package com.ty.baselibrary.utils;

import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class HttpsUtils {
    private static final int MIN_MODULUS = 1024;
    private static final String[] OID_BLACKLIST = {"1.2.840.113549.1.1.4"};
    private static TrustManagerFactory trustManagerFactory;
    private Context context;
    private String keyStoreType;
    private int keystoreResId;

    private HttpsUtils() {
    }

    public HttpsUtils(Context context, String str, int i) {
        this.context = context.getApplicationContext();
        this.keyStoreType = str;
        this.keystoreResId = i;
    }

    public static final void check(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            checkCert(x509Certificate);
        }
    }

    private static final void checkCert(X509Certificate x509Certificate) throws CertificateException {
        checkModulusLength(x509Certificate);
        checkNotMD5(x509Certificate);
    }

    private static final void checkModulusLength(X509Certificate x509Certificate) throws CertificateException {
        PublicKey publicKey = x509Certificate.getPublicKey();
        if ((publicKey instanceof RSAPublicKey) && ((RSAPublicKey) publicKey).getModulus().bitLength() < 1024) {
            throw new CertificateException("Modulus is < 1024 bits");
        }
    }

    private static final void checkNotMD5(X509Certificate x509Certificate) throws CertificateException {
        String sigAlgOID = x509Certificate.getSigAlgOID();
        for (String str : OID_BLACKLIST) {
            if (sigAlgOID.equals(str)) {
                throw new CertificateException("Signature uses an insecure hash function");
            }
        }
    }

    private TrustManagerFactory getTrustManagerFactory() {
        TrustManagerFactory trustManagerFactory2 = trustManagerFactory;
        if (trustManagerFactory2 != null) {
            return trustManagerFactory2;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream openRawResource = this.context.getResources().openRawResource(this.keystoreResId);
            Certificate generateCertificate = certificateFactory.generateCertificate(openRawResource);
            openRawResource.close();
            String str = this.keyStoreType;
            if (str == null || str.length() == 0) {
                this.keyStoreType = KeyStore.getDefaultType();
            }
            KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", generateCertificate);
            TrustManagerFactory trustManagerFactory3 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory3.init(keyStore);
            trustManagerFactory = trustManagerFactory3;
            return trustManagerFactory3;
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            return null;
        } catch (CertificateException e4) {
            e4.printStackTrace();
            return null;
        }
    }

    public static void handleSSLHandshake() {
        try {
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.ty.baselibrary.utils.HttpsUtils.2
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: com.ty.baselibrary.utils.HttpsUtils.3
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            });
        } catch (Exception unused) {
        }
    }

    public static boolean verifyHost(String str, SSLSession sSLSession) {
        L.i("Host", str);
        if ("Host".equals(str)) {
            return true;
        }
        return HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
    }

    public SSLSocketFactory getSSLSocketFactory_Certificate() {
        try {
            getTrustManagerFactory();
            TrustManager[] wrappedTrustManagers = trustManagerFactory != null ? getWrappedTrustManagers() : null;
            SSLContext sSLContext = SSLContext.getInstance("TLSv1", "AndroidOpenSSL");
            sSLContext.init(null, wrappedTrustManagers, null);
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    public TrustManager[] getWrappedTrustManagers() {
        final X509TrustManager x509TrustManager = (X509TrustManager) getTrustManagerFactory().getTrustManagers()[0];
        return new TrustManager[]{new X509TrustManager() { // from class: com.ty.baselibrary.utils.HttpsUtils.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                try {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                } catch (CertificateException e) {
                    e.printStackTrace();
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
                    throw new CertificateException();
                }
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    x509Certificate.checkValidity();
                }
                HttpsUtils.check(x509CertificateArr);
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return x509TrustManager.getAcceptedIssuers();
            }
        }};
    }
}
