package com.kaspersky.components.certificatechecker;

import android.os.SystemClock;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import com.kaspersky.ProtectedTheApplication;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import x.b12;
import x.zt8;

/* loaded from: classes5.dex */
public class CertificateChecker {
    private static final String f = ProtectedTheApplication.s("Θ");
    private static final int g = (int) TimeUnit.MINUTES.toMillis(2);
    private final long a;
    private final b12 b;
    private String c;
    protected byte[][] d;
    private int e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public class a implements HostnameVerifier {
        a() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public static class b implements X509TrustManager {
        private b() {
        }

        /* synthetic */ b(a aVar) {
            this();
        }

        private void a(X509Certificate x509Certificate) throws CertificateException {
            try {
                x509Certificate.checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            a(x509CertificateArr[0]);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            a(x509CertificateArr[0]);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static {
        init();
    }

    public CertificateChecker(long j) {
        this(j, null);
    }

    public CertificateChecker(long j, b12 b12Var) {
        this.e = g;
        this.a = j;
        this.b = b12Var;
    }

    private Certificate[] a(Certificate[] certificateArr) {
        X500Principal issuerX500Principal;
        Certificate[] certificateArr2 = (Certificate[]) certificateArr.clone();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        for (int i = 0; i < certificateArr2.length; i++) {
            if (certificateArr2[i] instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificateArr2[i];
                X500Principal issuerX500Principal2 = x509Certificate.getIssuerX500Principal();
                if (issuerX500Principal2 != null) {
                    linkedHashMap.put(issuerX500Principal2, Integer.valueOf(i));
                }
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                if (subjectX500Principal != null) {
                    linkedHashMap2.put(subjectX500Principal, Integer.valueOf(i));
                }
            }
        }
        boolean z = linkedHashMap.size() < certificateArr2.length;
        boolean z2 = linkedHashMap.size() == certificateArr2.length && linkedHashMap2.size() == certificateArr2.length;
        if (z || z2) {
            for (int i2 = 0; i2 < certificateArr2.length; i2++) {
                if ((certificateArr2[i2] instanceof X509Certificate) && i2 > 0 && (issuerX500Principal = ((X509Certificate) certificateArr2[i2 - 1]).getIssuerX500Principal()) != null) {
                    Integer valueOf = Integer.valueOf(i2);
                    Integer num = (Integer) linkedHashMap2.get(issuerX500Principal);
                    if (valueOf != null && num != null && !valueOf.equals(num)) {
                        Certificate certificate = certificateArr2[valueOf.intValue()];
                        certificateArr2[valueOf.intValue()] = certificateArr2[num.intValue()];
                        certificateArr2[num.intValue()] = certificate;
                    }
                }
            }
        }
        return certificateArr2;
    }

    private native CheckResult checkCertificate(String str, String str2, int i, byte[][] bArr, long j) throws IOException;

    private CheckResult e(URL url, Certificate[] certificateArr) throws IOException, CertificateException {
        long uptimeMillis = SystemClock.uptimeMillis();
        if (certificateArr == null) {
            certificateArr = g(url);
        }
        CheckResult h = h(url, certificateArr);
        long uptimeMillis2 = SystemClock.uptimeMillis() - uptimeMillis;
        if (h.getVerdict() != Verdict.Untrusted) {
            int port = url.getPort();
            if (port == -1) {
                port = url.getDefaultPort();
            }
            String host = url.getHost();
            CheckResult checkCertificate = checkCertificate(host, this.c, port, this.d, this.a);
            b12 b12Var = this.b;
            if (b12Var != null) {
                b12Var.a(checkCertificate, ProtectedTheApplication.s("Ι") + host + ProtectedTheApplication.s("Κ") + port, this.c, this.d);
            }
            h = checkCertificate;
        }
        h.getTelemetry().d(uptimeMillis2);
        return h;
    }

    private CheckResult h(URL url, Certificate[] certificateArr) throws CertificateException, UnknownHostException {
        CheckResult checkResult = new CheckResult(Verdict.Unknown.ordinal(), ExtendedVerdict.Unspecified.ordinal(), 0);
        this.c = InetAddress.getByName(url.getHost()).getHostAddress();
        Certificate[] a2 = a(certificateArr);
        f(a2);
        return !m(a2) ? new CheckResult(Verdict.Untrusted.ordinal(), ExtendedVerdict.InvalidChain.ordinal(), 0) : checkResult;
    }

    private static Certificate[] i(HttpsURLConnection httpsURLConnection) throws IOException {
        try {
            return httpsURLConnection.getServerCertificates();
        } catch (Exception unused) {
            httpsURLConnection.getInputStream();
            return httpsURLConnection.getServerCertificates();
        }
    }

    private static native void init();

    private void l(HttpsURLConnection httpsURLConnection) {
        TrustManager[] trustManagerArr = {new b(null)};
        a aVar = new a();
        try {
            SSLContext sSLContext = SSLContext.getInstance(ProtectedTheApplication.s("Λ"));
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(aVar);
        } catch (Exception e) {
            throw new RuntimeException(ProtectedTheApplication.s("Μ") + f, e);
        }
    }

    public CheckResult b(String str) throws IOException, CertificateException {
        return c(str, null);
    }

    public CheckResult c(String str, Certificate[] certificateArr) throws IOException, CertificateException {
        try {
            return d(zt8.f(str), certificateArr);
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public CheckResult d(URL url, Certificate[] certificateArr) throws IOException, CertificateException {
        if (url.getProtocol().equals(ProtectedTheApplication.s("Ν"))) {
            return e(url, certificateArr);
        }
        throw new IllegalArgumentException(ProtectedTheApplication.s("Ξ"));
    }

    protected void f(Certificate[] certificateArr) throws CertificateException {
        byte[][] bArr = new byte[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            if (!(certificateArr[i] instanceof X509Certificate)) {
                throw new CertificateException(ProtectedTheApplication.s("Ο"));
            }
            bArr[i] = certificateArr[i].getEncoded();
        }
        this.d = bArr;
    }

    public Certificate[] g(URL url) throws IOException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(url.openConnection()));
        l(httpsURLConnection);
        httpsURLConnection.setConnectTimeout(this.e);
        httpsURLConnection.setReadTimeout(this.e);
        try {
            httpsURLConnection.connect();
            return i(httpsURLConnection);
        } finally {
            httpsURLConnection.disconnect();
        }
    }

    public int j() {
        return this.e;
    }

    public void k(int i) {
        this.e = i;
    }

    public boolean m(Certificate[] certificateArr) throws CertificateException {
        boolean z = true;
        for (int i = 0; i < certificateArr.length; i++) {
            if (!(certificateArr[i] instanceof X509Certificate)) {
                throw new CertificateException(ProtectedTheApplication.s("Π"));
            }
            if (i > 0) {
                try {
                    ((X509Certificate) certificateArr[i - 1]).verify(((X509Certificate) certificateArr[i]).getPublicKey());
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                    z = false;
                }
            }
        }
        return z;
    }
}
