package waggle.core.http.implOKHttp;

import com.oracle.ccs.documents.android.session.LoginLoggingUtils;
import com.oracle.ccs.mobile.android.application.cache.ApplicationPreferencesCache;
import com.oracle.ccs.mobile.android.application.preferences.ApplicationPreference;
import com.oracle.ccs.mobile.android.log.LogCategory;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import waggle.core.http.implOKHttp.XHTTPOkSession;

/* loaded from: classes3.dex */
public class ContentTrustManager implements X509HostnameExtensions {
    static String SSL_PROTOCOL = "TLSv1.2";
    private static String TAG = "[login][cert]";
    private static HostnameVerifier allHostsValid;
    static final ApplicationPreferencesCache s_applicationPreferencesCache = ApplicationPreferencesCache.instanceOf();
    private static final Logger s_logger = Logger.getLogger(LogCategory.OSN.getCategory());
    private static X509TrustManager trustAll;
    private static X509TrustManager[] trustAllCerts;
    private String m_host;
    private ArrayList<X509HostnameExtensions> m_trustManagers = new ArrayList<>();
    private boolean m_matchAllCerts = true;

    static {
        X509TrustManager x509TrustManager = new X509TrustManager() { // from class: waggle.core.http.implOKHttp.ContentTrustManager.1
            private final X509Certificate[] noCerts = new X509Certificate[0];

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                ContentTrustManager.log("checkClientTrusted skipped...");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                ContentTrustManager.log("checkServerTrusted skipped...");
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return this.noCerts;
            }
        };
        trustAll = x509TrustManager;
        trustAllCerts = new X509TrustManager[]{x509TrustManager};
        allHostsValid = new HostnameVerifier() { // from class: waggle.core.http.implOKHttp.ContentTrustManager.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                ContentTrustManager.log("verify hostname skipped...");
                return true;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentTrustManager() {
        log("create ContentTrustManager");
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            addAllTrustManagers(trustManagerFactory.getTrustManagers());
        } catch (Exception e) {
            e.printStackTrace();
            log("Trust manager creation failed:" + e);
        }
    }

    public static void addTrustManager(OkHttpClient.Builder builder) {
        if (isCertificateValidationDisabled()) {
            disableAllCertChecks(builder);
            return;
        }
        ContentTrustManager contentTrustManager = new ContentTrustManager();
        builder.sslSocketFactory(new XHTTPOkSession.OSNSSLSocketFactory(), contentTrustManager);
        builder.networkInterceptors().add(new X509Interceptor(contentTrustManager));
    }

    private static void disableAllCertChecks(OkHttpClient.Builder builder) {
        log("**** DISABLING ALL CERTIFCATE CHECKS **** : ".concat(builder == null ? "HttpUrlConnection" : "okhttp"));
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSL_PROTOCOL);
            sSLContext.init(null, trustAllCerts, new SecureRandom());
            if (builder != null) {
                builder.sslSocketFactory(sSLContext.getSocketFactory(), trustAll);
            } else {
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            }
        } catch (Exception e) {
            log("Exception disabling cert checks:" + e);
        }
        if (builder != null) {
            builder.hostnameVerifier(allHostsValid);
        } else {
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        }
    }

    public static void init() {
        log("trust manager init");
        if (isCertificateValidationDisabled()) {
            disableAllCertChecks(null);
        } else {
            HttpsURLConnection.setDefaultSSLSocketFactory(new XHTTPOkSession.OSNSSLSocketFactory());
        }
    }

    private static boolean isCertificateValidationDisabled() {
        return s_applicationPreferencesCache.getBoolean(ApplicationPreference.ADVANCED_PREFERENCE_SECURITY_DISABLE_CERT_VALIDATION);
    }

    static void log(String str) {
        if (LoginLoggingUtils.isVerboseLoginEnabled()) {
            s_logger.info(TAG + str);
        }
    }

    public void add(X509TrustManager x509TrustManager) {
        if (x509TrustManager instanceof X509HostnameExtensions) {
            this.m_trustManagers.add((X509HostnameExtensions) x509TrustManager);
        } else {
            this.m_trustManagers.add(new X509HostnameExtensionsWrapper(x509TrustManager));
        }
    }

    public void addAll(X509TrustManager[] x509TrustManagerArr) {
        for (X509TrustManager x509TrustManager : x509TrustManagerArr) {
            add(x509TrustManager);
        }
    }

    public void addAllTrustManagers(TrustManager[] trustManagerArr) {
        log("addAllTrustManagers");
        for (TrustManager trustManager : trustManagerArr) {
            log("mgr: " + trustManager.toString());
            if (trustManager instanceof X509TrustManager) {
                add((X509TrustManager) trustManager);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        log("checkClientTrusted");
        Iterator<X509HostnameExtensions> it = this.m_trustManagers.iterator();
        CertificateException e = null;
        while (it.hasNext()) {
            try {
                it.next().checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                e = e2;
                if (this.m_matchAllCerts) {
                    log("thorowing exception m_matchAllCerts!" + e);
                    throw e;
                }
            }
            if (!this.m_matchAllCerts) {
                return;
            }
        }
        if (e == null) {
            return;
        }
        log("thorowing exception first:" + e);
        throw e;
    }

    @Override // waggle.core.http.implOKHttp.X509HostnameExtensions
    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        log("checkServerTrusted with hostName:" + str2);
        Iterator<X509HostnameExtensions> it = this.m_trustManagers.iterator();
        CertificateException e = null;
        boolean z = false;
        List<X509Certificate> list = null;
        while (it.hasNext()) {
            try {
                list = it.next().checkServerTrusted(x509CertificateArr, str, str2);
                z = true;
            } catch (CertificateException e2) {
                e = e2;
                if (this.m_matchAllCerts) {
                    log("thorowing exception m_matchAllCerts!" + e);
                    throw e;
                }
            }
        }
        if (this.m_matchAllCerts || z || e == null) {
            return list;
        }
        log("thorowing exception first:" + e);
        throw e;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        log("checkServerTrusted");
        log("server checks...");
        Iterator<X509HostnameExtensions> it = this.m_trustManagers.iterator();
        CertificateException e = null;
        boolean z = false;
        while (it.hasNext()) {
            X509HostnameExtensions next = it.next();
            try {
                String str2 = this.m_host;
                if (str2 == null) {
                    next.checkServerTrusted(x509CertificateArr, str);
                } else {
                    next.checkServerTrusted(x509CertificateArr, str, str2);
                }
                z = true;
            } catch (CertificateException e2) {
                e = e2;
                if (this.m_matchAllCerts) {
                    log("thorowing exception m_matchAllCerts!" + e);
                    throw e;
                }
            }
        }
        if (this.m_matchAllCerts || z || e == null) {
            return;
        }
        log("thorowing exception first:" + e);
        throw e;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        log("getAcceptedIssuers");
        HashSet hashSet = new HashSet();
        Iterator<X509HostnameExtensions> it = this.m_trustManagers.iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : it.next().getAcceptedIssuers()) {
                hashSet.add(x509Certificate);
            }
        }
        return (X509Certificate[]) hashSet.toArray(new X509Certificate[hashSet.size()]);
    }

    @Override // waggle.core.http.implOKHttp.X509HostnameExtensions
    public boolean isUserAddedCertificate(X509Certificate x509Certificate) {
        if (isCertificateValidationDisabled()) {
            return true;
        }
        Iterator<X509HostnameExtensions> it = this.m_trustManagers.iterator();
        while (true) {
            boolean z = false;
            while (it.hasNext()) {
                boolean isUserAddedCertificate = it.next().isUserAddedCertificate(x509Certificate);
                if (this.m_matchAllCerts) {
                    if (!z || !isUserAddedCertificate) {
                    }
                } else if (isUserAddedCertificate) {
                }
                z = true;
            }
            log("isUserAddedCert=" + z);
            return z;
        }
    }

    public void setHost(String str) {
        this.m_host = str;
    }
}
