package com.vipera.dynamicengine.r;

import android.annotation.TargetApi;
import android.os.Build;
import android.support.annotation.ak;
import android.util.Base64;
import android.util.Log;
import java.math.BigInteger;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes.dex */
class t extends SSLSocketFactory {

    /* renamed from: a, reason: collision with root package name */
    private javax.net.ssl.SSLSocketFactory f2545a;

    @ak(b = 24)
    @TargetApi(24)
    /* loaded from: classes.dex */
    private class a extends X509ExtendedTrustManager {
        private X509ExtendedTrustManager b;

        public a() {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length <= 0) {
                throw new IllegalStateException("Cannot get default Trust manager. Pinning trust manager cannot be created");
            }
            this.b = (X509ExtendedTrustManager) trustManagers[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.b.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            this.b.checkClientTrusted(x509CertificateArr, str, socket);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            this.b.checkClientTrusted(x509CertificateArr, str, sSLEngine);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.b.checkServerTrusted(x509CertificateArr, str);
            t.this.a(x509CertificateArr);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
            this.b.checkServerTrusted(x509CertificateArr, str, socket);
            t.this.a(x509CertificateArr);
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
            this.b.checkServerTrusted(x509CertificateArr, str, sSLEngine);
            t.this.a(x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.b.getAcceptedIssuers();
        }
    }

    /* loaded from: classes.dex */
    private class b implements X509TrustManager {
        private X509TrustManager b;

        public b() {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length <= 0) {
                throw new IllegalStateException("Cannot get default Trust manager. Pinning trust manager cannot be created");
            }
            this.b = (X509TrustManager) trustManagers[0];
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.b.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            this.b.checkServerTrusted(x509CertificateArr, str);
            t.this.a(x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.b.getAcceptedIssuers();
        }
    }

    public t(KeyStore keyStore) {
        super(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, Build.VERSION.SDK_INT >= 24 ? new TrustManager[]{new a()} : new TrustManager[]{new b()}, new SecureRandom());
        this.f2545a = sSLContext.getSocketFactory();
    }

    private void a(String str, String str2, String str3, BigInteger bigInteger) {
        if (com.vipera.dynamicengine.e.a.a().aj()) {
            com.vipera.dynamicengine.t.j.c("Certificate:\nSubject: " + str2 + "\nIssuer: " + str + "\nPublicKey: " + str3 + "\nSerial: " + bigInteger.toString());
        }
        f ak = com.vipera.dynamicengine.e.a.a().ak();
        if (ak != null) {
            if (ak.b() != null && !a(ak.b(), str)) {
                throw new CertificateException("SSL Pinning: the server certificate issuer is not valid.");
            }
            if (ak.a() != null && !a(ak.a(), str2)) {
                throw new CertificateException("SSL Pinning: the server certificate subject is not valid.");
            }
            if (ak.d() != null && !a(ak.d().toString(), bigInteger.toString())) {
                throw new CertificateException("SSL Pinning: the server certificate serial number is not valid.");
            }
            if (ak.c() != null && !a(ak.c(), str3)) {
                throw new CertificateException("SSL Pinning: the server certificate public key is not valid.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[0];
        a(x509Certificate.getIssuerX500Principal().getName("RFC2253"), x509Certificate.getSubjectX500Principal().getName("RFC2253"), Base64.encodeToString(x509Certificate.getPublicKey().getEncoded(), 0).replace(org.apache.a.a.p.d, ""), x509Certificate.getSerialNumber());
        Log.d("LEAF", x509Certificate.toString());
    }

    private boolean a(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        try {
            return Pattern.compile(str).matcher(str2).matches();
        } catch (Exception e) {
            Log.e("PinningCheck", "CheckWithRegexp exception:", e);
            return false;
        }
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() {
        return this.f2545a.createSocket();
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) {
        return this.f2545a.createSocket(socket, str, i, z);
    }
}
