package com.xunmeng.basiccomponent.pnet.jni.struct;

import android.content.res.Resources;
import android.net.http.X509TrustManagerExtensions;
import android.text.TextUtils;
import com.pushsdk.a;
import com.xunmeng.core.ab.AbTest;
import com.xunmeng.core.log.L;
import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import nf.o;
import o10.l;
import of.b;
import okio.ByteString;

/* compiled from: Pdd */
/* loaded from: classes.dex */
public class PnetPlatform {
    private static final String TAG = "PnetPlatform";
    static final boolean isAndroidPlatform = isAndroid();
    private static X509TrustManager pnetTrustManager;

    /* compiled from: Pdd */
    /* loaded from: classes.dex */
    public static final class ProxyInfo {
        public static final int PROXY_TYPE_DIRECT = 0;
        public static final int PROXY_TYPE_HTTP = 1;
        public static final int PROXY_TYPE_HTTP_TUNNEL = 3;
        public static final int PROXY_TYPE_SOCKS = 2;
        public String host;
        public short port;
        public int type = 0;
    }

    /* compiled from: Pdd */
    /* loaded from: classes.dex */
    public static final class VerifyResult {
        public static final int VERIFY_CERT_CHAIN_SUCC = 1;
        public static final int VERIFY_CERT_PIN_SUCC = 2;
        public static final int VERIFY_FAIL = 0;
        public int code;
        public String errorMessage;
        public boolean showSystemRootCertificate;

        public VerifyResult(int i13, String str, boolean z13) {
            this.code = i13;
            this.errorMessage = str;
            this.showSystemRootCertificate = z13;
        }
    }

    public static TNetInfo GetNetInfo() {
        return o.d().e();
    }

    public static ProxyInfo GetProxyInfo(String str) {
        try {
        } catch (Throwable th3) {
            L.e2(3655, "GetProxyInfo t:" + th3);
        }
        if (TextUtils.isEmpty(str)) {
            L.e(3653);
            return null;
        }
        ProxySelector proxySelector = ProxySelector.getDefault();
        if (proxySelector == null) {
            L.w(3654);
            String property = System.getProperty("http.proxyHost");
            String property2 = System.getProperty("http.proxyPort");
            if (!TextUtils.isEmpty(property) && !TextUtils.isEmpty(property2)) {
                ProxyInfo proxyInfo = new ProxyInfo();
                proxyInfo.type = str.startsWith("http://") ? 1 : 3;
                proxyInfo.host = property;
                proxyInfo.port = Short.parseShort(property2);
                return proxyInfo;
            }
            return null;
        }
        List<Proxy> select = proxySelector.select(new URI(str));
        if (select != null && !select.isEmpty()) {
            ProxyInfo proxyInfo2 = new ProxyInfo();
            for (Proxy proxy : select) {
                if (proxy.type() == Proxy.Type.HTTP) {
                    proxyInfo2.type = str.startsWith("http://") ? 1 : 3;
                    proxyInfo2.host = ((InetSocketAddress) proxy.address()).getHostName();
                    proxyInfo2.port = (short) ((InetSocketAddress) proxy.address()).getPort();
                    return proxyInfo2;
                }
            }
            int i13 = 0;
            Proxy proxy2 = select.get(0);
            if (proxy2.type() != Proxy.Type.DIRECT) {
                i13 = proxy2.type() == Proxy.Type.HTTP ? 1 : 2;
            }
            proxyInfo2.type = i13;
            if (1 == i13 && !str.startsWith("http://")) {
                proxyInfo2.type = 3;
            }
            if (proxyInfo2.type != 0) {
                proxyInfo2.host = ((InetSocketAddress) proxy2.address()).getHostName();
                proxyInfo2.port = (short) ((InetSocketAddress) proxy2.address()).getPort();
            }
            return proxyInfo2;
        }
        return null;
    }

    public static VerifyResult VerifyCertChain(String str, ArrayList<byte[]> arrayList, ArrayList<String> arrayList2) {
        if (!isAndroidPlatform || AbTest.isTrue("ab_pnet_ignore_verify_cert_chain_61000", false)) {
            return new VerifyResult(1, a.f12064d, false);
        }
        if (TextUtils.isEmpty(str) || arrayList == null || arrayList.isEmpty()) {
            L.e(3863, str);
            return new VerifyResult(0, "params error", false);
        }
        boolean z13 = (arrayList2 == null || arrayList2.isEmpty()) ? false : true;
        X509TrustManager pnetTrustManager2 = getPnetTrustManager();
        if (pnetTrustManager2 == null) {
            return new VerifyResult(0, "trustManager null", false);
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            X509Certificate[] x509CertificateArr = new X509Certificate[arrayList.size()];
            Iterator<byte[]> it = arrayList.iterator();
            int i13 = 0;
            while (it.hasNext()) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(it.next());
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                safeClose(byteArrayInputStream);
                try {
                    L.v(3869, x509Certificate.getIssuerX500Principal().getName(), x509Certificate.getSubjectX500Principal().getName(), x509Certificate.getNotBefore().toString(), x509Certificate.getNotAfter().toString(), x509Certificate.getSigAlgName(), x509Certificate.getPublicKey().getAlgorithm());
                } catch (Throwable unused) {
                }
                x509Certificate.checkValidity();
                x509CertificateArr[i13] = x509Certificate;
                i13++;
            }
            if (!b.g().d(str, x509CertificateArr[0])) {
                L.e(3874, str, x509CertificateArr[0]);
                return new VerifyResult(0, "verify hostname fail", false);
            }
            try {
                List<X509Certificate> checkServerTrusted = new X509TrustManagerExtensions(pnetTrustManager2).checkServerTrusted(x509CertificateArr, "RSA", str);
                if (!z13) {
                    return new VerifyResult(1, a.f12064d, false);
                }
                ArrayList arrayList3 = new ArrayList(checkServerTrusted);
                if (!arrayList3.isEmpty()) {
                    return hitCertificatePinner(arrayList3, arrayList2) ? new VerifyResult(2, a.f12064d, false) : new VerifyResult(0, "certificate pinning failed", false);
                }
                L.e(3881);
                return new VerifyResult(0, "peerCertificate null or empty", false);
            } catch (Throwable th3) {
                String w13 = l.w(th3);
                boolean z14 = w13 != null && w13.contains("CertPathValidatorException");
                L.e(3876, w13, Boolean.valueOf(z14));
                return new VerifyResult(0, "checkServerTrusted throwable:" + w13, z14);
            }
        } catch (CertificateException e13) {
            return new VerifyResult(0, "CertificateException:" + e13.getMessage(), false);
        } catch (Throwable th4) {
            L.e(3872, l.w(th4));
            return new VerifyResult(0, "X509Certificate checkValidity throwable:" + l.w(th4), false);
        }
    }

    private static X509TrustManager getPnetTrustManager() {
        if (pnetTrustManager == null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length == 1) {
                    TrustManager trustManager = trustManagers[0];
                    if (trustManager instanceof X509TrustManager) {
                        pnetTrustManager = (X509TrustManager) trustManager;
                    }
                }
                L.e2(3655, "Unexpected default trust managers:" + Arrays.toString(trustManagers));
            } catch (Resources.NotFoundException e13) {
                L.e(3906, e13.getMessage());
            } catch (GeneralSecurityException e14) {
                L.e(3902, e14.getMessage());
            } catch (Throwable unused) {
            }
            return null;
        }
        return pnetTrustManager;
    }

    public static boolean hitCertificatePinner(List<Certificate> list, ArrayList<String> arrayList) {
        boolean z13;
        try {
            z13 = false;
            for (int size = list.size() - 1; size >= 0; size--) {
                try {
                    Certificate certificate = list.get(size);
                    if (certificate != null) {
                        String sha256 = sha256((X509Certificate) certificate);
                        String sha1 = sha1((X509Certificate) certificate);
                        Iterator<String> it = arrayList.iterator();
                        while (it.hasNext()) {
                            String next = it.next();
                            if (!TextUtils.isEmpty(next)) {
                                if (next.startsWith("sha256/")) {
                                    if (sha256 != null && sha256.equalsIgnoreCase(next.substring(7))) {
                                        L.v(4041, sha256);
                                        z13 = true;
                                        break;
                                    }
                                } else if (next.startsWith("sha1/") && sha1 != null && sha1.equalsIgnoreCase(next.substring(5))) {
                                    L.v(4047, sha1);
                                    z13 = true;
                                    break;
                                }
                            }
                        }
                        if (z13) {
                            break;
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    L.e(4050, l.w(th));
                    return z13;
                }
            }
        } catch (Throwable th4) {
            th = th4;
            z13 = false;
        }
        return z13;
    }

    private static boolean isAndroid() {
        return l.e("Dalvik", System.getProperty("java.vm.name"));
    }

    private static void safeClose(Closeable closeable) {
        try {
            closeable.close();
        } catch (Throwable th3) {
            L.e(3909, l.w(th3));
        }
    }

    private static String sha1(X509Certificate x509Certificate) {
        ByteString encodeUtf8;
        try {
            encodeUtf8 = ByteString.of(x509Certificate.getEncoded()).sha1();
        } catch (CertificateEncodingException unused) {
            encodeUtf8 = ByteString.encodeUtf8("sha1 CertificateEncodingException is occur");
        }
        return encodeUtf8 != null ? encodeUtf8.hex() : a.f12064d;
    }

    private static String sha256(X509Certificate x509Certificate) {
        ByteString encodeUtf8;
        try {
            encodeUtf8 = ByteString.of(x509Certificate.getEncoded()).sha256();
        } catch (CertificateEncodingException unused) {
            encodeUtf8 = ByteString.encodeUtf8("sha256 CertificateEncodingException is occur");
        }
        return encodeUtf8 != null ? encodeUtf8.hex() : a.f12064d;
    }
}
