package jp.co.eighting.plugin;

import android.annotation.SuppressLint;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jp.co.eighting.plugin.util.Base64;
import jp.co.eighting.plugin.util.LogMng;

/* loaded from: classes.dex */
public class WebAccess {
    static final String defaultHostName = "*";
    static Map<String, SSLParam> mParamMap = new HashMap();
    static ArrayList<byte[]> mSSLPublicKeyList = new ArrayList<>();

    /* loaded from: classes.dex */
    static class SSLParam {
        public byte[][] mPublicKeyList;
        public boolean mSkipTLS;

        SSLParam(byte[][] bArr, boolean z) {
            this.mPublicKeyList = null;
            this.mSkipTLS = false;
            this.mPublicKeyList = bArr;
            this.mSkipTLS = z;
        }
    }

    /* loaded from: classes.dex */
    static class SSLTrustManager implements X509TrustManager {
        Map<String, SSLParam> mParamMap;
        Map<String, X509Certificate[]> mTrustedMap;

        SSLTrustManager(Map<String, SSLParam> map) {
            this.mParamMap = null;
            this.mTrustedMap = null;
            this.mParamMap = new HashMap(map);
            this.mTrustedMap = new HashMap();
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            SSLParam sSLParam;
            if (x509CertificateArr == null) {
                LogMng.logDebug("X509Certificate array is null");
                throw new CertificateException("checkServerTrusted: X509Certificate array is null");
            }
            if (x509CertificateArr.length <= 0) {
                LogMng.logDebug("X509Certificate is empty");
                throw new CertificateException("checkServerTrusted: X509Certificate is empty");
            }
            try {
                try {
                    RSAPublicKey rSAPublicKey = (RSAPublicKey) x509CertificateArr[0].getPublicKey();
                    if (rSAPublicKey == null) {
                        LogMng.logDebug("Can not get RSAPublicKey: " + str);
                        throw new CertificateException("Can not get RSAPublicKey: " + str);
                    }
                    String name = x509CertificateArr[0].getSubjectX500Principal().getName("CANONICAL");
                    String[] split = name.split("cn=");
                    if (1 >= split.length) {
                        throw new CertificateException("checkServerTrusted: Not found CN " + name);
                    }
                    String str2 = split[1].split(",")[0];
                    if (this.mTrustedMap.containsKey(str2) && Arrays.deepEquals(x509CertificateArr, this.mTrustedMap.get(str2))) {
                        LogMng.logDebug("Verify Cache OK " + str2);
                        return;
                    }
                    if (this.mParamMap.containsKey(str2)) {
                        sSLParam = this.mParamMap.get(str2);
                    } else {
                        if (!this.mParamMap.containsKey(WebAccess.defaultHostName)) {
                            throw new CertificateException("checkServerTrusted: Not found CN " + str2);
                        }
                        sSLParam = this.mParamMap.get(WebAccess.defaultHostName);
                    }
                    if (!sSLParam.mSkipTLS) {
                        try {
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                            trustManagerFactory.init((KeyStore) null);
                            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                            }
                        } catch (Exception e) {
                            LogMng.logDebug(e.getMessage());
                            throw new CertificateException(e);
                        }
                    }
                    if (sSLParam.mPublicKeyList == null || sSLParam.mPublicKeyList.length == 0) {
                        LogMng.logDebug("Skip verify PublicKey " + str2);
                    } else {
                        boolean z = false;
                        int i = 0;
                        while (true) {
                            if (i >= sSLParam.mPublicKeyList.length) {
                                break;
                            }
                            if (Arrays.equals(rSAPublicKey.getEncoded(), sSLParam.mPublicKeyList[i])) {
                                z = true;
                                LogMng.logDebug("Verify Index: " + i);
                                break;
                            }
                            i++;
                        }
                        if (!z) {
                            LogMng.logDebug("Expected public key (Server): " + Base64.encode(rSAPublicKey.getEncoded()));
                            for (int i2 = 0; i2 < sSLParam.mPublicKeyList.length; i2++) {
                                LogMng.logDebug("Expected public key (" + i2 + "): " + Base64.encode(sSLParam.mPublicKeyList[i2]));
                            }
                            throw new CertificateException("checkServerTrusted: Expected public key");
                        }
                    }
                    this.mTrustedMap.put(str2, x509CertificateArr);
                    LogMng.logDebug("Verify OK " + str2);
                } catch (CertificateException e2) {
                    throw e2;
                }
            } catch (Exception e3) {
                LogMng.logDebug(e3.getMessage());
                throw new CertificateException(e3);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static void addVerifySSL(String str, byte[] bArr, boolean z) {
        if (bArr == null || bArr.length == 0) {
            mParamMap.put(str, new SSLParam(null, z));
        } else {
            mParamMap.put(str, new SSLParam(new byte[][]{bArr}, z));
        }
    }

    public static void addVerifySSLKey_add(byte[] bArr) {
        mSSLPublicKeyList.add(bArr);
    }

    public static void addVerifySSLKey_fix(String str, boolean z) {
        int size = mSSLPublicKeyList.size();
        byte[][] bArr = new byte[size];
        for (int i = 0; i < size; i++) {
            bArr[i] = mSSLPublicKeyList.get(i);
        }
        mParamMap.put(str, new SSLParam(bArr, z));
    }

    public static void addVerifySSLKey_start() {
        mSSLPublicKeyList.clear();
    }

    protected static PublicKey getRSAPublicKeyFromPEM(String str) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes())).getPublicKey();
        } catch (CertificateException e) {
            LogMng.logDebug(e.getMessage());
            return null;
        }
    }

    public static void initialize() {
        mParamMap.clear();
    }

    @SuppressLint({"TrulyRandom"})
    public static void setupFix() {
        if (!mParamMap.containsKey(defaultHostName)) {
            mParamMap.put(defaultHostName, new SSLParam(null, false));
        }
        TrustManager[] trustManagerArr = {new SSLTrustManager(mParamMap)};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (Exception e) {
            LogMng.logDebug(e.getMessage());
        }
        mParamMap.clear();
    }
}
