package cf;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Base64;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import com.ivuu.C0950R;
import com.ivuu.m;
import java.io.BufferedInputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public abstract class a {

    /* renamed from: a, reason: collision with root package name */
    private static KeyStore f4783a;

    /* renamed from: b, reason: collision with root package name */
    private static SSLContext f4784b;

    /* renamed from: c, reason: collision with root package name */
    private static List f4785c;

    /* renamed from: cf.a$a, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static class C0163a implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        ArrayList f4786a = new ArrayList();

        public C0163a(KeyStore... keyStoreArr) {
            ArrayList arrayList = new ArrayList();
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                arrayList.add(trustManagerFactory);
                if (keyStoreArr != null) {
                    for (KeyStore keyStore : keyStoreArr) {
                        TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory2.init(keyStore);
                        arrayList.add(trustManagerFactory2);
                    }
                }
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    for (TrustManager trustManager : ((TrustManagerFactory) it.next()).getTrustManagers()) {
                        if (trustManager instanceof X509TrustManager) {
                            this.f4786a.add((X509TrustManager) trustManager);
                        }
                    }
                }
                if (this.f4786a.size() == 0) {
                    throw new RuntimeException("Couldn't find any X509TrustManagers");
                }
            } catch (Exception e10) {
                throw new RuntimeException(e10);
            }
        }

        private boolean a(X509Certificate x509Certificate) {
            if (!x509Certificate.getSubjectDN().getName().endsWith("my-alfred.com")) {
                return true;
            }
            try {
                byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(encoded, 0, encoded.length);
                return a.f4785c.contains(Base64.encodeToString(messageDigest.digest(), 2));
            } catch (Exception unused) {
                return false;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            ((X509TrustManager) this.f4786a.get(0)).checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
                Iterator it = this.f4786a.iterator();
                boolean z10 = false;
                while (it.hasNext()) {
                    try {
                        ((X509TrustManager) it.next()).checkServerTrusted(x509CertificateArr, str);
                        z10 = true;
                    } catch (CertificateException unused) {
                    }
                }
                if (!z10) {
                    throw new CertificateException("Invalid server certificate");
                }
                if (!a(x509CertificateArr[0])) {
                    throw new CertificateException("Invalid server certificate");
                }
            } catch (Exception unused2) {
                throw new CertificateException("Certificate checkValidity failed");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            ArrayList arrayList = new ArrayList();
            Iterator it = this.f4786a.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(((X509TrustManager) it.next()).getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        }
    }

    private static void b(HttpsURLConnection httpsURLConnection) {
        httpsURLConnection.setSSLSocketFactory(f().getSocketFactory());
    }

    private static void c(HttpsURLConnection httpsURLConnection) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        X509TrustManager x509TrustManager = null;
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int length = trustManagers.length;
        int i10 = 0;
        while (true) {
            if (i10 >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i10];
            if (trustManager instanceof X509TrustManager) {
                x509TrustManager = (X509TrustManager) trustManager;
                break;
            }
            i10++;
        }
        k(new X509TrustManagerExtensions(x509TrustManager), httpsURLConnection);
    }

    public static void d(HttpsURLConnection httpsURLConnection) {
        if (httpsURLConnection.getURL().toString().contains("my-alfred.com")) {
            if (q0.a.p()) {
                b(httpsURLConnection);
            }
            httpsURLConnection.connect();
            if (q0.a.n()) {
                c(httpsURLConnection);
            }
        }
    }

    public static HttpsURLConnection e(String str) {
        String str2 = "Alfred-Android/" + m.f() + " (Linux; Android " + Build.VERSION.RELEASE + "; " + Build.MODEL + ")";
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) ((URLConnection) FirebasePerfUrlConnection.instrument(new URL(str).openConnection()));
        httpsURLConnection.setRequestProperty("User-Agent", str2);
        httpsURLConnection.setConnectTimeout(30000);
        httpsURLConnection.setReadTimeout(30000);
        try {
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).init((KeyStore) null);
        } catch (KeyStoreException | NoSuchAlgorithmException e10) {
            e10.printStackTrace();
        }
        return httpsURLConnection;
    }

    private static SSLContext f() {
        SSLContext sSLContext = f4784b;
        if (sSLContext != null) {
            return sSLContext;
        }
        TrustManager[] trustManagerArr = {new C0163a(g())};
        SSLContext sSLContext2 = SSLContext.getInstance("TLS");
        sSLContext2.init(null, trustManagerArr, new SecureRandom());
        f4784b = sSLContext2;
        return sSLContext2;
    }

    public static KeyStore g() {
        if (q0.a.p()) {
            return h(C0950R.raw.f44911tc);
        }
        return null;
    }

    private static KeyStore h(int i10) {
        try {
            if (f4783a == null) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                BufferedInputStream bufferedInputStream = new BufferedInputStream(m.d().getResources().openRawResource(i10));
                ArrayList<Certificate> arrayList = new ArrayList();
                try {
                    arrayList.addAll(certificateFactory.generateCertificates(bufferedInputStream));
                    bufferedInputStream.close();
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    f4783a = keyStore;
                    keyStore.load(null, null);
                    int i11 = 0;
                    for (Certificate certificate : arrayList) {
                        int i12 = i11 + 1;
                        f4783a.setCertificateEntry(Integer.toString(i11), certificate);
                        i11 = i12;
                    }
                } catch (Throwable th2) {
                    bufferedInputStream.close();
                    throw th2;
                }
            }
            return f4783a;
        } catch (Exception e10) {
            e10.printStackTrace();
            try {
                KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore2.load(null, null);
                return keyStore2;
            } catch (Exception e11) {
                e11.printStackTrace();
                return null;
            }
        }
    }

    public static void i() {
        try {
            ArrayList arrayList = new ArrayList();
            f4785c = arrayList;
            arrayList.add("DZeoDIuOsiFKOjlSJuB/AAe5EKY1Db4KcvAD1lE3GcI=");
            f4785c.add("Bmg5XAJPJhPDtW8pLIpk8dD0Sgzev7l33E0d28bMvAI=");
        } catch (Exception unused) {
        }
    }

    private static List j(X509TrustManagerExtensions x509TrustManagerExtensions, HttpsURLConnection httpsURLConnection) {
        Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
        try {
            return x509TrustManagerExtensions.checkServerTrusted((X509Certificate[]) Arrays.copyOf(serverCertificates, serverCertificates.length, X509Certificate[].class), "RSA", httpsURLConnection.getURL().getHost());
        } catch (CertificateException e10) {
            throw new SSLException(e10);
        }
    }

    private static void k(X509TrustManagerExtensions x509TrustManagerExtensions, HttpsURLConnection httpsURLConnection) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            String str = "";
            for (X509Certificate x509Certificate : j(x509TrustManagerExtensions, httpsURLConnection)) {
                byte[] encoded = x509Certificate.getPublicKey().getEncoded();
                messageDigest.update(encoded, 0, encoded.length);
                String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                str = str + x509Certificate.getSubjectDN().toString() + "\n";
                if (f4785c.contains(encodeToString)) {
                    return;
                }
            }
            throw new SSLPeerUnverifiedException("Invalid server certificate");
        } catch (NoSuchAlgorithmException e10) {
            throw new SSLException(e10);
        }
    }
}
