package cn.kuwo.base.http;

import android.text.TextUtils;
import android.util.Base64;
import cn.kuwo.base.utils.ab;
import cn.kuwo.base.utils.ad;
import cn.kuwo.base.utils.aj;
import cn.kuwo.base.utils.bl;
import cn.kuwo.base.utils.z;
import cn.kuwo.player.App;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.jetbrains.annotations.NotNull;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class h {

    /* renamed from: a, reason: collision with root package name */
    public static final String f3521a = "kwCert.dat";

    /* renamed from: b, reason: collision with root package name */
    public static final String f3522b = "server_cert_file_check";

    /* renamed from: c, reason: collision with root package name */
    public static final String f3523c = "server.pem";

    /* renamed from: d, reason: collision with root package name */
    public static final String f3524d = "4522bca848e90ea9762c7356fa97f909";

    /* renamed from: e, reason: collision with root package name */
    public static final HostnameVerifier f3525e = new HostnameVerifier() { // from class: cn.kuwo.base.http.h.2
        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (!h.i) {
                return true;
            }
            try {
                String peerHost = sSLSession.getPeerHost();
                for (X509Certificate x509Certificate : (X509Certificate[]) sSLSession.getPeerCertificates()) {
                    for (String str2 : x509Certificate.getSubjectX500Principal().getName().split(",")) {
                        if (str2.startsWith("CN") && peerHost.equals(str) && str2.contains("kuwo.cn")) {
                            return true;
                        }
                    }
                }
            } catch (SSLPeerUnverifiedException e2) {
                e2.printStackTrace();
                cn.kuwo.base.c.i.e("https_url", "HostnameVerifier--->Err:" + e2.getMessage());
            }
            return false;
        }
    };

    /* renamed from: f, reason: collision with root package name */
    private static final String f3526f = "HttpsSSLHelper";

    /* renamed from: g, reason: collision with root package name */
    private static final long f3527g = 1296000000;

    /* renamed from: h, reason: collision with root package name */
    private static SSLContext f3528h = null;
    private static boolean i = false;
    private static boolean j = true;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private int f3529a;

        /* renamed from: b, reason: collision with root package name */
        private String f3530b;

        /* renamed from: c, reason: collision with root package name */
        private String f3531c;

        protected a() {
        }

        public void a(int i) {
            this.f3529a = i;
        }

        public void a(String str) {
            this.f3530b = str;
        }

        public boolean a() {
            return this.f3529a == 201;
        }

        public int b() {
            return this.f3529a;
        }

        public void b(String str) {
            this.f3531c = str;
        }

        public String c() {
            return this.f3530b;
        }

        public String d() {
            return this.f3531c;
        }

        public boolean e() {
            return this.f3529a == 200 && !"4522bca848e90ea9762c7356fa97f909".equals(this.f3531c);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        private X509TrustManager f3532a;

        /* renamed from: b, reason: collision with root package name */
        private X509TrustManager f3533b;

        public b(X509TrustManager x509TrustManager) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.f3532a = h.b(trustManagerFactory.getTrustManagers());
            this.f3533b = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (h.i) {
                this.f3533b.checkServerTrusted(x509CertificateArr, str);
                return;
            }
            try {
                this.f3533b.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                e2.printStackTrace();
                if (this.f3532a != null) {
                    this.f3532a.checkServerTrusted(x509CertificateArr, str);
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class c implements X509TrustManager {
        private c() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public static String a(String str) {
        return (!i || str == null || !str.contains(".kuwo.cn") || str.substring(0, str.indexOf(".kuwo.cn")).contains(".") || str.contains("log.kuwo.cn") || str.contains("update/https/cert") || str.contains("cdn.kuwo.cn")) ? str : str.replace("http:", "https:");
    }

    private static SSLContext a(InputStream inputStream) {
        X509TrustManager a2 = a(b(inputStream));
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{a2}, new SecureRandom());
        return sSLContext;
    }

    @NotNull
    private static X509TrustManager a(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        return b(trustManagers) != null ? new b(b(trustManagers)) : new c();
    }

    public static synchronized void a(HttpsURLConnection httpsURLConnection) {
        synchronized (h.class) {
            if (i) {
                if (f3528h == null) {
                    InputStream e2 = e();
                    if (e2 == null) {
                        return;
                    }
                    try {
                        try {
                            try {
                                try {
                                    synchronized (h.class) {
                                        f3528h = a(e2);
                                    }
                                } catch (KeyStoreException e3) {
                                    e3.printStackTrace();
                                    f3528h = null;
                                }
                            } catch (IOException e4) {
                                e4.printStackTrace();
                                f3528h = null;
                            }
                        } catch (CertificateException e5) {
                            e5.printStackTrace();
                            f3528h = null;
                        }
                    } catch (KeyManagementException e6) {
                        e6.printStackTrace();
                        f3528h = null;
                    } catch (NoSuchAlgorithmException e7) {
                        e7.printStackTrace();
                        f3528h = null;
                    }
                }
                if (f3528h != null) {
                    httpsURLConnection.setSSLSocketFactory(f3528h.getSocketFactory());
                }
            }
        }
    }

    public static void a(boolean z) {
        i = z;
        String str = ab.a(31) + "https.config";
        if (z) {
            ad.a(str, 0L);
        } else {
            ad.j(str);
        }
    }

    public static boolean a() {
        return i;
    }

    protected static a b(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        cn.kuwo.base.c.i.e("https_url", str);
        try {
            JSONObject jSONObject = new JSONObject(str);
            int optInt = jSONObject.optInt("code");
            if (optInt != 200) {
                if (optInt != 201) {
                    return null;
                }
                a aVar = new a();
                aVar.a(201);
                return aVar;
            }
            JSONObject optJSONObject = jSONObject.optJSONObject("data");
            if (optJSONObject == null) {
                return null;
            }
            a aVar2 = new a();
            aVar2.a(optInt);
            aVar2.b(optJSONObject.optString("md5"));
            aVar2.a(optJSONObject.optString("content"));
            return aVar2;
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    private static KeyStore b(InputStream inputStream) {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        inputStream.close();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry("kwServerCert", generateCertificate);
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509TrustManager b(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public static void b() {
        i = ad.i(ab.a(31) + "https.config");
    }

    public static void c() {
        j = cn.kuwo.base.config.d.a("appconfig", cn.kuwo.base.config.b.qY, true);
        if (j) {
            aj.a(new Runnable() { // from class: cn.kuwo.base.http.h.1
                @Override // java.lang.Runnable
                public void run() {
                    a b2;
                    byte[] decode;
                    long a2 = cn.kuwo.base.config.d.a("appconfig", "server_cert_file_check", 0L);
                    if (a2 != 0 && System.currentTimeMillis() - a2 <= h.f3527g) {
                        cn.kuwo.base.c.i.e("https_url", "不需要更新证书，上次更新时间：" + z.b(a2));
                        return;
                    }
                    String str = ab.a(31) + "kwCert.dat";
                    String str2 = "4522bca848e90ea9762c7356fa97f909";
                    if (ad.i(str)) {
                        try {
                            str2 = cn.kuwo.base.utils.b.e.d(str);
                            cn.kuwo.base.c.i.e("https_url", "读取外部文件MD5:" + str2);
                        } catch (IOException e2) {
                            e2.printStackTrace();
                            ad.j(str);
                            str2 = "4522bca848e90ea9762c7356fa97f909";
                        }
                    }
                    String httpsCertUpdateUrl = bl.getHttpsCertUpdateUrl(str2);
                    cn.kuwo.base.c.i.e("https_url", httpsCertUpdateUrl);
                    HttpResult c2 = new f().c(httpsCertUpdateUrl);
                    if (c2 == null || !c2.a() || (b2 = h.b(c2.b())) == null) {
                        return;
                    }
                    if (b2.a()) {
                        cn.kuwo.base.config.d.a("appconfig", "server_cert_file_check", System.currentTimeMillis(), false);
                        return;
                    }
                    if (b2.e() && ad.j(str) && (decode = Base64.decode(b2.c(), 0)) != null) {
                        cn.kuwo.base.c.i.e("https_url", ad.a(str, decode) + " 证书保存到：" + str);
                        synchronized (h.class) {
                            SSLContext unused = h.f3528h = null;
                            s.b();
                        }
                        cn.kuwo.base.config.d.a("appconfig", "server_cert_file_check", System.currentTimeMillis(), false);
                    }
                }
            });
            return;
        }
        a(false);
        s.a();
        ad.j(ab.a(31) + "kwCert.dat");
    }

    private static InputStream e() {
        String str = ab.a(31) + "kwCert.dat";
        try {
            if (!ad.i(str)) {
                cn.kuwo.base.c.i.e("https_url", "获取内部部证书：CERT_ASSETS");
                return App.a().getAssets().open("server.pem");
            }
            if (ad.p(str) <= 0) {
                ad.j(str);
                cn.kuwo.base.c.i.e("https_url", "另取内部部证书：CERT_ASSETS");
                return App.a().getAssets().open("server.pem");
            }
            FileInputStream fileInputStream = new FileInputStream(str);
            cn.kuwo.base.c.i.e("https_url", "获取外部证书：" + str);
            return fileInputStream;
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }
}
