package com.huawei.netopen.mobile.sdk.network;

import android.annotation.SuppressLint;
import androidx.annotation.g1;
import androidx.annotation.p0;
import com.huawei.hms.feature.dynamic.f.e;
import com.huawei.netopen.common.exception.SDKException;
import com.huawei.netopen.common.util.LocalTokenManager;
import com.huawei.netopen.common.util.Logger;
import com.huawei.netopen.common.util.Util;
import com.huawei.netopen.ifield.common.constants.b;
import com.huawei.netopen.mobile.sdk.MobileSDKInitialCache;
import com.huawei.netopen.mobile.sdk.NceFanAppSDK;
import com.huawei.netopen.mobile.sdk.exception.TrustManagerException;
import com.huawei.netopen.mobile.sdk.network.security.CertificateStatus;
import com.huawei.netopen.mobile.sdk.network.security.HwCertificate;
import com.huawei.netopen.mobile.sdk.network.security.UntrustServerNotifyCallback;
import defpackage.b50;
import defpackage.d50;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import lombok.Generated;
import lombok.NonNull;

@SuppressLint({"CustomX509TrustManager"})
/* loaded from: classes2.dex */
public class BaseHTTPSTrustManager implements X509TrustManager {

    @g1
    protected static final int CERT_INDEX = 0;

    @g1
    protected static final String CERT_PREFIX = "https";
    private final LocalTokenManager localTokenManager;
    private final MobileSDKInitialCache mobileSDKInitialCache;
    private final d50<NceFanAppSDK> nceFanAppSDKProvider;
    private X509TrustManager standardTrustManager;
    private final Util util;
    private X509CRL x509CRL = null;
    private static final String TAG = BaseHTTPSTrustManager.class.getName();
    private static final List<String> CERTIFICATE_FILE_NAME_LIST = Collections.unmodifiableList(Arrays.asList("Actalis Authentication Root CA.cer", "Actalis Organization Validated Server CA G3.cer", "GlobalSign RSA OV SSL CA 2018.cer", "HuaweiCloudClient.cer"));

    @b50
    public BaseHTTPSTrustManager(@NonNull MobileSDKInitialCache mobileSDKInitialCache, @NonNull LocalTokenManager localTokenManager, @NonNull d50<NceFanAppSDK> d50Var, @NonNull Util util) {
        if (mobileSDKInitialCache == null) {
            throw new IllegalArgumentException("mobileSDKInitialCache is marked non-null but is null");
        }
        if (localTokenManager == null) {
            throw new IllegalArgumentException("localTokenManager is marked non-null but is null");
        }
        if (d50Var == null) {
            throw new IllegalArgumentException("nceFanAppSDKProvider is marked non-null but is null");
        }
        if (util == null) {
            throw new IllegalArgumentException("util is marked non-null but is null");
        }
        try {
            this.mobileSDKInitialCache = mobileSDKInitialCache;
            this.localTokenManager = localTokenManager;
            this.nceFanAppSDKProvider = d50Var;
            this.util = util;
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(getHttpsKeyStore());
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 0) {
                throw new TrustManagerException("Cannot find any trust manager.");
            }
            loadCertificateRevocationList();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    this.standardTrustManager = (X509TrustManager) trustManager;
                    return;
                }
            }
            throw new TrustManagerException("Cannot find any X509TrustManager trust manager.");
        } catch (KeyStoreException e) {
            e = e;
            throw new TrustManagerException("Failed to initialize trust manager.", e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new TrustManagerException("Failed to initialize trust manager.", e);
        } catch (Exception unused) {
            throw new SDKException("Failed to initialize trust manager for internal error.");
        }
    }

    private void checkCertRevoked(X509CRL x509crl, X509Certificate x509Certificate) throws CertificateException {
        if (x509crl.isRevoked(x509Certificate)) {
            Logger.error(TAG, "certificates Revoked");
            UntrustServerNotifyCallback untrustServerNotifyCallback = this.nceFanAppSDKProvider.get().getUntrustServerNotifyCallback();
            if (untrustServerNotifyCallback == null) {
                return;
            }
            untrustServerNotifyCallback.registerRevokedServerCallback(new HwCertificate(new Certificate[]{x509Certificate}, this.mobileSDKInitialCache.getServer()));
            throw new CertificateException("certificates Revoked");
        }
    }

    @p0
    private KeyStore getHttpsKeyStore() {
        String str;
        String str2;
        String str3;
        String str4;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            Iterator<String> it = CERTIFICATE_FILE_NAME_LIST.iterator();
            int i = 0;
            while (it.hasNext()) {
                for (X509Certificate x509Certificate : getX509Certificates(it.next())) {
                    keyStore.setCertificateEntry(CERT_PREFIX + i, x509Certificate);
                    i++;
                }
            }
            this.util.loadCachedCerts(keyStore, CERT_PREFIX, this.util.loadSystemCA(keyStore, CERT_PREFIX, i));
            return keyStore;
        } catch (IOException unused) {
            str = TAG;
            str2 = "getHttpsKeyStore IOException";
            Logger.error(str, str2);
            return null;
        } catch (KeyStoreException e) {
            e = e;
            str3 = TAG;
            str4 = "getHttpsKeyStore KeyStoreException";
            Logger.error(str3, str4, e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            str3 = TAG;
            str4 = "getHttpsKeyStore NoSuchAlgorithmException";
            Logger.error(str3, str4, e);
            return null;
        } catch (CertificateException unused2) {
            str = TAG;
            str2 = "getHttpsKeyStore CertificateException";
            Logger.error(str, str2);
            return null;
        }
    }

    private X509Certificate[] getX509Certificates(String str) {
        try {
            InputStream open = this.mobileSDKInitialCache.getCtx().getAssets().open(str);
            try {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) CertificateFactory.getInstance(e.b).generateCertificates(open).toArray(new X509Certificate[0]);
                if (open != null) {
                    open.close();
                }
                return x509CertificateArr;
            } catch (Throwable th) {
                if (open != null) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException unused) {
            Logger.error(TAG, "getX509Certificates failed cause IOException");
            return new X509Certificate[0];
        } catch (CertificateException e) {
            Logger.error(TAG, "getX509Certificates failed", e);
            return new X509Certificate[0];
        }
    }

    private void loadCertificateRevocationList() {
        String str;
        String str2;
        try {
            InputStream open = this.mobileSDKInitialCache.getCtx().getAssets().open("intermediateCA.crl");
            try {
                this.x509CRL = (X509CRL) CertificateFactory.getInstance(e.b).generateCRL(open);
                if (open != null) {
                    open.close();
                }
            } catch (Throwable th) {
                if (open != null) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException unused) {
            str = TAG;
            str2 = "load CRL file error";
            Logger.error(str, str2);
        } catch (CRLException unused2) {
            str = TAG;
            str2 = "load CRL exception";
            Logger.error(str, str2);
        } catch (CertificateException unused3) {
            str = TAG;
            str2 = "load CRL Certificate exception";
            Logger.error(str, str2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@NonNull X509Certificate[] x509CertificateArr, @NonNull String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("x509Certificates is marked non-null but is null");
        }
        if (str == null) {
            throw new IllegalArgumentException("authType is marked non-null but is null");
        }
        this.standardTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@NonNull X509Certificate[] x509CertificateArr, @NonNull String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("chain is marked non-null but is null");
        }
        if (str == null) {
            throw new IllegalArgumentException("authType is marked non-null but is null");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
                Logger.error(TAG, "Server certificates invalid");
                UntrustServerNotifyCallback untrustServerNotifyCallback = this.nceFanAppSDKProvider.get().getUntrustServerNotifyCallback();
                HwCertificate hwCertificate = new HwCertificate(x509CertificateArr, this.mobileSDKInitialCache.getServer());
                hwCertificate.setCertificateStatus(CertificateStatus.INVALID);
                if (untrustServerNotifyCallback == null) {
                    continue;
                } else if (this.localTokenManager.isLocalLogin()) {
                    continue;
                } else if (this.util.isCallbackUnTrustServerNotify(this.nceFanAppSDKProvider.get().getHwCertificates(), hwCertificate)) {
                    untrustServerNotifyCallback.untrustServerNotify(hwCertificate);
                    throw new CertificateException("Certificates invalid");
                }
            }
        }
        try {
            this.standardTrustManager.checkServerTrusted(x509CertificateArr, str);
            if (this.x509CRL != null) {
                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                    checkCertRevoked(this.x509CRL, x509Certificate2);
                }
            }
        } catch (CertificateException unused2) {
            UntrustServerNotifyCallback untrustServerNotifyCallback2 = this.nceFanAppSDKProvider.get().getUntrustServerNotifyCallback();
            HwCertificate hwCertificate2 = new HwCertificate(x509CertificateArr, this.mobileSDKInitialCache.getServer());
            hwCertificate2.setCertificateStatus(CertificateStatus.UNTRUSTED);
            if (untrustServerNotifyCallback2 != null && !this.localTokenManager.isLocalLogin() && this.util.isCallbackUnTrustServerNotify(this.nceFanAppSDKProvider.get().getHwCertificates(), hwCertificate2)) {
                untrustServerNotifyCallback2.untrustServerNotify(hwCertificate2);
            }
            throw new CertificateException(b.w);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }

    @g1
    @Generated
    protected X509TrustManager getStandardTrustManager() {
        return this.standardTrustManager;
    }

    @g1
    @Generated
    protected void setStandardTrustManager(X509TrustManager x509TrustManager) {
        this.standardTrustManager = x509TrustManager;
    }
}
