package com.nttdocomo.android.ocsplib;

import android.annotation.SuppressLint;
import android.os.Build;
import com.nttdocomo.android.ocsplib.exception.OcspLibraryException;
import com.nttdocomo.android.ocsplib.exception.OcspParameterException;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

@SuppressLint({"NewApi"})
/* loaded from: classes.dex */
public class OcspURLConnection {
    private static final int FLAG_DEFAULT = 0;
    public static final int FLAG_IGNORE_OCSP_ERROR = 2;
    public static final int FLAG_NO_OCSP_CHECK = 1;
    private boolean mIsUseCache = true;
    private final HttpURLConnection mUrlConnection;
    private static SSLSocketFactory sSocketFactory_withCache = null;
    private static SSLSocketFactory sSocketFactory_withCache_ignoreError = null;
    private static SSLSocketFactory sSocketFactory_withoutCache = null;
    private static SSLSocketFactory sSocketFactory_withoutCache_ignoreError = null;
    private static final Object getSSLSocketFactory_lock = new Object();
    private static HostnameVerifier sHostnameVerifier = null;
    private static final Object getHostnameVerifier_lock = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class X509ExtendedTrustManagerUtil {
        private X509ExtendedTrustManagerUtil() {
        }

        private static X509ExtendedTrustManager createDefaultTrustManager() throws GeneralSecurityException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509ExtendedTrustManager) {
                    return (X509ExtendedTrustManager) trustManager;
                }
            }
            throw new GeneralSecurityException("X509TrustManager is not found in " + Arrays.toString(trustManagers));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static X509ExtendedTrustManager createTrustManager(final boolean z, final int i) throws GeneralSecurityException {
            final X509ExtendedTrustManager createDefaultTrustManager = createDefaultTrustManager();
            return new X509ExtendedTrustManager() { // from class: com.nttdocomo.android.ocsplib.OcspURLConnection.X509ExtendedTrustManagerUtil.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    createDefaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                    createDefaultTrustManager.checkClientTrusted(x509CertificateArr, str, socket);
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                    createDefaultTrustManager.checkClientTrusted(x509CertificateArr, str, sSLEngine);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    createDefaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                    int i2;
                    createDefaultTrustManager.checkServerTrusted(x509CertificateArr, str, socket);
                    try {
                        i2 = OcspUtil.verifyCert(x509CertificateArr, (String) null, z);
                    } catch (OcspLibraryException e) {
                        LogUtil.d("Failed to verify server certificate. " + e.getMessage());
                        if (i != 2) {
                            throw new CertificateException("Failed to verify server certificate. (" + e.getMessage() + ")", e);
                        }
                        LogUtil.d("FLAG_IGNORE_OCSP_ERROR is set. Ignore error.");
                        i2 = 0;
                    }
                    if (i2 == 0) {
                        return;
                    }
                    LogUtil.d("Certificate is not valid.");
                    throw new CertificateException("Certificate is not valid.");
                }

                @Override // javax.net.ssl.X509ExtendedTrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                    createDefaultTrustManager.checkServerTrusted(x509CertificateArr, str, sSLEngine);
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return createDefaultTrustManager.getAcceptedIssuers();
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class X509TrustManagerUtil {
        private X509TrustManagerUtil() {
        }

        private static X509TrustManager createDefaultTrustManager() throws GeneralSecurityException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            throw new GeneralSecurityException("X509TrustManager is not found in " + Arrays.toString(trustManagers));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static X509TrustManager createTrustManager(final boolean z, final int i) throws GeneralSecurityException {
            final X509TrustManager createDefaultTrustManager = createDefaultTrustManager();
            return new X509TrustManager() { // from class: com.nttdocomo.android.ocsplib.OcspURLConnection.X509TrustManagerUtil.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    createDefaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    int i2;
                    createDefaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                    try {
                        i2 = OcspUtil.verifyCert(x509CertificateArr, (String) null, z);
                    } catch (OcspLibraryException e) {
                        LogUtil.d("Failed to verify server certificate. " + e.getMessage());
                        if (i != 2) {
                            throw new CertificateException("Failed to verify server certificate. (" + e.getMessage() + ")", e);
                        }
                        LogUtil.d("FLAG_IGNORE_OCSP_ERROR is set. Ignore error.");
                        i2 = 0;
                    }
                    if (i2 == 0) {
                        return;
                    }
                    LogUtil.d("Certificate is not valid.");
                    throw new CertificateException("Certificate is not valid.");
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return createDefaultTrustManager.getAcceptedIssuers();
                }
            };
        }
    }

    public OcspURLConnection(HttpURLConnection httpURLConnection) {
        this.mUrlConnection = httpURLConnection;
    }

    private SSLSocketFactory createSSLSocketFactory(boolean z, int i) throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, Build.VERSION.SDK_INT < 24 ? new TrustManager[]{X509TrustManagerUtil.createTrustManager(z, i)} : new TrustManager[]{X509ExtendedTrustManagerUtil.createTrustManager(z, i)}, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    private HostnameVerifier getHostNameVerifier() {
        HostnameVerifier hostnameVerifier;
        synchronized (getHostnameVerifier_lock) {
            if (sHostnameVerifier == null) {
                sHostnameVerifier = new HostnameVerifier() { // from class: com.nttdocomo.android.ocsplib.OcspURLConnection.1
                    @Override // javax.net.ssl.HostnameVerifier
                    public boolean verify(String str, SSLSession sSLSession) {
                        boolean verify = HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
                        if (!verify) {
                            return verify;
                        }
                        try {
                            List<X509Certificate> trustedChain = OcspUtil.getTrustedChain(sSLSession.getPeerCertificates());
                            if (trustedChain != null) {
                                return OcspUtil.checkPins(trustedChain, str);
                            }
                            LogUtil.d("Failed to generate certificate chain.");
                            return false;
                        } catch (OcspParameterException e) {
                            LogUtil.d("Failed to check pinning certificates.");
                            return false;
                        } catch (SSLPeerUnverifiedException e2) {
                            LogUtil.d("Failed to get certificates from server.");
                            return false;
                        }
                    }
                };
            }
            hostnameVerifier = sHostnameVerifier;
        }
        return hostnameVerifier;
    }

    private SSLSocketFactory getSSLSocketFactory(boolean z, int i) throws GeneralSecurityException {
        synchronized (getSSLSocketFactory_lock) {
            if (z) {
                if (i == 2) {
                    if (sSocketFactory_withCache_ignoreError == null) {
                        sSocketFactory_withCache_ignoreError = createSSLSocketFactory(z, i);
                    }
                    return sSocketFactory_withCache_ignoreError;
                }
                if (sSocketFactory_withCache == null) {
                    sSocketFactory_withCache = createSSLSocketFactory(z, i);
                }
                return sSocketFactory_withCache;
            }
            if (i == 2) {
                if (sSocketFactory_withoutCache_ignoreError == null) {
                    sSocketFactory_withoutCache_ignoreError = createSSLSocketFactory(z, i);
                }
                return sSocketFactory_withoutCache_ignoreError;
            }
            if (sSocketFactory_withoutCache == null) {
                sSocketFactory_withoutCache = createSSLSocketFactory(z, i);
            }
            return sSocketFactory_withoutCache;
        }
    }

    public void connect() throws IOException {
        connect(0);
    }

    public void connect(int i) throws IOException {
        LogUtil.d("connect() start");
        LogUtil.d("flag : " + i);
        if (!OcspUtil.isInitialized()) {
            LogUtil.d("OcspUtil has not been initialized.");
            throw new SSLPeerUnverifiedException("OcspUtil has not been initialized.");
        }
        if (i != 1) {
            HttpURLConnection httpURLConnection = this.mUrlConnection;
            if (httpURLConnection instanceof HttpsURLConnection) {
                try {
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(getSSLSocketFactory(this.mIsUseCache, i));
                    if (OcspUtil.isPinningCertificatesEnabled() && Build.VERSION.SDK_INT < 24) {
                        ((HttpsURLConnection) this.mUrlConnection).setHostnameVerifier(getHostNameVerifier());
                    }
                } catch (GeneralSecurityException e) {
                    LogUtil.d("Failed to create socket factory. " + e.getMessage());
                    if (i != 2) {
                        throw new SSLPeerUnverifiedException("Failed to create socket factory. " + e.getMessage());
                    }
                    LogUtil.d("FLAG_IGNORE_OCSP_ERROR is set. Ignore error.");
                }
            } else {
                LogUtil.d("Connection is HTTP.");
            }
        } else {
            LogUtil.d("FLAG_NO_OCSP_CHECK found. Skip OCSP check.");
        }
        LogUtil.d("Connect to server...");
        this.mUrlConnection.connect();
        LogUtil.d("connect() end");
    }

    public void setUseCache(boolean z) {
        LogUtil.d("setUseCache() start");
        LogUtil.d("useCache : " + z);
        this.mIsUseCache = z;
        LogUtil.d("setUseCache() end");
    }
}
