package es.redsys.paysys.Utils;

import android.os.Build;
import icg.android.devices.gateway.webservice.soap.SSLContextAllowAllFactory;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.Socket;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;

/* loaded from: classes2.dex */
public class MySSLSocketFactoryCertValidate extends SSLSocketFactory {
    public final String TAG;
    X509TrustManager a;
    private SSLContext c;

    public MySSLSocketFactoryCertValidate(KeyStore keyStore) {
        super(keyStore);
        this.TAG = MySSLSocketFactoryCertValidate.class.getName();
        this.c = SSLContext.getInstance(SSLContextAllowAllFactory.TLSv1);
        initTrustedCerts(keyStore);
        try {
            this.c.init(null, new TrustManager[]{new X509TrustManager() { // from class: es.redsys.paysys.Utils.MySSLSocketFactoryCertValidate.3
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    MySSLSocketFactoryCertValidate.this.a.checkClientTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    MySSLSocketFactoryCertValidate.this.a.checkServerTrusted(x509CertificateArr, str);
                    String[] strArr = new String[x509CertificateArr.length];
                    String[] strArr2 = new String[x509CertificateArr.length];
                    HashSet<X509CRL> hashSet = new HashSet();
                    for (int i = 0; i < x509CertificateArr.length; i++) {
                        strArr[i] = x509CertificateArr[i].getSubjectDN().toString();
                        strArr2[i] = x509CertificateArr[i].getIssuerDN().toString();
                        x509CertificateArr[i].checkValidity();
                        X509Certificate x509Certificate = x509CertificateArr[i];
                        if (Build.VERSION.SDK_INT < 26) {
                            hashSet.addAll(MySSLSocketFactoryCertValidate.e(x509Certificate));
                            for (X509CRL x509crl : hashSet) {
                                if (x509crl.getRevokedCertificate(x509Certificate.getSerialNumber()) != null || x509crl.isRevoked(x509Certificate)) {
                                    throw new CertificateException("Certificate revoked1029");
                                }
                            }
                        }
                    }
                    if (!c.c(strArr, strArr2) && !c.e(strArr, strArr2)) {
                        throw new CertificateException("Cadena de certificados no válida 1029");
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return MySSLSocketFactoryCertValidate.this.a.getAcceptedIssuers();
                }
            }}, null);
        } catch (KeyManagementException e) {
            Log.e("KeyManagementException", e.getLocalizedMessage(), e);
        }
    }

    private Socket a(Socket socket) {
        if (socket instanceof SSLSocket) {
            ((SSLSocket) socket).setEnabledProtocols(new String[]{SSLContextAllowAllFactory.TLSv1_1, SSLContextAllowAllFactory.TLSv1_2});
        }
        return socket;
    }

    static List<X509CRL> e(X509Certificate x509Certificate) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        LinkedList linkedList = new LinkedList();
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.31");
        if (extensionValue != null) {
            try {
                for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(new ASN1InputStream(new ByteArrayInputStream(((DEROctetString) new ASN1InputStream(new ByteArrayInputStream(extensionValue)).readObject()).getOctets())).readObject()).getDistributionPoints()) {
                    DistributionPointName distributionPoint2 = distributionPoint.getDistributionPoint();
                    if (distributionPoint2 != null && distributionPoint2.getType() == 0) {
                        for (GeneralName generalName : GeneralNames.getInstance(distributionPoint2.getName()).getNames()) {
                            if (generalName.getTagNo() == 6) {
                                DataInputStream dataInputStream = new DataInputStream(new URL(DERIA5String.getInstance(generalName.getName()).getString()).openConnection().getInputStream());
                                try {
                                    linkedList.add((X509CRL) certificateFactory.generateCRL(dataInputStream));
                                    dataInputStream.close();
                                } finally {
                                }
                            }
                        }
                    }
                }
            } catch (IOException | CRLException e) {
                throw new CertificateException("Certificate CRL exception MySSLSocketFactoryCertValidate1029", e);
            }
        }
        return linkedList;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() {
        return a(this.c.getSocketFactory().createSocket());
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) {
        return a(this.c.getSocketFactory().createSocket(socket, str, i, z));
    }

    public void initTrustedCerts(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.a = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e.getMessage());
        }
    }
}
