package mtopsdk.mtop.network;

import android.taobao.chardet.nsCP1252Verifiern;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import mtopsdk.common.util.TBSdkLog;

/* loaded from: classes.dex */
public class TaoSSLSocketFactoryHelper {
    private static final String TAG = "mtopsdk.TaoSSLSocketFactoryHelper";
    private static TrustManager trustManager;

    /* loaded from: classes.dex */
    static class TaoX509TrustManager implements X509TrustManager {
        private static Certificate m_verisignCert = null;
        private static X509TrustManager m_defaultMgr = null;

        public TaoX509TrustManager(InputStream inputStream) throws Exception {
            try {
                if (inputStream == null) {
                    return;
                }
                try {
                    m_verisignCert = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } catch (Exception e) {
                    m_verisignCert = null;
                    if (inputStream != null) {
                        inputStream.close();
                    }
                }
                try {
                    if (m_defaultMgr == null) {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init((KeyStore) null);
                        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                        for (int i = 0; i < trustManagers.length; i++) {
                            if (trustManagers[i] instanceof X509TrustManager) {
                                m_defaultMgr = (X509TrustManager) trustManagers[i];
                                return;
                            }
                        }
                    }
                } catch (Exception e2) {
                    m_defaultMgr = null;
                    TBSdkLog.i("usertrack_data", "6,got default trust fail");
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            nsCP1252Verifiern.b(nsCP1252Verifiern.a() ? 1 : 0);
            TBSdkLog.i("https", "checkClientTrusted");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            TBSdkLog.i("https", "https verify begin");
            if (m_verisignCert == null) {
                return;
            }
            boolean z = false;
            if (x509CertificateArr.length > 0) {
                try {
                    String name = x509CertificateArr[0].getSubjectX500Principal().getName();
                    TBSdkLog.i("https", name);
                    z = name.contains(".taobao.com");
                    if (!z) {
                        z = name.contains(".alipay.com");
                    }
                } catch (Exception e) {
                    TBSdkLog.e(TaoSSLSocketFactoryHelper.TAG, "", e);
                }
            }
            if (z) {
                String str2 = "";
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateExpiredException e2) {
                        new SimpleDateFormat("yyyy-MM-dd").format(new Date());
                        throw e2;
                    } catch (CertificateNotYetValidException e3) {
                        TBSdkLog.i("https", "cert checkValidity CertificateNotYetValidException:" + x509Certificate.getSubjectDN().toString() + " t:" + new SimpleDateFormat("yyyy-MM-dd").format(new Date()));
                        throw e3;
                    } catch (Exception e4) {
                    }
                    boolean z2 = false;
                    try {
                        x509Certificate.verify(m_verisignCert.getPublicKey());
                    } catch (InvalidKeyException e5) {
                        str2 = e5.getMessage();
                        z2 = true;
                    } catch (NoSuchAlgorithmException e6) {
                        str2 = e6.getMessage();
                        z2 = true;
                    } catch (NoSuchProviderException e7) {
                        str2 = e7.getMessage();
                        z2 = true;
                    } catch (SignatureException e8) {
                        str2 = e8.getMessage();
                        z2 = true;
                    } catch (Exception e9) {
                        TBSdkLog.e(TaoSSLSocketFactoryHelper.TAG, "", e9);
                        z2 = true;
                    }
                    if (!z2) {
                        TBSdkLog.i("https", "--- verify success:" + x509Certificate.getSubjectDN());
                        return;
                    }
                }
                TBSdkLog.i("https", " customize https verify failed:" + str2);
                if (m_defaultMgr != null) {
                    try {
                        m_defaultMgr.checkServerTrusted(x509CertificateArr, str);
                    } catch (CertificateException e10) {
                        if (x509CertificateArr.length > 0) {
                            x509CertificateArr[0].getSubjectDN().toString();
                        }
                        throw e10;
                    } catch (Exception e11) {
                        e11.printStackTrace();
                        if (x509CertificateArr.length > 0) {
                            x509CertificateArr[0].getSubjectDN().toString();
                        }
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            nsCP1252Verifiern.b(nsCP1252Verifiern.a() ? 1 : 0);
            return null;
        }
    }

    public static SSLSocketFactory getDefaultSocketFactory(InputStream inputStream) {
        nsCP1252Verifiern.b(nsCP1252Verifiern.a() ? 1 : 0);
        try {
            trustManager = new TaoX509TrustManager(inputStream);
        } catch (Exception e) {
            TBSdkLog.e(TAG, "", e);
        }
        if (trustManager == null) {
            return null;
        }
        TrustManager[] trustManagerArr = {trustManager};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e2) {
            TBSdkLog.e(TAG, "", e2);
            return null;
        }
    }
}
