package com.qihoo360.eid.net;

import android.text.TextUtils;
import com.google.gson.annotations.SerializedName;
import com.qihoo360.eid.net.model.NetworkModel;
import java.io.ByteArrayInputStream;
import java.io.StringBufferInputStream;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import online.sniper.AppSettings;
import online.sniper.net.okhttp3.OkHttpClient;
import online.sniper.net.okhttp3.Request;
import online.sniper.net.okhttp3.Response;
import online.sniper.net.ssl.StrictHostnameVerifier;
import online.sniper.utils.Base64;
import online.sniper.utils.GsonUtils;
import online.sniper.utils.RSAUtils;

/* loaded from: classes2.dex */
public class SslCertificateTools {
    public static final String PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAwCua2aBRnT2QPibCPFvR\nMdNX9v+hXe78CEhH4cORfqFEE1OEkuLOsyeHUzdr/+wBJr5qT8BiPEo/EFRc8YDx\nZq56S5QFflGrChfKpOL7hFlI1Cm4PLTigh1V/0gIaycHpQzwPzlGptHRn8s8m1Jr\nLfFMypHXtVyAUBezSeEio4YtZaai9YRC1yRhmRu4Fsv41871NV0Wzne8aNZD/TMb\nLauRDUG5MDtLUA6z/TMYiHW+P5qUZ4/omNwRTNyp+mWOxABZJV9oqlm96TQaiFOl\nBTmbtdwTUaFDHt6uDCRPCvDuhT0EJ2blYdQpqwz/OAVcD7DcUWlmwAzXoLR31JHq\nNQIBIw==\n-----END PUBLIC KEY-----\n";
    private static volatile Certificate sCertificate;

    /* loaded from: classes2.dex */
    public class CertificateItem {

        @SerializedName("cert")
        public String mCert;

        @SerializedName("sign")
        public String mSign;

        public CertificateItem() {
        }
    }

    /* loaded from: classes2.dex */
    public class CertificateModel extends NetworkModel {

        @SerializedName("data")
        public CertificateItem mResult;

        public CertificateModel() {
        }
    }

    private static TrustManager getRealTrustManager() {
        return new X509TrustManager() { // from class: com.qihoo360.eid.net.SslCertificateTools.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                if (SslCertificateTools.sCertificate == null) {
                    SslCertificateTools.updateCertificateTrustManager();
                }
                boolean z = false;
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    if (x509Certificate.getPublicKey().equals(SslCertificateTools.sCertificate.getPublicKey())) {
                        z = true;
                    }
                }
                if (!z) {
                    throw new CertificateException("verified exception");
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    public static void setHttpsCertificate(OkHttpClient.Builder builder) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{getRealTrustManager()}, new SecureRandom());
            builder.sslSocketFactory(sSLContext.getSocketFactory());
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        } catch (Exception e3) {
            e3.printStackTrace();
        }
    }

    public static void setTrustAllCertificate(OkHttpClient.Builder builder) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, null);
            builder.sslSocketFactory(sSLContext.getSocketFactory());
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void updateCertificateTrustManager() throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        String string = AppSettings.getString("cert", "");
        sCertificate = certificateFactory.generateCertificate(new StringBufferInputStream(TextUtils.isEmpty(string) ? "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDINPbyRyQ4AxpB86xlgSGTEjgz\nx4Wzxra76u3Bc+eS456huJ7W781VpWmnWcPdt6kR6IBWaWjSWidbbDnlKa1AYwx2\nmbJY590TXrUM4bstAt95YiYcxmCXAXGt/nDs8zw42IHuv9gNdZaaKaFG77cHLQTC\n7IiXNY6t+yYefpBbYwIDAQAB" : new String(Base64.decode(string))));
    }

    public static void updateHttpsCertificate() throws Exception {
        Request build = new Request.Builder().get().url(NetConstant.URL_UPDATE_CERTIFICATE).build();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.connectTimeout(30L, TimeUnit.SECONDS);
        builder.readTimeout(30L, TimeUnit.SECONDS);
        builder.writeTimeout(30L, TimeUnit.SECONDS);
        builder.followSslRedirects(true);
        setTrustAllCertificate(builder);
        builder.hostnameVerifier(new StrictHostnameVerifier());
        Response execute = builder.build().newCall(build).execute();
        if (execute.code() != 200) {
            throw new NetworkException(execute.code(), execute.message());
        }
        CertificateModel certificateModel = (CertificateModel) GsonUtils.fromJson(execute.body().string(), CertificateModel.class);
        if (certificateModel.code != 0) {
            throw new NetworkException(certificateModel);
        }
        String str = certificateModel.mResult.mCert;
        String str2 = certificateModel.mResult.mSign;
        if (!RSAUtils.verify(str, RSAUtils.loadPublicKey(new ByteArrayInputStream("-----BEGIN PUBLIC KEY-----\nMIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAwCua2aBRnT2QPibCPFvR\nMdNX9v+hXe78CEhH4cORfqFEE1OEkuLOsyeHUzdr/+wBJr5qT8BiPEo/EFRc8YDx\nZq56S5QFflGrChfKpOL7hFlI1Cm4PLTigh1V/0gIaycHpQzwPzlGptHRn8s8m1Jr\nLfFMypHXtVyAUBezSeEio4YtZaai9YRC1yRhmRu4Fsv41871NV0Wzne8aNZD/TMb\nLauRDUG5MDtLUA6z/TMYiHW+P5qUZ4/omNwRTNyp+mWOxABZJV9oqlm96TQaiFOl\nBTmbtdwTUaFDHt6uDCRPCvDuhT0EJ2blYdQpqwz/OAVcD7DcUWlmwAzXoLR31JHq\nNQIBIw==\n-----END PUBLIC KEY-----\n".getBytes())), str2)) {
            throw new NetworkException(-1, "Invalid certificate.");
        }
        AppSettings.setString("cert", str);
        AppSettings.setString("sign", str2);
        updateCertificateTrustManager();
    }
}
