package com.email.sdk.utility;

import android.annotation.SuppressLint;
import android.content.Context;
import android.net.SSLCertificateSocketFactory;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.email.sdk.customUtil.jdk.CertificateException;
import com.email.sdk.customUtil.jdk.ClientCertificateException;
import com.email.sdk.utils.m;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Objects;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.internal.n;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* compiled from: AndroidSSLUtils.kt */
/* loaded from: classes.dex */
public final class a {

    /* renamed from: b, reason: collision with root package name */
    private static SSLCertificateSocketFactory f8984b;

    /* renamed from: c, reason: collision with root package name */
    private static final boolean f8985c = false;

    /* renamed from: a, reason: collision with root package name */
    public static final a f8983a = new a();

    /* renamed from: d, reason: collision with root package name */
    private static final String f8986d = "Email.Ssl";

    /* renamed from: e, reason: collision with root package name */
    private static final int f8987e = 10000;

    /* renamed from: f, reason: collision with root package name */
    private static final X509HostnameVerifier f8988f = new AllowAllHostnameVerifier();

    /* compiled from: AndroidSSLUtils.kt */
    /* renamed from: com.email.sdk.utility.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    public static final class C0125a extends c {

        /* renamed from: d, reason: collision with root package name */
        public static final C0126a f8989d = new C0126a(null);

        /* renamed from: a, reason: collision with root package name */
        private final String f8990a;

        /* renamed from: b, reason: collision with root package name */
        private final X509Certificate[] f8991b;

        /* renamed from: c, reason: collision with root package name */
        private final PrivateKey f8992c;

        /* compiled from: AndroidSSLUtils.kt */
        /* renamed from: com.email.sdk.utility.a$a$a, reason: collision with other inner class name */
        /* loaded from: classes.dex */
        public static final class C0126a {
            private C0126a() {
            }

            public /* synthetic */ C0126a(kotlin.jvm.internal.i iVar) {
                this();
            }

            private final void b(String str, String str2, Exception exc) {
                if (!a.f8985c) {
                    m.f9081a.b(a.f8986d, "Unable to retrieve " + str2 + " due to " + exc);
                    return;
                }
                m.f9081a.b(a.f8986d, "Unable to retrieve " + str2 + " for [" + str + "] due to " + exc);
            }

            public final C0125a a(Context context, String alias) {
                n.e(alias, "alias");
                try {
                    n.b(context);
                    X509Certificate[] certificateChain = KeyChain.getCertificateChain(context, alias);
                    try {
                        PrivateKey privateKey = KeyChain.getPrivateKey(context, alias);
                        if (certificateChain == null || privateKey == null) {
                            throw new ClientCertificateException("Can't access certificate from keystore");
                        }
                        return new C0125a(alias, certificateChain, privateKey, null);
                    } catch (KeyChainException e10) {
                        b(alias, "private key", e10);
                        throw new ClientCertificateException(e10);
                    } catch (InterruptedException e11) {
                        b(alias, "private key", e11);
                        throw new ClientCertificateException(e11);
                    }
                } catch (KeyChainException e12) {
                    b(alias, "certificate chain", e12);
                    throw new ClientCertificateException(e12);
                } catch (AssertionError e13) {
                    m.f9081a.b(a.f8986d, n.k("Unable to retrieve certificate chain", e13.getMessage()));
                    throw new ClientCertificateException(e13);
                } catch (InterruptedException e14) {
                    b(alias, "certificate chain", e14);
                    throw new ClientCertificateException(e14);
                }
            }
        }

        private C0125a(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey) {
            this.f8990a = str;
            this.f8991b = x509CertificateArr;
            this.f8992c = privateKey;
        }

        public /* synthetic */ C0125a(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey, kotlin.jvm.internal.i iVar) {
            this(str, x509CertificateArr, privateKey);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
            n.e(keyTypes, "keyTypes");
            n.e(issuers, "issuers");
            n.e(socket, "socket");
            if (a.f8985c) {
                m.f9081a.c(a.f8986d, n.k("Requesting a client cert alias for ", Arrays.toString(keyTypes)));
            }
            return this.f8990a;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String alias) {
            n.e(alias, "alias");
            if (a.f8985c) {
                m.f9081a.c(a.f8986d, "Requesting a client certificate chain for alias [" + alias + ']');
            }
            return this.f8991b;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String alias) {
            n.e(alias, "alias");
            if (a.f8985c) {
                m.f9081a.c(a.f8986d, "Requesting a client private key for alias [" + alias + ']');
            }
            return this.f8992c;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: AndroidSSLUtils.kt */
    /* loaded from: classes.dex */
    public static final class b implements X509TrustManager {

        /* renamed from: c, reason: collision with root package name */
        public static final C0127a f8993c = new C0127a(null);

        /* renamed from: a, reason: collision with root package name */
        private final com.email.sdk.provider.n f8994a;

        /* renamed from: b, reason: collision with root package name */
        private PublicKey f8995b;

        /* compiled from: AndroidSSLUtils.kt */
        /* renamed from: com.email.sdk.utility.a$b$a, reason: collision with other inner class name */
        /* loaded from: classes.dex */
        public static final class C0127a {
            private C0127a() {
            }

            public /* synthetic */ C0127a(kotlin.jvm.internal.i iVar) {
                this();
            }
        }

        public b(com.email.sdk.provider.n hostAuth) {
            n.e(hostAuth, "hostAuth");
            this.f8994a = hostAuth;
            g9.b a10 = com.email.sdk.provider.i.Companion.h().a(com.email.sdk.provider.n.Companion.b(), new String[]{"serverCert"}, "_id=?", new String[]{String.valueOf(hostAuth.getId())}, null);
            if (a10 != null) {
                try {
                    if (com.email.sdk.utils.e.m(a10)) {
                        hostAuth.L(a10.o0(0));
                    }
                } finally {
                    a10.close();
                }
            }
        }

        private final void a() {
        }

        private final void b(X509Certificate x509Certificate) {
            try {
                byte[] encoded = x509Certificate.getEncoded();
                this.f8994a.L(encoded);
                com.email.sdk.customUtil.sdk.h hVar = new com.email.sdk.customUtil.sdk.h();
                hVar.t("serverCert", encoded);
                com.email.sdk.provider.i.Companion.h().b(com.email.sdk.customUtil.sdk.g.f6943a.c(com.email.sdk.provider.n.Companion.b(), Long.valueOf(this.f8994a.getId())), hVar, null, null);
            } catch (Exception e10) {
                m.f9081a.d(a.f8986d, n.k("ssl_check updateCert error ", e10.getMessage()));
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] chain, String authType) {
            n.e(chain, "chain");
            n.e(authType, "authType");
            throw new CertificateException("We don't check client certificates");
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] chain, String authType) {
            n.e(chain, "chain");
            n.e(authType, "authType");
            m.f9081a.a(a.f8986d, "ssl_check checkServerTrusted");
            if (chain.length == 0) {
                throw new CertificateException("No certificates?");
            }
            X509Certificate x509Certificate = chain[0];
            if (this.f8994a.u() != null) {
                byte[] u10 = this.f8994a.u();
                n.b(u10);
                if (!(u10.length == 0)) {
                    if (this.f8995b == null) {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.f8994a.u());
                        this.f8995b = CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream).getPublicKey();
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException unused) {
                        }
                    }
                    if (n.a(this.f8995b, x509Certificate.getPublicKey())) {
                        return;
                    }
                    a();
                    return;
                }
            }
            b(x509Certificate);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* compiled from: AndroidSSLUtils.kt */
    /* loaded from: classes.dex */
    public static abstract class c extends X509ExtendedKeyManager {
        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
            n.e(keyType, "keyType");
            n.e(issuers, "issuers");
            n.e(socket, "socket");
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String keyType, Principal[] issuers) {
            n.e(keyType, "keyType");
            n.e(issuers, "issuers");
            throw new UnsupportedOperationException();
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String keyType, Principal[] issuers) {
            n.e(keyType, "keyType");
            n.e(issuers, "issuers");
            throw new UnsupportedOperationException();
        }
    }

    /* compiled from: AndroidSSLUtils.kt */
    /* loaded from: classes.dex */
    public static final class d extends c {

        /* renamed from: a, reason: collision with root package name */
        private volatile long f8996a;

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
            n.e(keyTypes, "keyTypes");
            n.e(issuers, "issuers");
            n.e(socket, "socket");
            this.f8996a = System.currentTimeMillis();
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String alias) {
            n.e(alias, "alias");
            if (!a.f8985c) {
                return null;
            }
            m.f9081a.c(a.f8986d, "TrackingKeyManager: returning a null cert chain");
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String alias) {
            n.e(alias, "alias");
            if (!a.f8985c) {
                return null;
            }
            m.f9081a.c(a.f8986d, "TrackingKeyManager: returning a null private key");
            return null;
        }
    }

    private a() {
    }

    private final SSLSocketFactory e(KeyManager keyManager, TrustManager trustManager) {
        try {
            return new f(keyManager, trustManager);
        } catch (KeyManagementException e10) {
            e10.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e11) {
            e11.printStackTrace();
            return null;
        }
    }

    public final X509HostnameVerifier c() {
        return f8988f;
    }

    @SuppressLint({"SSLCertificateSocketFactoryGetInsecure"})
    public final SSLSocketFactory d(Context context, com.email.sdk.provider.n hostAuth, KeyManager keyManager, boolean z10) {
        n.e(context, "context");
        n.e(hostAuth, "hostAuth");
        n.e(keyManager, "keyManager");
        if (!z10) {
            if (f8984b == null) {
                SSLSocketFactory sSLSocketFactory = SSLCertificateSocketFactory.getDefault(f8987e, null);
                Objects.requireNonNull(sSLSocketFactory, "null cannot be cast to non-null type android.net.SSLCertificateSocketFactory");
                f8984b = (SSLCertificateSocketFactory) sSLSocketFactory;
            }
            return f8984b;
        }
        b bVar = new b(hostAuth);
        SSLSocketFactory e10 = e(keyManager, bVar);
        if (e10 != null) {
            return e10;
        }
        SSLSocketFactory insecure = SSLCertificateSocketFactory.getInsecure(f8987e, null);
        Objects.requireNonNull(insecure, "null cannot be cast to non-null type android.net.SSLCertificateSocketFactory");
        SSLCertificateSocketFactory sSLCertificateSocketFactory = (SSLCertificateSocketFactory) insecure;
        sSLCertificateSocketFactory.setTrustManagers(new TrustManager[]{bVar});
        sSLCertificateSocketFactory.setKeyManagers(new KeyManager[]{keyManager});
        return sSLCertificateSocketFactory;
    }

    public final X509TrustManager f(com.email.sdk.provider.n hostAuth) {
        n.e(hostAuth, "hostAuth");
        return new b(hostAuth);
    }
}
