package org.knowm.xchange.utils;

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.concurrent.CopyOnWriteArraySet;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public class CertHelper {
    public static SSLSocketFactory createExpiredAcceptingSSLSocketFactory(final String str) {
        try {
            final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            X509TrustManager x509TrustManager = new X509TrustManager() { // from class: org.knowm.xchange.utils.CertHelper.1
                private boolean certificateMatches(X509Certificate[] x509CertificateArr, boolean z) {
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate.getSubjectX500Principal().getName().equals(str) && (!z || x509Certificate.getNotAfter().before(new Date()))) {
                            return true;
                        }
                    }
                    return false;
                }

                private X509TrustManager getDefaultTrustManager() {
                    for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                        if (trustManager instanceof X509TrustManager) {
                            return (X509TrustManager) trustManager;
                        }
                    }
                    throw new IllegalStateException();
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    System.out.println("checking client trusted: " + Arrays.toString(x509CertificateArr));
                    getDefaultTrustManager().checkClientTrusted(x509CertificateArr, str2);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                    try {
                        getDefaultTrustManager().checkServerTrusted(x509CertificateArr, str2);
                        if (certificateMatches(x509CertificateArr, false)) {
                            throw new CertificateException("Update code to reject expired certificate, up-to-date certificate found: " + str);
                        }
                    } catch (CertificateException e2) {
                        for (Throwable th = e2; th != null; th = th.getCause()) {
                            if ((th instanceof CertificateExpiredException) && certificateMatches(x509CertificateArr, true)) {
                                return;
                            }
                        }
                        throw e2;
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return getDefaultTrustManager().getAcceptedIssuers();
                }
            };
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, null);
            return sSLContext.getSocketFactory();
        } catch (GeneralSecurityException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public static HostnameVerifier createIncorrectHostnameVerifier(final String str, final String str2) {
        return new HostnameVerifier() { // from class: org.knowm.xchange.utils.CertHelper.3
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str3, SSLSession sSLSession) {
                try {
                    String name = sSLSession.getPeerPrincipal().getName();
                    if (str3.equals(str)) {
                        if (name.equals(str2)) {
                            return true;
                        }
                    }
                } catch (SSLPeerUnverifiedException unused) {
                }
                return HttpsURLConnection.getDefaultHostnameVerifier().verify(str3, sSLSession);
            }
        };
    }

    public static SSLSocketFactory createRestrictedSSLSocketFactory(String... strArr) {
        final CopyOnWriteArraySet copyOnWriteArraySet = new CopyOnWriteArraySet(Arrays.asList(strArr));
        return new SSLSocketFactory() { // from class: org.knowm.xchange.utils.CertHelper.2
            private String[] filter(String[] strArr2, String[] strArr3) throws IOException {
                CopyOnWriteArraySet copyOnWriteArraySet2 = new CopyOnWriteArraySet(Arrays.asList(strArr2));
                copyOnWriteArraySet2.removeAll(copyOnWriteArraySet);
                if (copyOnWriteArraySet2.isEmpty()) {
                    copyOnWriteArraySet2.addAll(Arrays.asList(strArr3));
                    copyOnWriteArraySet2.removeAll(copyOnWriteArraySet);
                }
                if (!copyOnWriteArraySet2.isEmpty()) {
                    return (String[]) copyOnWriteArraySet2.toArray(new String[copyOnWriteArraySet2.size()]);
                }
                throw new IOException("No supported SSL attributed enabled.  " + Arrays.toString(strArr2) + " provided, " + copyOnWriteArraySet.toString() + " disabled, " + Arrays.toString(strArr3) + " supported, result: " + copyOnWriteArraySet2.toString());
            }

            private SSLSocket fixupSocket(Socket socket) throws IOException {
                SSLSocket sSLSocket = (SSLSocket) socket;
                sSLSocket.setEnabledProtocols(filter(sSLSocket.getEnabledProtocols(), sSLSocket.getSupportedProtocols()));
                sSLSocket.setEnabledCipherSuites(filter(sSLSocket.getEnabledCipherSuites(), sSLSocket.getSupportedCipherSuites()));
                return sSLSocket;
            }

            private SSLSocketFactory getDefaultFactory() {
                return (SSLSocketFactory) SSLSocketFactory.getDefault();
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i) throws IOException {
                return fixupSocket(getDefaultFactory().createSocket(str, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(String str, int i, InetAddress inetAddress, int i2) throws IOException {
                return fixupSocket(getDefaultFactory().createSocket(str, i, inetAddress, i2));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i) throws IOException {
                return fixupSocket(getDefaultFactory().createSocket(inetAddress, i));
            }

            @Override // javax.net.SocketFactory
            public Socket createSocket(InetAddress inetAddress, int i, InetAddress inetAddress2, int i2) throws IOException {
                return fixupSocket(getDefaultFactory().createSocket(inetAddress, i, inetAddress2, i2));
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
                return fixupSocket(getDefaultFactory().createSocket(socket, str, i, z));
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getDefaultCipherSuites() {
                return getDefaultFactory().getDefaultCipherSuites();
            }

            @Override // javax.net.ssl.SSLSocketFactory
            public String[] getSupportedCipherSuites() {
                return getDefaultFactory().getSupportedCipherSuites();
            }
        };
    }

    @Deprecated
    public static void trustAllCerts() throws Exception {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.knowm.xchange.utils.CertHelper.4
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { // from class: org.knowm.xchange.utils.CertHelper.5
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                return true;
            }
        });
    }
}
