package com.nationsky.bmccommon.http;

import android.content.Context;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.nationsky.bmccommon.utils.Log;
import com.nationsky.bmccommon.utils.LogFactory;
import com.nationsky.bmccommon.utils.LogTag;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public class SSLUtils {
    private static final String BKS_FILE_NAME = "nsky.bks";
    private static final String BKS_KEY_PASS = "nq2012";
    private static final boolean LOG_ENABLED = false;
    private static final int SSL_HANDSHAKE_TIMEOUT = 30000;
    private static final Log log = LogFactory.getLog(SSLUtils.class);
    private static KeyStore mTrustStore;
    private static ExternalSecurityProviderInstaller sExternalSecurityProviderInstaller;
    private static javax.net.ssl.SSLSocketFactory sSecureFactory;

    /* loaded from: classes5.dex */
    public static abstract class ExternalSecurityProviderInstaller {
        public abstract void installIfNeeded(Context context);
    }

    /* loaded from: classes5.dex */
    public static class KeyChainKeyManager extends StubKeyManager {
        private final X509Certificate[] mCertificateChain;
        private final String mClientAlias;
        private final PrivateKey mPrivateKey;

        private KeyChainKeyManager(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
            super();
            this.mClientAlias = str;
            this.mCertificateChain = x509CertificateArr;
            this.mPrivateKey = privateKey;
        }

        public static KeyChainKeyManager fromAlias(Context context, String str) throws CertificateException {
            try {
                X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
                try {
                    PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
                    if (certificateChain == null || privateKey == null) {
                        throw new CertificateException("Can't access certificate from keystore");
                    }
                    return new KeyChainKeyManager(str, certificateChain, privateKey);
                } catch (KeyChainException e) {
                    logError(str, "private key", e);
                    throw new CertificateException(e);
                } catch (InterruptedException e2) {
                    logError(str, "private key", e2);
                    throw new CertificateException(e2);
                }
            } catch (KeyChainException e3) {
                logError(str, "certificate chain", e3);
                throw new CertificateException(e3);
            } catch (InterruptedException e4) {
                logError(str, "certificate chain", e4);
                throw new CertificateException(e4);
            }
        }

        private static void logError(String str, String str2, Exception exc) {
            SSLUtils.log.error(exc, LogTag.EMAIL_COMMON, "Unable to retrieve " + str2);
        }

        @Override // com.nationsky.bmccommon.http.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.mClientAlias;
        }

        @Override // com.nationsky.bmccommon.http.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.mCertificateChain;
        }

        @Override // com.nationsky.bmccommon.http.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.mPrivateKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public static class SameCertificateCheckingTrustManager implements X509TrustManager {
        private final Context mContext;
        private final HostAuth mHostAuth;
        private PublicKey mPublicKey;

        SameCertificateCheckingTrustManager(Context context, HostAuth hostAuth) {
            this.mContext = context;
            this.mHostAuth = hostAuth;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException("We don't check client certificates");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr.length == 0) {
                throw new CertificateException("No certificates?");
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (this.mHostAuth.mServerCert == null) {
                this.mHostAuth.mServerCert = x509Certificate.getEncoded();
                return;
            }
            if (this.mPublicKey == null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.mHostAuth.mServerCert);
                this.mPublicKey = CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream).getPublicKey();
                try {
                    byteArrayInputStream.close();
                } catch (IOException unused) {
                }
            }
            if (!this.mPublicKey.equals(x509Certificate.getPublicKey())) {
                throw new CertificateException("PublicKey has changed since initial connection!");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* loaded from: classes5.dex */
    private static abstract class StubKeyManager extends X509ExtendedKeyManager {
        private StubKeyManager() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket);

        @Override // javax.net.ssl.X509KeyManager
        public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract X509Certificate[] getCertificateChain(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract PrivateKey getPrivateKey(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: classes5.dex */
    public static class TrackingKeyManager extends StubKeyManager {
        private volatile long mLastTimeCertRequested;

        public TrackingKeyManager() {
            super();
            this.mLastTimeCertRequested = 0L;
        }

        @Override // com.nationsky.bmccommon.http.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            this.mLastTimeCertRequested = System.currentTimeMillis();
            return null;
        }

        @Override // com.nationsky.bmccommon.http.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return null;
        }

        public long getLastCertReqTime() {
            return this.mLastTimeCertRequested;
        }

        @Override // com.nationsky.bmccommon.http.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }
    }

    public static synchronized TrustManager[] createTrustManagers(Context context) {
        InputStream inputStream;
        synchronized (SSLUtils.class) {
            if (mTrustStore == null) {
                InputStream bKSStreamFromPackage = getBKSStreamFromPackage(context);
                if (bKSStreamFromPackage == null) {
                    try {
                        inputStream = context.getAssets().open(BKS_FILE_NAME);
                    } catch (IOException unused) {
                        inputStream = null;
                    }
                } else {
                    inputStream = bKSStreamFromPackage;
                }
                try {
                    if (inputStream == null) {
                        return null;
                    }
                    try {
                        try {
                            try {
                                try {
                                    KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                                    keyStore.load(null, null);
                                    KeyStore keyStore2 = KeyStore.getInstance("BKS");
                                    keyStore2.load(inputStream, BKS_KEY_PASS.toCharArray());
                                    Enumeration<String> aliases = keyStore.aliases();
                                    while (aliases.hasMoreElements()) {
                                        String nextElement = aliases.nextElement();
                                        keyStore2.setEntry(nextElement, keyStore.getEntry(nextElement, null), null);
                                    }
                                    mTrustStore = keyStore2;
                                } catch (NoSuchAlgorithmException e) {
                                    log.info(e, LogTag.BMC_COMMON, "");
                                }
                            } catch (IOException e2) {
                                log.info(e2, LogTag.BMC_COMMON, "");
                            } catch (UnrecoverableEntryException e3) {
                                log.info(e3, LogTag.BMC_COMMON, "");
                            }
                        } catch (CertificateException e4) {
                            log.info(e4, LogTag.BMC_COMMON, "");
                        }
                    } catch (KeyStoreException e5) {
                        log.info(e5, LogTag.BMC_COMMON, "");
                    }
                    try {
                        inputStream.close();
                    } catch (IOException unused2) {
                    }
                } catch (Throwable th) {
                    try {
                        inputStream.close();
                    } catch (IOException unused3) {
                    }
                    throw th;
                }
            }
            if (mTrustStore != null) {
                try {
                    try {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(mTrustStore);
                        return trustManagerFactory.getTrustManagers();
                    } catch (KeyStoreException e6) {
                        log.info(e6, LogTag.BMC_COMMON, "");
                    }
                } catch (NoSuchAlgorithmException e7) {
                    log.info(e7, LogTag.BMC_COMMON, "");
                }
            }
            return null;
        }
    }

    public static String escapeForSchemeName(String str) {
        String lowerCase = str.toLowerCase();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < lowerCase.length(); i++) {
            char charAt = lowerCase.charAt(i);
            if (isAsciiLetter(charAt) || isAsciiNumber(charAt) || '-' == charAt || '.' == charAt) {
                sb.append(charAt);
            } else if ('+' == charAt) {
                sb.append("++");
            } else {
                sb.append('+');
                sb.append((int) charAt);
            }
        }
        return sb.toString();
    }

    private static InputStream getBKSStreamFromPackage(Context context) {
        try {
            String str = context.getApplicationInfo().sourceDir;
            log.debug(LogTag.BMC_COMMON, "Extract bks file, package path:" + str);
            ZipFile zipFile = new ZipFile(str);
            ZipEntry entry = zipFile.getEntry("META-INF/nsky.bks");
            if (entry == null) {
                return null;
            }
            log.debug(LogTag.BMC_COMMON, "Found bks file from the package");
            return zipFile.getInputStream(entry);
        } catch (IOException e) {
            log.error(e, LogTag.BMC_COMMON, "");
            return null;
        }
    }

    public static SSLSocketFactory getHttpSocketFactory(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory(getSSLSocketFactory(context, hostAuth, keyManager, z));
        if (z) {
            sSLSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        }
        return sSLSocketFactory;
    }

    public static synchronized javax.net.ssl.SSLSocketFactory getSSLSocketFactory(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        KeyManager[] keyManagerArr;
        synchronized (SSLUtils.class) {
            if (sExternalSecurityProviderInstaller != null) {
                sExternalSecurityProviderInstaller.installIfNeeded(context);
            }
            if (keyManager == null) {
                keyManagerArr = null;
            } else {
                try {
                    keyManagerArr = new KeyManager[]{keyManager};
                } catch (KeyManagementException e) {
                    log.fatal(e, LogTag.EMAIL_COMMON, "Unable to acquire SSLSocketFactory");
                    return null;
                } catch (NoSuchAlgorithmException e2) {
                    log.fatal(e2, LogTag.EMAIL_COMMON, "Unable to acquire SSLSocketFactory");
                    return null;
                }
            }
            if (z) {
                return (SSLSocketFactoryWrapper) SSLSocketFactoryWrapper.getInsecure(keyManagerArr, new TrustManager[]{new SameCertificateCheckingTrustManager(context, hostAuth)}, 30000);
            }
            if (sSecureFactory == null) {
                sSecureFactory = (SSLSocketFactoryWrapper) SSLSocketFactoryWrapper.getDefault(keyManagerArr, createTrustManagers(context), 30000);
            }
            return sSecureFactory;
        }
    }

    public static synchronized KeyStore getTrustStore(Context context) {
        synchronized (SSLUtils.class) {
            InputStream bKSStreamFromPackage = getBKSStreamFromPackage(context);
            if (bKSStreamFromPackage == null) {
                try {
                    bKSStreamFromPackage = context.getAssets().open(BKS_FILE_NAME);
                } catch (IOException unused) {
                    bKSStreamFromPackage = null;
                }
            }
            try {
                if (bKSStreamFromPackage == null) {
                    return null;
                }
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                        keyStore.load(null, null);
                        KeyStore keyStore2 = KeyStore.getInstance("BKS");
                        keyStore2.load(bKSStreamFromPackage, BKS_KEY_PASS.toCharArray());
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            keyStore2.setEntry(nextElement, keyStore.getEntry(nextElement, null), null);
                        }
                        try {
                            bKSStreamFromPackage.close();
                        } catch (IOException unused2) {
                        }
                        return keyStore2;
                    } catch (KeyStoreException e) {
                        log.info(e, LogTag.BMC_COMMON, "");
                        try {
                            bKSStreamFromPackage.close();
                        } catch (IOException unused3) {
                            return null;
                        }
                    } catch (CertificateException e2) {
                        log.info(e2, LogTag.BMC_COMMON, "");
                        bKSStreamFromPackage.close();
                    }
                } catch (IOException e3) {
                    log.info(e3, LogTag.BMC_COMMON, "");
                    bKSStreamFromPackage.close();
                } catch (NoSuchAlgorithmException e4) {
                    log.info(e4, LogTag.BMC_COMMON, "");
                    bKSStreamFromPackage.close();
                } catch (UnrecoverableEntryException e5) {
                    log.info(e5, LogTag.BMC_COMMON, "");
                    bKSStreamFromPackage.close();
                }
            } catch (Throwable th) {
                try {
                    bKSStreamFromPackage.close();
                } catch (IOException unused4) {
                }
                throw th;
            }
        }
    }

    private static boolean isAsciiLetter(char c) {
        return ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z');
    }

    private static boolean isAsciiNumber(char c) {
        return '0' <= c && c <= '9';
    }

    public static void setExternalSecurityProviderInstaller(ExternalSecurityProviderInstaller externalSecurityProviderInstaller) {
        sExternalSecurityProviderInstaller = externalSecurityProviderInstaller;
    }
}
