            boolean z2 = z;
            if (!it.hasNext()) {
                a("verifyIpAddress", str, subjectAltNames, z2);
                return z2;
            }
            z = str.equalsIgnoreCase(it.next()) ? true : z2;
        }
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a
    final SSLSocketFactory awq() {
        try {
            return new m(this).getSocketFactory();
        } catch (Exception e) {
            QMLog.log(5, "SafeSSLStrategy", "getWrappedFactory exception" + e.toString());
            return (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(String str, int i) throws IOException {
        return super.createSocket(str, i);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return super.createSocket(str, i, inetAddress, i2);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return super.createSocket(inetAddress, i);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return super.createSocket(inetAddress, i, inetAddress2, i2);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        return super.createSocket(socket, str, i, z);
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ String[] getDefaultCipherSuites() {
        return super.getDefaultCipherSuites();
    }

    @Override // com.tencent.qqmail.utilities.qmnetwork.b.a, com.tencent.qqmail.feature.FeatureSSLSocketFactory
    public final /* bridge */ /* synthetic */ String[] getSupportedCipherSuites() {
        return super.getSupportedCipherSuites();
    }

    @Override // javax.net.ssl.HostnameVerifier
    public final boolean verify(String str, SSLSession sSLSession) {
        boolean verify = HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
        new StringBuilder("verify by DefaultHostnameVerifier: ").append(verify);
        if (verify) {
            return verify;
        }
        a(str, sSLSession);
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            return a((peerCertificates == null || peerCertificates.length <= 0 || peerCertificates[0] == null) ? null : (X509Certificate) peerCertificates[0], (CertificateException) null);
        } catch (Exception e) {
            boolean b2 = b(str, sSLSession);
            QMLog.log(4, "SafeSSLStrategy", "appVerify:" + b2);
            return b2;
        }
    }
}
