package defpackage;

import android.util.Log;
import com.tencent.mm.compatible.util.SpecilApiUtil;
import com.tencent.wework.common.utils.WwNetworkUtils;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: SafeSSLStrategy.java */
/* loaded from: classes7.dex */
public class chk extends chi {
    private static final Map<Integer, Object> dFg = new ConcurrentHashMap();

    private X509Certificate a(Certificate[] certificateArr) {
        if (certificateArr == null || certificateArr.length <= 0 || certificateArr[0] == null) {
            return null;
        }
        return (X509Certificate) certificateArr[0];
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509Certificate a(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return null;
        }
        return x509CertificateArr[0];
    }

    private static List<String> a(X509Certificate x509Certificate, int i) {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() >= 2 && (num = (Integer) list.get(0)) != null && num.intValue() == i && (str = (String) list.get(1)) != null) {
                    arrayList.add(str);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    private void a(String str, String str2, List<String> list, boolean z) {
        StringBuilder sb = new StringBuilder();
        sb.append("key:").append(str);
        sb.append(",address:").append(str2);
        sb.append(",names:");
        Iterator<String> it2 = list.iterator();
        while (it2.hasNext()) {
            sb.append(it2.next()).append(",");
        }
        sb.append(",result:").append(z);
        cns.log(4, "SafeSSLStrategy", sb.toString());
    }

    private void a(String str, SSLSession sSLSession) {
        Certificate[] certificateArr;
        StringBuilder sb = new StringBuilder();
        sb.append("time:").append(new Date()).append(",host:").append(str).append(",verify cers:");
        try {
            certificateArr = sSLSession.getPeerCertificates();
        } catch (SSLPeerUnverifiedException e) {
            certificateArr = null;
        }
        if (certificateArr != null) {
            for (Certificate certificate : certificateArr) {
                sb.append(certificate).append("\n\n");
            }
        }
        sb.append(SpecilApiUtil.LINE_SEP).append("network wifi:").append(WwNetworkUtils.aAP()).append(",mobile:").append(WwNetworkUtils.aBN()).append(",airplane:").append(WwNetworkUtils.cG(cnx.cqU));
        cns.log(3, "SafeSSLStrategy", sb.toString());
    }

    private boolean a(int i, X509Certificate x509Certificate, CertificateException certificateException) throws CertificateException {
        cns.log(4, "SafeSSLStrategy", "id:" + i + ", throw err");
        if (certificateException != null) {
            throw new CertificateException("WwCertificateException", certificateException);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean a(X509Certificate x509Certificate, CertificateException certificateException) throws CertificateException {
        if (x509Certificate != null) {
            if (!a(x509Certificate)) {
                return a(b(x509Certificate), x509Certificate, certificateException);
            }
        } else if (!lc(this.mHost)) {
            return a(ld(this.mHost), (X509Certificate) null, certificateException);
        }
        return true;
    }

    private boolean av(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return false;
        }
        String lowerCase = str2.toLowerCase(Locale.US);
        if (!lowerCase.contains("*")) {
            return str.equals(lowerCase);
        }
        if (lowerCase.startsWith("*.") && str.equals(lowerCase.substring(2))) {
            return true;
        }
        int indexOf = lowerCase.indexOf(42);
        if (indexOf > lowerCase.indexOf(46) || !str.regionMatches(0, lowerCase, 0, indexOf)) {
            return false;
        }
        int length = lowerCase.length() - (indexOf + 1);
        int length2 = str.length() - length;
        if (str.indexOf(46, indexOf) >= length2 || str.endsWith(".clients.google.com")) {
            return str.regionMatches(length2, lowerCase, indexOf + 1, length);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(X509Certificate[] x509CertificateArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            sb.append(i).append(" X509Certificate:\n");
            sb.append("S:").append(x509CertificateArr[i].getSubjectDN().getName()).append("\nI:").append(x509CertificateArr[i].getIssuerX500Principal()).append(SpecilApiUtil.LINE_SEP).append("Not Before:").append(x509CertificateArr[i].getNotBefore()).append("\nNot After:").append(x509CertificateArr[i].getNotAfter()).append(SpecilApiUtil.LINE_SEP).append("Serial Number:").append(x509CertificateArr[i].getSerialNumber());
        }
        cns.log(4, "SafeSSLStrategy", "host:" + this.mHost + SpecilApiUtil.LINE_SEP + sb.toString());
    }

    private boolean b(String str, X509Certificate x509Certificate) {
        boolean z = false;
        List<String> a = a(x509Certificate, 7);
        Iterator<String> it2 = a.iterator();
        while (true) {
            boolean z2 = z;
            if (!it2.hasNext()) {
                a("verifyIpAddress", str, a, z2);
                return z2;
            }
            z = str.equalsIgnoreCase(it2.next()) ? true : z2;
        }
    }

    private boolean b(String str, SSLSession sSLSession) {
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            cns.log(3, "SafeSSLStrategy", "appVerify certificates len:" + peerCertificates.length);
            return a(str, (X509Certificate) peerCertificates[0]);
        } catch (SSLException e) {
            return false;
        }
    }

    private boolean c(String str, X509Certificate x509Certificate) {
        String lowerCase = str.toLowerCase(Locale.US);
        List<String> a = a(x509Certificate, 2);
        boolean z = false;
        Iterator<String> it2 = a.iterator();
        while (true) {
            boolean z2 = z;
            if (!it2.hasNext()) {
                a("verifyHostName", lowerCase, a, z2);
                return z2;
            }
            z = av(lowerCase, it2.next()) ? true : z2;
        }
    }

    private SSLSocketFactory getSocketFactory() {
        SSLSocketFactory socketFactory;
        try {
            X509TrustManager avO = avO();
            if (avO == null) {
                socketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            } else {
                TrustManager[] trustManagerArr = {avO};
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                socketFactory = sSLContext.getSocketFactory();
            }
            return socketFactory;
        } catch (Exception e) {
            cns.b(5, "SafeSSLStrategy", "getSocketFactory failed", e);
            return (SSLSocketFactory) SSLSocketFactory.getDefault();
        }
    }

    public boolean a(String str, X509Certificate x509Certificate) {
        try {
            Method declaredMethod = InetAddress.class.getDeclaredMethod("isNumeric", String.class);
            declaredMethod.setAccessible(true);
            boolean booleanValue = ((Boolean) declaredMethod.invoke(null, str)).booleanValue();
            cns.log(3, "SafeSSLStrategy", "verify host:" + str + "," + booleanValue);
            return booleanValue ? b(str, x509Certificate) : c(str, x509Certificate);
        } catch (IllegalAccessException e) {
            cns.log(5, "SafeSSLStrategy", "verify host fail IllegalAccessException:" + e.toString());
            return false;
        } catch (NoSuchMethodException e2) {
            cns.log(5, "SafeSSLStrategy", "verify host fail NoSuchMethodException:" + e2.toString());
            return false;
        } catch (InvocationTargetException e3) {
            cns.log(5, "SafeSSLStrategy", "verify host fail InvocationTargetException:" + e3.toString());
            return false;
        }
    }

    @Override // defpackage.chi
    SSLSocketFactory avM() {
        try {
            SSLSocketFactory socketFactory = getSocketFactory();
            if (socketFactory != null) {
                return socketFactory;
            }
        } catch (Exception e) {
            cns.log(5, "SafeSSLStrategy", "getWrappedFactory exception" + e.toString());
        }
        return (SSLSocketFactory) SSLSocketFactory.getDefault();
    }

    @Override // defpackage.chi
    X509TrustManager avN() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            Log.d("SafeSSLStrategy", "trustManagers.length=" + trustManagers.length + ", className=" + trustManagers[0].getClass().getName());
            final X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
            cns.log(4, "SafeSSLStrategy", "createX509TrustManager done!");
            return new X509TrustManager() { // from class: chk.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    try {
                        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                    } catch (CertificateException e) {
                        chk.this.b(x509CertificateArr);
                        chk.this.a(chk.this.a(x509CertificateArr), e);
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    try {
                        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                    } catch (CertificateException e) {
                        chk.this.b(x509CertificateArr);
                        chk.this.a(chk.this.a(x509CertificateArr), e);
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return x509TrustManager.getAcceptedIssuers();
                }
            };
        } catch (Exception e) {
            cns.b(5, "SafeSSLStrategy", "createX509TrustManager failed!", e);
            return null;
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        boolean verify = HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
        if (verify) {
            return verify;
        }
        a(str, sSLSession);
        try {
            return a(a(sSLSession.getPeerCertificates()), (CertificateException) null);
        } catch (Exception e) {
            boolean b = b(str, sSLSession);
            cns.log(4, "SafeSSLStrategy", "appVerify:" + b);
            return b;
        }
    }
}
