package com.netease.cc.common.okhttp.utils;

import androidx.annotation.NonNull;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;

/* loaded from: classes10.dex */
public class g {

    /* renamed from: a, reason: collision with root package name */
    private static final String f72062a = "SsqHelper";

    /* renamed from: b, reason: collision with root package name */
    private static final String f72063b = "cc163com.cer";

    /* renamed from: c, reason: collision with root package name */
    private static final String f72064c = "keystore.pfx";

    /* renamed from: d, reason: collision with root package name */
    private static final String f72065d = "cc163com";

    /* renamed from: e, reason: collision with root package name */
    private static boolean f72066e = false;

    /* loaded from: classes10.dex */
    public class a implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ X509TrustManager f72067a;

        public a(X509TrustManager x509TrustManager) {
            this.f72067a = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                this.f72067a.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e11) {
                com.netease.cc.common.log.b.N(g.f72062a, "checkClientTrusted exception", e11, new Object[0]);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            try {
                this.f72067a.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e11) {
                com.netease.cc.common.log.b.N(g.f72062a, "checkServerTrusted exception", e11, new Object[0]);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return this.f72067a.getAcceptedIssuers();
        }
    }

    public static boolean a(Exception exc, String str) {
        if ((exc instanceof HttpException) && exc.getMessage() != null && !f72066e) {
            boolean contains = exc.getMessage().contains("Trust anchor for certification path not found.");
            f72066e = contains;
            if (contains) {
                com.netease.cc.common.log.b.O(f72062a, "checkIfNeedHandleCertification url:%s,  message:%s", str, exc.getMessage());
                com.netease.cc.common.log.b.M(f72062a, "证书有问题： http://km.netease.com/profile/cc_studio#/wiki/item/44984");
            }
        }
        return f72066e;
    }

    public static void b(OkHttpClient.Builder builder) {
        if (f72066e) {
            com.netease.cc.common.log.b.s(f72062a, "handleCertificationOnOlderDevices");
            try {
                try {
                    KeyStore e11 = e(d());
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(e11);
                    TrustManager[] trustManagerArr = {new a((X509TrustManager) trustManagerFactory.getTrustManagers()[0])};
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, trustManagerArr, new SecureRandom());
                    builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerArr[0]);
                } catch (Exception e12) {
                    com.netease.cc.common.log.b.N(f72062a, "handleCertificationOnOlderDevices exception", e12, new Object[0]);
                }
            } finally {
                com.netease.cc.common.log.b.s(f72062a, "handleCertificationOnOlderDevices done");
            }
        }
    }

    private static Certificate d() throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        BufferedInputStream bufferedInputStream = new BufferedInputStream(f(f72063b));
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
            com.netease.cc.common.log.b.s("certificate", ((X509Certificate) generateCertificate).getSubjectDN().toString());
            com.netease.cc.common.log.b.s(f72062a, "loadCertificate done");
            return generateCertificate;
        } finally {
            bufferedInputStream.close();
        }
    }

    private static KeyStore e(@NonNull Certificate certificate) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(f(f72064c), null);
        keyStore.setCertificateEntry(f72065d, certificate);
        com.netease.cc.common.log.b.s(f72062a, "loadKeystore done");
        return keyStore;
    }

    private static InputStream f(String str) throws IOException {
        return h30.a.b().getAssets().open(str);
    }
}
