package com.kingsoft.emailcommon.utility;

import android.content.ContentUris;
import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.net.SSLCertificateSocketFactory;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.android.emailcommon.provider.EmailContent;
import com.android.emailcommon.provider.HostAuth;
import com.kingsoft.email.statistics.EventID;
import com.kingsoft.email.statistics.KingsoftAgent;
import com.kingsoft.emailcommon.utility.exception.ClientCertificateException;
import com.kingsoft.emailcommon.utility.ssl.AllowAllHostnameVerifier;
import com.kingsoft.emailcommon.utility.ssl.BrowserCompatHostnameVerifier;
import com.kingsoft.emailcommon.utility.ssl.StrictHostnameVerifier;
import com.kingsoft.emailcommon.utility.ssl.X509HostnameVerifier;
import com.kingsoft.log.utils.LogTag;
import com.kingsoft.log.utils.LogUtils;
import com.kingsoft.smime.ui.CertificateUtil;
import com.wps.mail.rom.db.RoomDatabase;
import com.wps.mail.rom.db.cert.ServerCert;
import com.wps.mail.rom.db.cert.ServerCertDao;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import org.objectweb.asm.signature.SignatureVisitor;

/* loaded from: classes2.dex */
public class SSLUtils {
    private static final int HANDSHAKE_TIMEOUT = 10000;
    private static final boolean LOG_ENABLED = false;
    private static final String TAG = "Email.Ssl";
    private static SSLCertificateSocketFactory sSecureFactory;
    public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER = new AllowAllHostnameVerifier();
    public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER = new BrowserCompatHostnameVerifier();
    public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER = new StrictHostnameVerifier();

    /* loaded from: classes2.dex */
    public static class KeyChainKeyManager extends StubKeyManager {
        private final X509Certificate[] mCertificateChain;
        private final String mClientAlias;
        private final PrivateKey mPrivateKey;

        private KeyChainKeyManager(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
            super();
            this.mClientAlias = str;
            this.mCertificateChain = x509CertificateArr;
            this.mPrivateKey = privateKey;
        }

        public static KeyChainKeyManager fromAlias(Context context, String str) throws CertificateException {
            try {
                X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, str);
                try {
                    PrivateKey privateKey = KeyChain.getPrivateKey(context, str);
                    if (certificateChain == null || privateKey == null) {
                        throw new ClientCertificateException("Can't access certificate from keystore");
                    }
                    return new KeyChainKeyManager(str, certificateChain, privateKey);
                } catch (KeyChainException e) {
                    logError(str, "private key", e);
                    throw new ClientCertificateException(e);
                } catch (InterruptedException e2) {
                    logError(str, "private key", e2);
                    throw new ClientCertificateException(e2);
                }
            } catch (KeyChainException e3) {
                logError(str, "certificate chain", e3);
                throw new ClientCertificateException(e3);
            } catch (AssertionError e4) {
                LogUtils.e(SSLUtils.TAG, "Unable to retrieve certificate chain" + e4.getMessage(), new Object[0]);
                throw new ClientCertificateException(e4);
            } catch (InterruptedException e5) {
                logError(str, "certificate chain", e5);
                throw new ClientCertificateException(e5);
            }
        }

        private static void logError(String str, String str2, Exception exc) {
            LogUtils.e(SSLUtils.TAG, "Unable to retrieve " + str2 + " due to " + exc, new Object[0]);
        }

        @Override // com.kingsoft.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.mClientAlias;
        }

        @Override // com.kingsoft.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.mCertificateChain;
        }

        @Override // com.kingsoft.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.mPrivateKey;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class SameCertificateCheckingTrustManager implements X509TrustManager {
        private static X509TrustManager sDefaultTrustManager;
        private final Context mContext;
        private final HostAuth mHostAuth;
        private PublicKey mPublicKey;

        SameCertificateCheckingTrustManager(Context context, HostAuth hostAuth) {
            this.mContext = context.getApplicationContext();
            this.mHostAuth = hostAuth;
            Cursor query = context.getContentResolver().query(HostAuth.CONTENT_URI, new String[]{EmailContent.HostAuthColumns.SERVER_CERT}, "_id=?", new String[]{Long.toString(hostAuth.mId)}, null);
            if (query != null) {
                try {
                    if (query.moveToNext()) {
                        hostAuth.mServerCert = query.getBlob(0);
                    }
                } finally {
                    query.close();
                }
            }
        }

        /* JADX WARN: Code restructure failed: missing block: B:20:0x004a, code lost:
        
            r3 = true;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private void sendCertFail(java.security.cert.X509Certificate r6, java.lang.String r7, java.lang.String r8) {
            /*
                r5 = this;
                java.lang.String r0 = "*"
                r1 = 2
                r6.checkValidity()     // Catch: java.security.cert.CertificateNotYetValidException -> L64 java.security.cert.CertificateExpiredException -> L6f java.security.cert.CertificateParsingException -> L79
                java.util.Collection r6 = r6.getSubjectAlternativeNames()     // Catch: java.security.cert.CertificateParsingException -> L79
                if (r6 != 0) goto Ld
                return
            Ld:
                java.util.Iterator r6 = r6.iterator()     // Catch: java.security.cert.CertificateParsingException -> L79
            L11:
                boolean r2 = r6.hasNext()     // Catch: java.security.cert.CertificateParsingException -> L79
                r3 = 0
                r4 = 1
                if (r2 == 0) goto L4b
                java.lang.Object r2 = r6.next()     // Catch: java.security.cert.CertificateParsingException -> L79
                java.util.List r2 = (java.util.List) r2     // Catch: java.security.cert.CertificateParsingException -> L79
                java.lang.Object r3 = r2.get(r3)     // Catch: java.security.cert.CertificateParsingException -> L79
                java.lang.Integer r3 = (java.lang.Integer) r3     // Catch: java.security.cert.CertificateParsingException -> L79
                int r3 = r3.intValue()     // Catch: java.security.cert.CertificateParsingException -> L79
                if (r3 != r1) goto L11
                java.lang.Object r2 = r2.get(r4)     // Catch: java.security.cert.CertificateParsingException -> L79
                java.lang.String r2 = (java.lang.String) r2     // Catch: java.security.cert.CertificateParsingException -> L79
                boolean r3 = r2.startsWith(r0)     // Catch: java.security.cert.CertificateParsingException -> L79
                if (r3 == 0) goto L44
                java.lang.String r3 = ".*"
                java.lang.String r2 = r2.replace(r0, r3)     // Catch: java.security.cert.CertificateParsingException -> L79
                boolean r2 = r7.matches(r2)     // Catch: java.security.cert.CertificateParsingException -> L79
                if (r2 == 0) goto L11
                goto L4a
            L44:
                boolean r2 = r2.equalsIgnoreCase(r7)     // Catch: java.security.cert.CertificateParsingException -> L79
                if (r2 == 0) goto L11
            L4a:
                r3 = r4
            L4b:
                if (r3 == 0) goto L59
                android.content.Context r6 = r5.mContext     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.mail.toastbar.mode.ServerCertInfo r0 = new com.wps.mail.toastbar.mode.ServerCertInfo     // Catch: java.security.cert.CertificateParsingException -> L79
                r1 = 3
                r0.<init>(r8, r7, r1)     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.multiwindow.main.ui.toast.ToastHelper.sendOtherToast(r6, r0)     // Catch: java.security.cert.CertificateParsingException -> L79
                goto L79
            L59:
                android.content.Context r6 = r5.mContext     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.mail.toastbar.mode.ServerCertInfo r0 = new com.wps.mail.toastbar.mode.ServerCertInfo     // Catch: java.security.cert.CertificateParsingException -> L79
                r0.<init>(r8, r7, r4)     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.multiwindow.main.ui.toast.ToastHelper.sendOtherToast(r6, r0)     // Catch: java.security.cert.CertificateParsingException -> L79
                goto L79
            L64:
                android.content.Context r6 = r5.mContext     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.mail.toastbar.mode.ServerCertInfo r0 = new com.wps.mail.toastbar.mode.ServerCertInfo     // Catch: java.security.cert.CertificateParsingException -> L79
                r0.<init>(r8, r7, r1)     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.multiwindow.main.ui.toast.ToastHelper.sendOtherToast(r6, r0)     // Catch: java.security.cert.CertificateParsingException -> L79
                return
            L6f:
                android.content.Context r6 = r5.mContext     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.mail.toastbar.mode.ServerCertInfo r0 = new com.wps.mail.toastbar.mode.ServerCertInfo     // Catch: java.security.cert.CertificateParsingException -> L79
                r0.<init>(r8, r7, r1)     // Catch: java.security.cert.CertificateParsingException -> L79
                com.wps.multiwindow.main.ui.toast.ToastHelper.sendOtherToast(r6, r0)     // Catch: java.security.cert.CertificateParsingException -> L79
            L79:
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: com.kingsoft.emailcommon.utility.SSLUtils.SameCertificateCheckingTrustManager.sendCertFail(java.security.cert.X509Certificate, java.lang.String, java.lang.String):void");
        }

        private void updateCert(X509Certificate x509Certificate) {
            try {
                byte[] encoded = x509Certificate.getEncoded();
                this.mHostAuth.mServerCert = encoded;
                ContentValues contentValues = new ContentValues();
                contentValues.put(EmailContent.HostAuthColumns.SERVER_CERT, encoded);
                this.mContext.getContentResolver().update(ContentUris.withAppendedId(HostAuth.CONTENT_URI, this.mHostAuth.mId), contentValues, null, null);
            } catch (Exception e) {
                LogUtils.w(LogTag.SSL_CHECK, "updateCert error " + e.getMessage(), new Object[0]);
            }
        }

        private void verifyChain(X509Certificate[] x509CertificateArr, String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException {
            if (sDefaultTrustManager == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers.length != 0) {
                    sDefaultTrustManager = (X509TrustManager) trustManagers[0];
                }
            }
            X509TrustManager x509TrustManager = sDefaultTrustManager;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            throw new CertificateException("We don't check client certificates");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            LogUtils.d(LogTag.SSL_CHECK, "checkServerTrusted", new Object[0]);
            if (x509CertificateArr.length == 0) {
                throw new CertificateException("No certificates?");
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (this.mHostAuth.mServerCert == null || this.mHostAuth.mServerCert.length <= 0) {
                updateCert(x509Certificate);
                return;
            }
            if (this.mPublicKey == null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.mHostAuth.mServerCert);
                this.mPublicKey = CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream).getPublicKey();
                try {
                    byteArrayInputStream.close();
                } catch (IOException unused) {
                }
            }
            if (this.mPublicKey.equals(x509Certificate.getPublicKey())) {
                return;
            }
            KingsoftAgent.sslChangeRecord(this.mHostAuth.mAddress, this.mHostAuth.mProtocol);
            String uniqueId = CertificateUtil.getUniqueId(x509Certificate);
            ServerCertDao serverCertDao = RoomDatabase.getInstance(this.mContext).serverCertDao();
            ServerCert loadByUid = serverCertDao.loadByUid(uniqueId);
            if (loadByUid != null) {
                if (loadByUid.mTrust) {
                    return;
                }
                sendCertFail(x509Certificate, this.mHostAuth.mAddress, uniqueId);
                return;
            }
            LogUtils.d(LogTag.SSL_CHECK, "Server certificate has changed, attempt to verify certificate chain ", new Object[0]);
            KingsoftAgent.onEventHappened(EventID.SERVER_CERTIFICATE.CERTIFICATE_CHANGED, this.mHostAuth.mAddress);
            try {
                verifyChain(x509CertificateArr, str);
                KingsoftAgent.onEventHappened(EventID.SERVER_CERTIFICATE.CERTIFICATE_CHANGED_VERIFY_SUCCESS, this.mHostAuth.mAddress);
                LogUtils.d(LogTag.SSL_CHECK, "Certificate verify successfully", new Object[0]);
                updateCert(x509Certificate);
            } catch (Exception e) {
                LogUtils.d(LogTag.SSL_CHECK, "Certificate verify failed", new Object[0]);
                e.printStackTrace();
                KingsoftAgent.onEventHappened(EventID.SERVER_CERTIFICATE.CERTIFICATE_CHANGED_VERIFY_FAILED, this.mHostAuth.mAddress);
                ServerCert serverCert = new ServerCert();
                serverCert.myCert = x509Certificate.getEncoded();
                serverCert.mUid = uniqueId;
                serverCertDao.insertAll(serverCert);
                sendCertFail(x509Certificate, this.mHostAuth.mAddress, uniqueId);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* loaded from: classes2.dex */
    private static abstract class StubKeyManager extends X509ExtendedKeyManager {
        private StubKeyManager() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket);

        @Override // javax.net.ssl.X509KeyManager
        public final String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract X509Certificate[] getCertificateChain(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getClientAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public abstract PrivateKey getPrivateKey(String str);

        @Override // javax.net.ssl.X509KeyManager
        public final String[] getServerAliases(String str, Principal[] principalArr) {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: classes2.dex */
    public static class TrackingKeyManager extends StubKeyManager {
        private volatile long mLastTimeCertRequested;

        public TrackingKeyManager() {
            super();
            this.mLastTimeCertRequested = 0L;
        }

        @Override // com.kingsoft.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            this.mLastTimeCertRequested = System.currentTimeMillis();
            return null;
        }

        @Override // com.kingsoft.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return null;
        }

        public long getLastCertReqTime() {
            return this.mLastTimeCertRequested;
        }

        @Override // com.kingsoft.emailcommon.utility.SSLUtils.StubKeyManager, javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return null;
        }
    }

    public static String escapeForSchemeName(String str) {
        String lowerCase = str.toLowerCase();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < lowerCase.length(); i++) {
            char charAt = lowerCase.charAt(i);
            if (isAsciiLetter(charAt) || isAsciiNumber(charAt) || '-' == charAt || '.' == charAt) {
                sb.append(charAt);
            } else if ('+' == charAt) {
                sb.append("++");
            } else {
                sb.append(SignatureVisitor.EXTENDS).append((int) charAt);
            }
        }
        return sb.toString();
    }

    public static SSLSocketFactory getHttpSocketFactory(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        if (!z) {
            if (sSecureFactory == null) {
                sSecureFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(10000, null);
            }
            return sSecureFactory;
        }
        SameCertificateCheckingTrustManager sameCertificateCheckingTrustManager = new SameCertificateCheckingTrustManager(context, hostAuth);
        SSLSocketFactory mailSSLSocketFactory = getMailSSLSocketFactory(keyManager, sameCertificateCheckingTrustManager);
        SSLSocketFactory sSLSocketFactory = mailSSLSocketFactory;
        if (mailSSLSocketFactory == null) {
            SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getInsecure(10000, null);
            sSLSocketFactory = sSLCertificateSocketFactory;
            if (sSLCertificateSocketFactory != null) {
                sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{sameCertificateCheckingTrustManager});
                sSLCertificateSocketFactory.setKeyManagers(new KeyManager[]{keyManager});
                sSLSocketFactory = sSLCertificateSocketFactory;
            }
        }
        return sSLSocketFactory;
    }

    public static SSLSocketFactory getMailSSLSocketFactory(KeyManager keyManager, TrustManager trustManager) {
        try {
            return new MailSSLSocketFacktory(keyManager, trustManager);
        } catch (KeyManagementException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static synchronized SSLSocketFactory getSSLSocketFactory(Context context, HostAuth hostAuth, boolean z) {
        synchronized (SSLUtils.class) {
            if (z) {
                SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getInsecure(10000, null);
                sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{new SameCertificateCheckingTrustManager(context, hostAuth)});
                return sSLCertificateSocketFactory;
            }
            if (sSecureFactory == null) {
                sSecureFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(10000, null);
            }
            return sSecureFactory;
        }
    }

    private static boolean isAsciiLetter(char c) {
        return ('a' <= c && c <= 'z') || ('A' <= c && c <= 'Z');
    }

    private static boolean isAsciiNumber(char c) {
        return '0' <= c && c <= '9';
    }
}
