package com.sheca.umplus.util;

import android.os.Build;
import com.sheca.javasafeengine;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class MySSLSocketFactory extends SSLSocketFactory {
    SSLContext sslContext;

    public MySSLSocketFactory(KeyStore keyStore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
        super(keyStore);
        this.sslContext = SSLContext.getInstance("TLS");
        this.sslContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.sheca.umplus.util.MySSLSocketFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    String principal = x509Certificate.getSubjectDN().toString();
                    if (principal.indexOf(",") != -1) {
                        principal = principal.substring(0, principal.indexOf(","));
                    }
                    principal.substring(principal.indexOf("=") + 1);
                    x509Certificate.checkValidity();
                }
            }

            /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                Exception e;
                boolean z = false;
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    e = new CertificateException("Certificate chain is invalid.");
                } else if (str == null || str.length() == 0) {
                    e = new CertificateException("Authentication type is invalid.");
                } else {
                    try {
                        boolean z2 = false;
                        for (X509Certificate x509Certificate : x509CertificateArr) {
                            try {
                                String principal = x509Certificate.getSubjectDN().toString();
                                if (principal.indexOf(",") != -1) {
                                    principal = principal.substring(0, principal.indexOf(","));
                                }
                                if (principal.substring(principal.indexOf("=") + 1).equals("umsp.sheca.com") && MySSLSocketFactory.this.verifyCert(x509Certificate)) {
                                    z2 = true;
                                }
                                x509Certificate.checkValidity();
                            } catch (Exception e2) {
                                e = e2;
                            }
                        }
                        e = null;
                        z = z2;
                    } catch (Exception e3) {
                        e = e3;
                    }
                }
                if (!z && e != null) {
                    throw new CertificateException("无效证书");
                }
                if (e != null) {
                    throw new CertificateException(e);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }}, null);
        setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
    }

    private void injectHostname(Socket socket, String str) {
        try {
            if (Integer.valueOf(Build.VERSION.SDK).intValue() >= 4) {
                Field declaredField = InetAddress.class.getDeclaredField("hostName");
                declaredField.setAccessible(true);
                declaredField.set(socket.getInetAddress(), str);
            }
        } catch (Exception unused) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean verifyCert(X509Certificate x509Certificate) {
        byte[] decode;
        javasafeengine javasafeengineVar = new javasafeengine();
        for (int i = 0; i < WebClientUtil.mCertChainList.size(); i++) {
            WebClientUtil.mCertChainList.get(i);
            if (i != 1 && WebClientUtil.mCertChainList.get(i) != null && (decode = Base64.decode(WebClientUtil.mCertChainList.get(i))) != null) {
                try {
                    if (javasafeengineVar.verifyCert(x509Certificate, decode, 0) == 1) {
                        return true;
                    }
                } catch (Exception e) {
                    e.getMessage();
                }
            }
        }
        return false;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() throws IOException {
        return this.sslContext.getSocketFactory().createSocket();
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException, UnknownHostException {
        injectHostname(socket, str);
        Socket createSocket = this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        getHostnameVerifier().verify(str, (SSLSocket) createSocket);
        return createSocket;
    }
}
