package org.cocos2dx.lib;

import android.content.Context;
import android.content.res.Resources;
import android.util.Log;
import cz.msebera.android.httpclient.conn.ssl.SSLConnectionSocketFactory;
import cz.msebera.android.httpclient.conn.ssl.SSLSocketFactory;
import cz.msebera.android.httpclient.conn.ssl.X509HostnameVerifier;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class PtSSLFactory extends SSLSocketFactory {
    private static final String[] trustedCAs = {"isrg_root_x1", "isrg_root_x2"};

    /* loaded from: classes2.dex */
    class a implements X509TrustManager {
        a() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new CertificateException("PtSSLFactory: The server has empty certificate");
            }
            ArrayList<Certificate> ptTrustedCertificates = PtSSLFactory.getPtTrustedCertificates();
            if (ptTrustedCertificates.size() == 0) {
                throw new CertificateException("PtSSLFactory: there is no trusted CA in app");
            }
            Log.d("PtSSLFactory", "server CA Len: " + x509CertificateArr.length);
            boolean z = false;
            for (int i = 0; i < x509CertificateArr.length; i++) {
                try {
                    x509CertificateArr[i].checkValidity();
                    int i2 = 0;
                    while (true) {
                        if (i2 >= ptTrustedCertificates.size()) {
                            break;
                        }
                        try {
                            x509CertificateArr[i].verify(ptTrustedCertificates.get(i).getPublicKey());
                            z = true;
                            break;
                        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                            i2++;
                        }
                    }
                } catch (Exception unused2) {
                    Log.d("PtSSLFactory", "Server CA not valid, maybe expired: " + x509CertificateArr[i].getIssuerX500Principal().getName());
                }
                if (z) {
                    break;
                }
            }
            if (z) {
                return;
            }
            Log.d("PtSSLFactory", "localCertificate trust failed");
            throw new CertificateException("PtSSLFactory-Certificate not valid or trusted.");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            Log.d("PtSSLFactory", "getAcceptedIssuers");
            return null;
        }
    }

    public PtSSLFactory(SSLContext sSLContext, X509HostnameVerifier x509HostnameVerifier) {
        super(sSLContext, x509HostnameVerifier);
    }

    static Certificate getCertificate(Context context, String str) {
        Certificate certificate = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                Resources resources = context.getResources();
                try {
                    certificate = certificateFactory.generateCertificate(resources.openRawResource(resources.getIdentifier(str, "raw", context.getPackageName())));
                } catch (CertificateException e) {
                    Log.d("PtSSLFactory", "generateCertificate failed: " + str + ", msg: " + e.getMessage());
                }
            } catch (Exception e2) {
                Log.d("PtSSLFactory", "open CA failed: " + str + ", msg: " + e2.getMessage());
            }
        } catch (Throwable th) {
            Log.d("PtSSLFactory", "In CertficateFactory.getInstance");
            th.printStackTrace();
        }
        return certificate;
    }

    public static SSLSocketFactory getPtFactory() {
        try {
            a aVar = new a();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{aVar}, null);
            return new PtSSLFactory(sSLContext, SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
        } catch (Throwable th) {
            th.printStackTrace();
            Log.d("PtSSLFactory", "Create SSLFactory failed, use SSL Default");
            return SSLSocketFactory.getSocketFactory();
        }
    }

    static ArrayList<Certificate> getPtTrustedCertificates() {
        ArrayList<Certificate> arrayList = new ArrayList<>();
        Context applicationContext = Cocos2dxHelper.getActivity().getApplicationContext();
        int i = 0;
        while (true) {
            String[] strArr = trustedCAs;
            if (i >= strArr.length) {
                return arrayList;
            }
            Certificate certificate = getCertificate(applicationContext, strArr[i]);
            if (certificate != null) {
                arrayList.add(certificate);
            }
            i++;
        }
    }
}
