package com.mpaas.isec.api;

import android.content.Context;
import android.content.res.AssetManager;
import android.text.TextUtils;
import android.util.Base64;
import cn.com.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import cn.com.infosec.mobile.tls.TLSAndroidUtils;
import defpackage.anq;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes11.dex */
public class d {
    private static Context mContext;

    private static X509Certificate FU(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 2)));
    }

    public static TrustManager R(String[] strArr) throws GeneralSecurityException, IOException {
        return TLSAndroidUtils.createTrustManager(strArr);
    }

    public static SSLSocket a(Socket socket, String str, int i, boolean z) throws IllegalAccessException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, UnrecoverableKeyException {
        if (c.bbg() == null || c.bbg().length == 0) {
            throw new IllegalAccessException("no certs data,please config certs first!!");
        }
        return a(bbr(), socket, str, i, z);
    }

    private static SSLSocket a(SSLSocketFactory sSLSocketFactory, Socket socket, String str, int i, boolean z) throws IOException {
        com.mpaas.isec.b.debug("[getSocketFactory]", "start create sslSocket");
        return (SSLSocket) sSLSocketFactory.createSocket(socket, str, i, z);
    }

    public static SSLSocketFactory a(ModuleConfig moduleConfig) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (mContext == null) {
            throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
        }
        if (moduleConfig == null) {
            return bbu();
        }
        String[] strArr = moduleConfig.trustedCerts;
        if (!moduleConfig.isTwoWayVerify) {
            return TLSAndroidUtils.createSSLSocketFactory(moduleConfig.sslProtocol, strArr);
        }
        if (moduleConfig.pfxBiConfig == null) {
            throw new IllegalAccessException("pfx has not configured, please config first");
        }
        com.mpaas.isec.b.debug("[getSocketFactory]", "start init sslContext from pfx");
        String str = moduleConfig.pfxBiConfig.signKeyStorePassword;
        String str2 = moduleConfig.pfxBiConfig.signKeyPassword;
        String str3 = moduleConfig.pfxBiConfig.encKeyStorePassword;
        String str4 = moduleConfig.pfxBiConfig.encKeyPassword;
        AssetManager assets = mContext.getAssets();
        return TLSAndroidUtils.createSSLSocketFactory(moduleConfig.sslProtocol, strArr, assets.open("sign.pfx"), str, str2, assets.open("enc.pfx"), str3, str4);
    }

    public static LayeredSocketFactory a(ModuleConfig moduleConfig, LayeredSocketFactory layeredSocketFactory, Context context) throws IllegalAccessException, GeneralSecurityException, IOException {
        return new anq(moduleConfig, layeredSocketFactory, context);
    }

    public static SSLSocket b(Socket socket, String str, int i, boolean z) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (c.bbg() == null || c.bbg().length == 0) {
            throw new IllegalAccessException("no certs data,please config certs first!!");
        }
        SSLSocketFactory bbu = bbu();
        com.mpaas.isec.b.debug("[getSocketFactory]", "finish init sslContext from pfx");
        return a(bbu, socket, str, i, z);
    }

    public static SSLSocketFactory b(b bVar) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (mContext != null) {
            return a(c.a(bVar));
        }
        throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
    }

    private static final X509KeyManager b(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new KeyManagementException("Failed to find an X509KeyManager in " + Arrays.toString(keyManagerArr));
    }

    private static SSLSocketFactory bbr() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, UnrecoverableKeyException, IllegalAccessException {
        String[] bbg = c.bbg();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < bbg.length; i++) {
            keyStore.setCertificateEntry("ca" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(bbg[i], 2))));
            com.mpaas.isec.b.debug("[getSocketFactory]", "get trust:" + bbg[i]);
        }
        if (c.bbi()) {
            com.mpaas.isec.b.debug("[getSocketFactory]", "start double check config");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(c.bbj(), "BCJSSE");
            f bbm = c.bbm();
            if (bbm != null) {
                if (bbm.gAZ == null) {
                    throw new IllegalAccessException("config double verify without encrypt cert private key!!");
                }
                if (bbm.gBc == null) {
                    throw new IllegalAccessException("config double verify without encrypt cert!!");
                }
                if (bbm.gBa == null) {
                    throw new IllegalAccessException("config double verify without sign cert!!");
                }
                if (bbm.gAY == null) {
                    throw new IllegalAccessException("config double verify without signCert cert private key");
                }
                char[] charArray = !TextUtils.isEmpty(bbm.password) ? bbm.password.toCharArray() : null;
                X509Certificate FU = FU(bbm.gBa);
                X509Certificate FU2 = FU(bbm.gBc);
                KeyStore keyStore2 = KeyStore.getInstance("BKS", (Provider) new BouncyCastleProvider());
                keyStore2.load(null, null);
                keyStore2.setKeyEntry(bbm.gBb, bbm.gAY, charArray, new Certificate[]{FU});
                com.mpaas.isec.b.debug("[getSocketFactory]", "double check sign config- cert:" + bbm.gBa + "\n private key" + bbm.gAY.toString());
                KeyStore keyStore3 = KeyStore.getInstance("BKS", (Provider) new BouncyCastleProvider());
                keyStore3.load(null, null);
                keyStore3.setKeyEntry(bbm.gBd, bbm.gAZ, charArray, new Certificate[]{FU2});
                com.mpaas.isec.b.debug("[getSocketFactory]", "double check encrypt config- cert:" + bbm.gBc + "\n private key" + bbm.gAZ.toString());
                keyManagerFactory.init(keyStore2, charArray);
                keyManagerFactory.init(keyStore3, charArray);
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(c.bbh(), "BCJSSE");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509", "BCJSSE");
        trustManagerFactory.init(keyStore);
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        com.mpaas.isec.b.debug("[getSocketFactory]", "init sslContext");
        return sSLContext.getSocketFactory();
    }

    private static final KeyManager bbs() throws KeyManagementException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(null, null);
            return b(keyManagerFactory.getKeyManagers());
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagementException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeyManagementException(e3);
        }
    }

    public static X509TrustManager bbt() throws CertificateException, NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
        String[] bbg = c.bbg();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < bbg.length; i++) {
            keyStore.setCertificateEntry("ca" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(bbg[i], 2))));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509", "BCJSSE");
        trustManagerFactory.init(keyStore);
        com.mpaas.isec.b.debug("[getTrustManager]", "init trustManager");
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    private static SSLSocketFactory bbu() throws IllegalAccessException, IOException, GeneralSecurityException {
        if (mContext == null) {
            throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
        }
        if (!c.bbp()) {
            return null;
        }
        String[] bbg = c.bbg();
        if (!c.bbi()) {
            return TLSAndroidUtils.createSSLSocketFactory(c.bbh(), bbg);
        }
        if (c.bbn() == null) {
            throw new IllegalAccessException("pfx has not configured, please config first");
        }
        com.mpaas.isec.b.debug("[getSocketFactory]", "start init sslContext from pfx");
        String str = c.bbn().signKeyStorePassword;
        String str2 = c.bbn().signKeyPassword;
        String str3 = c.bbn().encKeyStorePassword;
        String str4 = c.bbn().encKeyPassword;
        AssetManager assets = mContext.getAssets();
        return TLSAndroidUtils.createSSLSocketFactory(c.bbh(), bbg, assets.open("sign.pfx"), str, str2, assets.open("enc.pfx"), str3, str4);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void hA(Context context) {
        mContext = context;
        Provider provider = Security.getProvider("BC");
        if (provider == null) {
            Security.addProvider(new BouncyCastleProvider());
        } else if (provider.getVersion() < 1.62d) {
            Security.removeProvider("BC");
            Security.addProvider(new BouncyCastleProvider());
        }
        Security.addProvider(new BouncyCastleJsseProvider("BC"));
    }
}
