package com.huawei.logupload.amazon.security;

import android.content.Intent;
import com.huawei.androidcommon.utils.IOUtils;
import com.huawei.betaclub.common.AppContext;
import com.huawei.betaclub.common.L;
import com.huawei.betaclub.manager.RegionManager;
import com.huawei.betaclub.utils.security.SecUtils;
import com.huawei.logupload.utils.SHA256;
import com.huawei.logupload.utils.SecAction;
import com.huawei.logupload.utils.SecInput;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes.dex */
public class SecureNetSSLSocketFactory extends SSLSocketFactory {
    private static final String AP_CIPHER_SUITE_ONE = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
    private static final String AP_CIPHER_SUITE_TWO = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
    private static final String BETACLUB_EU_ALIAS = "betaclub_eu";
    private static final String BETACLUB_US_ALIAS = "betaclub_us";
    public static final int CERTIFICATE_HAD_EXPIRED = 2;
    public static final int CERTIFICATE_WILL_EXPIRED = 1;
    private static final String CERT_UPDATE = "com.huawei.betaclub.CERT_NOTIFICATION";
    private static final String CLIENT_KEY_MANAGER = "X509";
    private static final String CLIENT_TRUSTSTORE_MANAGER = "X509";
    public static final String KEY_STORE_CLIENT_PATH = "fut_client.p12";
    private static final String KEY_STORE_TYPE_BKS = "BKS";
    private static final String KEY_STORE_TYPE_P12 = "PKCS12";
    private static final long ONE_MONTH = -1702967296;
    private static final String RND_APR_EU_ALIAS = "rnd_apr_eu";
    private static final String RND_APR_US_ALIAS = "rnd_apr_us";
    private static final String TRUST_STORE_PATH = "server.bks";
    private static final String UNIPORTAL_ALIAS = "uniportal";
    private static volatile SecureNetSSLSocketFactory instance = null;
    private static final Object lock = new Object();
    public static final int salLength = 20;
    private static volatile KeyStore trustStore;
    private SSLContext sslContext;

    private SecureNetSSLSocketFactory() {
        this.sslContext = null;
        try {
            this.sslContext = SSLContext.getInstance("TLSv1.2");
            this.sslContext.init(getKeyManagers(), getTrustManagers(), new SecureRandom());
        } catch (KeyManagementException unused) {
            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory]Error2");
        } catch (NoSuchAlgorithmException unused2) {
            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory]Error1");
        } catch (Exception e) {
            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory]Error3");
            e.printStackTrace();
        }
    }

    public static void checkCertValidilty() {
        if (trustStore != null) {
            try {
                String str = RegionManager.isNorthAmerica() ? BETACLUB_US_ALIAS : BETACLUB_EU_ALIAS;
                String str2 = RegionManager.isNorthAmerica() ? RND_APR_US_ALIAS : RND_APR_EU_ALIAS;
                X509Certificate x509Certificate = (X509Certificate) trustStore.getCertificate(UNIPORTAL_ALIAS);
                X509Certificate x509Certificate2 = (X509Certificate) trustStore.getCertificate(str);
                X509Certificate x509Certificate3 = (X509Certificate) trustStore.getCertificate(str2);
                Date date = new Date();
                if (x509Certificate != null && x509Certificate2 != null && x509Certificate3 != null) {
                    x509Certificate.checkValidity(date);
                    L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty] uniprotal OK");
                    x509Certificate2.checkValidity(date);
                    L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty] betaclub OK");
                    x509Certificate3.checkValidity(date);
                    L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty] rndApr OK");
                    long time = x509Certificate.getNotAfter().getTime();
                    long time2 = x509Certificate2.getNotAfter().getTime();
                    long time3 = x509Certificate3.getNotAfter().getTime();
                    long time4 = date.getTime();
                    if (time >= time4 && time2 >= time4 && time3 >= time4) {
                        if (time - time4 < ONE_MONTH || time2 - time4 < ONE_MONTH || time3 - time4 < ONE_MONTH) {
                            sendBroadcastCertInvalid(1);
                            L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty] certificate will be expired!");
                        }
                    }
                    sendBroadcastCertInvalid(2);
                    L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty] certificate had expired!");
                }
            } catch (KeyStoreException unused) {
                L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty]Error1");
            } catch (CertificateExpiredException unused2) {
                L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty]Error2");
                sendBroadcastCertInvalid(2);
            } catch (CertificateNotYetValidException unused3) {
                L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.checkCertValidilty]Error3");
                sendBroadcastCertInvalid(2);
            }
        }
    }

    public static SecureNetSSLSocketFactory getInstance() {
        if (instance == null) {
            synchronized (lock) {
                if (instance == null) {
                    instance = new SecureNetSSLSocketFactory();
                }
            }
        }
        return instance;
    }

    /* JADX WARN: Code restructure failed: missing block: B:49:0x0218, code lost:
    
        if (r3.delete() == false) goto L106;
     */
    /* JADX WARN: Code restructure failed: missing block: B:50:0x021a, code lost:
    
        com.huawei.betaclub.common.L.d("BetaClub_Global", "[SecureNetSSLSocketFactory.getKeyManagers]fileDesTemp delete failed");
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x01fe, code lost:
    
        if (r3.delete() == false) goto L106;
     */
    /* JADX WARN: Code restructure failed: missing block: B:66:0x0194, code lost:
    
        if (r3.delete() == false) goto L106;
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x01af, code lost:
    
        if (r3.delete() == false) goto L106;
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x01ca, code lost:
    
        if (r3.delete() == false) goto L106;
     */
    /* JADX WARN: Code restructure failed: missing block: B:87:0x01e4, code lost:
    
        if (r3.delete() == false) goto L106;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static javax.net.ssl.KeyManager[] getKeyManagers() {
        /*
            Method dump skipped, instructions count: 593
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.logupload.amazon.security.SecureNetSSLSocketFactory.getKeyManagers():javax.net.ssl.KeyManager[]");
    }

    public static TrustManagerFactory getTrustManagerFactory() {
        Throwable th;
        InputStream inputStream;
        synchronized (lock) {
            try {
                try {
                    if (trustStore == null) {
                        inputStream = AppContext.getInstance().getContext().getResources().getAssets().open(TRUST_STORE_PATH);
                        try {
                            String trustStoreKey = getTrustStoreKey();
                            trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);
                            trustStore.load(inputStream, trustStoreKey.toCharArray());
                        } catch (IOException unused) {
                            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error3");
                            IOUtils.close(inputStream);
                            return null;
                        } catch (KeyStoreException unused2) {
                            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error1");
                            IOUtils.close(inputStream);
                            return null;
                        } catch (NoSuchAlgorithmException unused3) {
                            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error2");
                            IOUtils.close(inputStream);
                            return null;
                        } catch (CertificateException unused4) {
                            checkCertValidilty();
                            L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error4");
                            IOUtils.close(inputStream);
                            return null;
                        }
                    } else {
                        inputStream = null;
                    }
                    checkCertValidilty();
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                    trustManagerFactory.init(trustStore);
                    IOUtils.close(inputStream);
                    return trustManagerFactory;
                } catch (Throwable th2) {
                    th = th2;
                    IOUtils.close((Closeable) null);
                    throw th;
                }
            } catch (IOException unused5) {
                inputStream = null;
            } catch (KeyStoreException unused6) {
                inputStream = null;
            } catch (NoSuchAlgorithmException unused7) {
                inputStream = null;
            } catch (CertificateException unused8) {
                inputStream = null;
            } catch (Throwable th3) {
                th = th3;
                IOUtils.close((Closeable) null);
                throw th;
            }
        }
    }

    public static TrustManager[] getTrustManagers() {
        InputStream inputStream;
        synchronized (lock) {
            try {
            } catch (Throwable th) {
                th = th;
            }
            try {
                if (trustStore == null) {
                    inputStream = AppContext.getInstance().getContext().getResources().getAssets().open(TRUST_STORE_PATH);
                    try {
                        String trustStoreKey = getTrustStoreKey();
                        trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);
                        trustStore.load(inputStream, trustStoreKey.toCharArray());
                    } catch (IOException unused) {
                        L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error3");
                        IOUtils.close(inputStream);
                        return null;
                    } catch (KeyStoreException unused2) {
                        L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error1");
                        IOUtils.close(inputStream);
                        return null;
                    } catch (NoSuchAlgorithmException unused3) {
                        L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error2");
                        IOUtils.close(inputStream);
                        return null;
                    } catch (CertificateException unused4) {
                        checkCertValidilty();
                        L.e("BetaClub_Global", "[SecureNetSSLSocketFactory.getTrustManager]Error4");
                        IOUtils.close(inputStream);
                        return null;
                    }
                } else {
                    inputStream = null;
                }
                checkCertValidilty();
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                trustManagerFactory.init(trustStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                IOUtils.close(inputStream);
                return trustManagers;
            } catch (IOException unused5) {
                inputStream = null;
            } catch (KeyStoreException unused6) {
                inputStream = null;
            } catch (NoSuchAlgorithmException unused7) {
                inputStream = null;
            } catch (CertificateException unused8) {
                inputStream = null;
            } catch (Throwable th2) {
                th = th2;
                IOUtils.close((Closeable) null);
                throw th;
            }
        }
    }

    private static String getTrustStoreKey() {
        String trustStoreKm = SecInput.getTrustStoreKm();
        String substring = trustStoreKm.substring(0, 20);
        String decrypt = SecUtils.decrypt(SHA256.getDataSHA256(SecAction.encryptPBKDF2New(SecInput.getAmazonKm(), substring)), trustStoreKm.substring(20, trustStoreKm.length()), SecUtils.AES_CBC_PKCS5PADDING);
        return decrypt.subSequence(0, decrypt.length() - 20).toString();
    }

    private static void sendBroadcastCertInvalid(int i) {
        Intent intent = new Intent("com.huawei.betaclub.CERT_NOTIFICATION");
        intent.putExtra("certCheckedState", i);
        AppContext.getInstance().getContext().sendBroadcast(intent, "com.huawei.betaclub.permission.USES_BETACLUB_LOG_UPLOAD_SERVICE");
        L.i("BetaClub_Global", "[SecureNetSSLSocketFactory.sendBroadcastCertInvalid]");
    }

    public static void setEnableSafeCipherSuites(SSLSocket sSLSocket) {
        String[] enabledCipherSuites = sSLSocket.getEnabledCipherSuites();
        ArrayList arrayList = new ArrayList();
        for (String str : enabledCipherSuites) {
            String upperCase = str.toUpperCase();
            if (!upperCase.contains("RC4") && !upperCase.contains("DES") && !upperCase.contains("MD5") && !upperCase.contains("ANON") && !upperCase.contains("NULL")) {
                arrayList.add(str);
            }
        }
        sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i) {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(str, i);
        setEnableSafeCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(str, i, inetAddress, i2);
        setEnableSafeCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i) {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(inetAddress, i);
        setEnableSafeCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.SocketFactory
    public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
        setEnableSafeCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) {
        SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        setEnableSafeCipherSuites(sSLSocket);
        return sSLSocket;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getDefaultCipherSuites() {
        return null;
    }

    @Override // javax.net.ssl.SSLSocketFactory
    public String[] getSupportedCipherSuites() {
        return null;
    }
}
