package com.xunmeng.basiccomponent.superlink.internal;

import android.content.SharedPreferences;
import android.text.TextUtils;
import com.xiaomi.mipush.sdk.Constants;
import com.xunmeng.core.ab.AbTest;
import com.xunmeng.core.config.Configuration;
import com.xunmeng.core.log.Logger;
import com.xunmeng.pinduoduo.a.i;
import com.xunmeng.pinduoduo.ao.f;
import com.xunmeng.pinduoduo.basekit.util.TimeStamp;
import com.xunmeng.pinduoduo.basekit.util.r;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

/* loaded from: classes2.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    public static SSLContext f5812a;
    private static final com.xunmeng.pinduoduo.ao.b b;

    static {
        if (com.xunmeng.manwe.hotfix.b.a(47027, null)) {
            return;
        }
        b = f.a("module_cert_utils");
        Configuration.getInstance().registerListener("super_link.cert_info", new com.xunmeng.core.config.d() { // from class: com.xunmeng.basiccomponent.superlink.internal.a.1
            @Override // com.xunmeng.core.config.d
            public void onConfigChanged(String str, String str2, String str3) {
                if (!com.xunmeng.manwe.hotfix.b.a(47014, this, str, str2, str3) && i.a("super_link.cert_info", (Object) str)) {
                    a.f5812a = null;
                    c.a().b();
                }
            }
        });
    }

    public static SSLContext a() {
        if (com.xunmeng.manwe.hotfix.b.b(47021, null)) {
            return (SSLContext) com.xunmeng.manwe.hotfix.b.a();
        }
        SSLContext sSLContext = f5812a;
        if (sSLContext != null) {
            return sSLContext;
        }
        String configuration = Configuration.getInstance().getConfiguration("super_link.cert_info", "");
        Logger.i("SuperLink.CertificateUtils", "certInfoStr: %s", configuration);
        if (TextUtils.isEmpty(configuration)) {
            return null;
        }
        CertificateInfo certificateInfo = (CertificateInfo) r.a(configuration, CertificateInfo.class);
        if (certificateInfo == null) {
            Logger.e("SuperLink.CertificateUtils", "certInfo is null");
            return null;
        }
        String certHost = certificateInfo.getCertHost();
        boolean b2 = b();
        String str = b2 ? "BKS" : "PKCS12";
        Logger.i("SuperLink.CertificateUtils", "makeSSLContext, keyStoreType:" + str);
        try {
            SSLContext sSLContext2 = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance(str);
            ByteArrayInputStream byteArrayInputStream = b2 ? new ByteArrayInputStream(com.xunmeng.pinduoduo.basekit.commonutil.a.a(certificateInfo.getBase64BKSCert())) : new ByteArrayInputStream(com.xunmeng.pinduoduo.basekit.commonutil.a.a(certificateInfo.getBase64Cert()));
            String password = certificateInfo.getPassword();
            keyStore.load(byteArrayInputStream, password.toCharArray());
            if (!a(keyStore, certHost, str)) {
                return null;
            }
            keyManagerFactory.init(keyStore, password.toCharArray());
            sSLContext2.init(keyManagerFactory.getKeyManagers(), null, null);
            f5812a = sSLContext2;
            if (b2) {
                b.a(6004, "PKCS12 is banned, downgrade BKS success", certHost);
            }
            return f5812a;
        } catch (Throwable th) {
            Logger.e("SuperLink.CertificateUtils", "makeSSLContextWithP12CertificateFromAssets keyStoreType:%s, e:%s", str, th.toString());
            b.a(6003, str + Constants.COLON_SEPARATOR + th.toString(), certHost);
            return null;
        }
    }

    private static boolean a(KeyStore keyStore, String str, String str2) {
        if (com.xunmeng.manwe.hotfix.b.b(47026, null, keyStore, str, str2)) {
            return com.xunmeng.manwe.hotfix.b.c();
        }
        String str3 = "";
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        ((X509Certificate) certificate).checkValidity(new Date(TimeStamp.getRealLocalTimeV2()));
                    }
                    str3 = nextElement;
                } catch (CertificateExpiredException unused) {
                    str3 = nextElement;
                    Logger.e("cert:%s is expired", str3);
                    b.a(6001, str2 + ":cert is expired", str3, str);
                    return false;
                } catch (CertificateNotYetValidException unused2) {
                    str3 = nextElement;
                    Logger.e("cert:%s is not yet valid", str3);
                    b.a(6002, str2 + ":cert is not yet valid", str3, str);
                    return false;
                } catch (Throwable th) {
                    th = th;
                    str3 = nextElement;
                    Logger.e("SuperLink.CertificateUtils", "checkCertValidity occur exception:%s", th.toString());
                    b.a(6003, str2 + Constants.COLON_SEPARATOR + th.toString(), str3, str);
                    return true;
                }
            }
            return true;
        } catch (CertificateExpiredException unused3) {
        } catch (CertificateNotYetValidException unused4) {
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private static boolean b() {
        if (com.xunmeng.manwe.hotfix.b.b(47025, null)) {
            return com.xunmeng.manwe.hotfix.b.c();
        }
        try {
        } catch (Exception e) {
            Logger.i("SuperLink.CertificateUtils", "isMakeCertWithBKS throw e:" + e.toString());
        }
        if (!AbTest.instance().isFlowControl("ab_is_downgrade_bks_5720", false)) {
            return false;
        }
        if (b.getBoolean("is_PKCS12_banned", false)) {
            return true;
        }
        com.xunmeng.pinduoduo.apm.crash.data.b i = com.xunmeng.pinduoduo.apm.crash.a.a.a().i();
        if (i != null && i.c.contains("PKCS12KeyStoreSpi")) {
            SharedPreferences.Editor putBoolean = b.putBoolean("is_PKCS12_banned", true);
            Logger.i("SP.Editor", "CertificateUtils#isPKCS12Banned SP.apply");
            putBoolean.apply();
            return true;
        }
        return false;
    }
}
