package android.net.http;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.DefaultHostnameVerifier;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import org.apache.harmony.security.provider.cert.X509CertImpl;
import org.apache.harmony.xnet.provider.jsse.SSLParametersImpl;
import org.apache.harmony.xnet.provider.jsse.TrustManagerImpl;

/* loaded from: classes2.dex */
public class CertificateChainValidator {
    private static final CertificateChainValidator sInstance = new CertificateChainValidator();
    private static final DefaultHostnameVerifier sVerifier = new DefaultHostnameVerifier();

    private CertificateChainValidator() {
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str) throws IOException {
        if (sSLSocket != null) {
            SSLSession session = sSLSocket.getSession();
            if (session != null) {
                session.invalidate();
            }
            sSLSocket.close();
        }
        throw new SSLHandshakeException(str);
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str, String str2) throws IOException {
        if (str == null) {
            str = str2;
        }
        closeSocketThrowException(sSLSocket, str);
    }

    public static CertificateChainValidator getInstance() {
        return sInstance;
    }

    public static void handleTrustStorageUpdate() {
        try {
            X509TrustManager defaultTrustManager = SSLParametersImpl.getDefaultTrustManager();
            if (defaultTrustManager instanceof TrustManagerImpl) {
                ((TrustManagerImpl) defaultTrustManager).handleTrustStorageUpdate();
            }
        } catch (KeyManagementException unused) {
        }
    }

    public static SslError verifyServerCertificates(byte[][] bArr, String str, String str2) throws IOException {
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("bad certificate chain");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            x509CertificateArr[i] = new X509CertImpl(bArr[i]);
        }
        return verifyServerDomainAndCertificates(x509CertificateArr, str, str2);
    }

    private static SslError verifyServerDomainAndCertificates(X509Certificate[] x509CertificateArr, String str, String str2) throws IOException {
        boolean z = false;
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate for this site is null");
        }
        if (str != null && !str.isEmpty() && sVerifier.verify(str, x509Certificate)) {
            z = true;
        }
        if (!z) {
            return new SslError(2, x509Certificate);
        }
        try {
            SSLParametersImpl.getDefaultTrustManager().checkServerTrusted(x509CertificateArr, str2);
            return null;
        } catch (GeneralSecurityException unused) {
            return new SslError(3, x509Certificate);
        }
    }

    public SslError doHandshakeAndValidateServerCertificates(HttpsConnection httpsConnection, SSLSocket sSLSocket, String str) throws IOException {
        if (!sSLSocket.getSession().isValid()) {
            closeSocketThrowException(sSLSocket, "failed to perform SSL handshake");
        }
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            closeSocketThrowException(sSLSocket, "failed to retrieve peer certificates");
        } else if (httpsConnection != null && peerCertificates[0] != null) {
            httpsConnection.setCertificate(new SslCertificate((X509Certificate) peerCertificates[0]));
        }
        return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, str, "RSA");
    }
}
