package com.transsnet.palmpay.core.util;

import android.os.Build;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Log;
import com.transsnet.palmpay.core.base.BaseApplication;
import com.transsnet.palmpay.core.bean.HttpsCertificateConfig;
import com.transsnet.palmpay.teller.ui.activity.PalmPayOnlineAgentActivity;
import com.transsnet.palmpay.util.CloseUtils;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.URLDecoder;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.TlsVersion;

/* compiled from: HttpsUtils.java */
/* loaded from: classes3.dex */
public class h {

    /* compiled from: HttpsUtils.java */
    /* loaded from: classes3.dex */
    public static class a implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        public X509TrustManager f12357a;

        public a(X509TrustManager x509TrustManager) throws NoSuchAlgorithmException, KeyStoreException {
            this.f12357a = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.f12357a.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e10) {
                e10.toString();
                synchronized (h.class) {
                    if ((Looper.getMainLooper() != Looper.myLooper() && (TextUtils.isEmpty(ye.b.g().q()) || ye.b.g().f30588a.getLong("key_server_certification_check_time_v2", 0L) + PalmPayOnlineAgentActivity.TIME_RANGE_1_DAY <= System.currentTimeMillis())) ? com.transsnet.palmpay.core.task.a.a(BaseApplication.get().getHttpClient()) : false) {
                        TrustManager[] e11 = h.e((InputStream[]) ((ArrayList) h.b()).toArray(new InputStream[0]));
                        if (h.a(e11) != null) {
                            this.f12357a = h.a(e11);
                        }
                    }
                    if (!TextUtils.isEmpty(ye.b.g().q())) {
                        X509TrustManager x509TrustManager = this.f12357a;
                        if (x509TrustManager != null) {
                            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                            return;
                        }
                        return;
                    }
                    try {
                        X509TrustManager x509TrustManager2 = this.f12357a;
                        if (x509TrustManager2 != null) {
                            x509TrustManager2.checkServerTrusted(x509CertificateArr, str);
                        }
                    } catch (GeneralSecurityException e12) {
                        e12.printStackTrace();
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* compiled from: HttpsUtils.java */
    /* loaded from: classes3.dex */
    public static class b {

        /* renamed from: a, reason: collision with root package name */
        public SSLSocketFactory f12358a;

        /* renamed from: b, reason: collision with root package name */
        public X509TrustManager f12359b;
    }

    /* compiled from: HttpsUtils.java */
    /* loaded from: classes3.dex */
    public static class c implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static X509TrustManager a(TrustManager[] trustManagerArr) {
        if (trustManagerArr != null && trustManagerArr.length > 0) {
            for (TrustManager trustManager : trustManagerArr) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
        }
        return null;
    }

    public static List<InputStream> b() {
        HttpsCertificateConfig httpsCertificateConfig;
        List<HttpsCertificateConfig.DataBean> list;
        ArrayList arrayList = new ArrayList();
        String q10 = ye.b.g().q();
        if (!TextUtils.isEmpty(q10) && (httpsCertificateConfig = (HttpsCertificateConfig) rf.k.b().a(q10, HttpsCertificateConfig.class)) != null && (list = httpsCertificateConfig.certificates) != null && !list.isEmpty()) {
            try {
                long currentTimeMillis = System.currentTimeMillis();
                for (HttpsCertificateConfig.DataBean dataBean : httpsCertificateConfig.certificates) {
                    try {
                        if (!TextUtils.isEmpty(dataBean.certificate) && dataBean.start <= currentTimeMillis && dataBean.end >= currentTimeMillis) {
                            String decode = URLDecoder.decode(dataBean.certificate, "UTF-8");
                            if (!TextUtils.isEmpty(decode) && d(decode)) {
                                arrayList.add(new ByteArrayInputStream(decode.getBytes()));
                            }
                        }
                    } catch (Exception unused) {
                    }
                }
            } catch (Exception e10) {
                Log.e("HttpsUtils", "getCertificates: ", e10);
            }
        }
        return arrayList;
    }

    public static b c(InputStream... inputStreamArr) {
        SSLContext sSLContext;
        b bVar = new b();
        try {
            try {
                TrustManager[] e10 = e(inputStreamArr);
                try {
                    sSLContext = Build.VERSION.SDK_INT >= 29 ? SSLContext.getInstance(TlsVersion.TLS_1_3.javaName()) : SSLContext.getInstance(TlsVersion.TLS_1_2.javaName());
                } catch (NoSuchAlgorithmException e11) {
                    SSLContext sSLContext2 = SSLContext.getInstance(TlsVersion.TLS_1_2.javaName());
                    Log.e("HttpsUtils", "getSslSocketFactory: ", e11);
                    sSLContext = sSLContext2;
                }
                X509TrustManager aVar = e10 != null ? new a(a(e10)) : new c();
                sSLContext.init(null, new TrustManager[]{aVar}, null);
                bVar.f12358a = sSLContext.getSocketFactory();
                bVar.f12359b = aVar;
                return bVar;
            } catch (NoSuchAlgorithmException e12) {
                Log.e("HttpsUtils", "getSslSocketFactory1: ", e12);
                return null;
            }
        } catch (KeyManagementException e13) {
            Log.e("HttpsUtils", "getSslSocketFactory2: ", e13);
            return null;
        } catch (KeyStoreException e14) {
            Log.e("HttpsUtils", "getSslSocketFactory3: ", e14);
            return null;
        }
    }

    public static boolean d(String str) {
        boolean z10;
        if (TextUtils.isEmpty(str)) {
            return false;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        try {
            javax.security.cert.X509Certificate x509Certificate = javax.security.cert.X509Certificate.getInstance(byteArrayInputStream);
            Objects.toString(x509Certificate.getNotBefore());
            Objects.toString(x509Certificate.getNotAfter());
            x509Certificate.checkValidity();
            z10 = true;
        } catch (Exception e10) {
            g0.a.a(e10, c.g.a("isValidCertificate: "), "HttpsUtils");
            z10 = false;
        }
        CloseUtils.closeIO(byteArrayInputStream);
        return z10;
    }

    public static TrustManager[] e(InputStream... inputStreamArr) {
        if (inputStreamArr != null && inputStreamArr.length > 0) {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null);
                int length = inputStreamArr.length;
                int i10 = 0;
                int i11 = 0;
                while (i10 < length) {
                    int i12 = i11 + 1;
                    try {
                        keyStore.setCertificateEntry(Integer.toString(i11), certificateFactory.generateCertificate(inputStreamArr[i10]));
                    } catch (Exception e10) {
                        Log.e("HttpsUtils", "prepareTrustManager0: ", e10);
                    }
                    i10++;
                    i11 = i12;
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return trustManagerFactory.getTrustManagers();
            } catch (KeyStoreException e11) {
                Log.e("HttpsUtils", "prepareTrustManager3: ", e11);
            } catch (NoSuchAlgorithmException e12) {
                Log.e("HttpsUtils", "prepareTrustManager1: ", e12);
            } catch (CertificateException e13) {
                Log.e("HttpsUtils", "prepareTrustManager2: ", e13);
            } catch (Exception e14) {
                Log.e("HttpsUtils", "prepareTrustManager4: ", e14);
            }
        }
        return null;
    }
}
