package com.huawei.im.esdk.http.onebox;

import android.text.TextUtils;
import com.huawei.ecs.mtk.log.Logger;
import com.huawei.im.esdk.common.p.a;
import com.huawei.im.esdk.log.TagInfo;
import com.huawei.im.esdk.utils.h;
import com.huawei.it.w3m.core.h5.H5Constants;
import com.huawei.it.w3m.core.utility.PackageUtils;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class SSLSocketClient {
    public static String getHostName(String str) {
        return TextUtils.isEmpty(str) ? "" : str.replace(H5Constants.SCHEME_HTTP, "").replace(H5Constants.SCHEME_HTTPS, "");
    }

    public static HostnameVerifier getHostnameVerifier() {
        return new HostnameVerifier() { // from class: com.huawei.im.esdk.http.onebox.SSLSocketClient.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                if (TextUtils.isEmpty(str)) {
                    return false;
                }
                ArrayList arrayList = new ArrayList();
                arrayList.add(SSLSocketClient.getHostName(RestBaseRequester.getOneboxUrl()));
                arrayList.addAll(RestBaseRequester.getIpSet());
                if (arrayList.contains(str)) {
                    return true;
                }
                return HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
            }
        };
    }

    public static SSLSocketFactory getSSLSocketFactory() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, getTrustManager(), new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private static TrustManager[] getTrustManager() {
        return new TrustManager[]{new X509TrustManager() { // from class: com.huawei.im.esdk.http.onebox.SSLSocketClient.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                if (PackageUtils.RELEASE_TYPE.SIT.equals(PackageUtils.b())) {
                    Logger.info(TagInfo.APPTAG, "sit environment, no use tls cert verify");
                    return;
                }
                Logger.info(TagInfo.APPTAG, "start check Server cert");
                Exception e2 = null;
                try {
                    Collection c2 = h.c(a.b());
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        x509Certificate.checkValidity();
                        Iterator it2 = c2.iterator();
                        while (it2.hasNext()) {
                            try {
                                x509Certificate.verify(((Certificate) it2.next()).getPublicKey());
                                Logger.info(TagInfo.APPTAG, "check server cert success!");
                                return;
                            } catch (Exception e3) {
                                e2 = e3;
                            }
                        }
                    }
                } catch (Exception e4) {
                    e2 = e4;
                    Logger.error(TagInfo.APPTAG, e2.toString());
                }
                throw new CertificateException("error in validating certificate", e2);
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }
}
