package com.kaspersky.components.certificatechecker;

import android.annotation.SuppressLint;
import android.os.SystemClock;
import com.kaspersky.components.utils.net.NetworkFileUtils;
import com.kms.kmsshared.ProtectedKMSApplication;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class CertificateChecker {

    /* renamed from: e, reason: collision with root package name */
    public static final int f7966e = (int) TimeUnit.MINUTES.toMillis(2);

    /* renamed from: a, reason: collision with root package name */
    public final long f7967a;

    /* renamed from: b, reason: collision with root package name */
    public String f7968b;

    /* renamed from: c, reason: collision with root package name */
    public byte[][] f7969c;

    /* renamed from: d, reason: collision with root package name */
    public int f7970d = f7966e;

    @SuppressLint({"CustomX509TrustManager"})
    /* loaded from: classes.dex */
    public static class a implements X509TrustManager {
        @Override // javax.net.ssl.X509TrustManager
        public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                x509CertificateArr[0].checkValidity();
            } catch (CertificateException unused) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public final X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    static {
        init();
    }

    public CertificateChecker(long j10) {
        this.f7967a = j10;
    }

    private native CheckResult checkCertificate(String str, String str2, int i10, byte[][] bArr, long j10);

    private static native void init();

    public final CheckResult a(String str) {
        Certificate[] serverCertificates;
        X500Principal issuerX500Principal;
        try {
            URL url = NetworkFileUtils.getUrl(str);
            if (!url.getProtocol().equals(ProtectedKMSApplication.s("ª"))) {
                throw new IllegalArgumentException(ProtectedKMSApplication.s("®"));
            }
            SystemClock.uptimeMillis();
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            boolean z8 = true;
            TrustManager[] trustManagerArr = {new a()};
            n9.a aVar = new n9.a();
            try {
                SSLContext sSLContext = SSLContext.getInstance(ProtectedKMSApplication.s("«"));
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                httpsURLConnection.setHostnameVerifier(aVar);
                httpsURLConnection.setConnectTimeout(this.f7970d);
                httpsURLConnection.setReadTimeout(this.f7970d);
                try {
                    httpsURLConnection.connect();
                    try {
                        serverCertificates = httpsURLConnection.getServerCertificates();
                    } catch (Exception unused) {
                        httpsURLConnection.getInputStream();
                        serverCertificates = httpsURLConnection.getServerCertificates();
                    }
                    httpsURLConnection.disconnect();
                    CheckResult checkResult = new CheckResult(Verdict.Unknown.ordinal(), ExtendedVerdict.Unspecified.ordinal(), 0);
                    this.f7968b = InetAddress.getByName(url.getHost()).getHostAddress();
                    Certificate[] certificateArr = (Certificate[]) serverCertificates.clone();
                    LinkedHashMap linkedHashMap = new LinkedHashMap();
                    LinkedHashMap linkedHashMap2 = new LinkedHashMap();
                    for (int i10 = 0; i10 < certificateArr.length; i10++) {
                        Certificate certificate = certificateArr[i10];
                        if (certificate instanceof X509Certificate) {
                            X509Certificate x509Certificate = (X509Certificate) certificate;
                            X500Principal issuerX500Principal2 = x509Certificate.getIssuerX500Principal();
                            if (issuerX500Principal2 != null) {
                                linkedHashMap.put(issuerX500Principal2, Integer.valueOf(i10));
                            }
                            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                            if (subjectX500Principal != null) {
                                linkedHashMap2.put(subjectX500Principal, Integer.valueOf(i10));
                            }
                        }
                    }
                    boolean z10 = linkedHashMap.size() < certificateArr.length;
                    boolean z11 = linkedHashMap.size() == certificateArr.length && linkedHashMap2.size() == certificateArr.length;
                    if (z10 || z11) {
                        for (int i11 = 0; i11 < certificateArr.length; i11++) {
                            if ((certificateArr[i11] instanceof X509Certificate) && i11 > 0 && (issuerX500Principal = ((X509Certificate) certificateArr[i11 - 1]).getIssuerX500Principal()) != null) {
                                Integer valueOf = Integer.valueOf(i11);
                                Integer num = (Integer) linkedHashMap2.get(issuerX500Principal);
                                if (valueOf != null && num != null && !valueOf.equals(num)) {
                                    Certificate certificate2 = certificateArr[valueOf.intValue()];
                                    certificateArr[valueOf.intValue()] = certificateArr[num.intValue()];
                                    certificateArr[num.intValue()] = certificate2;
                                }
                            }
                        }
                    }
                    byte[][] bArr = new byte[certificateArr.length];
                    int i12 = 0;
                    while (true) {
                        int length = certificateArr.length;
                        String s10 = ProtectedKMSApplication.s("¬");
                        if (i12 >= length) {
                            this.f7969c = bArr;
                            for (int i13 = 0; i13 < certificateArr.length; i13++) {
                                Certificate certificate3 = certificateArr[i13];
                                if (!(certificate3 instanceof X509Certificate)) {
                                    throw new CertificateException(s10);
                                }
                                if (i13 > 0) {
                                    try {
                                        ((X509Certificate) certificateArr[i13 - 1]).verify(((X509Certificate) certificate3).getPublicKey());
                                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused2) {
                                        z8 = false;
                                    }
                                }
                            }
                            if (!z8) {
                                checkResult = new CheckResult(Verdict.Untrusted.ordinal(), ExtendedVerdict.InvalidChain.ordinal(), 0);
                            }
                            SystemClock.uptimeMillis();
                            if (checkResult.getVerdict() != Verdict.Untrusted) {
                                int port = url.getPort();
                                if (port == -1) {
                                    port = url.getDefaultPort();
                                }
                                checkResult = checkCertificate(url.getHost(), this.f7968b, port, this.f7969c, this.f7967a);
                            }
                            checkResult.getTelemetry().getClass();
                            return checkResult;
                        }
                        Certificate certificate4 = certificateArr[i12];
                        if (!(certificate4 instanceof X509Certificate)) {
                            throw new CertificateException(s10);
                        }
                        bArr[i12] = certificate4.getEncoded();
                        i12++;
                    }
                } catch (Throwable th2) {
                    httpsURLConnection.disconnect();
                    throw th2;
                }
            } catch (Exception e10) {
                throw new RuntimeException(ProtectedKMSApplication.s("\u00ad"), e10);
            }
        } catch (MalformedURLException e11) {
            throw new IllegalArgumentException(e11.getMessage());
        }
    }
}
