package cn.kuwo.base.http;

import android.text.TextUtils;
import cn.kuwo.a.a.d;
import cn.kuwo.base.utils.aa;
import cn.kuwo.base.utils.y;
import cn.kuwo.player.App;
import cn.kuwo.show.base.constants.Constants;
import com.taobao.weex.common.Constants;
import com.tencent.smtt.export.external.interfaces.SslError;
import com.tencent.smtt.export.external.interfaces.SslErrorHandler;
import com.tencent.smtt.export.external.interfaces.WebResourceResponse;
import com.tencent.smtt.sdk.WebView;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class s {

    /* renamed from: a, reason: collision with root package name */
    public static final String f3678a = "kwCert.dat";

    /* renamed from: b, reason: collision with root package name */
    public static boolean f3679b = false;

    /* renamed from: c, reason: collision with root package name */
    public static volatile boolean f3680c = false;

    /* renamed from: d, reason: collision with root package name */
    public static final HostnameVerifier f3681d = new HostnameVerifier() { // from class: cn.kuwo.base.http.s.2
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (s.f3679b || !s.f3680c) {
                return true;
            }
            try {
                String peerHost = sSLSession.getPeerHost();
                for (X509Certificate x509Certificate : (X509Certificate[]) sSLSession.getPeerCertificates()) {
                    for (String str2 : x509Certificate.getSubjectX500Principal().getName().split(",")) {
                        if (str2.startsWith("CN") && peerHost.equals(str) && str2.contains("kuwo.cn")) {
                            return true;
                        }
                    }
                }
            } catch (SSLPeerUnverifiedException e2) {
                e2.printStackTrace();
                cn.kuwo.base.c.h.e("https_url", "HostnameVerifier--->Err:" + e2.getMessage());
            }
            return false;
        }
    };

    /* renamed from: e, reason: collision with root package name */
    private static final String f3682e = "WebviewSSLHelper";

    /* renamed from: f, reason: collision with root package name */
    private static SSLContext f3683f;

    /* renamed from: g, reason: collision with root package name */
    private static String f3684g;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        private X509TrustManager f3688a;

        /* renamed from: b, reason: collision with root package name */
        private X509TrustManager f3689b;

        public a(X509TrustManager x509TrustManager) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.f3688a = s.b(trustManagerFactory.getTrustManagers());
            this.f3689b = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (s.f3680c) {
                this.f3689b.checkServerTrusted(x509CertificateArr, str);
                return;
            }
            try {
                this.f3689b.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                e2.printStackTrace();
                if (this.f3688a != null) {
                    this.f3688a.checkServerTrusted(x509CertificateArr, str);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b implements X509TrustManager {
        private b() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static WebResourceResponse a(String str) {
        if (f3679b || TextUtils.isEmpty(str) || !str.startsWith("https") || str.endsWith(".js") || str.endsWith(".css") || str.endsWith(Constants.ThumExt) || str.endsWith(".jpg") || str.endsWith(".ico") || str.endsWith(Constants.Name.UNDEFINED) || !str.contains(".kuwo.cn")) {
            return null;
        }
        String substring = str.substring(0, str.indexOf(".kuwo.cn"));
        if (!TextUtils.isEmpty(substring) && substring.contains(".")) {
            return null;
        }
        if (!c(str)) {
            f3680c = false;
            return null;
        }
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
            a(httpsURLConnection);
            httpsURLConnection.setHostnameVerifier(f3681d);
            f3680c = true;
            InputStream inputStream = httpsURLConnection.getInputStream();
            String contentType = httpsURLConnection.getContentType();
            String contentEncoding = httpsURLConnection.getContentEncoding();
            if (contentType != null) {
                if (contentType.contains(";")) {
                    contentType = contentType.split(";")[0].trim();
                }
                if (TextUtils.isEmpty(contentEncoding)) {
                    contentEncoding = "UTF-8";
                }
                return new WebResourceResponse(contentType, contentEncoding, inputStream);
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            if (e2 instanceof SSLException) {
                cn.kuwo.base.c.h.f("WebFragment", "异常是SSLException子类，返回空白页");
                return new WebResourceResponse(null, null, null);
            }
        }
        return null;
    }

    private static SSLContext a(InputStream inputStream) {
        X509TrustManager a2 = a(b(inputStream));
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{a2}, new SecureRandom());
        return sSLContext;
    }

    @org.b.a.d
    private static X509TrustManager a(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return b(trustManagers) != null ? new a(b(trustManagers)) : new b();
    }

    public static void a() {
        f3679b = true;
        f3683f = null;
        f3684g = null;
        f3680c = false;
    }

    public static void a(final WebView webView, final SslErrorHandler sslErrorHandler, final SslError sslError) {
        cn.kuwo.a.a.d.a().a(new d.b() { // from class: cn.kuwo.base.http.s.1
            @Override // cn.kuwo.a.a.d.b, cn.kuwo.a.a.d.a
            public void call() {
                String url = WebView.this.getUrl();
                if (TextUtils.isEmpty(url)) {
                    sslErrorHandler.proceed();
                    return;
                }
                cn.kuwo.base.c.h.e("WebFragment", "onReceivedSslError--" + url);
                if (!s.c(url) || s.f3679b) {
                    sslErrorHandler.proceed();
                    return;
                }
                try {
                    s.c(WebView.this, sslErrorHandler, sslError);
                } catch (Exception e2) {
                    e2.printStackTrace();
                    sslErrorHandler.cancel();
                }
            }
        });
    }

    public static synchronized void a(HttpsURLConnection httpsURLConnection) {
        synchronized (s.class) {
            if (f3679b) {
                return;
            }
            if (f3683f == null) {
                InputStream c2 = c();
                if (c2 == null) {
                    return;
                }
                try {
                    try {
                        try {
                            try {
                                synchronized (s.class) {
                                    f3683f = a(c2);
                                }
                            } catch (KeyStoreException e2) {
                                e2.printStackTrace();
                                f3683f = null;
                            }
                        } catch (IOException e3) {
                            e3.printStackTrace();
                            f3683f = null;
                        }
                    } catch (CertificateException e4) {
                        e4.printStackTrace();
                        f3683f = null;
                    }
                } catch (KeyManagementException e5) {
                    e5.printStackTrace();
                    f3683f = null;
                } catch (NoSuchAlgorithmException e6) {
                    e6.printStackTrace();
                    f3683f = null;
                }
            }
            if (f3683f != null) {
                httpsURLConnection.setSSLSocketFactory(f3683f.getSocketFactory());
            }
        }
    }

    private static KeyStore b(InputStream inputStream) {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        inputStream.close();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("kwServerCert", generateCertificate);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509TrustManager b(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public static void b() {
        f3683f = null;
        f3684g = null;
    }

    private static InputStream c() {
        String str = y.a(31) + "kwCert.dat";
        try {
            if (!aa.i(str)) {
                cn.kuwo.base.c.h.e("https_url", "获取内部部证书：CERT_ASSETS");
                return App.a().getAssets().open("server.pem");
            }
            if (aa.p(str) <= 0) {
                aa.j(str);
                cn.kuwo.base.c.h.e("https_url", "另取内部部证书：CERT_ASSETS");
                return App.a().getAssets().open("server.pem");
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            cn.kuwo.base.c.h.e("https_url", "获取外部证书：" + str);
            return fileInputStream;
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void c(WebView webView, SslErrorHandler sslErrorHandler, SslError sslError) {
        if (TextUtils.isEmpty(f3684g)) {
            synchronized (s.class) {
                f3684g = p.b(c());
            }
        }
        String a2 = p.a(sslError.getCertificate());
        if (f3684g != null && f3684g.equalsIgnoreCase(a2)) {
            cn.kuwo.base.c.h.e("WebFragment", "cert_256:" + f3684g);
            sslErrorHandler.proceed();
            return;
        }
        cn.kuwo.base.c.h.e("WebFragment", "cert_256:" + f3684g + "   <>   server_256:" + a2);
        sslErrorHandler.cancel();
        cn.kuwo.base.uilib.f.a("网站证书效验失败，请更换网络后再试");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean c(String str) {
        return (!TextUtils.isEmpty(str) && str.contains("h5app.kuwo.cn") && str.contains("scanlogin")) || (str.contains("h5static.kuwo.cn") && str.contains(".js")) || str.contains("qrlogin");
    }
}
