package jp.co.nttdocomo.authmodule;

import android.os.Build;
import android.util.Base64;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CaCertRetriever {
    private X509Certificate[] k;
    private X509Certificate[] n = null;
    private boolean z = false;

    /* loaded from: classes.dex */
    public class ParseException extends RuntimeException {
    }

    final X509Certificate d(X509Certificate[] x509CertificateArr, URL url) {
        if (x509CertificateArr == null) {
            return null;
        }
        if (Build.VERSION.SDK_INT >= 21) {
            return RetrieveCACert.retrieveCACertLollipLolliPop(x509CertificateArr, url);
        }
        X509Certificate[] r = r();
        if (r != null) {
            return i(r, x509CertificateArr);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String g(URL url, String str) {
        DcmLog.info(AuthManager.c, "-- start ---");
        X509Certificate[] x509CertificateArr = this.k;
        String str2 = AuthManager.c;
        StringBuilder sb = new StringBuilder();
        sb.append("-- get server certificate ");
        sb.append(x509CertificateArr == null ? "err" : Integer.valueOf(x509CertificateArr.length));
        DcmLog.info(str2, sb.toString());
        m(d(x509CertificateArr, url), str);
        return str;
    }

    final X509Certificate i(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        X509Certificate[] x509CertificateArr3;
        boolean z;
        X509Certificate[] x509CertificateArr4 = x509CertificateArr2;
        int i = 0;
        while (true) {
            if (i >= x509CertificateArr4.length) {
                break;
            }
            int i2 = i + 1;
            int i3 = i2;
            while (true) {
                if (i3 >= x509CertificateArr4.length) {
                    x509CertificateArr3 = x509CertificateArr4;
                    z = false;
                    break;
                }
                if (x509CertificateArr4[i].getIssuerDN().equals(x509CertificateArr4[i3].getSubjectDN())) {
                    if (i3 != i2) {
                        if (x509CertificateArr4 == x509CertificateArr2) {
                            x509CertificateArr4 = (X509Certificate[]) x509CertificateArr2.clone();
                        }
                        X509Certificate x509Certificate = x509CertificateArr4[i3];
                        x509CertificateArr4[i3] = x509CertificateArr4[i2];
                        x509CertificateArr4[i2] = x509Certificate;
                    }
                    x509CertificateArr3 = x509CertificateArr4;
                    z = true;
                } else {
                    i3++;
                }
            }
            if (!z) {
                x509CertificateArr4 = x509CertificateArr3;
                break;
            }
            i = i2;
            x509CertificateArr4 = x509CertificateArr3;
        }
        X509Certificate x509Certificate2 = null;
        int i4 = 0;
        for (int i5 = 0; i5 < x509CertificateArr.length; i5++) {
            i4 = 0;
            while (true) {
                if (i4 > i) {
                    break;
                }
                if (x509CertificateArr4[i4].getSubjectX500Principal().equals(x509CertificateArr[i5].getSubjectX500Principal()) && x509CertificateArr4[i4].getPublicKey().equals(x509CertificateArr[i5].getPublicKey())) {
                    x509Certificate2 = x509CertificateArr[i5];
                    break;
                }
                i4++;
            }
            if (x509Certificate2 != null) {
                break;
            }
        }
        if (i4 != x509CertificateArr4.length) {
        }
        if (x509Certificate2 == null) {
            for (int i6 = 0; i6 < x509CertificateArr.length; i6++) {
                int i7 = i4 - 1;
                if (x509CertificateArr4[i7].getIssuerX500Principal().equals(x509CertificateArr[i6].getSubjectX500Principal())) {
                    try {
                        x509CertificateArr4[i7].verify(x509CertificateArr[i6].getPublicKey());
                        return x509CertificateArr[i6];
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        continue;
                    }
                }
            }
        }
        return x509Certificate2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void j(URL url) {
        String str;
        StringBuilder sb;
        String exc;
        ArrayList arrayList = new ArrayList();
        HttpsURLConnectionEx httpsURLConnectionEx = null;
        this.k = null;
        this.z = false;
        try {
            httpsURLConnectionEx = new HttpsURLConnectionEx(url);
        } catch (IOException unused) {
            DcmLog.error(AuthManager.c, "OCSP ERROR");
        }
        HttpsURLConnection httpsURLConnection = httpsURLConnectionEx.getHttpsURLConnection();
        try {
            httpsURLConnection.connect();
            DcmLog.info(AuthManager.c, "CONNECT");
            Certificate[] serverCertificates = httpsURLConnectionEx.getServerCertificates();
            if (serverCertificates == null) {
                serverCertificates = httpsURLConnection.getServerCertificates();
            }
            httpsURLConnection.disconnect();
            DcmLog.info(AuthManager.c, "DISCONNECT");
            for (int i = 0; i < serverCertificates.length; i++) {
                if (serverCertificates[i] instanceof X509Certificate) {
                    DcmLog.info(AuthManager.c, serverCertificates[i].toString());
                    arrayList.add((X509Certificate) serverCertificates[i]);
                }
            }
            DcmLog.info(AuthManager.c, "ADD CERT");
            this.z = true;
            this.k = (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
            DcmLog.info(AuthManager.c, "OCSP GOOD");
        } catch (SSLHandshakeException e) {
            str = AuthManager.c;
            sb = new StringBuilder();
            sb.append("SSLHandshakeException ");
            exc = e.toString();
            sb.append(exc);
            DcmLog.error(str, sb.toString());
        } catch (SSLPeerUnverifiedException unused2) {
            DcmLog.error(AuthManager.c, "OCSP NOT INIT");
        } catch (IOException e2) {
            str = AuthManager.c;
            sb = new StringBuilder();
            sb.append("OCSP ERROR");
            exc = e2.toString();
            sb.append(exc);
            DcmLog.error(str, sb.toString());
        } catch (Exception e3) {
            str = AuthManager.c;
            sb = new StringBuilder();
            sb.append("OCSP UNKNOWN ERROR");
            exc = e3.toString();
            sb.append(exc);
            DcmLog.error(str, sb.toString());
        }
    }

    final String m(X509Certificate x509Certificate, String str) {
        String str2;
        String certificateEncodingException;
        File file = new File(str);
        if (file.exists()) {
            file.delete();
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            DcmLog.info(AuthManager.c, new String(o(x509Certificate.getEncoded()), "UTF-8"));
            fileOutputStream.write(o(x509Certificate.getEncoded()));
            fileOutputStream.close();
            return null;
        } catch (FileNotFoundException e) {
            str2 = AuthManager.c;
            certificateEncodingException = e.toString();
            DcmLog.error(str2, certificateEncodingException);
            return null;
        } catch (IOException e2) {
            str2 = AuthManager.c;
            certificateEncodingException = e2.toString();
            DcmLog.error(str2, certificateEncodingException);
            return null;
        } catch (CertificateEncodingException e3) {
            str2 = AuthManager.c;
            certificateEncodingException = e3.toString();
            DcmLog.error(str2, certificateEncodingException);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void o(URL url) {
        String[] strArr = {"TLS_RSA_WITH_AES_256_CBC_SHA"};
        this.k = null;
        this.z = false;
        try {
            SSLSocket sSLSocket = (SSLSocket) SSLSocketFactory.getDefault().createSocket(url.getHost(), 443);
            sSLSocket.setEnabledCipherSuites(strArr);
            Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < peerCertificates.length; i++) {
                if (peerCertificates[i] instanceof X509Certificate) {
                    arrayList.add((X509Certificate) peerCertificates[i]);
                }
            }
            this.k = (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
            this.z = true;
            sSLSocket.close();
        } catch (Exception unused) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean o() {
        return this.z;
    }

    final byte[] o(byte[] bArr) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] encode = Base64.encode(bArr, 0);
            byteArrayOutputStream.write("-----BEGIN CERTIFICATE-----\n".getBytes());
            byteArrayOutputStream.write(encode);
            byteArrayOutputStream.write("-----END CERTIFICATE-----".getBytes());
        } catch (IOException unused) {
        }
        return byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final X509Certificate[] q() {
        return this.k;
    }

    final X509Certificate[] r() {
        try {
            KeyStore keyStore = Build.VERSION.SDK_INT >= 14 ? KeyStore.getInstance("AndroidCAStore") : null;
            if (keyStore == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
                if (trustManager instanceof X509TrustManager) {
                    return ((X509TrustManager) trustManager).getAcceptedIssuers();
                }
                return null;
            }
            ArrayList arrayList = new ArrayList();
            keyStore.load(null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
            return null;
        }
    }
}
