package com.xyzmo.webservice;

import android.annotation.SuppressLint;
import android.content.SharedPreferences;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.util.Log;
import com.xyzmo.helper.AppContext;
import com.xyzmo.helper.GeneralUtils;
import com.xyzmo.helper.SIGNificantToast;
import com.xyzmo.identifier.StaticIdentifier;
import com.xyzmo.sdk.ApplicationEventListener;
import com.xyzmo.sdk.SdkManager;
import com.xyzmo.signature_sdk.R;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SSLConnectionManager {
    private static final String KEYCHAIN_PREF = "keychain";
    private static final String KEYCHAIN_PREF_ALIAS = "alias";
    private KeyManager[] mKeyManagersWithClientCertificate;
    private boolean mStartFetchingClientCertificate;

    private static String getClientCertificateAlias() {
        return AppContext.mContext.getSharedPreferences(KEYCHAIN_PREF, 0).getString(KEYCHAIN_PREF_ALIAS, null);
    }

    public static void resetClientCertificate() {
        setClientCertificateAlias(null);
        SIGNificantToast.makeText(AppContext.mContext, AppContext.mResources.getString(R.string.toast_reset_client_certificate_successful), 0).show();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setClientCertificateAlias(String str) {
        SharedPreferences.Editor edit = AppContext.mContext.getSharedPreferences(KEYCHAIN_PREF, 0).edit();
        edit.putString(KEYCHAIN_PREF_ALIAS, str);
        edit.apply();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setKeyManagersWithClientCertificate() {
        String clientCertificateAlias = getClientCertificateAlias();
        if (clientCertificateAlias != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(null);
                keyStore.setKeyEntry(clientCertificateAlias, KeyChain.getPrivateKey(AppContext.mContext, clientCertificateAlias), null, KeyChain.getCertificateChain(AppContext.mContext, clientCertificateAlias));
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
                keyManagerFactory.init(keyStore, null);
                this.mKeyManagersWithClientCertificate = keyManagerFactory.getKeyManagers();
            } catch (Exception e) {
                e.printStackTrace();
                Log.e(StaticIdentifier.DEBUG_TAG, "handleSSLConnections, There was a problem while loading the client certificate from the Android's keychain");
                SdkManager.sharedInstance().onSDKError(ApplicationEventListener.SDKError.SSLClientCertificateCannotBeLoaded, e);
            }
        }
    }

    public void handleSSLConnections() {
        boolean z = AppContext.mResources.getBoolean(R.bool.pref_default_allow_untrusted_certificates);
        boolean z2 = AppContext.isClientApp() && AppContext.mResources.getBoolean(R.bool.pref_default_use_client_certificate_from_keychain_for_ssl_connections);
        SSLServerCertificateData sSLServerCertificate = SdkManager.sharedInstance().getSSLServerCertificate();
        if (z || z2 || sSLServerCertificate != null) {
            try {
                this.mKeyManagersWithClientCertificate = null;
                if (z2) {
                    if (getClientCertificateAlias() != null) {
                        setKeyManagersWithClientCertificate();
                    } else {
                        this.mStartFetchingClientCertificate = true;
                        KeyChain.choosePrivateKeyAlias(AppContext.mCurrentActivity, new KeyChainAliasCallback() { // from class: com.xyzmo.webservice.SSLConnectionManager.1
                            @Override // android.security.KeyChainAliasCallback
                            public void alias(String str) {
                                SSLConnectionManager.setClientCertificateAlias(str);
                                if (str != null) {
                                    SSLConnectionManager.this.setKeyManagersWithClientCertificate();
                                } else {
                                    Log.e(StaticIdentifier.DEBUG_TAG, "handleSSLConnections, User has denied access to any client certificate for SSL connections.");
                                    SdkManager.sharedInstance().onSDKError(ApplicationEventListener.SDKError.SSLClientCertificateWasDeniedByUser, null);
                                }
                                SSLConnectionManager.this.mStartFetchingClientCertificate = false;
                            }
                        }, null, null, null, -1, SdkManager.sharedInstance().onPreselectClientCertificateFromKeyChainForSSLConnections());
                    }
                }
                if (this.mStartFetchingClientCertificate) {
                    while (this.mStartFetchingClientCertificate) {
                        Thread.sleep(200L);
                    }
                }
                X509TrustManager x509TrustManager = null;
                if (z) {
                    x509TrustManager = new X509TrustManager() { // from class: com.xyzmo.webservice.SSLConnectionManager.2
                        @Override // javax.net.ssl.X509TrustManager
                        @SuppressLint({"TrustAllX509TrustManager"})
                        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        @SuppressLint({"TrustAllX509TrustManager"})
                        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                        }

                        @Override // javax.net.ssl.X509TrustManager
                        public X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }
                    };
                    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: com.xyzmo.webservice.SSLConnectionManager.3
                        @Override // javax.net.ssl.HostnameVerifier
                        @SuppressLint({"BadHostnameVerifier"})
                        public boolean verify(String str, SSLSession sSLSession) {
                            return true;
                        }
                    });
                }
                TrustManager[] trustManagerArr = null;
                if (sSLServerCertificate != null) {
                    KeyStore keyStore = KeyStore.getInstance("BKS");
                    InputStream inputStream = null;
                    try {
                        try {
                            inputStream = AppContext.mResources.openRawResource(sSLServerCertificate.mCertificateResourceId);
                            keyStore.load(inputStream, sSLServerCertificate.mCertificatePassword.toCharArray());
                        } finally {
                            GeneralUtils.closeQuietly(inputStream);
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                        Log.e(StaticIdentifier.DEBUG_TAG, "handleSSLConnections, SSL server certificate cannot be read in. Have you configured the wrong resource ID or specified the wrong password?");
                        SdkManager.sharedInstance().onSDKError(ApplicationEventListener.SDKError.SSLServerCertificateCannotBeLoaded, e);
                        GeneralUtils.closeQuietly(inputStream);
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    trustManagerArr = trustManagerFactory.getTrustManagers();
                }
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                if (z && z2) {
                    sSLContext.init(this.mKeyManagersWithClientCertificate, new TrustManager[]{x509TrustManager}, new SecureRandom());
                } else if (z) {
                    sSLContext.init(null, new TrustManager[]{x509TrustManager}, new SecureRandom());
                } else if (z2) {
                    if (sSLServerCertificate == null || trustManagerArr == null) {
                        sSLContext.init(this.mKeyManagersWithClientCertificate, null, new SecureRandom());
                    } else {
                        sSLContext.init(this.mKeyManagersWithClientCertificate, trustManagerArr, new SecureRandom());
                    }
                } else if (sSLServerCertificate != null && trustManagerArr != null) {
                    sSLContext.init(this.mKeyManagersWithClientCertificate, trustManagerArr, new SecureRandom());
                }
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
    }
}
