package one.s4;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.q;
import okhttp3.OkHttpClient;
import one.v8.g;
import org.spongycastle.asn1.x500.AttributeTypeAndValue;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.style.BCStyle;

/* loaded from: classes.dex */
final class a {
    public static final b Companion = new b(null);

    /* renamed from: one.s4.a$a, reason: collision with other inner class name */
    /* loaded from: classes.dex */
    private static final class C0372a implements HostnameVerifier {
        private final X509TrustManager a;
        private final String b;
        private final String c;

        public C0372a(X509TrustManager x509TrustManager, String requestHostname, String commonName) {
            q.e(requestHostname, "requestHostname");
            q.e(commonName, "commonName");
            this.a = x509TrustManager;
            this.b = requestHostname;
            this.c = commonName;
        }

        private final String a(X500Name x500Name) {
            RDN[] rdns = x500Name.getRDNs(BCStyle.CN);
            q.d(rdns, "rdns");
            if (rdns.length == 0) {
                return null;
            }
            Object w = g.w(rdns);
            q.d(w, "rdns.first()");
            AttributeTypeAndValue first = ((RDN) w).getFirst();
            q.d(first, "rdns.first().first");
            return first.getValue().toString();
        }

        private final boolean b(byte[] bArr, byte[] bArr2) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] bArr3 = new byte[20];
            new SecureRandom().nextBytes(bArr3);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(bArr3);
            byteArrayOutputStream.write(bArr);
            byte[] digest = messageDigest.digest(byteArrayOutputStream.toByteArray());
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            byteArrayOutputStream2.write(bArr3);
            byteArrayOutputStream2.write(bArr2);
            return MessageDigest.isEqual(digest, messageDigest.digest(byteArrayOutputStream2.toByteArray()));
        }

        private final boolean c(String str, X509Certificate x509Certificate) {
            Principal subjectDN = x509Certificate.getSubjectDN();
            Objects.requireNonNull(subjectDN, "null cannot be cast to non-null type javax.security.auth.x500.X500Principal");
            X500Name x500Name = X500Name.getInstance(((X500Principal) subjectDN).getEncoded());
            q.d(x500Name, "X500Name.getInstance(principal.encoded)");
            String a = a(x500Name);
            if (a == null) {
                return false;
            }
            if (str == null) {
                String str2 = this.c;
                Charset charset = one.zb.d.a;
                Objects.requireNonNull(str2, "null cannot be cast to non-null type java.lang.String");
                byte[] bytes = str2.getBytes(charset);
                q.d(bytes, "(this as java.lang.String).getBytes(charset)");
                byte[] bytes2 = a.getBytes(charset);
                q.d(bytes2, "(this as java.lang.String).getBytes(charset)");
                return b(bytes, bytes2);
            }
            Charset charset2 = one.zb.d.a;
            byte[] bytes3 = str.getBytes(charset2);
            q.d(bytes3, "(this as java.lang.String).getBytes(charset)");
            String str3 = this.b;
            Objects.requireNonNull(str3, "null cannot be cast to non-null type java.lang.String");
            byte[] bytes4 = str3.getBytes(charset2);
            q.d(bytes4, "(this as java.lang.String).getBytes(charset)");
            if (!b(bytes3, bytes4)) {
                return false;
            }
            String str4 = this.c;
            Objects.requireNonNull(str4, "null cannot be cast to non-null type java.lang.String");
            byte[] bytes5 = str4.getBytes(charset2);
            q.d(bytes5, "(this as java.lang.String).getBytes(charset)");
            byte[] bytes6 = a.getBytes(charset2);
            q.d(bytes6, "(this as java.lang.String).getBytes(charset)");
            return b(bytes5, bytes6);
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            Certificate[] peerCertificates;
            if (sSLSession != null) {
                try {
                    peerCertificates = sSLSession.getPeerCertificates();
                } catch (InvalidKeyException e) {
                    e.printStackTrace();
                    return false;
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                    return false;
                } catch (NoSuchProviderException e3) {
                    e3.printStackTrace();
                    return false;
                } catch (SignatureException e4) {
                    e4.printStackTrace();
                    return false;
                } catch (CertificateException e5) {
                    e5.printStackTrace();
                    return false;
                } catch (SSLPeerUnverifiedException e6) {
                    e6.printStackTrace();
                    return false;
                }
            } else {
                peerCertificates = null;
            }
            if (peerCertificates == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<out java.security.cert.X509Certificate>");
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) peerCertificates;
            X509TrustManager x509TrustManager = this.a;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            }
            Certificate[] peerCertificates2 = sSLSession.getPeerCertificates();
            q.d(peerCertificates2, "session.peerCertificates");
            Certificate certificate = (Certificate) g.w(peerCertificates2);
            if (certificate != null) {
                return c(str, (X509Certificate) certificate);
            }
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
    }

    /* loaded from: classes.dex */
    public static final class b {
        private b() {
        }

        public /* synthetic */ b(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final OkHttpClient a(String certificate, String requestHostname, String commonName) {
            q.e(certificate, "certificate");
            q.e(requestHostname, "requestHostname");
            q.e(commonName, "commonName");
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(null);
            byte[] bytes = certificate.getBytes(one.zb.d.a);
            q.d(bytes, "(this as java.lang.String).getBytes(charset)");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            keyStore.setCertificateEntry("csi", CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream));
            byteArrayInputStream.close();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            q.d(trustManagerFactory, "trustManagerFactory");
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (!(trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager))) {
                throw new IllegalStateException(("Unexpected default trust managers:" + Arrays.toString(trustManagers)).toString());
            }
            TrustManager trustManager = trustManagers[0];
            Objects.requireNonNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustManagers, new SecureRandom());
            q.d(sslContext, "sslContext");
            SSLSocketFactory socketFactory = sslContext.getSocketFactory();
            builder.connectTimeout(3000L, TimeUnit.MILLISECONDS);
            if (socketFactory != null) {
                builder.sslSocketFactory(socketFactory, x509TrustManager);
            }
            builder.hostnameVerifier(new C0372a(x509TrustManager, requestHostname, commonName));
            return builder.build();
        }
    }
}
