package jp.co.eighting.plugin;

import android.annotation.SuppressLint;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jp.co.eighting.plugin.util.Base64;
import jp.co.eighting.plugin.util.LogMng;

/* loaded from: classes.dex */
public class WebAccess {
    static final String defaultHostName = "*";
    static Map<String, a> mParamMap = new HashMap();
    static ArrayList<byte[]> mSSLPublicKeyList = new ArrayList<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class a {
        public byte[][] a;
        public boolean b;

        a(byte[][] bArr, boolean z) {
            this.a = (byte[][]) null;
            this.b = false;
            this.a = bArr;
            this.b = z;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class b implements X509TrustManager {
        Map<String, a> a;
        Map<String, X509Certificate[]> b;

        b(Map<String, a> map) {
            this.a = null;
            this.b = null;
            this.a = new HashMap(map);
            this.b = new HashMap();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            a aVar;
            if (x509CertificateArr == null) {
                LogMng.logDebug("X509Certificate array is null");
                throw new CertificateException("checkServerTrusted: X509Certificate array is null");
            }
            if (x509CertificateArr.length <= 0) {
                LogMng.logDebug("X509Certificate is empty");
                throw new CertificateException("checkServerTrusted: X509Certificate is empty");
            }
            try {
                try {
                    PublicKey publicKey = x509CertificateArr[0].getPublicKey();
                    if (publicKey == null) {
                        LogMng.logDebug("Can not get PublicKey: " + str);
                        throw new CertificateException("Can not get PublicKey: " + str);
                    }
                    String name = x509CertificateArr[0].getSubjectX500Principal().getName("CANONICAL");
                    String[] split = name.split("cn=");
                    boolean z = true;
                    if (1 >= split.length) {
                        throw new CertificateException("checkServerTrusted: Not found CN " + name);
                    }
                    String str2 = split[1].split(",")[0];
                    if (this.b.containsKey(str2) && Arrays.deepEquals(x509CertificateArr, this.b.get(str2))) {
                        LogMng.logDebug("Verify Cache OK " + str2);
                        return;
                    }
                    if (this.a.containsKey(str2)) {
                        aVar = this.a.get(str2);
                    } else {
                        if (!this.a.containsKey(WebAccess.defaultHostName)) {
                            throw new CertificateException("checkServerTrusted: Not found CN " + str2);
                        }
                        aVar = this.a.get(WebAccess.defaultHostName);
                    }
                    if (!aVar.b) {
                        try {
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                            trustManagerFactory.init((KeyStore) null);
                            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                            }
                        } catch (Exception e) {
                            LogMng.logDebug(e.getMessage());
                            throw new CertificateException(e);
                        }
                    }
                    if (aVar.a != null && aVar.a.length != 0) {
                        int i = 0;
                        while (true) {
                            if (i >= aVar.a.length) {
                                z = false;
                                break;
                            } else {
                                if (Arrays.equals(publicKey.getEncoded(), aVar.a[i])) {
                                    LogMng.logDebug("Verify Index: " + i);
                                    break;
                                }
                                i++;
                            }
                        }
                        if (!z) {
                            LogMng.logDebug("Expected public key (Server): " + Base64.encode(publicKey.getEncoded()));
                            for (int i2 = 0; i2 < aVar.a.length; i2++) {
                                LogMng.logDebug("Expected public key (" + i2 + "): " + Base64.encode(aVar.a[i2]));
                            }
                            throw new CertificateException("checkServerTrusted: Expected public key");
                        }
                        this.b.put(str2, x509CertificateArr);
                        LogMng.logDebug("Verify OK " + str2);
                    }
                    LogMng.logDebug("Skip verify PublicKey " + str2);
                    this.b.put(str2, x509CertificateArr);
                    LogMng.logDebug("Verify OK " + str2);
                } catch (Exception e2) {
                    LogMng.logDebug(e2.getMessage());
                    throw new CertificateException(e2);
                }
            } catch (CertificateException e3) {
                throw e3;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    @SuppressLint({"TrulyRandom"})
    private static void _setupFix(boolean z) {
        if (z) {
            if (!mParamMap.containsKey(defaultHostName)) {
                mParamMap.put(defaultHostName, new a((byte[][]) null, false));
            }
        } else if (mParamMap.size() == 0) {
            return;
        }
        TrustManager[] trustManagerArr = {new b(mParamMap)};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (Exception e) {
            LogMng.logDebug(e.getMessage());
        }
        mParamMap.clear();
    }

    public static void addVerifySSL(String str, byte[] bArr, boolean z) {
        if (bArr == null || bArr.length == 0) {
            mParamMap.put(str, new a((byte[][]) null, z));
        } else {
            mParamMap.put(str, new a(new byte[][]{bArr}, z));
        }
    }

    public static void addVerifySSLKey_add(byte[] bArr) {
        mSSLPublicKeyList.add(bArr);
    }

    public static void addVerifySSLKey_fix(String str, boolean z) {
        int size = mSSLPublicKeyList.size();
        byte[][] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr[i] = mSSLPublicKeyList.get(i);
        }
        mParamMap.put(str, new a(bArr, z));
    }

    public static void addVerifySSLKey_start() {
        mSSLPublicKeyList.clear();
    }

    protected static PublicKey getPublicKeyFromPEM(String str) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes())).getPublicKey();
        } catch (CertificateException e) {
            LogMng.logDebug(e.getMessage());
            return null;
        }
    }

    public static void initialize() {
        mParamMap.clear();
    }

    public static void setupFix() {
        _setupFix(true);
    }

    public static void setupFix_NoDefault() {
        _setupFix(false);
    }
}
