package com.pax.gl.commhelper.impl;

import android.content.Context;
import android.os.Build;
import com.pax.gl.commhelper.IHttpResponse;
import com.pax.gl.commhelper.IHttpsURLConnection;
import com.pax.gl.commhelper.ISslKeyStore;
import com.pax.gl.commhelper.exception.CommException;
import java.io.IOException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
class CommHttpsURLConnection extends o implements IHttpsURLConnection {
    private static final String TAG = "CommHttpsURLConnection";
    private ISslKeyStore bC;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes5.dex */
    public class EasyX509TrustManager implements X509TrustManager {
        private X509TrustManager bG;

        public EasyX509TrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
            this.bG = null;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 0) {
                throw new NoSuchAlgorithmException("no trust manager found");
            }
            this.bG = (X509TrustManager) trustManagers[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            GLCommDebug.b(CommHttpsURLConnection.TAG, "call checkClientTrusted");
            this.bG.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                GLCommDebug.b(CommHttpsURLConnection.TAG, "standard trust manager verify");
                this.bG.checkServerTrusted(x509CertificateArr, str);
                GLCommDebug.b(CommHttpsURLConnection.TAG, "standard trust manager verify success");
            } catch (CertificateException unused) {
                GLCommDebug.c(CommHttpsURLConnection.TAG, "standard trust manager verify fail, try self verify...");
                X509Certificate[] acceptedIssuers = this.bG.getAcceptedIssuers();
                if (acceptedIssuers == null || (acceptedIssuers != null && acceptedIssuers.length == 0)) {
                    GLCommDebug.c(CommHttpsURLConnection.TAG, "no client certificates!");
                    throw new CertificateException();
                }
                if (x509CertificateArr == null || (x509CertificateArr != null && x509CertificateArr.length == 0)) {
                    GLCommDebug.c(CommHttpsURLConnection.TAG, "no server certificates!");
                    throw new CertificateException();
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length + acceptedIssuers.length];
                GLCommDebug.b(CommHttpsURLConnection.TAG, "clientCertificates length = " + acceptedIssuers.length);
                GLCommDebug.b(CommHttpsURLConnection.TAG, "server certificates length = " + x509CertificateArr.length);
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
                System.arraycopy(acceptedIssuers, 0, x509CertificateArr2, x509CertificateArr.length, acceptedIssuers.length);
                if (!CommHttpsURLConnection.this.b(x509CertificateArr2)) {
                    CommHttpsURLConnection.this.c(x509CertificateArr2);
                    if (!CommHttpsURLConnection.this.b(x509CertificateArr2)) {
                        throw new CertificateException();
                    }
                }
                GLCommDebug.b(CommHttpsURLConnection.TAG, "self verify success");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            GLCommDebug.b(CommHttpsURLConnection.TAG, "getAcceptedIssuers");
            return this.bG.getAcceptedIssuers();
        }
    }

    public CommHttpsURLConnection(Context context, ISslKeyStore iSslKeyStore) {
        super(context);
        this.bC = iSslKeyStore;
    }

    private KeyStore a(Certificate certificate) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("trust", certificate);
        return keyStore;
    }

    private KeyStore a(Certificate[] certificateArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
        if (certificateArr == null || (certificateArr != null && certificateArr.length == 0)) {
            GLCommDebug.c(TAG, "no certificate, return null ");
            return null;
        }
        String str = TAG;
        GLCommDebug.b(str, "verify Input CertChain, certInputStreams length = " + certificateArr.length);
        if (b(certificateArr)) {
            GLCommDebug.b(str, "#verify Input CertChain success");
            return a(certificateArr[0]);
        }
        c(certificateArr);
        if (b(certificateArr)) {
            GLCommDebug.b(str, "##verify Input CertChain success");
            return a(certificateArr[0]);
        }
        GLCommDebug.d(str, "verify Input CertChain fail");
        throw new CertificateException();
    }

    private HttpsURLConnection a(String str) throws CommException {
        try {
            SSLSocketFactory a = a(this.bC);
            try {
                HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
                httpsURLConnection.setSSLSocketFactory(a);
                httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: com.pax.gl.commhelper.impl.CommHttpsURLConnection.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str2, SSLSession sSLSession) {
                        return str2.equals(sSLSession.getPeerHost());
                    }
                });
                return httpsURLConnection;
            } catch (IOException e) {
                e.printStackTrace();
                throw new CommException(8, e.getCause());
            }
        } catch (Exception e2) {
            throw new CommException(8, e2.getCause());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x00b5 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x00b0  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private javax.net.ssl.SSLSocketFactory a(com.pax.gl.commhelper.ISslKeyStore r8) {
        /*
            r7 = this;
            r0 = 0
            java.lang.String r1 = "TLS"
            javax.net.ssl.SSLContext r1 = javax.net.ssl.SSLContext.getInstance(r1)     // Catch: java.lang.Exception -> La9
            if (r8 != 0) goto L19
            java.lang.String r8 = com.pax.gl.commhelper.impl.CommHttpsURLConnection.TAG     // Catch: java.lang.Exception -> La7
            java.lang.String r2 = "SslKeyStore is null"
            com.pax.gl.commhelper.impl.GLCommDebug.d(r8, r2)     // Catch: java.lang.Exception -> La7
            javax.net.ssl.TrustManager[] r8 = r7.u()     // Catch: java.lang.Exception -> La7
            r1.init(r0, r8, r0)     // Catch: java.lang.Exception -> La7
            goto Lae
        L19:
            java.security.KeyStore r2 = r8.getKeyStore()     // Catch: java.lang.Exception -> La7
            java.security.KeyStore r3 = r8.getTrustStore()     // Catch: java.lang.Exception -> La7
            java.security.cert.Certificate[] r4 = r8.getTrustCertificateChain()     // Catch: java.lang.Exception -> La7
            if (r4 == 0) goto L3d
            java.security.cert.Certificate[] r4 = r8.getTrustCertificateChain()     // Catch: java.lang.Exception -> La7
            int r4 = r4.length     // Catch: java.lang.Exception -> La7
            if (r4 <= 0) goto L3d
            java.lang.String r3 = com.pax.gl.commhelper.impl.CommHttpsURLConnection.TAG     // Catch: java.lang.Exception -> La7
            java.lang.String r4 = "use puk certchain"
            com.pax.gl.commhelper.impl.GLCommDebug.b(r3, r4)     // Catch: java.lang.Exception -> La7
            java.security.cert.Certificate[] r3 = r8.getTrustCertificateChain()     // Catch: java.lang.Exception -> La7
            java.security.KeyStore r3 = r7.a(r3)     // Catch: java.lang.Exception -> La7
        L3d:
            if (r2 != 0) goto L5f
            if (r3 != 0) goto L50
            java.lang.String r8 = com.pax.gl.commhelper.impl.CommHttpsURLConnection.TAG     // Catch: java.lang.Exception -> La7
            java.lang.String r2 = "keyStore and trustStore is null"
            com.pax.gl.commhelper.impl.GLCommDebug.d(r8, r2)     // Catch: java.lang.Exception -> La7
            javax.net.ssl.TrustManager[] r8 = r7.u()     // Catch: java.lang.Exception -> La7
            r1.init(r0, r8, r0)     // Catch: java.lang.Exception -> La7
            goto Lae
        L50:
            java.lang.String r8 = com.pax.gl.commhelper.impl.CommHttpsURLConnection.TAG     // Catch: java.lang.Exception -> La7
            java.lang.String r2 = "keyStore is null, trustStore is not null!"
            com.pax.gl.commhelper.impl.GLCommDebug.b(r8, r2)     // Catch: java.lang.Exception -> La7
            javax.net.ssl.TrustManager[] r8 = r7.a(r3)     // Catch: java.lang.Exception -> La7
            r1.init(r0, r8, r0)     // Catch: java.lang.Exception -> La7
            goto Lae
        L5f:
            java.lang.String r2 = "X509"
            javax.net.ssl.KeyManagerFactory r2 = javax.net.ssl.KeyManagerFactory.getInstance(r2)     // Catch: java.lang.Exception -> La7
            java.lang.String r4 = com.pax.gl.commhelper.impl.CommHttpsURLConnection.TAG     // Catch: java.lang.Exception -> La7
            java.lang.String r5 = "get key manager - server verify client"
            com.pax.gl.commhelper.impl.GLCommDebug.b(r4, r5)     // Catch: java.lang.Exception -> La7
            java.security.KeyStore r5 = r8.getKeyStore()     // Catch: java.lang.Exception -> La7
            java.lang.String r6 = r8.getKeyStorePassword()     // Catch: java.lang.Exception -> La7
            if (r6 == 0) goto L7f
            java.lang.String r8 = r8.getKeyStorePassword()     // Catch: java.lang.Exception -> La7
            char[] r8 = r8.toCharArray()     // Catch: java.lang.Exception -> La7
            goto L80
        L7f:
            r8 = r0
        L80:
            r2.init(r5, r8)     // Catch: java.lang.Exception -> La7
            if (r3 != 0) goto L96
            java.lang.String r8 = "keyStore is not null, trustStore are null, assuming trust all!"
            com.pax.gl.commhelper.impl.GLCommDebug.c(r4, r8)     // Catch: java.lang.Exception -> La7
            javax.net.ssl.KeyManager[] r8 = r2.getKeyManagers()     // Catch: java.lang.Exception -> La7
            javax.net.ssl.TrustManager[] r2 = r7.u()     // Catch: java.lang.Exception -> La7
            r1.init(r8, r2, r0)     // Catch: java.lang.Exception -> La7
            goto Lae
        L96:
            java.lang.String r8 = "keyStore and trustStore are not null!"
            com.pax.gl.commhelper.impl.GLCommDebug.b(r4, r8)     // Catch: java.lang.Exception -> La7
            javax.net.ssl.KeyManager[] r8 = r2.getKeyManagers()     // Catch: java.lang.Exception -> La7
            javax.net.ssl.TrustManager[] r2 = r7.a(r3)     // Catch: java.lang.Exception -> La7
            r1.init(r8, r2, r0)     // Catch: java.lang.Exception -> La7
            goto Lae
        La7:
            r8 = move-exception
            goto Lab
        La9:
            r8 = move-exception
            r1 = r0
        Lab:
            r8.printStackTrace()
        Lae:
            if (r1 == 0) goto Lb5
            javax.net.ssl.SSLSocketFactory r8 = r1.getSocketFactory()
            return r8
        Lb5:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.pax.gl.commhelper.impl.CommHttpsURLConnection.a(com.pax.gl.commhelper.ISslKeyStore):javax.net.ssl.SSLSocketFactory");
    }

    private boolean a(Certificate certificate, Certificate certificate2) {
        try {
            ((X509Certificate) certificate).checkValidity();
            ((X509Certificate) certificate2).checkValidity();
            certificate.verify(certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        } catch (NoSuchProviderException e3) {
            e3.printStackTrace();
            return false;
        } catch (SignatureException e4) {
            e4.printStackTrace();
            return false;
        } catch (CertificateException e5) {
            e5.printStackTrace();
            return false;
        }
    }

    private TrustManager[] a(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        if (keyStore == null) {
            GLCommDebug.c(TAG, "trustStore == null");
            return null;
        }
        String str = TAG;
        GLCommDebug.b(str, "get trust manager - client verify server");
        int i = Build.VERSION.SDK_INT;
        GLCommDebug.b(str, "current api version=" + i);
        if (i >= 24) {
            GLCommDebug.c(str, "api version >= 24, get trust manager from EasyX509TrustManager");
            return new TrustManager[]{new EasyX509TrustManager(keyStore)};
        }
        GLCommDebug.b(str, "api version < 24 - get trust manager from cert");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean b(Certificate[] certificateArr) {
        GLCommDebug.b(TAG, "verifyCertChain...");
        if (certificateArr != null && (certificateArr == null || certificateArr.length != 1)) {
            int i = 0;
            while (i < certificateArr.length - 1) {
                String str = TAG;
                StringBuilder sb = new StringBuilder("[verify ");
                sb.append(i);
                sb.append(" and ");
                int i2 = i + 1;
                sb.append(i2);
                sb.append("]");
                GLCommDebug.b(str, sb.toString());
                if (!a((X509Certificate) certificateArr[i], (X509Certificate) certificateArr[i2])) {
                    GLCommDebug.d(str, "verify fail");
                    return false;
                }
                i = i2;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void c(Certificate[] certificateArr) {
        GLCommDebug.b(TAG, "resort cert chain");
        int length = certificateArr.length;
        int i = 0;
        while (true) {
            int i2 = length - 1;
            if (i >= i2) {
                return;
            }
            int i3 = 0;
            while (i3 < i2 - i) {
                int i4 = i3 + 1;
                if (!a(certificateArr[i3], certificateArr[i4])) {
                    Certificate certificate = certificateArr[i3];
                    certificateArr[i3] = certificateArr[i4];
                    certificateArr[i4] = certificate;
                }
                i3 = i4;
            }
            i++;
        }
    }

    private TrustManager[] u() {
        return new TrustManager[]{new X509TrustManager() { // from class: com.pax.gl.commhelper.impl.CommHttpsURLConnection.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }

    @Override // com.pax.gl.commhelper.impl.o, com.pax.gl.commhelper.IHttpURLConnection
    public IHttpResponse get(String str, String str2) throws CommException {
        if (str2 != null) {
            str = str + "?" + str2;
        }
        HttpsURLConnection a = a(str);
        b(a);
        return a(a);
    }

    @Override // com.pax.gl.commhelper.impl.o, com.pax.gl.commhelper.IHttpURLConnection
    public IHttpResponse post(String str, byte[] bArr) throws CommException {
        HttpsURLConnection a = a(str);
        a(a, bArr);
        return a(a);
    }
}
