package org.matrix.androidsdk.ssl;

import android.support.annotation.NonNull;
import cz.msebera.android.httpclient.message.TokenParser;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import okhttp3.CipherSuite;
import okhttp3.ConnectionSpec;
import okhttp3.TlsVersion;
import org.matrix.androidsdk.HomeServerConnectionConfig;

/* loaded from: classes3.dex */
public class CertUtil {
    private static final String LOG_TAG = "CertUtil";
    private static final char[] hexArray = "0123456789ABCDEF".toCharArray();

    public static String fingerprintToHexString(byte[] bArr) {
        return fingerprintToHexString(bArr, TokenParser.SP);
    }

    public static String fingerprintToHexString(byte[] bArr, char c) {
        char[] cArr = new char[bArr.length * 3];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 255;
            int i3 = i * 3;
            char[] cArr2 = hexArray;
            cArr[i3] = cArr2[i2 >>> 4];
            cArr[i3 + 1] = cArr2[i2 & 15];
            cArr[i3 + 2] = c;
        }
        return new String(cArr, 0, cArr.length - 1);
    }

    private static byte[] generateFingerprint(X509Certificate x509Certificate, String str) throws CertificateException {
        try {
            return MessageDigest.getInstance(str).digest(x509Certificate.getEncoded());
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    public static byte[] generateSha1Fingerprint(X509Certificate x509Certificate) throws CertificateException {
        return generateFingerprint(x509Certificate, "SHA-1");
    }

    public static byte[] generateSha256Fingerprint(X509Certificate x509Certificate) throws CertificateException {
        return generateFingerprint(x509Certificate, "SHA-256");
    }

    public static UnrecognizedCertificateException getCertificateException(Throwable th) {
        for (int i = 0; th != null && i < 10; i++) {
            if (th instanceof UnrecognizedCertificateException) {
                return (UnrecognizedCertificateException) th;
            }
            th = th.getCause();
        }
        return null;
    }

    public static List<ConnectionSpec> newConnectionSpecs(@NonNull HomeServerConnectionConfig homeServerConnectionConfig, @NonNull String str) {
        ConnectionSpec.Builder builder = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS);
        List<TlsVersion> acceptedTlsVersions = homeServerConnectionConfig.getAcceptedTlsVersions();
        if (acceptedTlsVersions != null) {
            builder.tlsVersions((TlsVersion[]) acceptedTlsVersions.toArray(new TlsVersion[0]));
        }
        List<CipherSuite> acceptedTlsCipherSuites = homeServerConnectionConfig.getAcceptedTlsCipherSuites();
        if (acceptedTlsCipherSuites != null) {
            builder.cipherSuites((CipherSuite[]) acceptedTlsCipherSuites.toArray(new CipherSuite[0]));
        }
        builder.supportsTlsExtensions(homeServerConnectionConfig.shouldAcceptTlsExtensions());
        ArrayList arrayList = new ArrayList();
        arrayList.add(builder.build());
        if (str.startsWith("http://")) {
            arrayList.add(ConnectionSpec.CLEARTEXT);
        }
        return arrayList;
    }

    public static HostnameVerifier newHostnameVerifier(HomeServerConnectionConfig homeServerConnectionConfig) {
        final HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
        final List<Fingerprint> allowedFingerprints = homeServerConnectionConfig.getAllowedFingerprints();
        return new HostnameVerifier() { // from class: org.matrix.androidsdk.ssl.CertUtil.1
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                if (defaultHostnameVerifier.verify(str, sSLSession)) {
                    return true;
                }
                List list = allowedFingerprints;
                if (list == null || list.size() == 0) {
                    return false;
                }
                try {
                    for (Certificate certificate : sSLSession.getPeerCertificates()) {
                        for (Fingerprint fingerprint : allowedFingerprints) {
                            if (fingerprint != null && (certificate instanceof X509Certificate) && fingerprint.matchesCert((X509Certificate) certificate)) {
                                return true;
                            }
                        }
                    }
                    return false;
                } catch (CertificateException unused) {
                    return false;
                } catch (SSLPeerUnverifiedException unused2) {
                    return false;
                }
            }
        };
    }

    /* JADX WARN: Code restructure failed: missing block: B:30:0x0067, code lost:
    
        r0 = (javax.net.ssl.X509TrustManager) r0[r3];
     */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static android.util.Pair<javax.net.ssl.SSLSocketFactory, javax.net.ssl.X509TrustManager> newPinnedSSLSocketFactory(org.matrix.androidsdk.HomeServerConnectionConfig r7) {
        /*
            boolean r0 = r7.shouldPin()
            r1 = 0
            r2 = 0
            if (r0 != 0) goto L8c
            java.lang.String r0 = "PKIX"
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r0)     // Catch: java.security.NoSuchAlgorithmException -> Lf
            goto L2b
        Lf:
            r0 = move-exception
            java.lang.String r3 = org.matrix.androidsdk.ssl.CertUtil.LOG_TAG
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>()
            java.lang.String r5 = "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance failed "
            r4.append(r5)
            java.lang.String r5 = r0.getMessage()
            r4.append(r5)
            java.lang.String r4 = r4.toString()
            org.matrix.androidsdk.util.Log.e(r3, r4, r0)
            r0 = r2
        L2b:
            if (r0 != 0) goto L51
            java.lang.String r3 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.NoSuchAlgorithmException -> L36
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r3)     // Catch: java.security.NoSuchAlgorithmException -> L36
            goto L51
        L36:
            r3 = move-exception
            java.lang.String r4 = org.matrix.androidsdk.ssl.CertUtil.LOG_TAG
            java.lang.StringBuilder r5 = new java.lang.StringBuilder
            r5.<init>()
            java.lang.String r6 = "## newPinnedSSLSocketFactory() : TrustManagerFactory.getInstance with default algorithm failed "
            r5.append(r6)
            java.lang.String r6 = r3.getMessage()
            r5.append(r6)
            java.lang.String r5 = r5.toString()
            org.matrix.androidsdk.util.Log.e(r4, r5, r3)
        L51:
            if (r0 == 0) goto L8c
            r3 = r2
            java.security.KeyStore r3 = (java.security.KeyStore) r3     // Catch: java.security.KeyStoreException -> L71
            r0.init(r3)     // Catch: java.security.KeyStoreException -> L71
            javax.net.ssl.TrustManager[] r0 = r0.getTrustManagers()     // Catch: java.security.KeyStoreException -> L71
            r3 = 0
        L5e:
            int r4 = r0.length     // Catch: java.security.KeyStoreException -> L71
            if (r3 >= r4) goto L6f
            r4 = r0[r3]     // Catch: java.security.KeyStoreException -> L71
            boolean r4 = r4 instanceof javax.net.ssl.X509TrustManager     // Catch: java.security.KeyStoreException -> L71
            if (r4 == 0) goto L6c
            r0 = r0[r3]     // Catch: java.security.KeyStoreException -> L71
            javax.net.ssl.X509TrustManager r0 = (javax.net.ssl.X509TrustManager) r0     // Catch: java.security.KeyStoreException -> L71
            goto L8d
        L6c:
            int r3 = r3 + 1
            goto L5e
        L6f:
            r0 = r2
            goto L8d
        L71:
            r0 = move-exception
            java.lang.String r3 = org.matrix.androidsdk.ssl.CertUtil.LOG_TAG
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>()
            java.lang.String r5 = "## newPinnedSSLSocketFactory() : "
            r4.append(r5)
            java.lang.String r5 = r0.getMessage()
            r4.append(r5)
            java.lang.String r4 = r4.toString()
            org.matrix.androidsdk.util.Log.e(r3, r4, r0)
        L8c:
            r0 = r2
        L8d:
            org.matrix.androidsdk.ssl.PinnedTrustManager r3 = new org.matrix.androidsdk.ssl.PinnedTrustManager
            java.util.List r4 = r7.getAllowedFingerprints()
            r3.<init>(r4, r0)
            r0 = 1
            javax.net.ssl.TrustManager[] r0 = new javax.net.ssl.TrustManager[r0]
            r0[r1] = r3
            boolean r1 = r7.forceUsageOfTlsVersions()     // Catch: java.lang.Exception -> Lc9
            if (r1 == 0) goto Lb1
            java.util.List r1 = r7.getAcceptedTlsVersions()     // Catch: java.lang.Exception -> Lc9
            if (r1 == 0) goto Lb1
            org.matrix.androidsdk.ssl.TLSSocketFactory r1 = new org.matrix.androidsdk.ssl.TLSSocketFactory     // Catch: java.lang.Exception -> Lc9
            java.util.List r7 = r7.getAcceptedTlsVersions()     // Catch: java.lang.Exception -> Lc9
            r1.<init>(r0, r7)     // Catch: java.lang.Exception -> Lc9
            goto Lc3
        Lb1:
            java.lang.String r7 = "TLS"
            javax.net.ssl.SSLContext r7 = javax.net.ssl.SSLContext.getInstance(r7)     // Catch: java.lang.Exception -> Lc9
            java.security.SecureRandom r1 = new java.security.SecureRandom     // Catch: java.lang.Exception -> Lc9
            r1.<init>()     // Catch: java.lang.Exception -> Lc9
            r7.init(r2, r0, r1)     // Catch: java.lang.Exception -> Lc9
            javax.net.ssl.SSLSocketFactory r1 = r7.getSocketFactory()     // Catch: java.lang.Exception -> Lc9
        Lc3:
            android.util.Pair r7 = new android.util.Pair
            r7.<init>(r1, r3)
            return r7
        Lc9:
            r7 = move-exception
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            r0.<init>(r7)
            throw r0
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.matrix.androidsdk.ssl.CertUtil.newPinnedSSLSocketFactory(org.matrix.androidsdk.HomeServerConnectionConfig):android.util.Pair");
    }
}
