package com.kaspersky.components.certificatechecker;

import android.annotation.SuppressLint;
import android.os.SystemClock;
import java.net.InetAddress;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import s.ez;

/* loaded from: classes2.dex */
public class CertificateChecker {
    public static final int e = (int) TimeUnit.MINUTES.toMillis(2);
    public final long a;
    public String b;
    public byte[][] c;
    public int d = e;

    @SuppressLint({"CustomX509TrustManager"})
    /* loaded from: classes2.dex */
    public static class a implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static {
        init();
    }

    public CertificateChecker(long j) {
        this.a = j;
    }

    private native CheckResult checkCertificate(String str, String str2, int i, byte[][] bArr, long j);

    private static native void init();

    public final CheckResult a(URL url) {
        Certificate[] serverCertificates;
        X500Principal issuerX500Principal;
        if (!url.getProtocol().equals("https")) {
            throw new IllegalArgumentException("Invalid URL: only HTTPS protocol is supported");
        }
        SystemClock.uptimeMillis();
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        boolean z = true;
        TrustManager[] trustManagerArr = {new a()};
        ez ezVar = new ez();
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(ezVar);
            httpsURLConnection.setConnectTimeout(this.d);
            httpsURLConnection.setReadTimeout(this.d);
            try {
                httpsURLConnection.connect();
                try {
                    serverCertificates = httpsURLConnection.getServerCertificates();
                } catch (Exception unused) {
                    httpsURLConnection.getInputStream();
                    serverCertificates = httpsURLConnection.getServerCertificates();
                }
                httpsURLConnection.disconnect();
                CheckResult checkResult = new CheckResult(Verdict.Unknown.ordinal(), ExtendedVerdict.Unspecified.ordinal(), 0);
                this.b = InetAddress.getByName(url.getHost()).getHostAddress();
                Certificate[] certificateArr = (Certificate[]) serverCertificates.clone();
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                for (int i = 0; i < certificateArr.length; i++) {
                    Certificate certificate = certificateArr[i];
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        X500Principal issuerX500Principal2 = x509Certificate.getIssuerX500Principal();
                        if (issuerX500Principal2 != null) {
                            linkedHashMap.put(issuerX500Principal2, Integer.valueOf(i));
                        }
                        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                        if (subjectX500Principal != null) {
                            linkedHashMap2.put(subjectX500Principal, Integer.valueOf(i));
                        }
                    }
                }
                boolean z2 = linkedHashMap.size() < certificateArr.length;
                boolean z3 = linkedHashMap.size() == certificateArr.length && linkedHashMap2.size() == certificateArr.length;
                if (z2 || z3) {
                    for (int i2 = 0; i2 < certificateArr.length; i2++) {
                        if ((certificateArr[i2] instanceof X509Certificate) && i2 > 0 && (issuerX500Principal = ((X509Certificate) certificateArr[i2 - 1]).getIssuerX500Principal()) != null) {
                            Integer valueOf = Integer.valueOf(i2);
                            Integer num = (Integer) linkedHashMap2.get(issuerX500Principal);
                            if (valueOf != null && num != null && !valueOf.equals(num)) {
                                Certificate certificate2 = certificateArr[valueOf.intValue()];
                                certificateArr[valueOf.intValue()] = certificateArr[num.intValue()];
                                certificateArr[num.intValue()] = certificate2;
                            }
                        }
                    }
                }
                byte[][] bArr = new byte[certificateArr.length];
                for (int i3 = 0; i3 < certificateArr.length; i3++) {
                    Certificate certificate3 = certificateArr[i3];
                    if (!(certificate3 instanceof X509Certificate)) {
                        throw new CertificateException("Certificate is not X509 type!");
                    }
                    bArr[i3] = certificate3.getEncoded();
                }
                this.c = bArr;
                for (int i4 = 0; i4 < certificateArr.length; i4++) {
                    Certificate certificate4 = certificateArr[i4];
                    if (!(certificate4 instanceof X509Certificate)) {
                        throw new CertificateException("Certificate is not X509 type!");
                    }
                    if (i4 > 0) {
                        try {
                            ((X509Certificate) certificateArr[i4 - 1]).verify(((X509Certificate) certificate4).getPublicKey());
                        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused2) {
                            z = false;
                        }
                    }
                }
                if (!z) {
                    checkResult = new CheckResult(Verdict.Untrusted.ordinal(), ExtendedVerdict.InvalidChain.ordinal(), 0);
                }
                SystemClock.uptimeMillis();
                if (checkResult.getVerdict() != Verdict.Untrusted) {
                    int port = url.getPort();
                    if (port == -1) {
                        port = url.getDefaultPort();
                    }
                    checkResult = checkCertificate(url.getHost(), this.b, port, this.c, this.a);
                }
                checkResult.getTelemetry().getClass();
                return checkResult;
            } catch (Throwable th) {
                httpsURLConnection.disconnect();
                throw th;
            }
        } catch (Exception e2) {
            throw new RuntimeException("Failed to init SSLContext for CertificateChecker", e2);
        }
    }
}
