package com.kaspersky.components.certificatechecker;

import android.os.Build;
import com.kaspersky.components.utils.NetworkFileUtils;
import com.kms.ksn.locator.ServiceLocator;
import java.io.IOException;
import java.io.InvalidClassException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CertificateChecker {
    private static final HostnameVerifier sAllHostsValid;
    private static final SSLSocketFactory sCustomSllSocketFactory;
    private String mIpAddress;
    private byte[][] mTbsCerts;
    private static final String LOG_TAG = CertificateChecker.class.getSimpleName();
    private static final SSLSocketFactory sDefaultSllSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
    private static final HostnameVerifier sDefaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();

    static {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.kaspersky.components.certificatechecker.CertificateChecker.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance(com.amazonaws.org.apache.http.conn.ssl.SSLSocketFactory.SSL);
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            sCustomSllSocketFactory = sSLContext.getSocketFactory();
            sAllHostsValid = new HostnameVerifier() { // from class: com.kaspersky.components.certificatechecker.CertificateChecker.2
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    return true;
                }
            };
            init();
        } catch (Exception e) {
            throw new RuntimeException("Failed to init SSLContext for " + LOG_TAG, e);
        }
    }

    private native CheckResult checkCertificate(String str, String str2, byte[][] bArr, int i) throws IOException;

    private CheckResult checkCertificateDumpCert(URL url) throws IOException, CertificateException {
        try {
            setCustomSecurityHttpsURLConnection();
            generateChain(url);
            restoreDefaultSecurityHttpsURLConnection();
            int port = url.getPort();
            StringBuilder append = new StringBuilder().append("https://").append(url.getHost()).append(":");
            if (port == -1) {
                port = url.getDefaultPort();
            }
            return checkCertificate(append.append(port).toString(), this.mIpAddress, this.mTbsCerts, ServiceLocator.getInstance().getNativePointer());
        } catch (Throwable th) {
            restoreDefaultSecurityHttpsURLConnection();
            throw th;
        }
    }

    private native CheckResult checkCertificateForHost(String str, int i, int i2) throws IOException;

    private CheckResult checkCertificateOpenSSL(URL url) throws IOException {
        return checkCertificateForHost(url.getHost(), url.getPort() == -1 ? url.getDefaultPort() : url.getPort(), ServiceLocator.getInstance().getNativePointer());
    }

    private void dumpHttpsCert(HttpsURLConnection httpsURLConnection) throws IOException, CertificateEncodingException {
        Certificate[] serverCertificates;
        if (httpsURLConnection == null) {
            return;
        }
        try {
            serverCertificates = httpsURLConnection.getServerCertificates();
        } catch (Exception e) {
            httpsURLConnection.getInputStream();
            serverCertificates = httpsURLConnection.getServerCertificates();
        }
        this.mTbsCerts = new byte[serverCertificates.length];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= serverCertificates.length) {
                return;
            }
            if (!(serverCertificates[i2] instanceof X509Certificate)) {
                throw new InvalidClassException("Certificate is not X509 type!");
            }
            this.mTbsCerts[i2] = ((X509Certificate) serverCertificates[i2]).getEncoded();
            i = i2 + 1;
        }
    }

    private void generateChain(URL url) throws IOException, CertificateException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        try {
            httpsURLConnection.connect();
            this.mIpAddress = InetAddress.getByName(url.getHost()).getHostAddress();
            dumpHttpsCert(httpsURLConnection);
        } finally {
            httpsURLConnection.disconnect();
        }
    }

    private static native void init();

    private static void restoreDefaultSecurityHttpsURLConnection() {
        HttpsURLConnection.setDefaultSSLSocketFactory(sDefaultSllSocketFactory);
        HttpsURLConnection.setDefaultHostnameVerifier(sDefaultHostnameVerifier);
    }

    private static void setCustomSecurityHttpsURLConnection() {
        HttpsURLConnection.setDefaultSSLSocketFactory(sCustomSllSocketFactory);
        HttpsURLConnection.setDefaultHostnameVerifier(sAllHostsValid);
    }

    public CheckResult checkCertificate(String str) throws IOException, CertificateException {
        try {
            return checkCertificate(NetworkFileUtils.getUrl(str));
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public CheckResult checkCertificate(URL url) throws IOException, CertificateException {
        if (!url.getProtocol().equals("https")) {
            throw new IllegalArgumentException("Invalid URL: only HTTPS protocol is supported");
        }
        if (Build.VERSION.SDK_INT >= 11) {
            return checkCertificateDumpCert(url);
        }
        try {
            return checkCertificateOpenSSL(url);
        } catch (IOException e) {
            return checkCertificateDumpCert(url);
        }
    }
}
