package net.arraynetworks.vpn;

import android.util.Log;
import cn.petrochina.mobile.crm.utils.RSAUtils;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class SSLAuthServerCert {
    static final int SOCKET_TIMEOUT = 60000;
    private X509TrustManager mDefTrustManager;
    SSLSocket mSslSock = null;
    private SSLSocketFactory mSslSocketFactory;
    private static String Tag = "SSLAuthCert";
    private static final HostnameVerifier HOSTNAME_VERIFIER = HttpsURLConnection.getDefaultHostnameVerifier();

    public SSLAuthServerCert() {
        createDefaultTrustManager();
        initSslSocketFactory();
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str) throws IOException {
        Log.i(Tag, "validation error: " + str);
        if (sSLSocket != null) {
            SSLSession session = sSLSocket.getSession();
            if (session != null) {
                session.invalidate();
            }
            sSLSocket.close();
        }
        throw new SSLHandshakeException(str);
    }

    private void createDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.mDefTrustManager = findX509TrustManager(trustManagerFactory.getTrustManagers());
        } catch (KeyStoreException e) {
            Log.e(Tag, "" + e.getMessage());
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            Log.e(Tag, "" + e2.getMessage());
            e2.printStackTrace();
        }
    }

    private static X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private void initSslSocketFactory() {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: net.arraynetworks.vpn.SSLAuthServerCert.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, null);
            this.mSslSocketFactory = sSLContext.getSocketFactory();
        } catch (KeyManagementException e) {
            Log.e(Tag, "" + e.getMessage());
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            Log.e(Tag, "" + e2.getMessage());
            e2.printStackTrace();
        }
    }

    private static void printCertificate(X509Certificate x509Certificate) {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        Log.d(Tag, "subject " + subjectX500Principal.getName());
        Log.d(Tag, "issuer " + issuerX500Principal.getName());
    }

    private int verifyServerDomainAndCertificates(X509Certificate[] x509CertificateArr, String str, String str2, SSLSession sSLSession) throws IOException {
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate for this site is null");
        }
        printCertificate(x509Certificate);
        if (!HOSTNAME_VERIFIER.verify(str, sSLSession)) {
            Log.e(Tag, "certificate not for this host: " + str);
            return 75;
        }
        Log.d(Tag, "Domain trusted");
        try {
            this.mDefTrustManager.checkServerTrusted(x509CertificateArr, str2);
            Log.d(Tag, "Server Trusted");
            return 0;
        } catch (CertificateException e) {
            Log.e(Tag, "" + e.getClass().getName());
            Log.e(Tag, "failed to validate the certificate chain, error: " + e.getMessage());
            return e instanceof CertificateExpiredException ? 70 : 75;
        }
    }

    public void asyncVerifyServerCertificate(final String str, final int i) {
        new Thread(new Runnable() { // from class: net.arraynetworks.vpn.SSLAuthServerCert.2
            @Override // java.lang.Runnable
            public void run() {
                SSLAuthServerCert.this.verifyServerCertificate(str, i);
            }
        }).start();
    }

    public int doHandshakeAndValidateServerCertificates(SSLSocket sSLSocket, String str) throws IOException {
        Log.i(Tag, "get sslSession " + sSLSocket.getInetAddress().getHostAddress());
        sSLSocket.startHandshake();
        SSLSession session = sSLSocket.getSession();
        if (!session.isValid()) {
            closeSocketThrowException(sSLSocket, "failed to perform SSL handshake");
        }
        Log.i(Tag, "sslSession PeerPrincipal: " + session.getPeerPrincipal().getName());
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates != null && peerCertificates.length != 0) {
            return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, str, RSAUtils.KEY_ALGORITHM, session);
        }
        Log.e(Tag, "failed to retrieve peer certificates");
        if (sSLSocket != null) {
            SSLSession session2 = sSLSocket.getSession();
            if (session2 != null) {
                session2.invalidate();
            }
            sSLSocket.close();
        }
        return 73;
    }

    public void stopVerify() {
        if (this.mSslSock != null) {
            try {
                Log.d(Tag, "stopVerify");
                this.mSslSock.close();
            } catch (IOException e) {
                Log.e(Tag, "stopVerify " + e.getMessage());
            }
        }
    }

    public synchronized int verifyServerCertificate(String str, int i) {
        int i2;
        try {
            this.mSslSock = (SSLSocket) this.mSslSocketFactory.createSocket();
            this.mSslSock.connect(new InetSocketAddress(str, i));
            this.mSslSock.setSoTimeout(SOCKET_TIMEOUT);
            this.mSslSock.setUseClientMode(true);
            this.mSslSock.setEnabledCipherSuites(this.mSslSock.getEnabledCipherSuites());
            this.mSslSock.setEnabledProtocols(this.mSslSock.getSupportedProtocols());
            i2 = doHandshakeAndValidateServerCertificates(this.mSslSock, str);
            this.mSslSock.close();
        } catch (IOException e) {
            String message = e.getMessage();
            Log.e(Tag, "verifyServerCertificate: " + e.getMessage());
            if (this.mSslSock != null) {
                try {
                    this.mSslSock.close();
                } catch (IOException e2) {
                    Log.e(Tag, "verifyServerCertificate" + e2.getMessage());
                }
            }
            i2 = (message == null || message.contains("Network is unreachable")) ? 16 : 4;
        } catch (Exception e3) {
            Log.e(Tag, "verifyServerCertificate Exception: " + e3.getMessage());
            i2 = 4;
        }
        return i2;
    }
}
