package com.pingan.core.im.http.util;

import com.pingan.module.log.PALog;
import java.net.HttpURLConnection;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes2.dex */
public class SecureSocketTool {
    private static final String TAG = SecureSocketTool.class.getSimpleName();
    private boolean enable = true;
    private final HostnameVerifier mHostnameVerifier = new HostnameVerifier() { // from class: com.pingan.core.im.http.util.SecureSocketTool.1
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            PALog.w(SecureSocketTool.TAG + "verify", "verify: " + str);
            if (str == null || sSLSession.getPeerHost() == null) {
                return false;
            }
            return str.equals(sSLSession.getPeerHost());
        }
    };

    /* loaded from: classes2.dex */
    private static class MyTrustManager implements X509TrustManager {
        private MyTrustManager() {
        }

        private boolean checkIssuerDnName(X509Certificate x509Certificate) {
            String name = x509Certificate.getIssuerDN().getName();
            String name2 = x509Certificate.getSubjectDN().getName();
            if (name != null && name.contains("GeoTrust")) {
                return true;
            }
            if (name2 != null && name2.contains("GeoTrust")) {
                return true;
            }
            if (name == null || !name.contains("Equifax")) {
                return name2 != null && name2.contains("Equifax");
            }
            return true;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            Exception exc = null;
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                exc = new javax.security.cert.CertificateException("Certificate chain is invalid.");
            } else if (str == null || str.length() == 0) {
                exc = new javax.security.cert.CertificateException("Authentication type is invalid.");
            } else {
                try {
                    PALog.i(SecureSocketTool.TAG, "Chain includes " + x509CertificateArr.length + " certificates. authType: " + str);
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        x509Certificate.checkValidity();
                        if (!checkIssuerDnName(x509Certificate)) {
                            throw new javax.security.cert.CertificateException("颁发证书机构不正确！");
                        }
                    }
                    if (x509CertificateArr.length == 1) {
                        x509CertificateArr[0].verify(x509CertificateArr[0].getPublicKey());
                    } else {
                        for (int i = 0; i < x509CertificateArr.length - 1; i++) {
                            PALog.i(SecureSocketTool.TAG, "certificates No." + i + " start!");
                            x509CertificateArr[i].verify(x509CertificateArr[i + 1].getPublicKey());
                            PALog.i(SecureSocketTool.TAG, "certificates No." + i + " success!");
                        }
                    }
                } catch (InvalidKeyException e) {
                    exc = e;
                } catch (NoSuchAlgorithmException e2) {
                    exc = e2;
                } catch (NoSuchProviderException e3) {
                    exc = e3;
                } catch (SignatureException e4) {
                    exc = e4;
                } catch (CertificateExpiredException e5) {
                    exc = e5;
                } catch (CertificateNotYetValidException e6) {
                    exc = e6;
                } catch (CertificateException e7) {
                    exc = e7;
                } catch (Exception e8) {
                    exc = e8;
                }
            }
            if (exc != null) {
                PALog.e(SecureSocketTool.TAG, "Certificate error" + exc);
                throw new CertificateException(exc.getMessage());
            }
            PALog.i(SecureSocketTool.TAG, "checkServerTrusted finish !!!!");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    public void initHttpsSecureConnection(HttpURLConnection httpURLConnection) throws CertificateException, GeneralSecurityException {
        PALog.i(TAG, new StringBuilder().append("initSSL.......").append(httpURLConnection).toString() != null ? httpURLConnection.getURL().toString() : null);
        if (!this.enable) {
            ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
            return;
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new X509TrustManager[]{new MyTrustManager()}, null);
        if (sSLContext != null) {
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        }
        HttpsURLConnection.setDefaultHostnameVerifier(this.mHostnameVerifier);
    }
}
