package cn.kuwo.ui.test.http;

import cn.kuwo.base.utils.aa;
import cn.kuwo.base.utils.y;
import cn.kuwo.player.App;
import cn.kuwo.ui.test.TestLogger;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.b.a.d;

/* loaded from: classes3.dex */
public class TestHttpsSSLHelper {
    public static final String CERT_ASSETS = "server.pem";
    public static final String CERT_MD5 = "4522bca848e90ea9762c7356fa97f909";
    public static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() { // from class: cn.kuwo.ui.test.http.TestHttpsSSLHelper.1
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (!TestHttpsSSLHelper.allForceUseHttps) {
                return true;
            }
            try {
                String peerHost = sSLSession.getPeerHost();
                for (X509Certificate x509Certificate : (X509Certificate[]) sSLSession.getPeerCertificates()) {
                    for (String str2 : x509Certificate.getSubjectX500Principal().getName().split(",")) {
                        if (str2.startsWith("CN") && peerHost.equals(str) && str2.contains("kuwo.cn")) {
                            TestLogger.d(TestHttpsSSLHelper.TAG, peerHost + "--效验证书成功...");
                            return true;
                        }
                    }
                }
            } catch (SSLPeerUnverifiedException e2) {
                e2.printStackTrace();
                TestLogger.d(TestHttpsSSLHelper.TAG, "HostnameVerifier--->Err:" + e2.getMessage());
            }
            return false;
        }
    };
    public static final String KEY_SERVER_CERT_FILE_CHECK = "server_cert_file_check";
    public static final String KW_CERT_FILE = "kwCert.dat";
    private static final String TAG = "TestHttpsSSLHelper";
    private static boolean allForceUseHttps;
    private static SSLContext sslContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class MyTrustManager implements X509TrustManager {
        private X509TrustManager defaultTrustManager;
        private X509TrustManager localTrustManager;

        public MyTrustManager(X509TrustManager x509TrustManager) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.defaultTrustManager = TestHttpsSSLHelper.chooseTrustManager(trustManagerFactory.getTrustManagers());
            this.localTrustManager = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (TestHttpsSSLHelper.allForceUseHttps) {
                this.localTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
            try {
                this.localTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                e2.printStackTrace();
                if (this.defaultTrustManager != null) {
                    this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class UnSafeTrustManager implements X509TrustManager {
        private UnSafeTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    private static SSLContext buildLocalAndDefault(InputStream inputStream) {
        X509TrustManager x509TrustManager = getX509TrustManager(getKeyStore(inputStream));
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{x509TrustManager}, new SecureRandom());
        return sSLContext;
    }

    public static String changeHttpToHttpsUrl(String str) {
        if (!allForceUseHttps || str == null || !str.contains(".kuwo.cn") || str.substring(0, str.indexOf(".kuwo.cn")).contains(".") || str.contains("log.kuwo.cn") || str.contains("update/https/cert") || str.contains("cdn.kuwo.cn")) {
            return str;
        }
        String replace = str.replace("http:", "https:");
        TestLogger.d(TAG, "强制转成Https:" + replace);
        return replace;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509TrustManager chooseTrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private static InputStream getCertFileStream() {
        String str = y.a(31) + "kwCert.dat";
        try {
            if (!aa.i(str)) {
                TestLogger.d(TAG, "获取内部部证书：CERT_ASSETS");
                return App.a().getAssets().open("server.pem");
            }
            if (aa.p(str) <= 0) {
                aa.j(str);
                TestLogger.d(TAG, "另取内部部证书：CERT_ASSETS");
                return App.a().getAssets().open("server.pem");
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            TestLogger.d(TAG, "获取外部证书：" + str);
            return fileInputStream;
        } catch (Exception e2) {
            TestLogger.d(TAG, "获取客户端文件证书异常：" + e2.getMessage());
            e2.printStackTrace();
            return null;
        }
    }

    private static KeyStore getKeyStore(InputStream inputStream) {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        inputStream.close();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("kwServerCert", generateCertificate);
        return keyStore;
    }

    @d
    private static X509TrustManager getX509TrustManager(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return chooseTrustManager(trustManagers) != null ? new MyTrustManager(chooseTrustManager(trustManagers)) : new UnSafeTrustManager();
    }

    public static boolean isHttpsForceEnabled() {
        return allForceUseHttps;
    }

    public static void setAllHttpsEnabled(boolean z) {
        allForceUseHttps = z;
    }

    public static synchronized void setOneWayCertificates(HttpsURLConnection httpsURLConnection) {
        synchronized (TestHttpsSSLHelper.class) {
            if (allForceUseHttps) {
                if (sslContext == null) {
                    InputStream certFileStream = getCertFileStream();
                    if (certFileStream == null) {
                        return;
                    }
                    try {
                        try {
                            try {
                                try {
                                    synchronized (TestHttpsSSLHelper.class) {
                                        sslContext = buildLocalAndDefault(certFileStream);
                                    }
                                } catch (KeyStoreException e2) {
                                    e2.printStackTrace();
                                    sslContext = null;
                                }
                            } catch (IOException e3) {
                                e3.printStackTrace();
                                sslContext = null;
                            }
                        } catch (CertificateException e4) {
                            e4.printStackTrace();
                            sslContext = null;
                        }
                    } catch (KeyManagementException e5) {
                        e5.printStackTrace();
                        sslContext = null;
                    } catch (NoSuchAlgorithmException e6) {
                        e6.printStackTrace();
                        sslContext = null;
                    }
                }
                if (sslContext != null) {
                    httpsURLConnection.setSSLSocketFactory(sslContext.getSocketFactory());
                }
            }
        }
    }
}
