package in.juspay.hypersdk.core;

import android.content.Context;
import android.net.http.SslCertificate;
import android.webkit.WebView;
import i.g.b.a.a;
import in.juspay.hypersdk.core.Labels;
import in.juspay.hypersdk.core.PaymentConstants;
import in.juspay.hypersdk.naming.InvalidNameException;
import in.juspay.hypersdk.naming.ldap.LdapName;
import in.juspay.hypersdk.naming.ldap.Rdn;
import in.juspay.hypersdk.services.FileProviderService;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URI;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.regex.Pattern;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public class JuspayTrustManager {
    private static final String LOG_TAG = "JuspayTrustManager";
    private TrustManagerFactory defaultTrustManagerFactory;
    private JuspayServices juspayServices;

    public JuspayTrustManager(JuspayServices juspayServices) {
        this.juspayServices = juspayServices;
    }

    private List<TrustManager> fetchTrustManager() {
        ArrayList arrayList = new ArrayList(this.defaultTrustManagerFactory.getTrustManagers().length);
        Collections.addAll(arrayList, this.defaultTrustManagerFactory.getTrustManagers());
        return arrayList;
    }

    private String[] getAssetFolder(Context context, String str) {
        try {
            return context.getAssets().list(str);
        } catch (IOException e2) {
            JuspayLogger.e(LOG_TAG, "caught while trying to open assets for trustmanager", e2);
            return new String[0];
        }
    }

    private String getCommonName(X509Certificate x509Certificate) {
        try {
            String str = null;
            for (Rdn rdn : new LdapName(x509Certificate.getSubjectX500Principal().getName()).getRdns()) {
                if ("CN".equalsIgnoreCase(rdn.getType())) {
                    str = rdn.getValue().toString();
                }
            }
            return str;
        } catch (InvalidNameException unused) {
            return null;
        }
    }

    private X509Certificate[] getLocalCertificates(WebView webView) {
        CertificateFactory certificateFactory;
        ByteArrayInputStream byteArrayInputStream;
        HashMap hashMap = new HashMap();
        Context context = webView.getContext();
        String[] assetFolder = getAssetFolder(webView.getContext(), "juspay/certificates_v1");
        File file = null;
        try {
            CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList(assetFolder.length);
            for (int i2 = 0; i2 < assetFolder.length; i2++) {
                String str = assetFolder[i2];
                try {
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(context.getAssets().open("juspay/certificates_v1/" + str));
                    if (certificateFactory2 != null) {
                        try {
                            arrayList.add((X509Certificate) certificateFactory2.generateCertificate(bufferedInputStream));
                            hashMap.put(str, Integer.valueOf(i2));
                        } finally {
                            try {
                                break;
                            } finally {
                            }
                        }
                    }
                    bufferedInputStream.close();
                } catch (Exception e2) {
                    JuspayLogger.e(LOG_TAG, "caught while opening stream", e2);
                }
            }
            SdkTracker sdkTracker = this.juspayServices.getSdkTracker();
            FileProviderService fileProviderService = this.juspayServices.getFileProviderService();
            try {
                file = new File(context.getDir("juspay", 0), "certificates_v1");
            } catch (Exception e3) {
                sdkTracker.trackAndLogException(LOG_TAG, "action", PaymentConstants.SubCategory.Action.SYSTEM, Labels.System.JUSPAY_TRUST_MANAGER, "caught while trying to open internal storage for trustmanager", e3);
            }
            if (file != null && file.exists() && file.isDirectory()) {
                this.juspayServices.sdkDebug(LOG_TAG, "reading certs from internal assets");
                for (String str2 : file.list()) {
                    try {
                        String readFromFile = fileProviderService.readFromFile(this.juspayServices.getContext(), "certificates_v1/" + str2);
                        certificateFactory = CertificateFactory.getInstance("X.509");
                        byteArrayInputStream = new ByteArrayInputStream(readFromFile.getBytes());
                    } catch (Exception e4) {
                        sdkTracker.trackAndLogException(LOG_TAG, "action", PaymentConstants.SubCategory.Action.SYSTEM, Labels.System.JUSPAY_TRUST_MANAGER, "caught while initing keystore from internal storage", e4);
                    }
                    try {
                        Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                        if (hashMap.containsKey(str2)) {
                            arrayList.set(((Integer) hashMap.get(str2)).intValue(), (X509Certificate) generateCertificate);
                        } else {
                            arrayList.add((X509Certificate) generateCertificate);
                        }
                        byteArrayInputStream.close();
                    } catch (Throwable th) {
                        try {
                            throw th;
                            break;
                        } finally {
                            break;
                        }
                    }
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (CertificateException e5) {
            JuspayLogger.e(LOG_TAG, "caught while initing keystore from assets", e5);
            return null;
        }
    }

    private X509Certificate getParentCertificate(X509Certificate[] x509CertificateArr, X509Certificate x509Certificate) {
        if (x509CertificateArr != null && x509CertificateArr.length > 0) {
            for (X509Certificate x509Certificate2 : x509CertificateArr) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return x509Certificate2;
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
        }
        JuspayServices juspayServices = this.juspayServices;
        StringBuilder r0 = a.r0("Nothing Found for ");
        r0.append(x509Certificate.getSubjectDN());
        juspayServices.sdkDebug(LOG_TAG, r0.toString());
        return null;
    }

    private X509Certificate getParentCertificate(TrustManager[] trustManagerArr, X509Certificate x509Certificate) {
        X509Certificate parentCertificate;
        for (TrustManager trustManager : trustManagerArr) {
            if ((trustManager instanceof X509TrustManager) && (parentCertificate = getParentCertificate(((X509TrustManager) trustManager).getAcceptedIssuers(), x509Certificate)) != null) {
                return parentCertificate;
            }
        }
        return null;
    }

    private boolean isIpv4Address(String str) {
        int i2;
        String[] split = str.split("\\.");
        if (split.length != 4) {
            return false;
        }
        int length = split.length;
        while (i2 < length) {
            try {
                int parseInt = Integer.parseInt(split[i2]);
                i2 = (parseInt >= 0 && parseInt <= 255) ? i2 + 1 : 0;
            } catch (NumberFormatException unused) {
            }
            return false;
        }
        return true;
    }

    private boolean matchHostname(String str, String str2) {
        return str.equalsIgnoreCase(str2);
    }

    private boolean matchWildCards(String str, String str2) {
        if (str.equalsIgnoreCase(str2)) {
            return true;
        }
        String[] split = str2.split("\\.");
        String[] split2 = str.split("\\.");
        if (split.length != split2.length) {
            return false;
        }
        for (int i2 = 0; i2 < split.length; i2++) {
            if (!Pattern.compile(split[i2].replace("*", ".*")).matcher(split2[i2]).matches()) {
                return false;
            }
        }
        return true;
    }

    private boolean selfSigned(X509Certificate x509Certificate) {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            this.juspayServices.sdkDebug(LOG_TAG, "Self Signed!" + x509Certificate.getSubjectDN());
            return true;
        } catch (Exception e2) {
            this.juspayServices.sdkDebug(LOG_TAG, "Exception while checking self sign" + e2);
            return false;
        }
    }

    private void verifyHostname(String str, X509Certificate x509Certificate) {
        String host = new URI(str).getHost();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (isIpv4Address(host)) {
            for (List<?> list : subjectAlternativeNames) {
                if (list.size() == 2 && ((Integer) list.get(0)).intValue() == 7 && host.equalsIgnoreCase((String) list.get(1))) {
                    return;
                }
            }
            throw new SSLPeerUnverifiedException(a.w("No IP address in the certificate did not match the requested host name", str));
        }
        boolean z = false;
        for (List<?> list2 : subjectAlternativeNames) {
            if (list2.size() == 2 && ((Integer) list2.get(0)).intValue() == 2) {
                if (matchWildCards(host, (String) list2.get(1))) {
                    return;
                } else {
                    z = true;
                }
            }
        }
        if (z || !matchHostname(host, getCommonName(x509Certificate))) {
            throw new SSLPeerUnverifiedException(a.w("No host name in the certificate did not match the requested host name: ", str));
        }
    }

    public void initTrustStore() {
        SdkTracker sdkTracker = this.juspayServices.getSdkTracker();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.defaultTrustManagerFactory = trustManagerFactory;
            trustManagerFactory.init((KeyStore) null);
        } catch (Exception e2) {
            sdkTracker.trackAndLogException(LOG_TAG, "action", PaymentConstants.SubCategory.Action.SYSTEM, Labels.System.JUSPAY_TRUST_MANAGER, "error while initializing trustmanager", e2);
        }
    }

    public boolean testCertificate(WebView webView, SslCertificate sslCertificate, String str) {
        X509Certificate parentCertificate;
        SdkTracker sdkTracker = this.juspayServices.getSdkTracker();
        try {
            Field declaredField = sslCertificate.getClass().getDeclaredField("mX509Certificate");
            declaredField.setAccessible(true);
            X509Certificate x509Certificate = (X509Certificate) declaredField.get(sslCertificate);
            X509Certificate[] localCertificates = getLocalCertificates(webView);
            ArrayList arrayList = new ArrayList();
            try {
                x509Certificate.checkValidity();
                try {
                    verifyHostname(str, x509Certificate);
                    arrayList.add(x509Certificate);
                    do {
                        parentCertificate = getParentCertificate(localCertificates, (X509Certificate) arrayList.get(arrayList.size() - 1));
                        if (parentCertificate != null && !selfSigned(parentCertificate)) {
                            arrayList.add(parentCertificate);
                        }
                        if (parentCertificate == null) {
                            break;
                        }
                    } while (!selfSigned(parentCertificate));
                    X509Certificate parentCertificate2 = getParentCertificate(this.defaultTrustManagerFactory.getTrustManagers(), (X509Certificate) arrayList.get(arrayList.size() - 1));
                    if (parentCertificate2 != null) {
                        arrayList.add(parentCertificate2);
                    }
                    boolean z = false;
                    for (TrustManager trustManager : fetchTrustManager()) {
                        if (trustManager instanceof X509TrustManager) {
                            try {
                                ((X509TrustManager) trustManager).checkServerTrusted((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]), "generic");
                                try {
                                    this.juspayServices.sdkDebug(LOG_TAG, "found a match here!");
                                    return true;
                                } catch (Exception unused) {
                                    z = true;
                                    this.juspayServices.sdkDebug(LOG_TAG, ((X509Certificate) arrayList.get(0)).getSubjectDN() + " is not verified yet.");
                                }
                            } catch (Exception unused2) {
                            }
                        }
                    }
                    return z;
                } catch (Exception e2) {
                    sdkTracker.trackAndLogException(LOG_TAG, "action", PaymentConstants.SubCategory.Action.SYSTEM, Labels.System.JUSPAY_TRUST_MANAGER, "certificate_host_not_valid " + e2, e2);
                    return false;
                }
            } catch (Exception e3) {
                sdkTracker.trackAndLogException(LOG_TAG, "action", PaymentConstants.SubCategory.Action.SYSTEM, Labels.System.JUSPAY_TRUST_MANAGER, "certificate_date_not_valid ", e3);
                return false;
            }
        } catch (Exception e4) {
            this.juspayServices.sdkDebug(LOG_TAG, "Certificate casting error: " + e4);
            return false;
        }
    }
}
