package com.kaspersky.components.certificatechecker;

import android.os.SystemClock;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import s.bfc;
import s.blc;

/* loaded from: classes.dex */
public class CertificateChecker {
    private static final String b = "CertificateChecker";
    private static final int c = (int) TimeUnit.MINUTES.toMillis(2);
    public int a;
    private final int d;
    private final bfc e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class a implements X509TrustManager {
        private a() {
        }

        /* synthetic */ a(byte b) {
            this();
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static {
        init();
    }

    public CertificateChecker(int i) {
        this(i, null);
    }

    public CertificateChecker(int i, bfc bfcVar) {
        this.a = c;
        this.d = i;
        this.e = bfcVar;
    }

    private static boolean a(Certificate[] certificateArr) {
        boolean z = true;
        for (int i = 0; i < certificateArr.length; i++) {
            if (!(certificateArr[i] instanceof X509Certificate)) {
                throw new CertificateException("Certificate is not X509 type!");
            }
            if (i > 0) {
                try {
                    ((X509Certificate) certificateArr[i - 1]).verify(((X509Certificate) certificateArr[i]).getPublicKey());
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                    z = false;
                }
            }
        }
        return z;
    }

    private static Certificate[] a(HttpsURLConnection httpsURLConnection) {
        try {
            return httpsURLConnection.getServerCertificates();
        } catch (Exception unused) {
            httpsURLConnection.getInputStream();
            return httpsURLConnection.getServerCertificates();
        }
    }

    private Certificate[] b(URL url) {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        TrustManager[] trustManagerArr = {new a((byte) 0)};
        HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: com.kaspersky.components.certificatechecker.CertificateChecker.1
            @Override // javax.net.ssl.HostnameVerifier
            public final boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        };
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(hostnameVerifier);
            httpsURLConnection.setConnectTimeout(this.a);
            httpsURLConnection.setReadTimeout(this.a);
            try {
                httpsURLConnection.connect();
                return a(httpsURLConnection);
            } finally {
                httpsURLConnection.disconnect();
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to init SSLContext for " + b, e);
        }
    }

    private static byte[][] b(Certificate[] certificateArr) {
        byte[][] bArr = new byte[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            if (!(certificateArr[i] instanceof X509Certificate)) {
                throw new CertificateException("Certificate is not X509 type!");
            }
            bArr[i] = certificateArr[i].getEncoded();
        }
        return bArr;
    }

    private native CheckResult checkCertificate(String str, String str2, int i, byte[][] bArr, int i2);

    private static native void init();

    public final CheckResult a(String str) {
        try {
            return a(blc.a(str));
        } catch (MalformedURLException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public final CheckResult a(URL url) {
        if (!url.getProtocol().equals("https")) {
            throw new IllegalArgumentException("Invalid URL: only HTTPS protocol is supported");
        }
        long uptimeMillis = SystemClock.uptimeMillis();
        Certificate[] b2 = b(url);
        CheckResult checkResult = new CheckResult(Verdict.Unknown.ordinal(), ExtendedVerdict.Unspecified.ordinal(), 0);
        if (!a(b2)) {
            checkResult = new CheckResult(Verdict.Untrusted.ordinal(), ExtendedVerdict.InvalidChain.ordinal(), 0);
        }
        long uptimeMillis2 = SystemClock.uptimeMillis() - uptimeMillis;
        if (checkResult.getVerdict() != Verdict.Untrusted) {
            int port = url.getPort();
            if (port == -1) {
                port = url.getDefaultPort();
            }
            String host = url.getHost();
            byte[][] b3 = b(b2);
            String hostAddress = InetAddress.getByName(url.getHost()).getHostAddress();
            checkResult = checkCertificate(host, hostAddress, port, b3, this.d);
            if (this.e != null) {
                this.e.a(checkResult, "https://" + host + ":" + port, hostAddress, b3);
            }
        }
        checkResult.getTelemetry().a = uptimeMillis2;
        return checkResult;
    }
}
