package android.net.http;

import android.annotation.TargetApi;
import android.net.VpnService;
import android.os.Build;
import android.text.TextUtils;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.google.common.base.Ascii;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.juniper.junos.pulse.android.mdm.wifi.WifiPolicyParser;
import net.juniper.junos.pulse.android.util.Log;
import net.juniper.junos.pulse.android.util.SettingsUtil;

@TargetApi(14)
/* loaded from: classes.dex */
public final class SSLUtilities {
    private static HostnameVerifier _hostnameVerifier;
    private static byte mConnectionType;
    private static boolean sCertTrusted;
    private static String sOnboardX509thumbPrint_SHA256;
    private static SslCertificate sSessionSslCert;
    private static X509Certificate sX509UntrustedCert;
    private static String sX509thumbPrint_SHA256;
    private static boolean sServerCertTrusted = true;
    public static final String[] SUPPORTED_TLS_PROTOCOLS = {"TLSv1", "TLSv1.1", "TLSv1.2"};
    private static MySSLSocketFactory mySslSocketFactory = null;

    /* loaded from: classes.dex */
    public static class CustomX509TrustManager implements X509TrustManager {
        private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[0];
        private boolean mTrustAll;

        public CustomX509TrustManager(boolean z) {
            this.mTrustAll = false;
            this.mTrustAll = z;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (SSLUtilities.mConnectionType != 1) {
                if (SSLUtilities.mConnectionType == 2) {
                    try {
                        String access$300 = SSLUtilities.access$300();
                        if (TextUtils.isEmpty(access$300)) {
                            SSLUtilities.setOnboardSessionX509ThumbPrint_SHA256(SSLUtilities.getThumbPrintFromCert_SHA256(x509CertificateArr[0]));
                            SSLUtilities.debugLog("sCertTrusted = true");
                            boolean unused = SSLUtilities.sCertTrusted = true;
                        } else if (SSLUtilities.getThumbPrintFromCert_SHA256(x509CertificateArr[0]).equals(access$300)) {
                            SSLUtilities.debugLog("sCertTrusted = true");
                            boolean unused2 = SSLUtilities.sCertTrusted = true;
                        } else {
                            Log.d("checkServerTrusted cert hashed mismatch");
                            SSLUtilities.setUntrustedCert(x509CertificateArr[0]);
                        }
                        return;
                    } catch (NoSuchAlgorithmException e) {
                        Log.printStackTrace(e);
                        return;
                    }
                }
                return;
            }
            if (this.mTrustAll || x509CertificateArr == null) {
                return;
            }
            try {
                String sessionX509ThumbPrint_SHA256 = SSLUtilities.getSessionX509ThumbPrint_SHA256();
                SSLUtilities.debugLog("checkServerTrusted.storedX509ThumbPrint_SHA256 = " + sessionX509ThumbPrint_SHA256);
                if (TextUtils.isEmpty(sessionX509ThumbPrint_SHA256)) {
                    SSLUtilities.setSessionSSLCert(new SslCertificate(x509CertificateArr[0]));
                    SSLUtilities.setSessionX509ThumbPrint_SHA256(SSLUtilities.getThumbPrintFromCert_SHA256(x509CertificateArr[0]));
                    SSLUtilities.debugLog("checkServerTrusted.sCertTrusted = true");
                    boolean unused3 = SSLUtilities.sCertTrusted = true;
                } else {
                    String thumbPrintFromCert_SHA256 = SSLUtilities.getThumbPrintFromCert_SHA256(x509CertificateArr[0]);
                    SSLUtilities.debugLog("checkServerTrusted.thumbPrint == " + thumbPrintFromCert_SHA256);
                    if (thumbPrintFromCert_SHA256.equals(sessionX509ThumbPrint_SHA256)) {
                        SSLUtilities.debugLog("sCertTrusted = true");
                        boolean unused4 = SSLUtilities.sCertTrusted = true;
                    } else {
                        Log.d("checkServerTrusted cert hashed mismatch");
                        SSLUtilities.setUntrustedCert(x509CertificateArr[0]);
                    }
                }
            } catch (NoSuchAlgorithmException e2) {
                Log.printStackTrace(e2);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return _AcceptedIssuers;
        }
    }

    /* loaded from: classes.dex */
    public static class FakeHostnameVerifier implements HostnameVerifier {
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return true;
        }
    }

    /* loaded from: classes.dex */
    public static class MySSLSocketFactory extends SSLSocketFactory {
        MyVpnService myVpnService = new MyVpnService();
        SSLContext sslContext;

        /* loaded from: classes.dex */
        static class MyVpnService extends VpnService {
            MyVpnService() {
            }

            public int protectSock(Socket socket) {
                Log.d("Protecting " + socket.toString() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + (protect(socket) ? 1 : 0));
                return 0;
            }
        }

        public MySSLSocketFactory(SSLContext sSLContext) {
            this.sslContext = null;
            this.sslContext = sSLContext;
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket() throws IOException {
            Log.d("createSocket");
            return this.sslContext.getSocketFactory().createSocket();
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i) throws IOException, UnknownHostException {
            Log.d("createSocket");
            return this.sslContext.getSocketFactory().createSocket(str, i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException, UnknownHostException {
            Log.d("createSocket");
            return this.sslContext.getSocketFactory().createSocket(str, i, inetAddress, i2);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
            Log.d("createSocket");
            return this.sslContext.getSocketFactory().createSocket(inetAddress, i);
        }

        @Override // javax.net.SocketFactory
        public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
            Log.d("createSocket");
            return this.sslContext.getSocketFactory().createSocket(inetAddress, i, inetAddress2, i2);
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
            Log.d("createSocket");
            Socket createSocket = this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
            int i2 = Build.VERSION.SDK_INT;
            if (i2 >= 16 && i2 < 20) {
                ((SSLSocket) createSocket).setEnabledProtocols(SSLUtilities.SUPPORTED_TLS_PROTOCOLS);
                String[] enabledProtocols = ((SSLSocket) createSocket).getEnabledProtocols();
                if (enabledProtocols != null) {
                    for (String str2 : enabledProtocols) {
                        if (str2 != null) {
                            Log.d("Enabled protocol new = " + str2);
                        }
                    }
                }
            }
            return createSocket;
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getDefaultCipherSuites() {
            Log.d("getDefaultCipherSuites");
            return this.sslContext.getSocketFactory().getDefaultCipherSuites();
        }

        @Override // javax.net.ssl.SSLSocketFactory
        public String[] getSupportedCipherSuites() {
            Log.d("getSupportedCipherSuites");
            return this.sslContext.getSocketFactory().getSupportedCipherSuites();
        }
    }

    /* loaded from: classes.dex */
    public static class SystemX509TrustManager implements X509TrustManager {
        private X509TrustManager systemTrustManager;

        SystemX509TrustManager() {
            this.systemTrustManager = null;
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                this.systemTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            } catch (Exception e) {
                Log.d(e.getMessage());
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Log.d("SystemX509TrustManager, checkServerTrusted");
            boolean unused = SSLUtilities.sServerCertTrusted = false;
            try {
                if (this.systemTrustManager != null) {
                    Log.d("xtm.checkServerTrusted");
                    this.systemTrustManager.checkServerTrusted(x509CertificateArr, str);
                    boolean unused2 = SSLUtilities.sServerCertTrusted = true;
                    Log.d("Trusted certificate");
                } else {
                    Log.d("checkServerTrusted failed: TrustManager is null");
                }
            } catch (IllegalArgumentException e) {
                Log.d("IllegalArgumentException: " + e.getMessage());
            } catch (CertificateException e2) {
                Log.d("CertException thrown: " + e2.getMessage());
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static /* synthetic */ String access$300() {
        return getOnboardSessionX509ThumbPrint_SHA256();
    }

    public static void allowSystemTrustedServerCertificates() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(WifiPolicyParser.sEapMethodTls);
            sSLContext.init(null, new TrustManager[]{new SystemX509TrustManager()}, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e.getMessage());
        }
    }

    public static void clearOnboardingSessionCert() {
        Log.d("clearing onboarding session cert");
        sOnboardX509thumbPrint_SHA256 = null;
    }

    public static void clearSessionCert() {
        Log.d("SSLCert", "clearSessionCert");
        debugLog("X509thumbPrint_SHA256=null");
        sSessionSslCert = null;
        sX509thumbPrint_SHA256 = null;
        SettingsUtil.setVpnSessionSSLCert("");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void debugLog(String str) {
        if (Log.m_debug) {
            Log.d("SSLUtilities: " + str);
        }
    }

    private static String getOnboardSessionX509ThumbPrint_SHA256() {
        return sOnboardX509thumbPrint_SHA256;
    }

    public static SslCertificate getSessionSslCert() {
        Log.d("SSLCert", "getSessionSslCert");
        return sSessionSslCert;
    }

    public static String getSessionX509ThumbPrint_SHA256() {
        debugLog("getSessionX509ThumbPrint_SHA256.X509thumbPrint_SHA256==" + sX509thumbPrint_SHA256);
        return sX509thumbPrint_SHA256;
    }

    public static SSLSocketFactory getSslSocketFactory() {
        Log.d("createSocket");
        return mySslSocketFactory;
    }

    public static String getThumbPrintFromCert_SHA256(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(x509Certificate.getEncoded());
        return hexify(messageDigest.digest());
    }

    public static X509Certificate getUntrustedCert() {
        return sX509UntrustedCert;
    }

    public static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & Ascii.SI]);
        }
        return stringBuffer.toString();
    }

    public static boolean isCertTrusted() {
        debugLog("sCertTrusted == " + sCertTrusted);
        return sCertTrusted;
    }

    public static boolean isServerCertTrusted() {
        return sServerCertTrusted;
    }

    public static void setConnectionType(byte b) {
        mConnectionType = b;
    }

    public static void setOnboardSessionX509ThumbPrint_SHA256(String str) {
        sOnboardX509thumbPrint_SHA256 = str;
    }

    public static void setSessionSSLCert(SslCertificate sslCertificate) {
        sSessionSslCert = sslCertificate;
        if (sslCertificate != null) {
            Log.d("SSLCert", "setSessionSSLCert sslCert=" + (!TextUtils.isEmpty(sslCertificate.toString())));
            SettingsUtil.setVpnSessionSSLCert(sslCertificate.toString());
        } else {
            Log.d("SSLCert", "setSessionSSLCert sslCert=null");
            SettingsUtil.setVpnSessionSSLCert("");
        }
    }

    public static void setSessionX509ThumbPrint_SHA256(String str) {
        Log.d("SSLCert", "X509thumbPrint_SHA256=" + (!TextUtils.isEmpty(str)));
        debugLog("setSessionX509ThumbPrint_SHA256.X509thumbPrint_SHA256=" + str);
        sX509thumbPrint_SHA256 = str;
    }

    public static void setUntrustedCert(X509Certificate x509Certificate) {
        debugLog("sCertTrusted = false");
        sCertTrusted = false;
        sX509UntrustedCert = x509Certificate;
    }

    public static void trustAllHostnames() {
        if (_hostnameVerifier == null) {
            _hostnameVerifier = new FakeHostnameVerifier();
        }
        HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier);
    }

    public static void trustUserAllowedHttpsCertificates(KeyManager[] keyManagerArr, byte b, HttpsURLConnection httpsURLConnection) {
        Log.d("trustUserAllowedHttpsCertificates: connectionType = " + ((int) b));
        mConnectionType = b;
        try {
            SSLContext sSLContext = SSLContext.getInstance(WifiPolicyParser.sEapMethodTls);
            sSLContext.init(keyManagerArr, new TrustManager[]{new CustomX509TrustManager(false)}, new SecureRandom());
            if (mySslSocketFactory == null) {
                mySslSocketFactory = new MySSLSocketFactory(sSLContext);
            }
            httpsURLConnection.setSSLSocketFactory(mySslSocketFactory);
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e.getMessage());
        }
    }
}
