package es.redsys.paysys.Utils;

import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes.dex */
public class MySSLSocketFactoryCertValidate extends SSLSocketFactory {
    public final String TAG;
    private X509TrustManager a;
    private SSLContext e;

    public MySSLSocketFactoryCertValidate(KeyStore keyStore) {
        super(keyStore);
        this.TAG = MySSLSocketFactoryCertValidate.class.getName();
        this.e = SSLContext.getInstance("TLSv1");
        c(keyStore);
        try {
            this.e.init(null, new TrustManager[]{new X509TrustManager() { // from class: es.redsys.paysys.Utils.MySSLSocketFactoryCertValidate.2
                private String a(int i, String str) {
                    String[] strArr = {"CN=", "O=", "OU="};
                    return a(str, strArr[i]) != null ? a(str, strArr[i]) : e(str, strArr[i]) != null ? e(str, strArr[i]) : "";
                }

                private String a(String str, String str2) {
                    int indexOf;
                    int indexOf2;
                    if (str == null || str2 == null || (indexOf = str.indexOf(str2)) == -1 || (indexOf2 = str.indexOf(",", str2.length() + indexOf)) == -1) {
                        return null;
                    }
                    return str.substring(indexOf + str2.length(), indexOf2);
                }

                private boolean b(String[] strArr, String[] strArr2) {
                    return a(0, strArr2[0]).equals("REDSYS-AC-Servidores-C1") || a(0, strArr[1]).equals("REDSYS-AC-Servidores-C1") || a(0, strArr2[0]).equals("REDSYS-AC-Servidores-C2") || a(0, strArr[1]).equals("REDSYS-AC-Servidores-C2") || a(0, strArr2[1]).equals("REDSYS-AC-Raiz-C") || a(0, strArr[2]).equals("REDSYS-AC-Raiz-C") || a(0, strArr2[2]).equals("REDSYS-AC-Raiz-C") || e(strArr, "REDSYS", "PKI") || e(strArr2, "REDSYS", "PKI");
                }

                private boolean c(String[] strArr, String[] strArr2) {
                    int length = strArr.length - 1;
                    String[] strArr3 = new String[length];
                    System.arraycopy(strArr, 1, strArr3, 0, length);
                    return a(0, strArr2[0]).equals("DigiCert SHA2 Extended Validation Server CA") && a(0, strArr[1]).equals("DigiCert SHA2 Extended Validation Server CA") && a(0, strArr2[1]).equals("DigiCert High Assurance EV Root CA") && a(0, strArr[2]).equals("DigiCert High Assurance EV Root CA") && a(0, strArr2[2]).equals("DigiCert High Assurance EV Root CA") && e(strArr3, "DigiCert Inc", "www.digicert.com") && e(strArr2, "DigiCert Inc", "www.digicert.com");
                }

                private boolean d(CharSequence charSequence) {
                    return charSequence == null || charSequence.length() == 0;
                }

                private String e(String str, String str2) {
                    int indexOf;
                    return d(str) ? str : (str2 == null || (indexOf = str.indexOf(str2)) == -1) ? "" : str.substring(indexOf + str2.length());
                }

                private boolean e(String[] strArr, String str, String str2) {
                    for (String str3 : strArr) {
                        if (!a(1, str3).equals(str) || !a(2, str3).equals(str2)) {
                            return false;
                        }
                    }
                    return true;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    MySSLSocketFactoryCertValidate.this.a.checkClientTrusted(x509CertificateArr, str);
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    if (x509CertificateArr.length > 2) {
                        String[] strArr = {x509CertificateArr[0].getSubjectDN().toString(), x509CertificateArr[1].getSubjectDN().toString(), x509CertificateArr[2].getSubjectDN().toString()};
                        String[] strArr2 = {x509CertificateArr[0].getIssuerDN().toString(), x509CertificateArr[1].getIssuerDN().toString(), x509CertificateArr[2].getIssuerDN().toString()};
                        try {
                            x509CertificateArr[0].checkValidity();
                            x509CertificateArr[1].checkValidity();
                            x509CertificateArr[2].checkValidity();
                            try {
                                if (!c(strArr, strArr2) && !b(strArr, strArr2)) {
                                    throw new CertificateException();
                                }
                            } catch (Exception e) {
                                e.printStackTrace();
                                throw new CertificateException("Cadena de certificados no válida 1029", e);
                            }
                        } catch (Exception e2) {
                            e2.printStackTrace();
                            throw new CertificateException("Certificate expired1029", e2);
                        }
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return MySSLSocketFactoryCertValidate.this.a.getAcceptedIssuers();
                }
            }}, null);
        } catch (KeyManagementException e) {
            Log.e("KeyManagementException", e.getLocalizedMessage(), e);
        }
    }

    private void c(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.a = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException e) {
            throw new KeyManagementException(e.getMessage());
        }
    }

    private Socket e(Socket socket) {
        if (socket instanceof SSLSocket) {
            ((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"});
        }
        return socket;
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
    public Socket createSocket() {
        return e(this.e.getSocketFactory().createSocket());
    }

    @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
    public Socket createSocket(Socket socket, String str, int i, boolean z) {
        return e(this.e.getSocketFactory().createSocket(socket, str, i, z));
    }
}
