package com.mpaas.isec.api;

import android.content.Context;
import android.content.res.AssetManager;
import android.text.TextUtils;
import android.util.Base64;
import cn.com.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import cn.com.infosec.mobile.tls.TLSAndroidUtils;
import com.mpaas.isec.LogCatUtil;
import com.mpaas.isec.https.IsecSSLSocketFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes4.dex */
public class ISecUtil {
    public static Context a;

    public static final KeyManager a() throws KeyManagementException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(null, null);
            return c(keyManagerFactory.getKeyManagers());
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagementException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeyManagementException(e3);
        }
    }

    public static SSLSocket b(SSLSocketFactory sSLSocketFactory, Socket socket, String str, int i, boolean z) throws IOException {
        LogCatUtil.a("[getSocketFactory]", "start create sslSocket");
        return (SSLSocket) sSLSocketFactory.createSocket(socket, str, i, z);
    }

    public static final X509KeyManager c(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new KeyManagementException("Failed to find an X509KeyManager in " + Arrays.toString(keyManagerArr));
    }

    public static X509Certificate d(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 2)));
    }

    public static LayeredSocketFactory e(ModuleConfig moduleConfig, LayeredSocketFactory layeredSocketFactory, Context context) throws IllegalAccessException, GeneralSecurityException, IOException {
        return new IsecSSLSocketFactory(moduleConfig, layeredSocketFactory, context);
    }

    public static SSLSocketFactory f() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, UnrecoverableKeyException, IllegalAccessException {
        String[] k = ISecConfig.k();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < k.length; i++) {
            keyStore.setCertificateEntry("ca" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(k[i], 2))));
            LogCatUtil.a("[getSocketFactory]", "get trust:" + k[i]);
        }
        if (ISecConfig.o()) {
            LogCatUtil.a("[getSocketFactory]", "start double check config");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(ISecConfig.h(), "BCJSSE");
            TwoWayCheckConfig l = ISecConfig.l();
            if (l != null) {
                if (l.b == null) {
                    throw new IllegalAccessException("config double verify without encrypt cert private key!!");
                }
                if (l.e == null) {
                    throw new IllegalAccessException("config double verify without encrypt cert!!");
                }
                if (l.c == null) {
                    throw new IllegalAccessException("config double verify without sign cert!!");
                }
                if (l.a == null) {
                    throw new IllegalAccessException("config double verify without signCert cert private key");
                }
                char[] charArray = !TextUtils.isEmpty(l.g) ? l.g.toCharArray() : null;
                X509Certificate d = d(l.c);
                X509Certificate d2 = d(l.e);
                KeyStore keyStore2 = KeyStore.getInstance("BKS", new BouncyCastleProvider());
                keyStore2.load(null, null);
                keyStore2.setKeyEntry(l.d, l.a, charArray, new Certificate[]{d});
                LogCatUtil.a("[getSocketFactory]", "double check sign config- cert:" + l.c + "\n private key" + l.a.toString());
                KeyStore keyStore3 = KeyStore.getInstance("BKS", new BouncyCastleProvider());
                keyStore3.load(null, null);
                keyStore3.setKeyEntry(l.f, l.b, charArray, new Certificate[]{d2});
                LogCatUtil.a("[getSocketFactory]", "double check encrypt config- cert:" + l.e + "\n private key" + l.b.toString());
                keyManagerFactory.init(keyStore2, charArray);
                keyManagerFactory.init(keyStore3, charArray);
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(ISecConfig.j(), "BCJSSE");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509", "BCJSSE");
        trustManagerFactory.init(keyStore);
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        LogCatUtil.a("[getSocketFactory]", "init sslContext");
        return sSLContext.getSocketFactory();
    }

    public static SSLSocketFactory g(ModuleConfig moduleConfig) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (a == null) {
            throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
        }
        if (moduleConfig == null) {
            return h();
        }
        String[] strArr = moduleConfig.a;
        if (!moduleConfig.b) {
            return TLSAndroidUtils.createSSLSocketFactory(moduleConfig.c, strArr);
        }
        if (moduleConfig.h == null) {
            throw new IllegalAccessException("pfx has not configured, please config first");
        }
        LogCatUtil.a("[getSocketFactory]", "start init sslContext from pfx");
        PFXBiConfig pFXBiConfig = moduleConfig.h;
        String str = pFXBiConfig.c;
        String str2 = pFXBiConfig.a;
        String str3 = pFXBiConfig.d;
        String str4 = pFXBiConfig.b;
        AssetManager assets = a.getAssets();
        return TLSAndroidUtils.createSSLSocketFactory(moduleConfig.c, strArr, assets.open("sign.pfx"), str, str2, assets.open("enc.pfx"), str3, str4);
    }

    public static SSLSocketFactory h() throws IllegalAccessException, IOException, GeneralSecurityException {
        if (a == null) {
            throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
        }
        if (!ISecConfig.p()) {
            return null;
        }
        String[] k = ISecConfig.k();
        if (!ISecConfig.o()) {
            return TLSAndroidUtils.createSSLSocketFactory(ISecConfig.j(), k);
        }
        if (ISecConfig.i() == null) {
            throw new IllegalAccessException("pfx has not configured, please config first");
        }
        LogCatUtil.a("[getSocketFactory]", "start init sslContext from pfx");
        String str = ISecConfig.i().c;
        String str2 = ISecConfig.i().a;
        String str3 = ISecConfig.i().d;
        String str4 = ISecConfig.i().b;
        AssetManager assets = a.getAssets();
        return TLSAndroidUtils.createSSLSocketFactory(ISecConfig.j(), k, assets.open("sign.pfx"), str, str2, assets.open("enc.pfx"), str3, str4);
    }

    public static SSLSocketFactory i(ConfigType configType) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (a != null) {
            return g(ISecConfig.e(configType));
        }
        throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
    }

    public static TrustManager j(String[] strArr) throws GeneralSecurityException, IOException {
        return TLSAndroidUtils.createTrustManager(strArr);
    }

    public static X509TrustManager k() throws CertificateException, NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
        String[] k = ISecConfig.k();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < k.length; i++) {
            keyStore.setCertificateEntry("ca" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(k[i], 2))));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509", "BCJSSE");
        trustManagerFactory.init(keyStore);
        LogCatUtil.a("[getTrustManager]", "init trustManager");
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    public static SSLSocket l(Socket socket, String str, int i, boolean z) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (ISecConfig.k() == null || ISecConfig.k().length == 0) {
            throw new IllegalAccessException("no certs data,please config certs first!!");
        }
        SSLSocketFactory h = h();
        LogCatUtil.a("[getSocketFactory]", "finish init sslContext from pfx");
        return b(h, socket, str, i, z);
    }

    public static void m(Context context) {
        a = context;
        Provider provider = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
        if (provider == null) {
            Security.addProvider(new BouncyCastleProvider());
        } else if (provider.getVersion() < 1.62d) {
            Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
            Security.addProvider(new BouncyCastleProvider());
        }
        Security.addProvider(new BouncyCastleJsseProvider(BouncyCastleProvider.PROVIDER_NAME));
    }

    public static SSLSocket n(Socket socket, String str, int i, boolean z) throws IllegalAccessException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, UnrecoverableKeyException {
        if (ISecConfig.k() == null || ISecConfig.k().length == 0) {
            throw new IllegalAccessException("no certs data,please config certs first!!");
        }
        return b(f(), socket, str, i, z);
    }
}
