package com.jierain.sdwan.e;

import android.annotation.SuppressLint;
import android.content.Context;
import android.util.Log;
import c.w.b.e;
import com.jierain.sdwan.App;
import java.io.InputStream;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: SSLSocketClient.kt */
/* loaded from: classes.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    public static final a f1890a = new a(null);

    /* compiled from: SSLSocketClient.kt */
    /* loaded from: classes.dex */
    public static final class a {

        /* JADX INFO: Access modifiers changed from: package-private */
        /* compiled from: SSLSocketClient.kt */
        /* renamed from: com.jierain.sdwan.e.b$a$a, reason: collision with other inner class name */
        /* loaded from: classes.dex */
        public static final class C0062a implements HostnameVerifier {

            /* renamed from: a, reason: collision with root package name */
            public static final C0062a f1891a = new C0062a();

            C0062a() {
            }

            @Override // javax.net.ssl.HostnameVerifier
            public final boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        }

        /* compiled from: SSLSocketClient.kt */
        /* renamed from: com.jierain.sdwan.e.b$a$b, reason: collision with other inner class name */
        /* loaded from: classes.dex */
        public static final class C0063b implements X509TrustManager {
            C0063b() {
            }

            @Override // javax.net.ssl.X509TrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                StringBuilder sb = new StringBuilder();
                sb.append("checkServerTrusted, chain.size=");
                sb.append(x509CertificateArr != null ? Integer.valueOf(x509CertificateArr.length) : null);
                sb.append(", authType == ");
                sb.append(str);
                Log.e("SSLSocketClient", sb.toString());
                if (x509CertificateArr == null) {
                    Log.e("SSLSocketClient", "checkServerTrusted: X509Certificate array is null");
                    throw new CertificateException("checkServerTrusted: X509Certificate array is null");
                }
                if (x509CertificateArr.length == 0) {
                    Log.e("SSLSocketClient", "checkServerTrusted: X509Certificate is empty");
                    throw new CertificateException("checkServerTrusted: X509Certificate is empty");
                }
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Context b2 = App.e.b();
                e.b(b2, "App.getAppContext()");
                InputStream open = b2.getAssets().open("sslvpn_sdwan.pem");
                e.b(open, "App.getAppContext().asse….open(\"sslvpn_sdwan.pem\")");
                Certificate generateCertificate = certificateFactory.generateCertificate(open);
                try {
                    x509CertificateArr[0].checkValidity();
                    if (x509CertificateArr.length == 1) {
                        Log.e("SSLSocketClient", "verify ca.publicKey");
                        X509Certificate x509Certificate = x509CertificateArr[0];
                        e.b(generateCertificate, "ca");
                        x509Certificate.verify(generateCertificate.getPublicKey());
                    } else {
                        Log.e("SSLSocketClient", "chain size is more: " + x509CertificateArr.length);
                    }
                } catch (CertificateExpiredException unused) {
                    Log.e("SSLSocketClient", "checkServerTrusted: CertificateExpiredException");
                    throw new CertificateExpiredException("checkServerTrusted:CertificateExpired");
                } catch (CertificateNotYetValidException unused2) {
                    Log.e("SSLSocketClient", "checkServerTrusted: CertificateNotYetValidException");
                    throw new CertificateNotYetValidException("checkServerTrusted:CertificateNotYetValid");
                } catch (CertificateException unused3) {
                    Log.e("SSLSocketClient", "checkServerTrusted: CertificateException");
                    throw new CertificateException("checkServerTrusted:CertificateException");
                } catch (Exception unused4) {
                    Log.e("SSLSocketClient", "checkServerTrusted: GeneralException");
                }
                if (x509CertificateArr.length > 1) {
                    e.b(generateCertificate, "ca");
                    if (!e.a(generateCertificate.getPublicKey(), x509CertificateArr[1].getPublicKey())) {
                        Log.e("SSLSocketClient", "checkServerTrusted: cacert not match");
                        throw new CertificateException("checkServerTrusted:cacert not match");
                    }
                    Log.e("SSLSocketClient", "checkServerTrusted: chain[1] is pass");
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }

        private a() {
        }

        public /* synthetic */ a(c.w.b.b bVar) {
            this();
        }

        public final HostnameVerifier a() {
            return C0062a.f1891a;
        }

        public final SSLSocketFactory b() {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new X509TrustManager[]{c()}, new SecureRandom());
            e.b(sSLContext, "sslContext");
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            e.b(socketFactory, "sslContext.socketFactory");
            return socketFactory;
        }

        public final X509TrustManager c() {
            return new C0063b();
        }
    }
}
