package com.pax.gl.commhelper.impl;

import android.os.Build;
import com.pax.gl.commhelper.ISslKeyStore;
import defpackage.gh;
import java.net.Socket;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public final class CommSslSocketFactoryExt extends SSLSocketFactory {
    public static final String b = CommSslSocketFactoryExt.class.getSimpleName();
    public SSLContext a;

    /* loaded from: classes2.dex */
    public class EasyX509TrustManager implements X509TrustManager {
        public X509TrustManager a;

        public EasyX509TrustManager(KeyStore keyStore) {
            this.a = null;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 0) {
                throw new NoSuchAlgorithmException("no trust manager found");
            }
            this.a = (X509TrustManager) trustManagers[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            GLCommDebug.a(CommSslSocketFactoryExt.b, "call checkClientTrusted");
            this.a.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                String str2 = CommSslSocketFactoryExt.b;
                GLCommDebug.a(str2, "standard trust manager verify");
                this.a.checkServerTrusted(x509CertificateArr, str);
                GLCommDebug.a(str2, "standard trust manager verify success");
            } catch (CertificateException unused) {
                String str3 = CommSslSocketFactoryExt.b;
                GLCommDebug.b(str3, "standard trust manager verify fail, try self verify...");
                X509Certificate[] acceptedIssuers = this.a.getAcceptedIssuers();
                if (acceptedIssuers == null || acceptedIssuers.length == 0) {
                    GLCommDebug.b(str3, "no client certificates!");
                    throw new CertificateException();
                }
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    GLCommDebug.b(str3, "no server certificates!");
                    throw new CertificateException();
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + acceptedIssuers.length];
                GLCommDebug.a(str3, "clientCertificates length = " + acceptedIssuers.length);
                GLCommDebug.a(str3, "server certificates length = " + x509CertificateArr.length);
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
                System.arraycopy(acceptedIssuers, 0, x509CertificateArr2, x509CertificateArr.length, acceptedIssuers.length);
                CommSslSocketFactoryExt.this.getClass();
                if (!CommSslSocketFactoryExt.b(x509CertificateArr2)) {
                    CommSslSocketFactoryExt.this.getClass();
                    CommSslSocketFactoryExt.c(x509CertificateArr2);
                    CommSslSocketFactoryExt.this.getClass();
                    if (!CommSslSocketFactoryExt.b(x509CertificateArr2)) {
                        throw new CertificateException();
                    }
                }
                GLCommDebug.a(str3, "self verify success");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            GLCommDebug.a(CommSslSocketFactoryExt.b, "getAcceptedIssuers");
            return this.a.getAcceptedIssuers();
        }
    }

    public CommSslSocketFactoryExt(ISslKeyStore iSslKeyStore) {
        super(iSslKeyStore != null ? iSslKeyStore.getKeyStore() : null, iSslKeyStore != null ? iSslKeyStore.getKeyStorePassword() : null, iSslKeyStore != null ? iSslKeyStore.getTrustStore() : null);
        boolean z;
        TrustManager[] trustManagerArr;
        KeyStore keyStore;
        this.a = SSLContext.getInstance("TLS");
        if (iSslKeyStore == null) {
            GLCommDebug.b(b, "ssl keyStore is null, assuming trust all!");
            this.a.init(null, new TrustManager[]{new gh()}, null);
            return;
        }
        KeyStore keyStore2 = iSslKeyStore.getKeyStore();
        KeyStore trustStore = iSslKeyStore.getTrustStore();
        if (iSslKeyStore.getTrustCertificateChain() != null && iSslKeyStore.getTrustCertificateChain().length > 0) {
            String str = b;
            GLCommDebug.a(str, "use puk certchain");
            Certificate[] trustCertificateChain = iSslKeyStore.getTrustCertificateChain();
            if (trustCertificateChain == null || trustCertificateChain.length == 0) {
                GLCommDebug.b(str, "no certificate, return null ");
                trustStore = null;
            } else {
                GLCommDebug.a(str, "verify Input CertChain, certInputStreams length = " + trustCertificateChain.length);
                if (b(trustCertificateChain)) {
                    GLCommDebug.a(str, "#verify Input CertChain success");
                    Certificate certificate = trustCertificateChain[0];
                    keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry("trust", certificate);
                } else {
                    c(trustCertificateChain);
                    if (!b(trustCertificateChain)) {
                        GLCommDebug.c(str, "verify Input CertChain fail");
                        throw new CertificateException();
                    }
                    GLCommDebug.a(str, "##verify Input CertChain success");
                    Certificate certificate2 = trustCertificateChain[0];
                    keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry("trust", certificate2);
                }
                trustStore = keyStore;
            }
        }
        if (keyStore2 == null && trustStore == null) {
            GLCommDebug.b(b, "key store && trust store are null, assuming trust all!");
            this.a.init(null, new TrustManager[]{new gh()}, null);
            return;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        if (keyStore2 != null) {
            GLCommDebug.a(b, "get key manager - server verify client");
            keyManagerFactory.init(iSslKeyStore.getKeyStore(), iSslKeyStore.getKeyStorePassword() != null ? iSslKeyStore.getKeyStorePassword().toCharArray() : null);
            z = true;
        } else {
            z = false;
        }
        SSLContext sSLContext = this.a;
        KeyManager[] keyManagers = z ? keyManagerFactory.getKeyManagers() : null;
        if (trustStore == null) {
            GLCommDebug.b(b, "trustStore == null");
            trustManagerArr = null;
        } else {
            String str2 = b;
            GLCommDebug.a(str2, "get trust manager - client verify server");
            int i = Build.VERSION.SDK_INT;
            GLCommDebug.a(str2, "current api version=" + i);
            if (i < 24) {
                GLCommDebug.a(str2, "api version < 24 - get trust manager from cert");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                trustManagerFactory.init(trustStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } else {
                GLCommDebug.b(str2, "api version >= 24, get trust manager from EasyX509TrustManager");
                trustManagerArr = new TrustManager[]{new EasyX509TrustManager(trustStore)};
            }
        }
        sSLContext.init(keyManagers, trustManagerArr, null);
    }

    public static boolean a(Certificate certificate, Certificate certificate2) {
        try {
            ((X509Certificate) certificate).checkValidity();
            ((X509Certificate) certificate2).checkValidity();
            certificate.verify(certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            return false;
        } catch (SignatureException e4) {
            e4.printStackTrace();
            return false;
        } catch (CertificateException e5) {
            e5.printStackTrace();
            return false;
        }
    }

    public static boolean b(Certificate[] certificateArr) {
        GLCommDebug.a(b, "verifyCertChain...");
        if (certificateArr.length == 1) {
            return true;
        }
        int i = 0;
        while (i < certificateArr.length - 1) {
            String str = b;
            StringBuilder sb = new StringBuilder("[verify ");
            sb.append(i);
            sb.append(" and ");
            int i2 = i + 1;
            sb.append(i2);
            sb.append("]");
            GLCommDebug.a(str, sb.toString());
            if (!a((X509Certificate) certificateArr[i], (X509Certificate) certificateArr[i2])) {
                GLCommDebug.c(str, "verify fail");
                return false;
            }
            i = i2;
        }
        return true;
    }

    public static void c(Certificate[] certificateArr) {
        GLCommDebug.a(b, "resort cert chain");
        int length = certificateArr.length;
        int i = 0;
        while (true) {
            int i2 = length - 1;
            if (i >= i2) {
                return;
            }
            int i3 = 0;
            while (i3 < i2 - i) {
                int i4 = i3 + 1;
                if (!a(certificateArr[i3], certificateArr[i4])) {
                    Certificate certificate = certificateArr[i3];
                    certificateArr[i3] = certificateArr[i4];
                    certificateArr[i4] = certificate;
                }
                i3 = i4;
            }
            i++;
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public final Socket createSocket() {
        int i = Build.VERSION.SDK_INT;
        GLCommDebug.b(b, "current api version=" + i);
        return this.a.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public final Socket createSocket(Socket socket, String str, int i, boolean z) {
        int i2 = Build.VERSION.SDK_INT;
        GLCommDebug.b(b, "current api version=" + i2);
        return this.a.getSocketFactory().createSocket(socket, str, i, z);
    }
}
