package com.kxb;

import android.content.Context;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* loaded from: classes2.dex */
public class HttpsCertificateVerifyHelper {
    private static SSLSocketFactory sslSocketFactory;
    private static X509TrustManager trustManager;

    /* JADX INFO: Access modifiers changed from: private */
    public static InputStream getAssetFileInputStream(Context context, String str) {
        try {
            return context.getAssets().open(str);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static void initSSLSocketFactoryAndX509TrustManager() {
        try {
            trustManager = new X509TrustManager() { // from class: com.kxb.HttpsCertificateVerifyHelper.2
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
            sslSocketFactory = sSLContext.getSocketFactory();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static void initSSLSocketFactoryAndX509TrustManager(final Context context, final String str) {
        try {
            trustManager = new X509TrustManager() { // from class: com.kxb.HttpsCertificateVerifyHelper.4
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                        throw new CertificateException("checkServerTrusted: X509Certificate array is null");
                    }
                    if (str2 == null || !str2.equals("ECDHE_RSA")) {
                        throw new CertificateException("checkServerTrusted: AuthType is not ECDHE_RSA");
                    }
                    try {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                        trustManagerFactory.init((KeyStore) null);
                        for (TrustManager trustManager2 : trustManagerFactory.getTrustManagers()) {
                            ((X509TrustManager) trustManager2).checkServerTrusted(x509CertificateArr, str2);
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                        try {
                            InputStream assetFileInputStream = HttpsCertificateVerifyHelper.getAssetFileInputStream(context, str);
                            try {
                                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(assetFileInputStream);
                                String bigInteger = new BigInteger(1, x509Certificate.getPublicKey().getEncoded()).toString(16);
                                String name = x509Certificate.getSubjectDN().getName();
                                String name2 = x509Certificate.getIssuerDN().getName();
                                if (assetFileInputStream != null) {
                                    assetFileInputStream.close();
                                }
                                X509Certificate x509Certificate2 = x509CertificateArr[0];
                                if (!bigInteger.equals(new BigInteger(1, x509Certificate2.getPublicKey().getEncoded()).toString(16))) {
                                    throw new CertificateException("server's PublicKey is not equals to client's PublicKey");
                                }
                                if (!name.equals(x509Certificate2.getSubjectDN().getName())) {
                                    throw new CertificateException("server's SubjectDN is not equals to client's SubjectDN");
                                }
                                if (!name2.equals(x509Certificate2.getIssuerDN().getName())) {
                                    throw new CertificateException("server's IssuerDN is not equals to client's IssuerDN");
                                }
                            } finally {
                            }
                        } catch (Exception e2) {
                            e2.printStackTrace();
                            throw new CertificateException(e2);
                        }
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
            sslSocketFactory = sSLContext.getSocketFactory();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static OkHttpClient.Builder trustAllCertificate(OkHttpClient.Builder builder) {
        initSSLSocketFactoryAndX509TrustManager();
        builder.sslSocketFactory(sslSocketFactory, trustManager).hostnameVerifier(new HostnameVerifier() { // from class: com.kxb.HttpsCertificateVerifyHelper.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
        return builder;
    }

    public static OkHttpClient.Builder trustSpecificCertificate(OkHttpClient.Builder builder, Context context, String str) {
        initSSLSocketFactoryAndX509TrustManager(context, str);
        builder.sslSocketFactory(sslSocketFactory, trustManager).hostnameVerifier(new HostnameVerifier() { // from class: com.kxb.HttpsCertificateVerifyHelper.3
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str2, SSLSession sSLSession) {
                return true;
            }
        });
        return builder;
    }
}
