package com.mpaas.isec.api;

import android.content.Context;
import android.content.res.AssetManager;
import android.text.TextUtils;
import android.util.Base64;
import cn.com.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import cn.com.infosec.mobile.tls.TLSAndroidUtils;
import com.mpaas.isec.LogCatUtil;
import com.mpaas.isec.https.IsecSSLSocketFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes10.dex */
public class ISecUtil {
    private static Context a;

    private static X509Certificate a(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str, 2)));
    }

    public static SSLSocket a(Socket socket, String str, int i, boolean z) throws IllegalAccessException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, UnrecoverableKeyException {
        if (ISecConfig.a() == null || ISecConfig.a().length == 0) {
            throw new IllegalAccessException("no certs data,please config certs first!!");
        }
        return a(b(), socket, str, i, z);
    }

    private static SSLSocket a(SSLSocketFactory sSLSocketFactory, Socket socket, String str, int i, boolean z) throws IOException {
        LogCatUtil.c("[getSocketFactory]", "start create sslSocket");
        return (SSLSocket) sSLSocketFactory.createSocket(socket, str, i, z);
    }

    public static SSLSocketFactory a(ConfigType configType) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (a != null) {
            return a(ISecConfig.a(configType));
        }
        throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
    }

    public static SSLSocketFactory a(ModuleConfig moduleConfig) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (a == null) {
            throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
        }
        if (moduleConfig == null) {
            return d();
        }
        String[] strArr = moduleConfig.trustedCerts;
        if (!moduleConfig.isTwoWayVerify) {
            return TLSAndroidUtils.createSSLSocketFactory(moduleConfig.sslProtocol, strArr);
        }
        if (moduleConfig.pfxBiConfig == null) {
            throw new IllegalAccessException("pfx has not configured, please config first");
        }
        LogCatUtil.c("[getSocketFactory]", "start init sslContext from pfx");
        String str = moduleConfig.pfxBiConfig.signKeyStorePassword;
        String str2 = moduleConfig.pfxBiConfig.signKeyPassword;
        String str3 = moduleConfig.pfxBiConfig.encKeyStorePassword;
        String str4 = moduleConfig.pfxBiConfig.encKeyPassword;
        AssetManager assets = a.getAssets();
        return TLSAndroidUtils.createSSLSocketFactory(moduleConfig.sslProtocol, strArr, assets.open("sign.pfx"), str, str2, assets.open("enc.pfx"), str3, str4);
    }

    public static TrustManager a(String[] strArr) throws GeneralSecurityException, IOException {
        return TLSAndroidUtils.createTrustManager(strArr);
    }

    private static final X509KeyManager a(KeyManager[] keyManagerArr) throws KeyManagementException {
        for (KeyManager keyManager : keyManagerArr) {
            if (keyManager instanceof X509KeyManager) {
                return (X509KeyManager) keyManager;
            }
        }
        throw new KeyManagementException("Failed to find an X509KeyManager in " + Arrays.toString(keyManagerArr));
    }

    public static X509TrustManager a() throws CertificateException, NoSuchProviderException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
        String[] a2 = ISecConfig.a();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < a2.length; i++) {
            keyStore.setCertificateEntry("ca" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(a2[i], 2))));
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509", "BCJSSE");
        trustManagerFactory.init(keyStore);
        LogCatUtil.c("[getTrustManager]", "init trustManager");
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    public static LayeredSocketFactory a(ModuleConfig moduleConfig, LayeredSocketFactory layeredSocketFactory, Context context) throws IllegalAccessException, GeneralSecurityException, IOException {
        return new IsecSSLSocketFactory(moduleConfig, layeredSocketFactory, context);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void a(Context context) {
        BouncyCastleProvider bouncyCastleProvider;
        a = context;
        Provider provider = Security.getProvider("BC");
        if (provider != null) {
            if (provider.getVersion() < 1.62d) {
                Security.removeProvider("BC");
                bouncyCastleProvider = new BouncyCastleProvider();
            }
            Security.addProvider(new BouncyCastleJsseProvider("BC"));
        }
        bouncyCastleProvider = new BouncyCastleProvider();
        Security.addProvider(bouncyCastleProvider);
        Security.addProvider(new BouncyCastleJsseProvider("BC"));
    }

    public static SSLSocket b(Socket socket, String str, int i, boolean z) throws IllegalAccessException, IOException, GeneralSecurityException {
        if (ISecConfig.a() == null || ISecConfig.a().length == 0) {
            throw new IllegalAccessException("no certs data,please config certs first!!");
        }
        SSLSocketFactory d = d();
        LogCatUtil.c("[getSocketFactory]", "finish init sslContext from pfx");
        return a(d, socket, str, i, z);
    }

    private static SSLSocketFactory b() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, UnrecoverableKeyException, IllegalAccessException {
        String[] a2 = ISecConfig.a();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        for (int i = 0; i < a2.length; i++) {
            keyStore.setCertificateEntry("ca" + i, (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(a2[i], 2))));
            LogCatUtil.c("[getSocketFactory]", "get trust:" + a2[i]);
        }
        if (ISecConfig.c()) {
            LogCatUtil.c("[getSocketFactory]", "start double check config");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(ISecConfig.d(), "BCJSSE");
            TwoWayCheckConfig h = ISecConfig.h();
            if (h != null) {
                if (h.b == null) {
                    throw new IllegalAccessException("config double verify without encrypt cert private key!!");
                }
                if (h.e == null) {
                    throw new IllegalAccessException("config double verify without encrypt cert!!");
                }
                if (h.c == null) {
                    throw new IllegalAccessException("config double verify without sign cert!!");
                }
                if (h.a == null) {
                    throw new IllegalAccessException("config double verify without signCert cert private key");
                }
                char[] charArray = !TextUtils.isEmpty(h.g) ? h.g.toCharArray() : null;
                X509Certificate a3 = a(h.c);
                X509Certificate a4 = a(h.e);
                KeyStore keyStore2 = KeyStore.getInstance("BKS", (Provider) new BouncyCastleProvider());
                keyStore2.load(null, null);
                keyStore2.setKeyEntry(h.d, h.a, charArray, new Certificate[]{a3});
                LogCatUtil.c("[getSocketFactory]", "double check sign config- cert:" + h.c + "\n private key" + h.a.toString());
                KeyStore keyStore3 = KeyStore.getInstance("BKS", (Provider) new BouncyCastleProvider());
                keyStore3.load(null, null);
                keyStore3.setKeyEntry(h.f, h.b, charArray, new Certificate[]{a4});
                LogCatUtil.c("[getSocketFactory]", "double check encrypt config- cert:" + h.e + "\n private key" + h.b.toString());
                keyManagerFactory.init(keyStore2, charArray);
                keyManagerFactory.init(keyStore3, charArray);
            }
        }
        SSLContext sSLContext = SSLContext.getInstance(ISecConfig.b(), "BCJSSE");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509", "BCJSSE");
        trustManagerFactory.init(keyStore);
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        LogCatUtil.c("[getSocketFactory]", "init sslContext");
        return sSLContext.getSocketFactory();
    }

    private static final KeyManager c() throws KeyManagementException {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(null, null);
            return a(keyManagerFactory.getKeyManagers());
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyManagementException(e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeyManagementException(e3);
        }
    }

    private static SSLSocketFactory d() throws IllegalAccessException, IOException, GeneralSecurityException {
        if (a == null) {
            throw new IllegalAccessException("ISec ssl has not init!!,please init first!");
        }
        if (!ISecConfig.k()) {
            return null;
        }
        String[] a2 = ISecConfig.a();
        if (!ISecConfig.c()) {
            return TLSAndroidUtils.createSSLSocketFactory(ISecConfig.b(), a2);
        }
        if (ISecConfig.i() == null) {
            throw new IllegalAccessException("pfx has not configured, please config first");
        }
        LogCatUtil.c("[getSocketFactory]", "start init sslContext from pfx");
        String str = ISecConfig.i().signKeyStorePassword;
        String str2 = ISecConfig.i().signKeyPassword;
        String str3 = ISecConfig.i().encKeyStorePassword;
        String str4 = ISecConfig.i().encKeyPassword;
        AssetManager assets = a.getAssets();
        return TLSAndroidUtils.createSSLSocketFactory(ISecConfig.b(), a2, assets.open("sign.pfx"), str, str2, assets.open("enc.pfx"), str3, str4);
    }
}
