package com.kaspersky.components.certificatechecker;

import android.os.SystemClock;
import java.io.IOException;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import kavsdk.o.eq;
import kavsdk.o.er;
import kavsdk.o.i;

/* loaded from: classes.dex */
public class CertificateChecker {
    private static final String a = "CertificateChecker";
    private static final int b = (int) TimeUnit.MINUTES.toMillis(2);
    public int Q;
    private final long c;
    private String d;

    /* renamed from: e, reason: collision with root package name */
    private byte[][] f7163e;

    static {
        init();
    }

    private CertificateChecker(long j2) {
        this.Q = b;
        this.c = j2;
    }

    public CertificateChecker(long j2, byte b2) {
        this(j2);
    }

    private static boolean Q(Certificate[] certificateArr) throws CertificateException {
        boolean z = true;
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            if (!(certificateArr[i2] instanceof X509Certificate)) {
                throw new CertificateException("Certificate is not X509 type!");
            }
            if (i2 > 0) {
                try {
                    ((X509Certificate) certificateArr[i2 - 1]).verify(((X509Certificate) certificateArr[i2]).getPublicKey());
                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                    z = false;
                }
            }
        }
        return z;
    }

    private static Certificate[] Q(HttpsURLConnection httpsURLConnection) throws IOException {
        try {
            return httpsURLConnection.getServerCertificates();
        } catch (Exception unused) {
            httpsURLConnection.getInputStream();
            return httpsURLConnection.getServerCertificates();
        }
    }

    private void a(Certificate[] certificateArr) throws CertificateException {
        byte[][] bArr = new byte[certificateArr.length];
        for (int i2 = 0; i2 < certificateArr.length; i2++) {
            if (!(certificateArr[i2] instanceof X509Certificate)) {
                throw new CertificateException("Certificate is not X509 type!");
            }
            bArr[i2] = certificateArr[i2].getEncoded();
        }
        this.f7163e = bArr;
    }

    private Certificate[] a(URL url) throws IOException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
        TrustManager[] trustManagerArr = {new er((byte) 0)};
        eq eqVar = new eq();
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(eqVar);
            httpsURLConnection.setConnectTimeout(this.Q);
            httpsURLConnection.setReadTimeout(this.Q);
            try {
                httpsURLConnection.connect();
                return Q(httpsURLConnection);
            } finally {
                httpsURLConnection.disconnect();
            }
        } catch (Exception e2) {
            throw new RuntimeException("Failed to init SSLContext for " + a, e2);
        }
    }

    private native CheckResult checkCertificate(String str, String str2, int i2, byte[][] bArr, long j2) throws IOException;

    private static native void init();

    public final CheckResult Q(String str) throws IOException, CertificateException {
        try {
            return Q(i.w(str));
        } catch (MalformedURLException e2) {
            throw new IllegalArgumentException(e2.getMessage());
        }
    }

    public final CheckResult Q(URL url) throws IOException, CertificateException {
        if (!url.getProtocol().equals("https")) {
            throw new IllegalArgumentException("Invalid URL: only HTTPS protocol is supported");
        }
        long uptimeMillis = SystemClock.uptimeMillis();
        Certificate[] a2 = a(url);
        CheckResult checkResult = new CheckResult(Verdict.Unknown.ordinal(), ExtendedVerdict.Unspecified.ordinal(), 0);
        this.d = InetAddress.getByName(url.getHost()).getHostAddress();
        a(a2);
        if (!Q(a2)) {
            checkResult = new CheckResult(Verdict.Untrusted.ordinal(), ExtendedVerdict.InvalidChain.ordinal(), 0);
        }
        long uptimeMillis2 = SystemClock.uptimeMillis() - uptimeMillis;
        if (checkResult.getVerdict() != Verdict.Untrusted) {
            int port = url.getPort();
            if (port == -1) {
                port = url.getDefaultPort();
            }
            checkResult = checkCertificate(url.getHost(), this.d, port, this.f7163e, this.c);
        }
        checkResult.getTelemetry().Q = uptimeMillis2;
        return checkResult;
    }
}
