package com.amazon.rialto.cordova.feature.plugins;

import android.content.Intent;
import android.net.http.SslError;
import android.os.Build;
import android.util.Log;
import com.amazon.android.webkit.AmazonSslErrorHandler;
import com.amazon.atlas.cordova.Constants;
import com.amazon.atlas.cordova.FatalErrorActivity;
import com.amazon.rialto.androidcordova.feature.plugins.R;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import org.apache.cordova.CordovaPlugin;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class UntrustedConnectionStrictDialogFeature extends CordovaPlugin {
    private static final int SUBALT_TYPE_DNSNAME = 2;
    private static final String TAG = "UntrustedConnectionStrictDialogFeature";
    private HashMap<String, Collection<List<?>>> hostToAltNames = new HashMap<>();
    private URL mUrl;

    private boolean doubleCheckSubjectAltNames() {
        String host = this.mUrl.getHost();
        if (!this.hostToAltNames.containsKey(host)) {
            retrieveSubjectAltNames();
        }
        Collection<List<?>> collection = this.hostToAltNames.get(host);
        if (collection != null) {
            Iterator<List<?>> it = collection.iterator();
            while (it.hasNext()) {
                if (isMatch(host, it.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean isMatch(String str, List<?> list) {
        Integer num = (Integer) list.get(0);
        String obj = list.get(1).toString();
        Log.d(TAG, "checking ssl name for " + str + " against " + obj);
        if (num.intValue() == 2 && obj.startsWith("*.") && obj.matches(obj.replace("*.", "([a-zA-Z]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\."))) {
            return true;
        }
        return obj.equalsIgnoreCase(str);
    }

    private boolean isPreICS() {
        return Build.VERSION.SDK_INT < 14;
    }

    private boolean onReceivedSslError(AmazonSslErrorHandler amazonSslErrorHandler, SslError sslError) {
        if (sslError.getPrimaryError() == 2 && !sslError.hasError(1) && !sslError.hasError(0) && isPreICS()) {
            Log.d(TAG, "SSL ID Mismatch on device < API 14, re-checking Subject Alt Names");
            if (doubleCheckSubjectAltNames()) {
                amazonSslErrorHandler.proceed();
                return true;
            }
        }
        showSslErrorDialog(amazonSslErrorHandler);
        return true;
    }

    private void retrieveSubjectAltNames() {
        String host = this.mUrl.getHost();
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) this.mUrl.openConnection();
            httpsURLConnection.connect();
            Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
            if (serverCertificates.length > 0) {
                this.hostToAltNames.put(host, ((X509Certificate) serverCertificates[0]).getSubjectAlternativeNames());
            }
            if (this.hostToAltNames.containsKey(host)) {
                return;
            }
            this.hostToAltNames.put(host, null);
        } catch (IOException e) {
            Log.e(TAG, e.getMessage());
        } catch (CertificateParsingException e2) {
            Log.w(TAG, "Error parsing server certificates." + e2.getMessage());
        }
    }

    private void startSecurityFatalErrorDialog(String str, AmazonSslErrorHandler amazonSslErrorHandler) {
        Intent intent = new Intent(this.cordova.getActivity(), (Class<?>) FatalErrorActivity.class);
        intent.putExtra(FatalErrorActivity.EXTRA_MESSAGE, str);
        intent.putExtra(FatalErrorActivity.EXTRA_OMIT_TITLE, true);
        intent.putExtra(FatalErrorActivity.EXTRA_CANCELLABLE, false);
        intent.putExtra(FatalErrorActivity.EXTRA_NEGATIVE_TEXT, this.cordova.getActivity().getString(R.string.strict_security_close));
        this.cordova.getActivity().startActivity(intent);
        amazonSslErrorHandler.cancel();
        this.cordova.getActivity().finish();
    }

    @Override // org.apache.cordova.CordovaPlugin
    public Object onMessage(String str, Object obj) {
        if (str.equals(Constants.ID_RECEIVED_SSL_ERROR)) {
            if (obj != null && (obj instanceof JSONObject)) {
                try {
                    JSONObject jSONObject = (JSONObject) obj;
                    return Boolean.valueOf(onReceivedSslError((AmazonSslErrorHandler) jSONObject.get("handler"), (SslError) jSONObject.get("error")));
                } catch (Exception e) {
                    Log.e(TAG, Log.getStackTraceString(e));
                }
            }
        } else if (str.equals(Constants.ID_PAGE_STARTED) && (obj instanceof String)) {
            try {
                if (!((String) obj).equals("about:blank")) {
                    this.mUrl = new URL((String) obj);
                }
            } catch (MalformedURLException e2) {
                Log.e(TAG, Log.getStackTraceString(e2));
            }
        }
        return super.onMessage(str, obj);
    }

    protected void showSslErrorDialog(AmazonSslErrorHandler amazonSslErrorHandler) {
        startSecurityFatalErrorDialog(this.cordova.getActivity().getString(R.string.untrusted_connection_dialog_message), amazonSslErrorHandler);
    }
}
