package com.tplinkra.network.protocol;

import com.tplinkra.common.logging.SDKLogger;
import com.tplinkra.common.utils.Utils;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public class SDKTrustManager implements X509TrustManager {
    private static final SDKLogger f = SDKLogger.a(SDKTrustManager.class.getName());
    private static X509Certificate[] g;
    private KeyStore a;
    private X509TrustManager b;
    private List<String> c;
    private HostnameVerifier d;
    private boolean e;

    public SDKTrustManager(boolean z) {
        a();
        this.c = new ArrayList();
        this.d = new HostnameVerifier() { // from class: com.tplinkra.network.protocol.SDKTrustManager.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                if (Utils.a(str)) {
                    return false;
                }
                Iterator it = SDKTrustManager.this.c.iterator();
                while (it.hasNext()) {
                    if (str.endsWith((String) it.next())) {
                        return true;
                    }
                }
                return false;
            }
        };
        this.e = z;
    }

    private void a() {
        try {
            this.a = KeyStore.getInstance(KeyStore.getDefaultType());
            this.a.load(null, null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private boolean a(Certificate certificate, Certificate certificate2) {
        try {
            certificate.verify(certificate2.getPublicKey());
            return true;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
            return false;
        }
    }

    private boolean a(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        for (X509Certificate x509Certificate2 : d()) {
            if (!x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey()) && !a(x509Certificate, x509Certificate2)) {
                x509Certificate.checkValidity();
            }
            return true;
        }
        return false;
    }

    private void b() {
        if (this.e) {
            try {
                HttpsURLConnection.setDefaultHostnameVerifier(this.d);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    private void c() {
        if (this.e) {
            try {
                HttpsURLConnection.setDefaultSSLSocketFactory(getSSLContext().getSocketFactory());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    private X509Certificate[] d() {
        if (g == null) {
            if (!e()) {
                throw new CertificateException("checksum failed for certificate file: mergedCA.pem");
            }
            g = SSLUtils.c("mergedCA.pem");
        }
        return g;
    }

    private boolean e() {
        InputStream resourceAsStream = SDKTrustManager.class.getClassLoader().getResourceAsStream("mergedCA.pem");
        if (resourceAsStream == null) {
            throw new CertificateException("Certificate file does not exist: mergedCA.pem");
        }
        String i = Utils.i(IOUtils.toString(resourceAsStream));
        resourceAsStream.close();
        return "d36c83502579af18f38fd09eca765908e6ce1293b86a4cc7fd13f5248996fee08c68bc3d01af133cb4aef8b2c997109768e042d0dea0641ca2ec140da3143d0a".equalsIgnoreCase(i);
    }

    public void a(String str) {
        if (!this.c.contains(str)) {
            this.c.add(str);
        }
        b();
    }

    public void a(String str, Certificate certificate) {
        try {
            this.a.setCertificateEntry(str, certificate);
            c();
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        this.b.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException();
        }
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (a(x509Certificate)) {
                    return;
                }
            }
            throw new CertificateException("Cloud server validation failed");
        } catch (CertificateException e) {
            throw new CertificateException("Cloud server validation failed", e);
        } catch (Exception e2) {
            f.c(e2.getMessage(), e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (g == null) {
            try {
                if (e()) {
                    g = SSLUtils.c("mergedCA.pem");
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return g;
    }

    public SSLContext getSSLContext() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.a);
            this.b = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{this}, new SecureRandom());
            return sSLContext;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
