package mtopsdk.mtop.network.ssl;

import android.support.v4.widget.MaterialProgressDrawable;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import mtopsdk.common.util.StringUtils;
import mtopsdk.common.util.TBSdkLog;

/* loaded from: classes.dex */
public class SslCertVerifyHelper {
    private static final String TAG = "mtopsdk.SslCertVerifyHelper";
    private static final String TAG_EXPONENT = "publicExponent=";
    private static final String TAG_MODULE = "modulus=";

    private static X509Certificate getCertificate(InputStream inputStream) {
        X509Certificate x509Certificate;
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        if (inputStream == null) {
            return null;
        }
        try {
            try {
                try {
                    x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e);
                        }
                    }
                } catch (CertificateException e2) {
                    x509Certificate = null;
                    TBSdkLog.e(TAG, "Generate certificate failed.", e2);
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                            TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e3);
                        }
                    }
                }
            } catch (Exception e4) {
                x509Certificate = null;
                TBSdkLog.e(TAG, "Generate certificate failed.", e4);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e5) {
                        TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e5);
                    }
                }
            }
            return x509Certificate;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e6) {
                    TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e6);
                }
            }
            throw th;
        }
    }

    private static X509Certificate getCertificate(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream;
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        X509Certificate x509Certificate = null;
        if (bArr != null && bArr.length != 0) {
            ByteArrayInputStream byteArrayInputStream2 = null;
            try {
                try {
                    byteArrayInputStream = new ByteArrayInputStream(bArr);
                } catch (Throwable th) {
                    th = th;
                }
            } catch (Exception e) {
                e = e;
            }
            try {
                x509Certificate = getCertificate(byteArrayInputStream);
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Exception e2) {
                        TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e2);
                    }
                }
            } catch (Exception e3) {
                e = e3;
                byteArrayInputStream2 = byteArrayInputStream;
                TBSdkLog.e(TAG, "Generate certificate failed.", e);
                if (byteArrayInputStream2 != null) {
                    try {
                        byteArrayInputStream2.close();
                    } catch (Exception e4) {
                        TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e4);
                    }
                }
                return x509Certificate;
            } catch (Throwable th2) {
                th = th2;
                byteArrayInputStream2 = byteArrayInputStream;
                if (byteArrayInputStream2 != null) {
                    try {
                        byteArrayInputStream2.close();
                    } catch (Exception e5) {
                        TBSdkLog.e(TAG, "Close InputStream failed while generate certificate.", e5);
                    }
                }
                throw th;
            }
        }
        return x509Certificate;
    }

    private static X509TrustManager getX509TrustManager() {
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    return (X509TrustManager) trustManagers[i];
                }
            }
            return null;
        } catch (KeyStoreException e) {
            TBSdkLog.e(TAG, "get X509TrustManager failed.", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            TBSdkLog.e(TAG, "get X509TrustManager failed.", e2);
            return null;
        } catch (Exception e3) {
            TBSdkLog.e(TAG, "get X509TrustManager failed.", e3);
            return null;
        }
    }

    private static void printCertInfo(X509Certificate x509Certificate) {
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        StringBuilder sb = new StringBuilder();
        sb.append("sigAlgName=").append(x509Certificate.getSigAlgName()).append(";serialNumber=").append(x509Certificate.getSerialNumber()).append(";version=").append(x509Certificate.getVersion()).append(";X500Principal=").append(x509Certificate.getIssuerX500Principal().getName()).append(";SubjectDN=").append(x509Certificate.getSubjectDN().getName()).append(";IssuerDN=").append(x509Certificate.getIssuerDN().getName()).append(";pubKeyFormat=").append(x509Certificate.getPublicKey().getFormat()).append(";pubKeyAlgorithm=").append(x509Certificate.getPublicKey().getAlgorithm()).append(";\npubKeyEncoded=").append(x509Certificate.getPublicKey().toString());
        String sb2 = sb.toString();
        TBSdkLog.i("https", x509Certificate.getSubjectX500Principal().getName());
        TBSdkLog.d(TAG, sb2);
    }

    private static boolean saveCertInfo(X509Certificate x509Certificate, int i) {
        String[] split;
        int indexOf;
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        if (x509Certificate == null) {
            return false;
        }
        String obj = x509Certificate.getPublicKey().toString();
        if (StringUtils.isBlank(obj) || (split = obj.split(",")) == null || split.length < 2 || (indexOf = split[0].indexOf(TAG_MODULE)) == -1 || split[0].length() <= TAG_MODULE.length() + indexOf) {
            return false;
        }
        String substring = split[0].substring(TAG_MODULE.length() + indexOf);
        int indexOf2 = split[1].indexOf(TAG_EXPONENT);
        if (indexOf2 == -1 || split[1].length() <= TAG_EXPONENT.length() + indexOf2 + 1) {
            return false;
        }
        String substring2 = split[1].substring(TAG_EXPONENT.length() + indexOf2, split[1].length() - 1);
        if (TBSdkLog.isPrintLog()) {
            TBSdkLog.d(TAG, "exponent=" + substring2 + "; module=" + substring);
        }
        return true;
    }

    public static boolean verifyCertificate(X509Certificate x509Certificate) {
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        boolean z = false;
        if (x509Certificate == null) {
            return false;
        }
        if (TBSdkLog.isPrintLog()) {
            printCertInfo(x509Certificate);
        }
        try {
            String name = x509Certificate.getSubjectX500Principal().getName();
            z = name.contains(".taobao.com");
            if (!z) {
                z = name.contains(".alipay.com");
            }
        } catch (Exception e) {
            TBSdkLog.e(TAG, "vertify domain error.", e);
        }
        if (!z) {
            TBSdkLog.e(TAG, "vertify failed: invalid domain.");
            return false;
        }
        try {
            x509Certificate.checkValidity(new Date());
            try {
                x509Certificate.verify(x509Certificate.getPublicKey());
                return true;
            } catch (InvalidKeyException e2) {
                TBSdkLog.e(TAG, "证书公钥不合法。", e2);
                return false;
            } catch (NoSuchAlgorithmException e3) {
                TBSdkLog.e(TAG, "证书公钥不合法。", e3);
                return false;
            } catch (NoSuchProviderException e4) {
                TBSdkLog.e(TAG, "证书公钥不合法。", e4);
                return false;
            } catch (SignatureException e5) {
                TBSdkLog.e(TAG, "证书公钥不合法。", e5);
                return false;
            } catch (CertificateException e6) {
                TBSdkLog.e(TAG, "证书公钥不合法。", e6);
                return false;
            }
        } catch (CertificateExpiredException e7) {
            TBSdkLog.e(TAG, "证书过期。", e7);
            return false;
        } catch (CertificateNotYetValidException e8) {
            TBSdkLog.e(TAG, "证书未生效。", e8);
            return false;
        }
    }

    public static boolean verifyCertificate(byte[] bArr, int i) {
        MaterialProgressDrawable.StartCurveInterpolator.n12.b(MaterialProgressDrawable.StartCurveInterpolator.n12.a() ? 1 : 0);
        X509Certificate certificate = getCertificate(bArr);
        boolean verifyCertificate = verifyCertificate(certificate);
        if (!verifyCertificate) {
            saveCertInfo(certificate, i);
        }
        return verifyCertificate;
    }
}
