package io.pivotal.android.push.util;

import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.util.Base64;
import io.pivotal.android.push.PushParameters;
import io.pivotal.android.push.prefs.Pivotal;
import io.pivotal.android.push.receiver.CustomSslProvider;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.joda.time.DateTimeConstants;

/* loaded from: classes.dex */
public class ApiRequestImpl {
    public static final String CUSTOM_SSL_PROVIDER_META_DATA = "io.pivotal.android.push.CustomSslProvider";
    protected Context context;
    protected NetworkWrapper networkWrapper;

    /* JADX INFO: Access modifiers changed from: protected */
    public ApiRequestImpl(Context context, NetworkWrapper networkWrapper) {
        verifyArguments(context, networkWrapper);
        saveArguments(context, networkWrapper);
    }

    private static Class<? extends CustomSslProvider> findProviderClassName(Context context) throws PackageManager.NameNotFoundException, ClassNotFoundException {
        Bundle bundle;
        String string;
        Class cls;
        ApplicationInfo applicationInfo = context.getPackageManager().getApplicationInfo(context.getPackageName(), 128);
        if (applicationInfo == null || (bundle = applicationInfo.metaData) == null || !bundle.containsKey(CUSTOM_SSL_PROVIDER_META_DATA) || (string = bundle.getString(CUSTOM_SSL_PROVIDER_META_DATA)) == null || (cls = Class.forName(string)) == null || !CustomSslProvider.class.isAssignableFrom(cls)) {
            return null;
        }
        return cls;
    }

    public static String getBasicAuthorizationValue(PushParameters pushParameters) {
        return "Basic  " + Base64.encodeToString((pushParameters.getPlatformUuid() + ":" + pushParameters.getPlatformSecret()).getBytes(), 2);
    }

    public static Class<? extends CustomSslProvider> getCustomSslProviderClass(Context context) {
        Class<? extends CustomSslProvider> findProviderClassName;
        try {
            findProviderClassName = findProviderClassName(context);
        } catch (Exception e) {
            Logger.ex(e);
        }
        return findProviderClassName != null ? findProviderClassName : CustomSslProvider.class;
    }

    private KeyStore getKeyStore(Context context, PushParameters pushParameters) throws GeneralSecurityException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        List<String> pinnedSslCertificateNames = pushParameters.getPinnedSslCertificateNames();
        for (int i = 0; i < pinnedSslCertificateNames.size(); i++) {
            String str = pinnedSslCertificateNames.get(i);
            InputStream inputStream = null;
            Certificate certificate = null;
            if (str != null) {
                try {
                    try {
                        inputStream = context.getAssets().open(str);
                        certificate = certificateFactory.generateCertificate(inputStream);
                        Logger.i("Note: We are pinning certificate '" + str + "'.");
                    } catch (IOException e) {
                        Logger.w("WARNING: could not open certificate file '" + str + "': " + e);
                        if (inputStream != null) {
                            inputStream.close();
                        }
                    } catch (CertificateException e2) {
                        Logger.w("WARNING: could not read certificate file '" + str + "': " + e2);
                        if (inputStream != null) {
                            inputStream.close();
                        }
                    }
                } finally {
                    if (inputStream != null) {
                        inputStream.close();
                    }
                }
            }
            if (certificate != null) {
                keyStore.setCertificateEntry(String.valueOf(i), certificate);
            }
        }
        return keyStore;
    }

    private void saveArguments(Context context, NetworkWrapper networkWrapper) {
        this.networkWrapper = networkWrapper;
        this.context = context;
    }

    private void trustAllSslCertificates(HttpsURLConnection httpsURLConnection) throws NoSuchAlgorithmException, KeyManagementException {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: io.pivotal.android.push.util.ApiRequestImpl.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: io.pivotal.android.push.util.ApiRequestImpl.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        };
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, null);
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        httpsURLConnection.setHostnameVerifier(hostnameVerifier);
        Logger.w("Note: We trust all SSL certifications in PCF Push.");
    }

    private void trustPinnedSslCertificates(Context context, PushParameters pushParameters, HttpsURLConnection httpsURLConnection) throws GeneralSecurityException, IOException {
        final KeyStore keyStore = getKeyStore(context, pushParameters);
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: io.pivotal.android.push.util.ApiRequestImpl.3
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                if (x509CertificateArr == null) {
                    throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
                }
                if (x509CertificateArr.length <= 0) {
                    throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
                }
                if (str == null || !str.contains("RSA")) {
                    throw new CertificateException("checkServerTrusted: AuthType is not RSA.  AuthType: " + str);
                }
                boolean z = false;
                String bigInteger = new BigInteger(1, ((RSAPublicKey) x509CertificateArr[0].getPublicKey()).getEncoded()).toString(16);
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                    trustManagerFactory.init(keyStore);
                    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                        ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                    }
                    Iterator it = Collections.list(keyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        z = new BigInteger(1, ((RSAPublicKey) keyStore.getCertificate((String) it.next()).getPublicKey()).getEncoded()).toString(16).equalsIgnoreCase(bigInteger);
                        if (z) {
                            break;
                        }
                    }
                    if (!z) {
                        throw new CertificateException("The server's certificate has not been authenticated.");
                    }
                } catch (Exception e) {
                    throw new CertificateException(e);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, null);
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        Logger.w("Note: Authenticating certificate in PCF Push.");
    }

    private void verifyArguments(Context context, NetworkWrapper networkWrapper) {
        if (networkWrapper == null) {
            throw new IllegalArgumentException("networkWrapper may not be null");
        }
        if (context == null) {
            throw new IllegalArgumentException("context may not be null");
        }
    }

    protected void addCustomRequestHeaders(PushParameters pushParameters, HttpURLConnection httpURLConnection) {
        Map<String, String> requestHeaders = pushParameters.getRequestHeaders();
        if (requestHeaders == null || requestHeaders.isEmpty()) {
            return;
        }
        for (Map.Entry<String, String> entry : requestHeaders.entrySet()) {
            httpURLConnection.addRequestProperty(entry.getKey(), entry.getValue());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpURLConnection getHttpURLConnection(URL url, PushParameters pushParameters) throws IOException, IllegalAccessException, GeneralSecurityException, InstantiationException {
        HttpURLConnection httpURLConnection = this.networkWrapper.getHttpURLConnection(url);
        httpURLConnection.setReadTimeout(DateTimeConstants.MILLIS_PER_MINUTE);
        httpURLConnection.setConnectTimeout(DateTimeConstants.MILLIS_PER_MINUTE);
        httpURLConnection.setChunkedStreamingMode(0);
        addCustomRequestHeaders(pushParameters, httpURLConnection);
        setupTrust(pushParameters, httpURLConnection);
        return httpURLConnection;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isFailureStatusCode(int i) {
        return i < 200 || i >= 300;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isFatalStatusCode(int i) {
        return i >= 400 && i < 500;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String readInput(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[256];
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                return new String(byteArrayOutputStream.toByteArray());
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    protected void setupTrust(PushParameters pushParameters, HttpURLConnection httpURLConnection) throws GeneralSecurityException, IOException, IllegalAccessException, InstantiationException {
        if (httpURLConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) httpURLConnection;
            if (pushParameters.getSslCertValidationMode() == Pivotal.SslCertValidationMode.TRUST_ALL) {
                trustAllSslCertificates(httpsURLConnection);
                return;
            }
            if (pushParameters.getSslCertValidationMode() == Pivotal.SslCertValidationMode.PINNED && pushParameters.getPinnedSslCertificateNames() != null && pushParameters.getPinnedSslCertificateNames().size() > 0) {
                trustPinnedSslCertificates(this.context, pushParameters, httpsURLConnection);
                return;
            }
            if (pushParameters.getSslCertValidationMode() != Pivotal.SslCertValidationMode.CALLBACK) {
                Logger.w("Note: Using system default SSL authentication in PCF Push.");
                return;
            }
            Logger.w("Note: Using a custom callback for SSL authentication in PCF Push.");
            CustomSslProvider newInstance = getCustomSslProviderClass(this.context).newInstance();
            SSLSocketFactory sSLSocketFactory = newInstance.getSSLSocketFactory();
            HostnameVerifier hostnameVerifier = newInstance.getHostnameVerifier();
            if (sSLSocketFactory != null) {
                httpsURLConnection.setSSLSocketFactory(sSLSocketFactory);
            }
            if (hostnameVerifier != null) {
                httpsURLConnection.setHostnameVerifier(hostnameVerifier);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeOutput(String str, OutputStream outputStream) throws IOException {
        for (byte b : str.getBytes()) {
            outputStream.write(b);
        }
        outputStream.close();
    }
}
