package com.nttdocomo.android.ocsplib;

import android.annotation.SuppressLint;
import com.nttdocomo.android.ocsplib.exception.OcspLibraryException;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

@SuppressLint({"NewApi"})
/* loaded from: classes24.dex */
public class OcspURLConnection {

    /* renamed from: c, reason: collision with root package name */
    private static SSLSocketFactory f67422c;

    /* renamed from: d, reason: collision with root package name */
    private static SSLSocketFactory f67423d;

    /* renamed from: e, reason: collision with root package name */
    private static SSLSocketFactory f67424e;

    /* renamed from: f, reason: collision with root package name */
    private static SSLSocketFactory f67425f;

    /* renamed from: g, reason: collision with root package name */
    private static final Object f67426g = new Object();

    /* renamed from: h, reason: collision with root package name */
    private static final Object f67427h = new Object();

    /* renamed from: a, reason: collision with root package name */
    private final HttpURLConnection f67428a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f67429b = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes24.dex */
    public static final class a {

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: com.nttdocomo.android.ocsplib.OcspURLConnection$a$a, reason: collision with other inner class name */
        /* loaded from: classes24.dex */
        public static class C0592a extends X509ExtendedTrustManager {

            /* renamed from: a, reason: collision with root package name */
            final /* synthetic */ X509ExtendedTrustManager f67430a;

            /* renamed from: b, reason: collision with root package name */
            final /* synthetic */ boolean f67431b;

            /* renamed from: c, reason: collision with root package name */
            final /* synthetic */ int f67432c;

            C0592a(X509ExtendedTrustManager x509ExtendedTrustManager, boolean z5, int i5) {
                this.f67430a = x509ExtendedTrustManager;
                this.f67431b = z5;
                this.f67432c = i5;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                this.f67430a.checkClientTrusted(x509CertificateArr, str);
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                this.f67430a.checkClientTrusted(x509CertificateArr, str, socket);
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                this.f67430a.checkClientTrusted(x509CertificateArr, str, sSLEngine);
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                this.f67430a.checkServerTrusted(x509CertificateArr, str);
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
                int i5;
                this.f67430a.checkServerTrusted(x509CertificateArr, str, socket);
                try {
                    i5 = OcspUtil.verifyCert(x509CertificateArr, (String) null, this.f67431b);
                } catch (OcspLibraryException e5) {
                    d.a("Failed to verify server certificate. " + e5.getMessage());
                    if (this.f67432c != 2) {
                        throw new CertificateException("Failed to verify server certificate. (" + e5.getMessage() + ")", e5);
                    }
                    d.a("FLAG_IGNORE_OCSP_ERROR is set. Ignore error.");
                    i5 = 0;
                }
                if (i5 == 0) {
                    return;
                }
                d.a("Certificate is not valid.");
                throw new CertificateException("Certificate is not valid.");
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
                this.f67430a.checkServerTrusted(x509CertificateArr, str, sSLEngine);
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return this.f67430a.getAcceptedIssuers();
            }
        }

        private static X509ExtendedTrustManager b() throws GeneralSecurityException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509ExtendedTrustManager) {
                    return (X509ExtendedTrustManager) trustManager;
                }
            }
            throw new GeneralSecurityException("X509TrustManager is not found in " + Arrays.toString(trustManagers));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static X509ExtendedTrustManager c(boolean z5, int i5) throws GeneralSecurityException {
            return new C0592a(b(), z5, i5);
        }
    }

    public OcspURLConnection(HttpURLConnection httpURLConnection) {
        this.f67428a = httpURLConnection;
    }

    private SSLSocketFactory a(boolean z5, int i5) throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{a.c(z5, i5)}, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    private SSLSocketFactory b(boolean z5, int i5) throws GeneralSecurityException {
        synchronized (f67426g) {
            try {
                if (z5) {
                    if (i5 == 2) {
                        if (f67423d == null) {
                            f67423d = a(z5, i5);
                        }
                        return f67423d;
                    }
                    if (f67422c == null) {
                        f67422c = a(z5, i5);
                    }
                    return f67422c;
                }
                if (i5 == 2) {
                    if (f67425f == null) {
                        f67425f = a(z5, i5);
                    }
                    return f67425f;
                }
                if (f67424e == null) {
                    f67424e = a(z5, i5);
                }
                return f67424e;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    public void connect() throws IOException {
        connect(0);
    }

    public void connect(int i5) throws IOException {
        d.a("connect() start");
        d.a("flag : " + i5);
        if (!OcspUtil.z()) {
            d.a("OcspUtil has not been initialized.");
            throw new SSLPeerUnverifiedException("OcspUtil has not been initialized.");
        }
        if (i5 != 1) {
            HttpURLConnection httpURLConnection = this.f67428a;
            if (httpURLConnection instanceof HttpsURLConnection) {
                try {
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(b(this.f67429b, i5));
                    OcspUtil.A();
                } catch (GeneralSecurityException e5) {
                    d.a("Failed to create socket factory. " + e5.getMessage());
                    if (i5 != 2) {
                        throw new SSLPeerUnverifiedException("Failed to create socket factory. " + e5.getMessage());
                    }
                    d.a("FLAG_IGNORE_OCSP_ERROR is set. Ignore error.");
                }
            } else {
                d.a("Connection is HTTP.");
            }
        } else {
            d.a("FLAG_NO_OCSP_CHECK found. Skip OCSP check.");
        }
        d.a("Connect to server...");
        this.f67428a.connect();
        d.a("connect() end");
    }

    public void setUseCache(boolean z5) {
        d.a("setUseCache() start");
        d.a("useCache : " + z5);
        this.f67429b = z5;
        d.a("setUseCache() end");
    }
}
