package com.kaspersky.components.certificatechecker;

import android.annotation.SuppressLint;
import android.os.SystemClock;
import c.b.b.a.a;
import com.kaspersky.components.utils.net.NetworkFileUtils;
import com.kms.kmsshared.ProtectedKMSApplication;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CertificateChecker {
    private String mIpAddress;
    private final long mLocator;
    private final CertificateCheckerResultListener mResultListener;
    public byte[][] mTbsCerts;
    private int mTimeout;
    private static final String LOG_TAG = ProtectedKMSApplication.s("ӑ");
    private static final int DEFAULT_TIMEOUT = (int) TimeUnit.MINUTES.toMillis(2);

    /* loaded from: classes.dex */
    public static class CertTrustManager implements X509TrustManager {
        private static final boolean THROW_CERTIFICATE_EXCEPTION = false;

        private CertTrustManager() {
        }

        private void check(X509Certificate x509Certificate) {
            try {
                x509Certificate.checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            check(x509CertificateArr[0]);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            check(x509CertificateArr[0]);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static {
        init();
    }

    public CertificateChecker(long j) {
        this(j, null);
    }

    public CertificateChecker(long j, CertificateCheckerResultListener certificateCheckerResultListener) {
        this.mTimeout = DEFAULT_TIMEOUT;
        this.mLocator = j;
        this.mResultListener = certificateCheckerResultListener;
    }

    private native CheckResult checkCertificate(String str, String str2, int i2, byte[][] bArr, long j);

    private CheckResult checkCertificateDumpCert(URL url, Certificate[] certificateArr) {
        long uptimeMillis = SystemClock.uptimeMillis();
        if (certificateArr == null) {
            certificateArr = extractCertificate(url);
        }
        CheckResult generateChain = generateChain(url, certificateArr);
        long uptimeMillis2 = SystemClock.uptimeMillis() - uptimeMillis;
        if (generateChain.getVerdict() != Verdict.Untrusted) {
            int port = url.getPort();
            if (port == -1) {
                port = url.getDefaultPort();
            }
            String host = url.getHost();
            CheckResult checkCertificate = checkCertificate(host, this.mIpAddress, port, this.mTbsCerts, this.mLocator);
            CertificateCheckerResultListener certificateCheckerResultListener = this.mResultListener;
            if (certificateCheckerResultListener != null) {
                certificateCheckerResultListener.onCertificateCheckResult(checkCertificate, ProtectedKMSApplication.s("Ӓ") + host + ProtectedKMSApplication.s("ӓ") + port, this.mIpAddress, this.mTbsCerts);
            }
            generateChain = checkCertificate;
        }
        generateChain.getTelemetry().setGenerateChainTime(uptimeMillis2);
        return generateChain;
    }

    private CheckResult generateChain(URL url, Certificate[] certificateArr) {
        Verdict verdict = Verdict.Unknown;
        ExtendedVerdict extendedVerdict = ExtendedVerdict.Unspecified;
        CheckResult checkResult = new CheckResult(2, 0, 0);
        this.mIpAddress = InetAddress.getByName(url.getHost()).getHostAddress();
        dumpHttpsCert(certificateArr);
        if (verifyCertificateChain(certificateArr)) {
            return checkResult;
        }
        Verdict verdict2 = Verdict.Untrusted;
        ExtendedVerdict extendedVerdict2 = ExtendedVerdict.InvalidChain;
        return new CheckResult(1, 3, 0);
    }

    private static Certificate[] getCertificates(HttpsURLConnection httpsURLConnection) {
        try {
            return httpsURLConnection.getServerCertificates();
        } catch (Exception unused) {
            httpsURLConnection.getInputStream();
            return httpsURLConnection.getServerCertificates();
        }
    }

    private static native void init();

    @SuppressLint({"TrulyRandom", "BadHostnameVerifier"})
    private void setCustomSecuritySocketFactory(HttpsURLConnection httpsURLConnection) {
        TrustManager[] trustManagerArr = {new CertTrustManager()};
        HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: com.kaspersky.components.certificatechecker.CertificateChecker.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        };
        try {
            SSLContext sSLContext = SSLContext.getInstance(ProtectedKMSApplication.s("Ӕ"));
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(hostnameVerifier);
        } catch (Exception e2) {
            StringBuilder q = a.q(ProtectedKMSApplication.s("ӕ"));
            q.append(LOG_TAG);
            throw new RuntimeException(q.toString(), e2);
        }
    }

    public CheckResult checkCertificate(String str) {
        return checkCertificate(str, (Certificate[]) null);
    }

    public CheckResult checkCertificate(String str, Certificate[] certificateArr) {
        try {
            return checkCertificate(NetworkFileUtils.getUrl(str), certificateArr);
        } catch (MalformedURLException e2) {
            throw new IllegalArgumentException(e2.getMessage());
        }
    }

    public CheckResult checkCertificate(URL url) {
        return checkCertificate(url, (Certificate[]) null);
    }

    public CheckResult checkCertificate(URL url, Certificate[] certificateArr) {
        if (url.getProtocol().equals(ProtectedKMSApplication.s("Ӗ"))) {
            return checkCertificateDumpCert(url, certificateArr);
        }
        throw new IllegalArgumentException(ProtectedKMSApplication.s("ӗ"));
    }

    public void dumpHttpsCert(Certificate[] certificateArr) {
        byte[][] bArr = new byte[certificateArr.length];
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            if (!(certificateArr[i2] instanceof X509Certificate)) {
                throw new CertificateException(ProtectedKMSApplication.s("Ә"));
            }
            bArr[i2] = certificateArr[i2].getEncoded();
        }
        this.mTbsCerts = bArr;
    }

    public Certificate[] extractCertificate(URL url) {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        setCustomSecuritySocketFactory(httpsURLConnection);
        httpsURLConnection.setConnectTimeout(this.mTimeout);
        httpsURLConnection.setReadTimeout(this.mTimeout);
        try {
            httpsURLConnection.connect();
            return getCertificates(httpsURLConnection);
        } finally {
            httpsURLConnection.disconnect();
        }
    }

    public int getConnectionTimeout() {
        return this.mTimeout;
    }

    public void setConnectionTimeout(int i2) {
        this.mTimeout = i2;
    }

    public boolean verifyCertificateChain(Certificate[] certificateArr) {
        boolean z = true;
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            if (!(certificateArr[i2] instanceof X509Certificate)) {
                throw new CertificateException(ProtectedKMSApplication.s("ә"));
            }
            if (i2 > 0) {
                try {
                    ((X509Certificate) certificateArr[i2 - 1]).verify(((X509Certificate) certificateArr[i2]).getPublicKey());
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                    z = false;
                }
            }
        }
        return z;
    }
}
