package com.icbc.pay.common.client;

import android.util.Log;
import com.fort.andJni.JniLib1693289771;
import com.icbc.pay.common.utils.ICBCPayHelper;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public enum HttpsProductUtils {
    INSTANCE;

    private static final String rootCerBaltimore = "a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a39";
    private static final String rootCerDigiEV = "c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb";
    private static final String rootCerDigiGlobal = "e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af27";
    private static final String rootCerEn = "ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a471";
    private static final String rootCerEnSHARoot = "b695b64342fac66d2a6f48df944c395705eec37911416836edecfe9a018fa13828fcf71046662e4d1e1ab11a4ec6d1c09588b0c9ff318b3303dbb7837b3e20845eedb25628a7f8e0b9407137c5cb470e972a68c022956215db47d9f5d02bff824bc9ad3ede4cdb9080503f098a8400ec300a3d18cdfbfd2a599a2395172c459e1f6e43796d0c5c98fe48a7c523475c5efd6ee71eb4f66845d186835ba28a8db1e32980fe257188adbebc8fac52964baa518de4133119e84e4d9fdbacb36ad5bc395471ca7a7a7f90dd7d1d80d981bb5926c211fee693e2f780e465fb34370e2980704daf38862e9e7f57af9e17aeeb1ccb28215fb61cd8e7a20422f9d3dad8cb";
    private static final String rootCerVersign = "af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e82515";

    /* loaded from: classes2.dex */
    private class CustomTrustManager implements X509TrustManager {
        final /* synthetic */ HttpsProductUtils this$0;

        private CustomTrustManager(HttpsProductUtils httpsProductUtils) {
            JniLib1693289771.cV(this, httpsProductUtils, 53);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            JniLib1693289771.cV(this, x509CertificateArr, str, 52);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (ICBCPayHelper.isOpenSSLPinning) {
                if (x509CertificateArr == null) {
                    throw new IllegalArgumentException("X509Certificates is null");
                }
                if (x509CertificateArr.length == 0) {
                    throw new IllegalArgumentException("X509Certificates is empty");
                }
                X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
                x509Certificate.checkValidity();
                String obj = x509Certificate.getPublicKey().toString();
                String substring = obj.substring(obj.indexOf("modulus=") + 8);
                String substring2 = substring.substring(0, substring.indexOf(","));
                if (!substring2.equalsIgnoreCase(HttpsProductUtils.rootCerDigiGlobal) && !substring2.equalsIgnoreCase(HttpsProductUtils.rootCerBaltimore) && !substring2.equalsIgnoreCase(HttpsProductUtils.rootCerVersign) && !substring2.equalsIgnoreCase(HttpsProductUtils.rootCerDigiEV) && !substring2.equalsIgnoreCase(HttpsProductUtils.rootCerEnSHARoot) && !substring2.equalsIgnoreCase(HttpsProductUtils.rootCerEn)) {
                    throw new CertificateException("CertificateError root certificate is untrusted");
                }
                Log.e("srdtag", "checkServerTrusted: ---------------------------------------" + substring2);
                x509Certificate.checkValidity();
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    X509Certificate x509Certificate2 = x509CertificateArr[i];
                    if (i < x509CertificateArr.length - 1) {
                        try {
                            x509Certificate2.verify(x509CertificateArr[i + 1].getPublicKey());
                        } catch (InvalidKeyException e) {
                            e.printStackTrace();
                        } catch (NoSuchAlgorithmException e2) {
                            e2.printStackTrace();
                        } catch (NoSuchProviderException e3) {
                            e3.printStackTrace();
                        } catch (SignatureException e4) {
                            e4.printStackTrace();
                        }
                    }
                    x509Certificate2.checkValidity();
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes2.dex */
    public static class SSLParams {
        public SSLSocketFactory sSLSocketFactory;
        public X509TrustManager trustManager;

        public SSLParams() {
            JniLib1693289771.cV(this, 54);
        }
    }

    private KeyManager[] prepareKeyManager(InputStream inputStream, String str) {
        if (inputStream != null && str != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance("BKS");
                keyStore.load(inputStream, str.toCharArray());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, str.toCharArray());
                return keyManagerFactory.getKeyManagers();
            } catch (IOException e) {
                e.printStackTrace();
            } catch (KeyStoreException e2) {
                e2.printStackTrace();
            } catch (NoSuchAlgorithmException e3) {
                e3.printStackTrace();
            } catch (UnrecoverableKeyException e4) {
                e4.printStackTrace();
            } catch (CertificateException e5) {
                e5.printStackTrace();
            } catch (Exception e6) {
                e6.printStackTrace();
            }
        }
        return null;
    }

    public SSLParams getSslSocketFactory() {
        SSLParams sSLParams = new SSLParams();
        try {
            KeyManager[] prepareKeyManager = prepareKeyManager(null, null);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            CustomTrustManager customTrustManager = new CustomTrustManager();
            sSLContext.init(prepareKeyManager, new TrustManager[]{customTrustManager}, null);
            sSLParams.sSLSocketFactory = sSLContext.getSocketFactory();
            sSLParams.trustManager = customTrustManager;
            return sSLParams;
        } catch (KeyManagementException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    public String[] getWebViewSSLHost() {
        return new String[]{"icbc-asia.icbc.com.cn", "mobilehk.icbc.com.cn", "icbc-am.icbc.com.cn", "icbc-eu.icbc.com.cn", "m.icbc.co.id", "qr.icbc.com.mo", "cardstyle.icbc.com.mo"};
    }
}
