package anetwork.channel.ssl;

import android.content.Context;
import anetwork.channel.http.NetworkSdkSetting;
import anetwork.channel.statist.StatisticsUtil;
import anetwork.channel.util.FileUtil;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import mtopsdk.common.ut.util.UTAdapterUtil;
import mtopsdk.common.util.SymbolExpUtil;
import mtopsdk.common.util.TBSdkLog;

/* loaded from: classes.dex */
public class CertificationValiditor {
    private static String DOMAIN = "m.taobao.com";
    private static final String TAG = "ANet.CertificationValiditor";

    private static X509Certificate[] getAcceptedIssuersCerts() {
        X509TrustManager x509TrustManager = null;
        if (0 == 0) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int i = 0;
                while (true) {
                    if (i >= trustManagers.length) {
                        break;
                    }
                    if (trustManagers[i] instanceof X509TrustManager) {
                        x509TrustManager = (X509TrustManager) trustManagers[i];
                        break;
                    }
                    i++;
                }
            } catch (Exception e) {
                TBSdkLog.e(TAG, "");
                return null;
            }
        }
        if (x509TrustManager != null) {
            return x509TrustManager.getAcceptedIssuers();
        }
        return null;
    }

    public static synchronized X509Certificate getCertification() {
        X509Certificate x509Certificate;
        synchronized (CertificationValiditor.class) {
            TBSdkLog.d(TAG, "[getCertifications]");
            x509Certificate = null;
            byte[] filetoByte = FileUtil.filetoByte(getCertsFile());
            if (filetoByte != null) {
                x509Certificate = getCertificationByDomain(getCertifications(filetoByte), DOMAIN);
            } else {
                TBSdkLog.e(TAG, "getCertification error certs:" + filetoByte);
            }
        }
        return x509Certificate;
    }

    private static X509Certificate getCertificationByDomain(List<X509Certificate> list, String str) {
        String obj;
        if (list == null) {
            return null;
        }
        for (int i = 0; i < list.size(); i++) {
            X509Certificate x509Certificate = list.get(i);
            if (x509Certificate != null && x509Certificate.getSubjectDN() != null && (obj = x509Certificate.getSubjectDN().toString()) != null && obj.contains(str)) {
                return x509Certificate;
            }
        }
        return null;
    }

    private static List<X509Certificate> getCertifications(byte[] bArr) {
        CertificateFactory certificateFactory;
        ByteArrayInputStream byteArrayInputStream;
        Collection<? extends Certificate> generateCertificates;
        ByteArrayInputStream byteArrayInputStream2 = null;
        try {
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
                byteArrayInputStream = new ByteArrayInputStream(bArr);
            } catch (CertificateException e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            generateCertificates = certificateFactory.generateCertificates(byteArrayInputStream);
        } catch (CertificateException e2) {
            e = e2;
            byteArrayInputStream2 = byteArrayInputStream;
            e.printStackTrace();
            if (byteArrayInputStream2 != null) {
                try {
                    byteArrayInputStream2.close();
                } catch (IOException e3) {
                }
            }
            return null;
        } catch (Throwable th2) {
            th = th2;
            byteArrayInputStream2 = byteArrayInputStream;
            if (byteArrayInputStream2 != null) {
                try {
                    byteArrayInputStream2.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
        if (generateCertificates == null) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e5) {
                }
            }
            return null;
        }
        List<X509Certificate> list = generateCertificates instanceof List ? (List) generateCertificates : null;
        if (byteArrayInputStream != null) {
            try {
                byteArrayInputStream.close();
            } catch (IOException e6) {
            }
        }
        return list;
    }

    private static File getCertsFile() {
        Context context = NetworkSdkSetting.context;
        if (context != null) {
            return new File(context.getFilesDir().getAbsolutePath() + "/CA.cert");
        }
        TBSdkLog.d(TAG, "context :" + context);
        return null;
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        return isSignedByCertification(x509Certificate, x509Certificate);
    }

    private static boolean isSignedByCertification(X509Certificate x509Certificate, X509Certificate x509Certificate2) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }

    public static synchronized boolean putCertificateions(byte[] bArr, int i) {
        boolean byteToFile;
        synchronized (CertificationValiditor.class) {
            byteToFile = FileUtil.byteToFile(bArr, getCertsFile());
            TBSdkLog.i(TAG, "写入证书:" + byteToFile);
        }
        return byteToFile;
    }

    private static void reportErrorMsg(String str) {
        try {
            TBSdkLog.i(TAG, str);
            UTAdapterUtil.commit(StatisticsUtil.PAGE_NAME_EXCEPTION, 65114, 261, str, (String) null, (Map<String, String>) null);
        } catch (Throwable th) {
        }
    }

    public static Boolean validate(byte[] bArr) {
        List<X509Certificate> certifications = getCertifications(bArr);
        if (certifications == null) {
            reportErrorMsg("Certificate failed:byteToCert Failed");
            return false;
        }
        X509Certificate certificationByDomain = getCertificationByDomain(certifications, DOMAIN);
        if (certificationByDomain == null) {
            reportErrorMsg("Certificate failed:Domain Failed");
            return false;
        }
        reportErrorMsg("Certificate :Domain passed");
        if (!validateCertificateDate(certificationByDomain)) {
            reportErrorMsg("Certificate failed:Date Failed");
            return false;
        }
        reportErrorMsg("Certificate :Date passed");
        if (validateChain(certifications).booleanValue()) {
            return true;
        }
        reportErrorMsg("Certificate failed:Cert Path Failed");
        return false;
    }

    private static boolean validateCertificateDate(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.checkValidity(new Date());
            return true;
        } catch (CertificateExpiredException e) {
            TBSdkLog.e(TAG, "CertificateExpiredException", e);
            return false;
        } catch (CertificateNotYetValidException e2) {
            TBSdkLog.e(TAG, "CertificateNotYetValidException", e2);
            return false;
        }
    }

    private static Boolean validateChain(CertPath certPath) {
        Boolean bool = Boolean.FALSE;
        try {
            X509Certificate[] acceptedIssuersCerts = getAcceptedIssuersCerts();
            ArrayList arrayList = new ArrayList();
            if (acceptedIssuersCerts != null) {
                for (X509Certificate x509Certificate : acceptedIssuersCerts) {
                    arrayList.add(new TrustAnchor(x509Certificate, null));
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(new HashSet(arrayList));
            pKIXParameters.setRevocationEnabled(false);
            Security.setProperty("ocsp.enable", SymbolExpUtil.STRING_TRUE);
            if (((PKIXCertPathValidatorResult) CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(certPath, pKIXParameters)) != null) {
                bool = Boolean.TRUE;
            }
            return bool;
        } catch (Exception e) {
            TBSdkLog.e(TAG, "validateChain exception", e);
            return bool;
        }
    }

    public static Boolean validateChain(List<X509Certificate> list) {
        try {
            return validateChain(CertificateFactory.getInstance("X.509").generateCertPath(list));
        } catch (Exception e) {
            TBSdkLog.e(TAG, "Certificateion Validator error", e);
            return false;
        }
    }
}
