package com.shopee.bke.biz.mitra.sdk.utils.net;

import android.content.Context;
import android.content.res.AssetManager;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Log;
import androidx.annotation.WorkerThread;
import com.shopee.bke.biz.base.cer.CdnCerBean;
import com.shopee.bke.biz.mitra.sdk.utils.net.CerHelper;
import com.shopee.bke.biz.twoway.auth.security.HashSecurity;
import com.shopee.bke.lib.toolkit.util.GsonUtils;
import com.shopee.web.activity.WebLibWebViewClient;
import java.io.File;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import o.aa5;
import o.b5;
import o.bv2;
import o.cr0;
import o.ix;
import o.jx;
import o.kx;
import o.l60;
import o.mx;
import o.o9;
import o.ox;
import o.qd2;
import o.qv4;
import o.r51;
import o.to;
import o.tq2;
import o.ty0;
import o.wt0;
import o.y95;
import okhttp3.Dns;

/* loaded from: classes3.dex */
public class CerHelper {
    private static final Map<String, KeyManagerFactory> CACHE_KMF = r51.a();
    public static final HashSet<String> NEED_TWO_WAY_WHITELIST;
    private static final String TAG = "CerHelper";
    private static volatile boolean hasInit = false;

    /* loaded from: classes3.dex */
    public class a extends X509ExtendedTrustManager {

        /* renamed from: ˊ, reason: contains not printable characters */
        public final /* synthetic */ String f13;

        public a(String str) {
            this.f13 = str;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            CerHelper.innerCheckClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            CerHelper.innerCheckClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            CerHelper.innerCheckClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            CerHelper.innerCheckServerTrusted(x509CertificateArr, this.f13);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
            CerHelper.innerCheckServerTrusted(x509CertificateArr, this.f13);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
            CerHelper.innerCheckServerTrusted(x509CertificateArr, this.f13);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes3.dex */
    public class b implements X509TrustManager {

        /* renamed from: ˊ, reason: contains not printable characters */
        public final /* synthetic */ String f14;

        public b(String str) {
            this.f14 = str;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            CerHelper.innerCheckClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            CerHelper.innerCheckServerTrusted(x509CertificateArr, this.f14);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    static {
        HashSet<String> hashSet = new HashSet<>();
        NEED_TWO_WAY_WHITELIST = hashSet;
        hashSet.add(returnHost("https://apm.seabank.co.id/"));
        hashSet.add(returnHost("https://apm-uat1.uat.seabank.co.id/"));
        hashSet.add(returnHost(b5.d().l()));
        hashSet.add(returnHost(to.l()));
        hashSet.add(returnHost(b5.d().f()));
    }

    public static void addWhiteList() {
        aa5 aa5Var = aa5.a.a;
        HashSet<String> hashSet = NEED_TWO_WAY_WHITELIST;
        aa5Var.a.d.addAll(hashSet);
        aa5Var.b.d(hashSet);
        aa5Var.c.addAll(hashSet);
    }

    private static String getPublicKeyHash(byte[] bArr) {
        if (bArr == null || bArr.length < 25) {
            return "";
        }
        int length = bArr.length;
        byte[] bArr2 = new byte[length - 24];
        int i = 0;
        for (int i2 = 24; i2 < length; i2++) {
            bArr2[i] = bArr[i2];
            i++;
        }
        return cr0.k(bArr2);
    }

    private static X509TrustManager getTrustManager() {
        return getTrustManager(null);
    }

    private static X509TrustManager getTrustManager(String str) {
        return Build.VERSION.SDK_INT >= 24 ? new a(str) : new b(str);
    }

    public static boolean hasInit() {
        return hasInit;
    }

    @WorkerThread
    public static KeyManagerFactory initKeyManagerFactory(AssetManager assetManager, String str) {
        Map<String, KeyManagerFactory> map = CACHE_KMF;
        if (map.containsKey(str)) {
            return map.get(str);
        }
        KeyManagerFactory keyManagerFactory = null;
        try {
            String c = ox.c();
            HashMap<String, Integer> hashMap = jx.h;
            KeyStore f = jx.c.a.f(str, assetManager);
            keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(f, c.toCharArray());
        } catch (Exception e) {
            qd2.t(TAG, "initKeyManagerFactory is throw: ", e);
        }
        if (keyManagerFactory != null && keyManagerFactory.getKeyManagers().length > 0) {
            CACHE_KMF.put(str, keyManagerFactory);
        }
        return keyManagerFactory;
    }

    @WorkerThread
    public static KeyManagerFactory initKeyManagerFactory(String str) {
        try {
            try {
                HashMap<String, Integer> hashMap = jx.h;
                KeyStore f = jx.c.a.f(str, null);
                String c = ox.c();
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(f, c.toCharArray());
                return keyManagerFactory;
            } catch (Exception e) {
                qd2.t(TAG, "initKeyManagerFactory is throw: ", e);
                throw new RuntimeException("NetValidation clientCer:" + str + "   exception:" + Log.getStackTraceString(e));
            }
        } finally {
            int i = ty0.a;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void innerCheckClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
            }
            qd2.a(TAG, x509CertificateArr[0].getSubjectDN().getName() + " " + x509CertificateArr[0].getIssuerDN().getName());
        } catch (Exception unused) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized void innerCheckServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        synchronized (CerHelper.class) {
            if (b5.d().isLive() || b5.d().k() || b5.d().e()) {
                String b2 = y95.b(x509CertificateArr, NEED_TWO_WAY_WHITELIST);
                String publicKeyHash = getPublicKeyHash(x509CertificateArr[0].getPublicKey().getEncoded());
                HashMap<String, Integer> hashMap = jx.h;
                if (!jx.c.a.d(publicKeyHash)) {
                    b5.h().i(TAG, "host %s two way auth fail", b2);
                    reportServerCertificateChain(x509CertificateArr);
                    bv2.b.a.c(b2);
                    if (o9.c.a.d()) {
                        throw new CertificateException();
                    }
                    if (qv4.c().a().getBoolean("enable_ssl_pinning", true)) {
                        throw new CertificateException();
                    }
                    qd2.e(TAG, "close server cer check");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List lambda$providerDns$0(String str) throws UnknownHostException {
        try {
            InetAddress[] allByName = InetAddress.getAllByName(str);
            if (NEED_TWO_WAY_WHITELIST.contains(str)) {
                for (InetAddress inetAddress : allByName) {
                    if (inetAddress != null) {
                        b5.h().d(TAG, "dns look up host %s, address is %s", inetAddress.getHostName(), inetAddress.getHostAddress());
                        aa5 aa5Var = aa5.a.a;
                        String hostAddress = inetAddress.getHostAddress();
                        aa5Var.a.d.add(hostAddress);
                        aa5Var.b.c(hostAddress);
                        aa5Var.c.add(hostAddress);
                    }
                }
            }
            return Arrays.asList(allByName);
        } catch (NullPointerException e) {
            UnknownHostException unknownHostException = new UnknownHostException("Broken system behaviour for dns lookup of $hostname");
            unknownHostException.initCause(e);
            throw unknownHostException;
        }
    }

    @WorkerThread
    public static void loadCer(Context context) {
        CdnCerBean cdnCerBean;
        String[] strArr;
        if (hasInit) {
            return;
        }
        if (context == null) {
            b5.h().e(TAG, "pls make sure that your context is not null");
            return;
        }
        HashMap<String, Integer> hashMap = jx.h;
        jx jxVar = jx.c.a;
        ix ixVar = new ix();
        Objects.requireNonNull(jxVar);
        b5.h().d("CerManager", "---init---");
        jxVar.c = ixVar;
        TextUtils.isEmpty("spp");
        TextUtils.isEmpty("https://banking-aka-storage-dev1.test.seabank.co.id/seamoney/bke/app/uat1/");
        TextUtils.isEmpty("https://cdn-api-img.seabank.co.id/uc-id-photo/");
        if (jxVar.c != null) {
            jxVar.b(HashSecurity.getServerHash());
        }
        jxVar.a();
        b5.h().d("CerManager", "initFromCdn");
        File file = new File(mx.d() + "/cer.json");
        if (file.exists()) {
            b5.h().d("CerManager", "load server array from cdn");
            try {
                String f = ty0.f(o9.c.a.c(), file.getAbsolutePath());
                if (!TextUtils.isEmpty(f) && (cdnCerBean = (CdnCerBean) GsonUtils.a(f, CdnCerBean.class)) != null && (strArr = cdnCerBean.server_array) != null && strArr.length > 0) {
                    jxVar.b(strArr);
                }
            } catch (Exception e) {
                tq2.c(e, wt0.c(""), b5.h(), "CerManager");
            }
        }
        l60.f().b("CerManager", new kx(jxVar));
        loadClientCer(context);
        loadServerCer();
        hasInit = true;
    }

    private static void loadClientCer(Context context) {
        int env = b5.d().getEnv();
        HashMap<String, Integer> hashMap = jx.h;
        String h = jx.c.a.h(env);
        KeyManagerFactory initKeyManagerFactory = h.startsWith("cer/") ? initKeyManagerFactory(context.getAssets(), h) : initKeyManagerFactory(h);
        if (initKeyManagerFactory != null) {
            aa5.a.a.a.a = (X509KeyManager) initKeyManagerFactory.getKeyManagers()[0];
        }
    }

    private static void loadServerCer() {
        X509TrustManager trustManager = getTrustManager();
        aa5 aa5Var = aa5.a.a;
        aa5Var.b.e(trustManager);
        X509TrustManager trustManager2 = getTrustManager(b5.d().f());
        aa5Var.b.a(b5.d().f().replace(WebLibWebViewClient.HTTPS_SCHEME, ""), trustManager2);
    }

    public static Dns providerDns() {
        return new Dns() { // from class: o.gx
            @Override // okhttp3.Dns
            public final List lookup(String str) {
                List lambda$providerDns$0;
                lambda$providerDns$0 = CerHelper.lambda$providerDns$0(str);
                return lambda$providerDns$0;
            }
        };
    }

    private static void reportServerCertificateChain(X509Certificate[] x509CertificateArr) {
        Bundle b2 = bv2.b.a.b();
        StringBuilder sb = new StringBuilder();
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (x509Certificate != null && x509Certificate.getSubjectX500Principal() != null && x509Certificate.getIssuerX500Principal() != null) {
                    sb.append("\ncert：[");
                    sb.append(x509Certificate.getSubjectX500Principal().getName());
                    sb.append("] issued by [");
                    sb.append(x509Certificate.getIssuerX500Principal().getName());
                    sb.append("]");
                }
            }
        }
        b2.putString("certificateChain", sb.toString());
        bv2.b.a.a("SSL-Cancel", b2);
    }

    public static String returnHost(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        return Uri.parse(str).getHost();
    }
}
