package ctrip.android.network.sslpinning.pinning;

import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import com.meituan.robust.ChangeQuickRedirect;
import com.meituan.robust.PatchProxy;
import com.meituan.robust.PatchProxyResult;
import com.tencent.matrix.trace.core.AppMethodBeat;
import ctrip.android.basebusiness.env.Env;
import ctrip.android.network.sslpinning.configuration.PublicKeyPin;
import ctrip.android.service.mobileconfig.CtripMobileConfigManager;
import ctrip.business.imageloader.util.WebpSupportUtils;
import ctrip.foundation.storage.CTKVStorage;
import ctrip.foundation.util.LogUtil;
import ctrip.foundation.util.StringUtil;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Interceptor;
import org.jivesoftware.smack.sm.packet.StreamManagement;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public class OkHttp3Helper {
    private static final String KVDomain = "SSLPinKVConfig";
    private static HashSet<String> balckList;
    private static HashSet<String> blackUrlList;
    public static ChangeQuickRedirect changeQuickRedirect;
    private static boolean enableSSLPinning;
    private static Set<PublicKeyPin> publicKeyPins;
    private static X509TrustManager trustManager;

    static {
        AppMethodBeat.i(51834);
        enableSSLPinning = true;
        balckList = new HashSet<>();
        blackUrlList = new HashSet<>(Arrays.asList("18088/GetAppConfig.json"));
        trustManager = new OkHttpRootTrustManager();
        publicKeyPins = new HashSet(Arrays.asList(new PublicKeyPin("2P5DNxKj470aMBycYc8iJI7l5cireUAkhhutWDAVD50="), new PublicKeyPin("MIKoeatlSqVA3aCIrE0/JYoP9vF4XSCTPHy+c9vAsKk="), new PublicKeyPin("r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="), new PublicKeyPin("yGXit7PiC9Rd09CnzD6sZen8QtAZXZuTwCThuvpRke8="), new PublicKeyPin("cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="), new PublicKeyPin("hETpgVvaLC0bvcGG3t0cuqiHvr4XyP2MTwCiqhgRWwU=")));
        AppMethodBeat.o(51834);
    }

    private static boolean disableSSLPinningFromConfig() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], null, changeQuickRedirect, true, 11126, new Class[0], Boolean.TYPE);
        if (proxy.isSupported) {
            return ((Boolean) proxy.result).booleanValue();
        }
        AppMethodBeat.i(51808);
        boolean z = CTKVStorage.getInstance().getBoolean(KVDomain, "disable_ssl_pinning", false);
        AppMethodBeat.o(51808);
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<PublicKeyPin> getDefaultPublicKeyPins() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], null, changeQuickRedirect, true, 11121, new Class[0], Set.class);
        if (proxy.isSupported) {
            return (Set) proxy.result;
        }
        AppMethodBeat.i(51725);
        if (publicKeyPins == null) {
            publicKeyPins = new HashSet(Arrays.asList(new PublicKeyPin("2P5DNxKj470aMBycYc8iJI7l5cireUAkhhutWDAVD50="), new PublicKeyPin("MIKoeatlSqVA3aCIrE0/JYoP9vF4XSCTPHy+c9vAsKk="), new PublicKeyPin("r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="), new PublicKeyPin("yGXit7PiC9Rd09CnzD6sZen8QtAZXZuTwCThuvpRke8="), new PublicKeyPin("cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="), new PublicKeyPin("hETpgVvaLC0bvcGG3t0cuqiHvr4XyP2MTwCiqhgRWwU=")));
        }
        Set<PublicKeyPin> set = publicKeyPins;
        AppMethodBeat.o(51725);
        return set;
    }

    @NonNull
    @RequiresApi(api = 17)
    public static Interceptor getPinningInterceptor() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], null, changeQuickRedirect, true, 11120, new Class[0], Interceptor.class);
        if (proxy.isSupported) {
            return (Interceptor) proxy.result;
        }
        AppMethodBeat.i(51707);
        OkHttp3PinningInterceptor okHttp3PinningInterceptor = new OkHttp3PinningInterceptor((OkHttpRootTrustManager) trustManager);
        AppMethodBeat.o(51707);
        return okHttp3PinningInterceptor;
    }

    @NonNull
    public static SSLSocketFactory getSSLSocketFactory() {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], null, changeQuickRedirect, true, 11119, new Class[0], SSLSocketFactory.class);
        if (proxy.isSupported) {
            return (SSLSocketFactory) proxy.result;
        }
        AppMethodBeat.i(51699);
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new X509TrustManager[]{trustManager}, null);
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            AppMethodBeat.o(51699);
            return socketFactory;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            e.printStackTrace();
            IllegalStateException illegalStateException = new IllegalStateException("SSLSocketFactory creation failed");
            AppMethodBeat.o(51699);
            throw illegalStateException;
        }
    }

    @NonNull
    public static X509TrustManager getTrustManager() {
        return trustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isEnableSSLPinning() {
        boolean z = false;
        PatchProxyResult proxy = PatchProxy.proxy(new Object[0], null, changeQuickRedirect, true, 11124, new Class[0], Boolean.TYPE);
        if (proxy.isSupported) {
            return ((Boolean) proxy.result).booleanValue();
        }
        AppMethodBeat.i(51781);
        try {
            CtripMobileConfigManager.CtripMobileConfigModel mobileConfigModelByCategory = CtripMobileConfigManager.getMobileConfigModelByCategory("SSLPinningConfig");
            if (mobileConfigModelByCategory != null && mobileConfigModelByCategory.configJSON() != null) {
                JSONObject configJSON = mobileConfigModelByCategory.configJSON();
                enableSSLPinning = configJSON.optBoolean(StreamManagement.Enable.ELEMENT, true);
                JSONArray optJSONArray = configJSON.optJSONArray("blackList");
                JSONArray optJSONArray2 = configJSON.optJSONArray("androidBlackUrlList");
                if (optJSONArray != null) {
                    for (int i = 0; i < optJSONArray.length(); i++) {
                        String optString = optJSONArray.optString(i);
                        if (StringUtil.isNotEmpty(optString)) {
                            balckList.add(optString);
                        }
                    }
                }
                if (optJSONArray2 != null && optJSONArray2.length() > 0) {
                    for (int i2 = 0; i2 < optJSONArray2.length(); i2++) {
                        String optString2 = optJSONArray2.optString(i2);
                        if (optString2 != null && StringUtil.isNotEmpty(optString2.trim())) {
                            blackUrlList.add(optString2.trim());
                        }
                    }
                }
            }
        } catch (Exception e) {
            LogUtil.e("OkHttp3Helper", "isEnableSSLPinning exception", e);
        }
        if (enableSSLPinning && Env.isProductEnv() && !disableSSLPinningFromConfig()) {
            z = true;
        }
        AppMethodBeat.o(51781);
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isInBlackList(String str) {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{str}, null, changeQuickRedirect, true, 11123, new Class[]{String.class}, Boolean.TYPE);
        if (proxy.isSupported) {
            return ((Boolean) proxy.result).booleanValue();
        }
        AppMethodBeat.i(51747);
        if (TextUtils.isEmpty(str) || balckList.isEmpty()) {
            AppMethodBeat.o(51747);
            return false;
        }
        boolean contains = balckList.contains(str);
        AppMethodBeat.o(51747);
        return contains;
    }

    public static boolean isInBlackUrlList(String str) {
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{str}, null, changeQuickRedirect, true, 11125, new Class[]{String.class}, Boolean.TYPE);
        if (proxy.isSupported) {
            return ((Boolean) proxy.result).booleanValue();
        }
        AppMethodBeat.i(51801);
        if (TextUtils.isEmpty(str) || blackUrlList.isEmpty()) {
            AppMethodBeat.o(51801);
            return false;
        }
        try {
            Iterator<String> it = blackUrlList.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (!TextUtils.isEmpty(next) && str.contains(next)) {
                    AppMethodBeat.o(51801);
                    return true;
                }
            }
        } catch (Exception unused) {
        }
        AppMethodBeat.o(51801);
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean needCertificateCheck(@NonNull String str) {
        boolean z = true;
        PatchProxyResult proxy = PatchProxy.proxy(new Object[]{str}, null, changeQuickRedirect, true, 11122, new Class[]{String.class}, Boolean.TYPE);
        if (proxy.isSupported) {
            return ((Boolean) proxy.result).booleanValue();
        }
        AppMethodBeat.i(51740);
        if (!str.endsWith(".ctrip.com") && !str.endsWith(".ctrip.cn") && !str.endsWith(".ctripcorp.com") && !str.endsWith(".tieyou.com") && !str.endsWith(".hhtravel.com") && !str.endsWith(WebpSupportUtils.WEBP_URL_KEY2_TAIL) && !str.endsWith(".ctripbuy.hk") && !str.endsWith(".trip.com") && !str.endsWith(".ctrip.net") && !str.endsWith(".suanya.com") && !str.endsWith(".suanya.cn")) {
            z = false;
        }
        AppMethodBeat.o(51740);
        return z;
    }
}
