package defpackage;

import android.content.Context;
import com.android.emailcommon.provider.HostAuth;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.cert.CertificateEncodingException;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class cpw {
    public static cpt a;
    private static final HostnameVerifier b = HttpsURLConnection.getDefaultHostnameVerifier();

    public static void a(HostAuth hostAuth, SSLSocket sSLSocket, boolean z, String str) {
        if (hostAuth == null || hostAuth.p == 8) {
            return;
        }
        sSLSocket.startHandshake();
        SSLSession session = sSLSocket.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        X509Certificate[] f = f(session);
        if (f == null || f.length == 0) {
            throw new SSLException("Certificate chain is empty!");
        }
        if (z || b.verify(str, session)) {
            c(f, hostAuth);
        } else {
            hostAuth.l(6, f[0], f);
            String valueOf = String.valueOf(hostAuth.c);
            throw new SSLPeerUnverifiedException(valueOf.length() != 0 ? "Certificate hostname not useable for server: ".concat(valueOf) : new String("Certificate hostname not useable for server: "));
        }
    }

    public static X509Certificate[] b(HostAuth hostAuth) {
        X509Certificate[] x509CertificateArr = null;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new X509TrustManager[]{new cps()}, null);
            SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(hostAuth.c, hostAuth.d);
            try {
                x509CertificateArr = f(sSLSocket.getSession());
                if (sSLSocket != null) {
                    try {
                        sSLSocket.close();
                    } catch (IOException e) {
                        e = e;
                        era.f(chu.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
                        return x509CertificateArr;
                    } catch (GeneralSecurityException e2) {
                        e = e2;
                        era.f(chu.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
                        return x509CertificateArr;
                    }
                }
            } finally {
            }
        } catch (IOException e3) {
            e = e3;
        } catch (GeneralSecurityException e4) {
            e = e4;
        }
        return x509CertificateArr;
    }

    public static void c(X509Certificate[] x509CertificateArr, HostAuth hostAuth) {
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            era.f(chu.a, e, "SSLUtils: Cert is expired", new Object[0]);
            hostAuth.l(4, x509Certificate, x509CertificateArr);
            throw new SSLException(e.getMessage(), e);
        } catch (CertificateNotYetValidException e2) {
            era.f(chu.a, e2, "SSLUtils: Cert is not yet valid", new Object[0]);
            hostAuth.l(10, x509Certificate, x509CertificateArr);
            throw new SSLException(e2.getMessage(), e2);
        }
    }

    public static synchronized SSLSocketFactory d(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        KeyManager[] keyManagerArr;
        synchronized (cpw.class) {
            if (a != null) {
                try {
                    spi.a(context);
                } catch (reg e) {
                    era.h(era.c, e, "Unrecoverable error from installIfNeeded, in runHttpRequest", new Object[0]);
                } catch (reh e2) {
                    era.h(era.c, e2, "Repairable error from installIfNeeded, in runHttpRequest", new Object[0]);
                    rei.k(e2.a, context);
                }
            }
            if (keyManager == null) {
                keyManagerArr = null;
            } else {
                try {
                    keyManagerArr = new KeyManager[]{keyManager};
                } catch (KeyManagementException | NoSuchAlgorithmException e3) {
                    era.j("Email.Ssl", e3, "Unable to acquire SSLSocketFactory", new Object[0]);
                    return null;
                }
            }
            if (!z) {
                int i = cpr.b;
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerArr, null, null);
                return new cpr(sSLContext.getSocketFactory(), true, hostAuth);
            }
            TrustManager[] trustManagerArr = {new cpv(context, hostAuth)};
            int i2 = cpr.b;
            SSLContext sSLContext2 = SSLContext.getInstance("TLS");
            sSLContext2.init(keyManagerArr, trustManagerArr, null);
            return new cpr(sSLContext2.getSocketFactory(), false, hostAuth);
        }
    }

    public static String e(String str) {
        String lowerCase = str.toLowerCase();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < lowerCase.length(); i++) {
            char charAt = lowerCase.charAt(i);
            if ((charAt >= 'a' && charAt <= 'z') || ((charAt >= 'A' && charAt <= 'Z') || ((charAt >= '0' && charAt <= '9') || charAt == '-' || charAt == '.'))) {
                sb.append(charAt);
            } else if (charAt == '+') {
                sb.append("++");
            } else {
                sb.append('+');
                sb.append((int) charAt);
            }
        }
        return sb.toString();
    }

    private static X509Certificate[] f(SSLSession sSLSession) {
        X509Certificate[] x509CertificateArr;
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            int length = peerCertificateChain.length;
            x509CertificateArr = new X509Certificate[length];
            int i = 0;
            int i2 = 0;
            while (i < length) {
                try {
                    javax.security.cert.X509Certificate x509Certificate = peerCertificateChain[i];
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509Certificate.getEncoded());
                    int i3 = i2 + 1;
                    x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    i++;
                    i2 = i3;
                } catch (CertificateException e) {
                    e = e;
                    era.f(chu.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
                    return x509CertificateArr;
                } catch (SSLPeerUnverifiedException e2) {
                    e = e2;
                    era.f(chu.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
                    return x509CertificateArr;
                } catch (CertificateEncodingException e3) {
                    e = e3;
                    era.f(chu.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
                    return x509CertificateArr;
                }
            }
        } catch (CertificateException | SSLPeerUnverifiedException | CertificateEncodingException e4) {
            e = e4;
            x509CertificateArr = null;
        }
        return x509CertificateArr;
    }
}
