package com.kony.sdkcommons.Network.NetworkCore;

import android.content.Context;
import android.os.Build;
import android.util.Base64;
import android.util.Log;
import com.kony.sdkcommons.Logger.KNYLoggerUtility;
import com.kony.sdkcommons.Network.KNYInternalNetworkConstants;
import com.kony.sdkcommons.Network.KNYNetworkHelper;
import com.kony.sdkcommons.Network.Utils.KNYNetworkTrustConfigEnum;
import com.konylabs.api.net.KonyAllowAllTrustManager;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class KNYSSLSocketFactory extends SSLSocketFactory {
    private static String TAG = "KNYSSLSocketFactory";
    private static KNYLoggerUtility loggerUtility = KNYLoggerUtility.getSharedInstance();
    private static KNYNetworkTrustConfigEnum mNetworkTrustConfig = KNYNetworkTrustConfigEnum.NONE;
    private static KeyManager[] keyManagers = null;
    private static TrustManager[] trustManagers = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class CustomTrustManager implements X509TrustManager {
        private final TrustManager[] originalTrustManagers;
        private final KeyStore trustStore;

        public CustomTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
            this.trustStore = keyStore;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            this.originalTrustManagers = trustManagerFactory.getTrustManagers();
        }

        private X509Certificate findRootCert(List<X509Certificate> list) {
            Iterator<X509Certificate> it = list.iterator();
            while (it.hasNext()) {
                X509Certificate next = it.next();
                X509Certificate findSigner = findSigner(next, list);
                if (findSigner == null || findSigner.equals(next)) {
                    return next;
                }
            }
            return null;
        }

        private X509Certificate findSignedCert(X509Certificate x509Certificate, List<X509Certificate> list) {
            for (X509Certificate x509Certificate2 : list) {
                if (x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN()) && !x509Certificate2.equals(x509Certificate)) {
                    return x509Certificate2;
                }
            }
            return null;
        }

        private X509Certificate findSigner(X509Certificate x509Certificate, List<X509Certificate> list) {
            for (X509Certificate x509Certificate2 : list) {
                if (x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                    return x509Certificate2;
                }
            }
            return null;
        }

        private X509Certificate[] reorderCertificateChain(X509Certificate[] x509CertificateArr) {
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
            int length = x509CertificateArr.length - 1;
            X509Certificate findRootCert = findRootCert(asList);
            x509CertificateArr2[length] = findRootCert;
            while (true) {
                findRootCert = findSignedCert(findRootCert, asList);
                if (findRootCert == null || length <= 0) {
                    break;
                }
                length--;
                x509CertificateArr2[length] = findRootCert;
            }
            return x509CertificateArr2;
        }

        private boolean validateCert(X509Certificate x509Certificate) throws KeyStoreException {
            return this.trustStore.getCertificateAlias(x509Certificate) != null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                for (TrustManager trustManager : this.originalTrustManagers) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e) {
                try {
                    X509Certificate[] reorderCertificateChain = reorderCertificateChain(x509CertificateArr);
                    if (!Arrays.equals(x509CertificateArr, reorderCertificateChain)) {
                        checkServerTrusted(reorderCertificateChain, str);
                        return;
                    }
                    for (int i = 0; i < x509CertificateArr.length; i++) {
                        if (validateCert(reorderCertificateChain[i])) {
                            return;
                        }
                    }
                    throw e;
                } catch (Exception e2) {
                    KNYSSLSocketFactory.loggerUtility.logError(KNYSSLSocketFactory.TAG + Log.getStackTraceString(e2));
                    throw e;
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configure(Properties properties) {
        if (properties.getProperty(KNYInternalNetworkConstants.PROPERTY_NETWORK_TRUST_CONFIG) != null) {
            switch (KNYNetworkTrustConfigEnum.get(r1.trim())) {
                case NONE:
                    mNetworkTrustConfig = KNYNetworkTrustConfigEnum.NONE;
                    return;
                case ALLOW_BUNDLED:
                    mNetworkTrustConfig = KNYNetworkTrustConfigEnum.ALLOW_BUNDLED;
                    return;
                case ALL:
                    mNetworkTrustConfig = KNYNetworkTrustConfigEnum.ALL;
                    return;
                case ALLOW_PINNED:
                    mNetworkTrustConfig = KNYNetworkTrustConfigEnum.ALLOW_PINNED;
                    return;
                default:
                    return;
            }
        }
    }

    private static SSLContext createSSLContext() throws IOException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagers, getTrustManagers(), null);
            return sSLContext;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private static Socket enableSSLProtocolsAndCipherSuites(Socket socket) {
        String[] enabledProtocols;
        String[] enabledCipherSuites;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            if (Build.VERSION.SDK_INT < 21) {
                enabledProtocols = sSLSocket.getSupportedProtocols();
                enabledCipherSuites = sSLSocket.getSupportedCipherSuites();
                if (enabledProtocols != null) {
                    sSLSocket.setEnabledProtocols(enabledProtocols);
                }
                if (enabledCipherSuites != null) {
                    sSLSocket.setEnabledCipherSuites(enabledCipherSuites);
                }
            } else {
                enabledProtocols = sSLSocket.getEnabledProtocols();
                enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
            }
            loggerUtility.logDebug(TAG + " Supported Protocols");
            int length = enabledProtocols.length;
            for (int i = 0; i < length; i++) {
                loggerUtility.logDebug(TAG + " " + enabledProtocols[i]);
            }
            loggerUtility.logDebug(TAG + " Supported CipherSuites");
            for (String str : enabledCipherSuites) {
                loggerUtility.logDebug(TAG + " " + str);
            }
        }
        return socket;
    }

    private static KeyStore getBundledCertsKeyStore() {
        KeyStore keyStore;
        Exception e;
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
                CertificateFactory certificateFactory = CertificateFactory.getInstance(KNYInternalNetworkConstants.STANDARD_FORMAT_OF_PUBLIC_KEY_CERTS);
                String str = KNYNetworkHelper.isTablet() ? "tab/" : "";
                Context applicationContext = KNYNetworkHelper.getApplicationContext();
                String[] list = applicationContext.getAssets().list(str + KNYInternalNetworkConstants.FOLDER_CERTS);
                for (int i = 0; i < list.length; i++) {
                    String str2 = "certs/" + list[i];
                    if (!str2.endsWith(".json")) {
                        BufferedInputStream bufferedInputStream = new BufferedInputStream(applicationContext.getAssets().open(str + str2));
                        try {
                            Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                            bufferedInputStream.close();
                            keyStore.setCertificateEntry(KNYInternalNetworkConstants.ALIAS_OF_CERTIFICATE + i, generateCertificate);
                        } finally {
                        }
                    }
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                e = e2;
                loggerUtility.logError(TAG + " Exception : " + e.getMessage());
                return keyStore;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e3) {
            keyStore = null;
            e = e3;
        }
        return keyStore;
    }

    private SSLContext getSSLContext() throws IOException {
        return createSSLContext();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLSocketFactory getSocketFactory() {
        return new KNYSSLSocketFactory();
    }

    private static TrustManager[] getTrustManagers() {
        if (mNetworkTrustConfig.equals(KNYNetworkTrustConfigEnum.ALLOW_PINNED)) {
            return null;
        }
        if (trustManagers == null) {
            trustManagers = loadTrustManagers();
        }
        return trustManagers;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean loadClientCertificate(Object obj) {
        String str;
        KNYLoggerUtility kNYLoggerUtility;
        synchronized (KNYSSLSocketFactory.class) {
            loggerUtility.logDebug(TAG + " kony.sdk.loadClientCertificate(): Start.");
            ByteArrayInputStream byteArrayInputStream = null;
            boolean z = false;
            try {
                try {
                    HashMap hashMap = (HashMap) obj;
                    if (hashMap != null && hashMap.containsKey(KNYInternalNetworkConstants.CERTIFICATE) && hashMap.containsKey(KNYInternalNetworkConstants.PASSPHRASE)) {
                        Object obj2 = hashMap.get(KNYInternalNetworkConstants.CERTIFICATE);
                        Object obj3 = hashMap.get(KNYInternalNetworkConstants.PASSPHRASE);
                        if (!(obj2 instanceof String)) {
                            loggerUtility.logWarning(TAG + " kony.sdk.loadClientCertificate(): Invalid argument type sent for key /'cert/' in the input params.");
                            return false;
                        }
                        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(Base64.decode(String.valueOf(obj2), 0));
                        try {
                            if (!(obj3 instanceof String)) {
                                loggerUtility.logWarning(TAG + " kony.sdk.loadClientCertificate(): Invalid argument type sent for key /'pass/' in the input params.");
                                try {
                                    byteArrayInputStream2.close();
                                } catch (Exception e) {
                                    loggerUtility.logError(TAG + Log.getStackTraceString(e));
                                }
                                return false;
                            }
                            String valueOf = String.valueOf(obj3);
                            KeyStore keyStore = KeyStore.getInstance(KNYInternalNetworkConstants.PKCS_12);
                            keyStore.load(byteArrayInputStream2, valueOf.toCharArray());
                            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                            keyManagerFactory.init(keyStore, null);
                            keyManagers = keyManagerFactory.getKeyManagers();
                            loggerUtility.logDebug(TAG + " kony.sdk.loadClientCertificate(): Successfully loaded the certificate.");
                            z = true;
                            byteArrayInputStream = byteArrayInputStream2;
                        } catch (Exception e2) {
                            e = e2;
                            byteArrayInputStream = byteArrayInputStream2;
                            loggerUtility.logWarning(TAG + " kony.sdk.loadClientCertificate(): " + e.getMessage());
                            if (byteArrayInputStream != null) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Exception e3) {
                                    kNYLoggerUtility = loggerUtility;
                                    str = TAG + Log.getStackTraceString(e3);
                                    kNYLoggerUtility.logError(str);
                                    return z;
                                }
                            }
                            return z;
                        } catch (Throwable th) {
                            th = th;
                            byteArrayInputStream = byteArrayInputStream2;
                            if (byteArrayInputStream != null) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Exception e4) {
                                    loggerUtility.logError(TAG + Log.getStackTraceString(e4));
                                }
                            }
                            throw th;
                        }
                    }
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Exception e5) {
                            kNYLoggerUtility = loggerUtility;
                            str = TAG + Log.getStackTraceString(e5);
                            kNYLoggerUtility.logError(str);
                            return z;
                        }
                    }
                } catch (Exception e6) {
                    e = e6;
                }
                return z;
            } catch (Throwable th2) {
                th = th2;
            }
        }
    }

    private static TrustManager[] loadTrustManagers() {
        if (!mNetworkTrustConfig.equals(KNYNetworkTrustConfigEnum.ALLOW_BUNDLED)) {
            if (mNetworkTrustConfig.equals(KNYNetworkTrustConfigEnum.ALL)) {
                return new TrustManager[]{KonyAllowAllTrustManager.getInstance()};
            }
            return null;
        }
        try {
            if (Build.VERSION.SDK_INT < 11) {
                return new TrustManager[]{new CustomTrustManager(getBundledCertsKeyStore())};
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(getBundledCertsKeyStore());
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            loggerUtility.logError(TAG + " Exception : " + e.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeClientCertificate() {
        synchronized (KNYSSLSocketFactory.class) {
            loggerUtility.logDebug(TAG + " kony.sdk.removeClientCertificate() called.");
            keyManagers = null;
        }
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket() throws IOException {
        return enableSSLProtocolsAndCipherSuites(getSSLContext().getSocketFactory().createSocket());
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) throws IOException {
        return enableSSLProtocolsAndCipherSuites(getSSLContext().getSocketFactory().createSocket(str, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
        return enableSSLProtocolsAndCipherSuites(getSSLContext().getSocketFactory().createSocket(str, i, inetAddress, i2));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
        return enableSSLProtocolsAndCipherSuites(getSSLContext().getSocketFactory().createSocket(inetAddress, i));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
        return enableSSLProtocolsAndCipherSuites(getSSLContext().getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2));
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
        return enableSSLProtocolsAndCipherSuites(getSSLContext().getSocketFactory().createSocket(socket, str, i, z));
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        String[] strArr;
        String[] strArr2 = new String[0];
        try {
            strArr = getSSLContext().getSocketFactory().getDefaultCipherSuites();
        } catch (IOException e) {
            loggerUtility.logError(TAG + Log.getStackTraceString(e));
            strArr = strArr2;
        }
        loggerUtility.logDebug(TAG + " Default CipherSuites : ");
        for (String str : strArr) {
            loggerUtility.logDebug(TAG + "" + str);
        }
        return strArr;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        String[] strArr;
        String[] strArr2 = new String[0];
        try {
            strArr = getSSLContext().getSocketFactory().getSupportedCipherSuites();
        } catch (IOException e) {
            loggerUtility.logError(TAG + Log.getStackTraceString(e));
            strArr = strArr2;
        }
        loggerUtility.logDebug(TAG + " Default Supported CipherSuites : ");
        for (String str : strArr) {
            loggerUtility.logDebug(TAG + "" + str);
        }
        return strArr;
    }
}
