package dolphin.net.http;

import android.net.http.SslCertificate;
import com.android.org.conscrypt.SSLParametersImpl;
import dolphin.util.Log;
import dolphin.webkit.VersionInfo;
import dolphin.webkit.annotation.CalledByJNI;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import org.apache.harmony.security.asn1.ASN1Exception;
import org.apache.harmony.security.asn1.BerInputStream;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.security.x509.Certificate;

@CalledByJNI
/* loaded from: classes.dex */
public class CertificateChainValidator {
    private static final CertificateChainValidator a = new CertificateChainValidator();
    private static final String b = CertificateChainValidator.class.getSimpleName();
    private static Method c = null;

    private CertificateChainValidator() {
    }

    public static CertificateChainValidator a() {
        return a;
    }

    private SslError a(X509Certificate[] x509CertificateArr, SSLSocket sSLSocket, String str, String str2) {
        boolean z;
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (x509Certificate == null) {
            a(sSLSocket, "certificate for this site is null");
        } else if (!dolphin.net.b.a(x509Certificate, str)) {
            String str3 = "certificate not for this host: " + str;
            if (sSLSocket != null) {
                sSLSocket.getSession().invalidate();
            }
            return new SslError(2, x509Certificate);
        }
        int length = x509CertificateArr.length;
        if (x509CertificateArr.length > 1) {
            int i = 0;
            while (i < x509CertificateArr.length) {
                int i2 = i + 1;
                while (true) {
                    if (i2 >= x509CertificateArr.length) {
                        z = false;
                        break;
                    }
                    if (!x509CertificateArr[i].getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                        i2++;
                    } else if (i2 != i + 1) {
                        X509Certificate x509Certificate2 = x509CertificateArr[i2];
                        x509CertificateArr[i2] = x509CertificateArr[i + 1];
                        x509CertificateArr[i + 1] = x509Certificate2;
                        z = true;
                    } else {
                        z = true;
                    }
                }
                if (!z) {
                    break;
                }
                i++;
            }
            length = i + 1;
            X509Certificate x509Certificate3 = x509CertificateArr[length - 1];
            Date date = new Date();
            if (x509Certificate3.getSubjectDN().equals(x509Certificate3.getIssuerDN()) && date.after(x509Certificate3.getNotAfter())) {
                length--;
            }
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[length];
        for (int i3 = 0; i3 < length; i3++) {
            x509CertificateArr2[i3] = x509CertificateArr[i3];
        }
        try {
            if (VersionInfo.IS_KITKAT || !SslErrorJssePackagePlatformTry.isSslJssePackageExist()) {
                if (c == null) {
                    try {
                        c = SSLParametersImpl.class.getDeclaredMethod("getDefaultTrustManager", new Class[0]);
                    } catch (NoSuchMethodException e) {
                        try {
                            c = SSLParametersImpl.class.getDeclaredMethod("getDefaultX509TrustManager", new Class[0]);
                        } catch (NoSuchMethodException e2) {
                            Log.e(b, "Method com.android.org.conscrypt.SSLParametersImpl.getDefaultTrustManager()/getDefaultX509TrustManager() not found!");
                            return new SslError(3, x509Certificate);
                        }
                    }
                }
                ((X509TrustManager) c.invoke(null, new Object[0])).checkServerTrusted(x509CertificateArr2, str2);
            } else {
                org.apache.harmony.xnet.provider.jsse.SSLParametersImpl.getDefaultTrustManager().checkServerTrusted(x509CertificateArr2, str2);
            }
            if (sSLSocket != null) {
            }
            if (sSLSocket == null || !sSLSocket.getSession().getProtocol().equalsIgnoreCase("SSLv3")) {
                return null;
            }
            SslError sslError = new SslError(5, x509Certificate);
            sslError.addError(3);
            return sslError;
        } catch (CertificateException e3) {
            if (sSLSocket != null) {
                sSLSocket.getSession().invalidate();
            }
            return new SslError(3, x509Certificate);
        } catch (Exception e4) {
            Log.e(b, e4.toString());
            return new SslError(3, x509Certificate);
        }
    }

    private void a(SSLSocket sSLSocket, String str) {
        if (sSLSocket != null) {
            SSLSession session = sSLSocket.getSession();
            if (session != null) {
                session.invalidate();
            }
            sSLSocket.close();
        }
        throw new SSLHandshakeException(str);
    }

    private void a(SSLSocket sSLSocket, String str, String str2) {
        if (str == null) {
            str = str2;
        }
        a(sSLSocket, str);
    }

    public static void b() {
    }

    @CalledByJNI
    public static SslError verifyServerCertificates(byte[][] bArr, String str, String str2) {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("bad certificate chain");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr.length) {
                return a().a(x509CertificateArr, null, str, str2);
            }
            byte[] bArr2 = bArr[i2];
            try {
                x509CertificateArr[i2] = new X509CertImpl(bArr2);
            } catch (ASN1Exception e) {
                Log.w(b, "Bad DER format, try BER...");
                x509CertificateArr[i2] = new X509CertImpl((Certificate) Certificate.ASN1.decode(new BerInputStream(bArr2)));
            }
            i = i2 + 1;
        }
    }

    public SslError a(r rVar, SSLSocket sSLSocket, String str) {
        int i = 0;
        try {
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
        } catch (IOException e) {
            a(sSLSocket, e.getMessage(), "failed to perform SSL handshake");
        }
        java.security.cert.Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            a(sSLSocket, "failed to retrieve peer certificates");
        } else {
            X509Certificate[] x509CertificateArr = new X509Certificate[peerCertificates.length];
            while (true) {
                int i2 = i;
                if (i2 >= peerCertificates.length) {
                    break;
                }
                x509CertificateArr[i2] = (X509Certificate) peerCertificates[i2];
                i = i2 + 1;
            }
            if (rVar != null) {
                try {
                    if (x509CertificateArr[0] != null) {
                        rVar.a(new SslCertificate(x509CertificateArr[0]));
                    }
                } catch (Exception e2) {
                }
            }
        }
        return a((X509Certificate[]) peerCertificates, sSLSocket, str, "RSA");
    }
}
