package one.o9;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.OkHttpClient;
import one.dh.c0;
import one.qg.m;
import org.jetbrains.annotations.NotNull;

/* compiled from: CSIHttpClient.kt */
@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0004\b\u0002\u0018\u0000 \u00022\u00020\u0001:\u0002\u0003\u0004¨\u0006\u0005"}, d2 = {"Lone/o9/a;", "", "Companion", "a", "b", "csi_release"}, k = 1, mv = {1, 9, 0})
/* loaded from: classes.dex */
final class a {

    /* renamed from: Companion, reason: from kotlin metadata */
    @NotNull
    public static final Companion INSTANCE = new Companion(null);

    /* compiled from: CSIHttpClient.kt */
    @Metadata(d1 = {"\u00008\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\b\u0002\u0018\u00002\u00020\u0001B!\u0012\b\u0010\u0012\u001a\u0004\u0018\u00010\u0010\u0012\u0006\u0010\u0014\u001a\u00020\u0002\u0012\u0006\u0010\u0015\u001a\u00020\u0002¢\u0006\u0004\b\u0016\u0010\u0017J\u001a\u0010\u0007\u001a\u00020\u00062\b\u0010\u0003\u001a\u0004\u0018\u00010\u00022\u0006\u0010\u0005\u001a\u00020\u0004H\u0002J\u0012\u0010\n\u001a\u0004\u0018\u00010\u00022\u0006\u0010\t\u001a\u00020\bH\u0002J\u0018\u0010\f\u001a\u00020\u00062\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u000bH\u0002J\u001c\u0010\u000f\u001a\u00020\u00062\b\u0010\u0003\u001a\u0004\u0018\u00010\u00022\b\u0010\u000e\u001a\u0004\u0018\u00010\rH\u0016R\u0016\u0010\u0012\u001a\u0004\u0018\u00010\u00108\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\n\u0010\u0011R\u0014\u0010\u0014\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\f\u0010\u0013R\u0014\u0010\u0015\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u0010\u0013¨\u0006\u0018"}, d2 = {"Lone/o9/a$a;", "Ljavax/net/ssl/HostnameVerifier;", "", "hostname", "Ljava/security/cert/X509Certificate;", "certificate", "", "c", "Lone/hl/c;", com.amazon.a.a.h.a.a, "a", "", "b", "Ljavax/net/ssl/SSLSession;", "session", "verify", "Ljavax/net/ssl/X509TrustManager;", "Ljavax/net/ssl/X509TrustManager;", "trustManager", "Ljava/lang/String;", "requestHostname", "commonName", "<init>", "(Ljavax/net/ssl/X509TrustManager;Ljava/lang/String;Ljava/lang/String;)V", "csi_release"}, k = 1, mv = {1, 9, 0})
    /* renamed from: one.o9.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    private static final class C0424a implements HostnameVerifier {

        /* renamed from: a, reason: from kotlin metadata */
        private final X509TrustManager trustManager;

        /* renamed from: b, reason: from kotlin metadata */
        @NotNull
        private final String requestHostname;

        /* renamed from: c, reason: from kotlin metadata */
        @NotNull
        private final String commonName;

        public C0424a(X509TrustManager x509TrustManager, @NotNull String requestHostname, @NotNull String commonName) {
            Intrinsics.checkNotNullParameter(requestHostname, "requestHostname");
            Intrinsics.checkNotNullParameter(commonName, "commonName");
            this.trustManager = x509TrustManager;
            this.requestHostname = requestHostname;
            this.commonName = commonName;
        }

        private final String a(one.hl.c name) {
            Object A;
            one.hl.b[] y = name.y(one.il.b.g);
            Intrinsics.c(y);
            if (y.length == 0) {
                return null;
            }
            A = m.A(y);
            return ((one.hl.b) A).x().y().toString();
        }

        private final boolean b(byte[] a, byte[] b) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] bArr = new byte[20];
            new SecureRandom().nextBytes(bArr);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr);
            byteArrayOutputStream.write(a);
            byte[] digest = messageDigest.digest(byteArrayOutputStream.toByteArray());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(bArr);
            byteArrayOutputStream2.write(b);
            return MessageDigest.isEqual(digest, messageDigest.digest(byteArrayOutputStream2.toByteArray()));
        }

        private final boolean c(String hostname, X509Certificate certificate) {
            boolean b;
            boolean z;
            c0 c0Var = new c0();
            Principal subjectDN = certificate.getSubjectDN();
            Intrinsics.d(subjectDN, "null cannot be cast to non-null type javax.security.auth.x500.X500Principal");
            one.hl.c t = one.hl.c.t(((X500Principal) subjectDN).getEncoded());
            Intrinsics.checkNotNullExpressionValue(t, "getInstance(...)");
            String a = a(t);
            if (a != null) {
                if (hostname != null) {
                    Charset charset = one.wj.a.UTF_8;
                    byte[] bytes = hostname.getBytes(charset);
                    Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
                    byte[] bytes2 = this.requestHostname.getBytes(charset);
                    Intrinsics.checkNotNullExpressionValue(bytes2, "this as java.lang.String).getBytes(charset)");
                    if (b(bytes, bytes2)) {
                        byte[] bytes3 = this.commonName.getBytes(charset);
                        Intrinsics.checkNotNullExpressionValue(bytes3, "this as java.lang.String).getBytes(charset)");
                        byte[] bytes4 = a.getBytes(charset);
                        Intrinsics.checkNotNullExpressionValue(bytes4, "this as java.lang.String).getBytes(charset)");
                        if (b(bytes3, bytes4)) {
                            z = true;
                            b = Boolean.valueOf(z).booleanValue();
                        }
                    }
                    z = false;
                    b = Boolean.valueOf(z).booleanValue();
                } else {
                    String str = this.commonName;
                    Charset charset2 = one.wj.a.UTF_8;
                    byte[] bytes5 = str.getBytes(charset2);
                    Intrinsics.checkNotNullExpressionValue(bytes5, "this as java.lang.String).getBytes(charset)");
                    byte[] bytes6 = a.getBytes(charset2);
                    Intrinsics.checkNotNullExpressionValue(bytes6, "this as java.lang.String).getBytes(charset)");
                    b = b(bytes5, bytes6);
                }
                c0Var.a = b;
            }
            return c0Var.a;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String hostname, SSLSession session) {
            Certificate[] peerCertificates;
            Object A;
            if (session != null) {
                try {
                    peerCertificates = session.getPeerCertificates();
                } catch (InvalidKeyException e) {
                    e.printStackTrace();
                    return false;
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                    return false;
                } catch (NoSuchProviderException e3) {
                    e3.printStackTrace();
                    return false;
                } catch (SignatureException e4) {
                    e4.printStackTrace();
                    return false;
                } catch (CertificateException e5) {
                    e5.printStackTrace();
                    return false;
                } catch (SSLPeerUnverifiedException e6) {
                    e6.printStackTrace();
                    return false;
                }
            } else {
                peerCertificates = null;
            }
            Intrinsics.d(peerCertificates, "null cannot be cast to non-null type kotlin.Array<out java.security.cert.X509Certificate>");
            X509Certificate[] x509CertificateArr = (X509Certificate[]) peerCertificates;
            X509TrustManager x509TrustManager = this.trustManager;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            }
            Certificate[] peerCertificates2 = session.getPeerCertificates();
            Intrinsics.checkNotNullExpressionValue(peerCertificates2, "getPeerCertificates(...)");
            A = m.A(peerCertificates2);
            Certificate certificate = (Certificate) A;
            Intrinsics.d(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
            return c(hostname, (X509Certificate) certificate);
        }
    }

    /* compiled from: CSIHttpClient.kt */
    @Metadata(d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0086\u0003\u0018\u00002\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\b\u0010\tJ\u001e\u0010\u0007\u001a\u00020\u00062\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0004\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u0002¨\u0006\n"}, d2 = {"Lone/o9/a$b;", "", "", "certificate", "requestHostname", "commonName", "Lokhttp3/OkHttpClient;", "a", "<init>", "()V", "csi_release"}, k = 1, mv = {1, 9, 0})
    /* renamed from: one.o9.a$b, reason: from kotlin metadata */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        @NotNull
        public final OkHttpClient a(@NotNull String certificate, @NotNull String requestHostname, @NotNull String commonName) {
            Intrinsics.checkNotNullParameter(certificate, "certificate");
            Intrinsics.checkNotNullParameter(requestHostname, "requestHostname");
            Intrinsics.checkNotNullParameter(commonName, "commonName");
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(null);
            byte[] bytes = certificate.getBytes(one.wj.a.UTF_8);
            Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            keyStore.setCertificateEntry("csi", CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream));
            byteArrayInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (!(trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager))) {
                throw new IllegalStateException(("Unexpected default trust managers:" + Arrays.toString(trustManagers)).toString());
            }
            TrustManager trustManager = trustManagers[0];
            Intrinsics.d(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagers, new SecureRandom());
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            builder.connectTimeout(3000L, TimeUnit.MILLISECONDS);
            if (socketFactory != null) {
                builder.sslSocketFactory(socketFactory, x509TrustManager);
            }
            builder.hostnameVerifier(new C0424a(x509TrustManager, requestHostname, commonName));
            return builder.build();
        }
    }
}
