package util;

import com.bd.android.connect.BDHashing;
import com.google.android.gms.cast.CastStatusCodes;
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
public class GDataTrustManager {
    private static final long TIMEOUT = 2000;
    private static String CERT_TYPE_SHA256 = "SHA256";
    private static String CERT_TYPE_SHA1 = BDHashing.SHA1;
    static ArrayList<String> VERIFIED_DOMAINS = new ArrayList<>(Arrays.asList("gdcloud.de", "gdatasecurity.de", "-mobile-comchan.gdatasoftware.com", "gdatasoftware.com"));
    static ArrayList<String> ALWAYS_TRUSTED = new ArrayList<>(Arrays.asList("akamai.net", "gdataupdate-a.akamaihd.net", "akamaihd.net"));
    private static int IS_VALID = 2000;
    private static int PROTOCOL_ERROR = 2001;
    private static int URL_ERROR = 2002;
    private static int ENCODING_ERROR = 2003;
    private static int IO_ERROR = 2004;
    private static int CERT_ERROR = 2005;
    private static int KEY_ERROR = CastStatusCodes.MESSAGE_TOO_LARGE;
    private static int NO_METHOD_FOUND_ERROR = CastStatusCodes.MESSAGE_SEND_BUFFER_TOO_FULL;
    private static int CERT_ERROR_EXPIRED = 2008;
    private static int CERT_ERROR_NOT_TRUSTED = 2005;
    private static boolean isDebugMode = false;
    private boolean verfiedByTrustManager = false;
    private boolean verfiedByHost = false;
    private String certInfoDomain = "";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class GHostnameVerifier implements HostnameVerifier {
        public String hostName = "";

        GHostnameVerifier() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            this.hostName = str;
            boolean validateHost = GDataTrustManager.this.validateHost(this.hostName);
            GDataTrustManager.this.verfiedByHost = true;
            return validateHost;
        }
    }

    /* loaded from: classes2.dex */
    public static class ServerValidationResult {
        private String reason;
        private int responseCode;
        private Exception triggeredException;

        public ServerValidationResult(int i, String str) {
            this.responseCode = 0;
            this.reason = "";
            this.responseCode = i;
            this.reason = str;
        }

        public ServerValidationResult(int i, String str, Exception exc) {
            this.responseCode = 0;
            this.reason = "";
            this.responseCode = i;
            this.reason = str;
            this.triggeredException = exc;
        }

        public String getReason() {
            return this.reason;
        }

        public int getResponseCode() {
            return this.responseCode;
        }

        public Exception getTriggeredException() {
            return this.triggeredException;
        }

        public boolean isInvalid() {
            return getResponseCode() != GDataTrustManager.IS_VALID;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x008f A[ADDED_TO_REGION] */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00a1  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private util.GDataTrustManager.ServerValidationResult checkHttpsConnection(javax.net.ssl.HttpsURLConnection r19) {
        /*
            Method dump skipped, instructions count: 399
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: util.GDataTrustManager.checkHttpsConnection(javax.net.ssl.HttpsURLConnection):util.GDataTrustManager$ServerValidationResult");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkValidity(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (CertificateExpiredException e) {
            return false;
        } catch (CertificateNotYetValidException e2) {
            return false;
        }
    }

    private String extractDomain(String str) {
        String[] split = str.split("\\.");
        return (split == null || split.length <= 2) ? "" : split[split.length - 2] + "." + split[split.length - 1];
    }

    private X509Certificate findRootCert(List<X509Certificate> list) {
        for (X509Certificate x509Certificate : list) {
            X509Certificate findSigner = findSigner(x509Certificate, list);
            if (findSigner == null || findSigner.equals(x509Certificate)) {
                return x509Certificate;
            }
        }
        return null;
    }

    private X509Certificate findSignedCert(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN()) && !x509Certificate2.equals(x509Certificate)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private X509Certificate findSigner(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private boolean hostIsAlwaysTrusted(String str) {
        return ALWAYS_TRUSTED.contains(extractDomain(str)) || ALWAYS_TRUSTED.contains(str);
    }

    private GTrustManager initTrustManager(final String str, ServerValidationResult serverValidationResult) {
        return new GTrustManager(serverValidationResult) { // from class: util.GDataTrustManager.1
            @Override // util.GTrustManager, javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
            }

            @Override // util.GTrustManager, javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                X509Certificate x509Certificate = GDataTrustManager.this.reorderCertificateChain(x509CertificateArr)[0];
                String str3 = "";
                GDataTrustManager.this.certInfoDomain = x509Certificate.getSubjectX500Principal().getName();
                if (!GDataTrustManager.this.checkValidity(x509Certificate)) {
                    this.validationResult = new ServerValidationResult(GDataTrustManager.CERT_ERROR_EXPIRED, "Certificate isn`t valid anymore or not yet", new CertificateException("Certificate isn`t valid anymore or not yet"));
                }
                try {
                    if (x509Certificate.getSigAlgName().contains(GDataTrustManager.CERT_TYPE_SHA1)) {
                        str3 = ThumbPrint.get(x509Certificate).toLowerCase();
                    } else if (x509Certificate.getSigAlgName().contains(GDataTrustManager.CERT_TYPE_SHA256)) {
                        str3 = ThumbPrint.getSha256(x509Certificate).toLowerCase();
                    }
                    if (!ThumbPrint.verifyCert(str3)) {
                        this.validationResult = new ServerValidationResult(GDataTrustManager.CERT_ERROR_NOT_TRUSTED, "Invalid host - fingerprint wrong  " + str3 + " - " + str, new CertificateException("Invalid host - fingerprint wrong " + str3 + " - " + str));
                    }
                } catch (NoSuchAlgorithmException e) {
                    this.validationResult = new ServerValidationResult(GDataTrustManager.NO_METHOD_FOUND_ERROR, "Unverified certificate", new CertificateException("Unverified certificate"));
                }
                GDataTrustManager.this.verfiedByTrustManager = true;
            }

            @Override // util.GTrustManager, javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
    }

    private void printResultIssue(URL url, ServerValidationResult serverValidationResult) {
        if (serverValidationResult.isInvalid() && isDebugMode) {
            System.out.println("GDATA TrustManager connection response:  " + url.toString() + " - responseCode: " + serverValidationResult.getResponseCode() + " - " + serverValidationResult.getReason() + " " + (serverValidationResult.getTriggeredException() != null ? serverValidationResult.getTriggeredException().getMessage() : " - no exception"));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509Certificate[] reorderCertificateChain(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        int length = x509CertificateArr.length - 1;
        X509Certificate findRootCert = findRootCert(asList);
        x509CertificateArr2[length] = findRootCert;
        X509Certificate x509Certificate = findRootCert;
        while (true) {
            x509Certificate = findSignedCert(x509Certificate, asList);
            if (x509Certificate == null || length <= 0) {
                break;
            }
            length--;
            x509CertificateArr2[length] = x509Certificate;
        }
        return x509CertificateArr2;
    }

    public static void setIsDebugMode(boolean z) {
        isDebugMode = z;
    }

    private SSLContext setSSLContextForConnection(HttpsURLConnection httpsURLConnection, TrustManager trustManager) throws NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException, KeyStoreException, KeyManagementException {
        KeyManagerFactory keyManagerFactory;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        try {
            keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        } catch (NoSuchAlgorithmException e) {
            keyManagerFactory = KeyManagerFactory.getInstance("X509");
        }
        keyManagerFactory.init(keyStore, null);
        KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
        TrustManagerFactory.getInstance("X509").init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagers, new TrustManager[]{trustManager}, null);
        if (sSLContext != null) {
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        }
        return sSLContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean validateHost(String str) {
        boolean z = false;
        String extractDomain = extractDomain(str);
        if (extractDomain != null && extractDomain.length() > 2 && (this.certInfoDomain.contains(extractDomain) || VERIFIED_DOMAINS.contains(extractDomain) || hostIsAlwaysTrusted(str) || ThumbPrint.verifyDomain(extractDomain))) {
            z = true;
        }
        if (z || !ThumbPrint.verifyDomain(str)) {
            return z;
        }
        return true;
    }

    public static ServerValidationResult verifyHttpsConnection(HttpsURLConnection httpsURLConnection) {
        return new GDataTrustManager().checkHttpsConnection(httpsURLConnection);
    }
}
