package defpackage;

import android.content.Context;
import com.android.emailcommon.provider.HostAuth;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.cert.CertificateEncodingException;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes.dex */
public final class bto {
    public static SSLSocketFactory a;
    public static final HostnameVerifier b = HttpsURLConnection.getDefaultHostnameVerifier();
    public static btq c;

    public static String a(String str) {
        String lowerCase = str.toLowerCase();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < lowerCase.length(); i++) {
            char charAt = lowerCase.charAt(i);
            if (!(('a' <= charAt && charAt <= 'z') || ('A' <= charAt && charAt <= 'Z'))) {
                if (!('0' <= charAt && charAt <= '9') && '-' != charAt && '.' != charAt) {
                    if ('+' == charAt) {
                        sb.append("++");
                    } else {
                        sb.append('+').append((int) charAt);
                    }
                }
            }
            sb.append(charAt);
        }
        return sb.toString();
    }

    public static synchronized SSLSocketFactory a(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        SSLSocketFactory sSLSocketFactory;
        KeyManager[] keyManagerArr;
        synchronized (bto.class) {
            if (c != null) {
                c.a(context);
            }
            if (keyManager == null) {
                keyManagerArr = null;
            } else {
                try {
                    keyManagerArr = new KeyManager[]{keyManager};
                } catch (KeyManagementException | NoSuchAlgorithmException e) {
                    cug.f("Email.Ssl", e, "Unable to acquire SSLSocketFactory", new Object[0]);
                    sSLSocketFactory = null;
                }
            }
            if (z) {
                sSLSocketFactory = (btn) btn.a(keyManagerArr, new TrustManager[]{new bts(context, hostAuth)}, hostAuth);
            } else {
                if (a == null) {
                    a = (btn) btn.a(keyManagerArr, hostAuth);
                }
                sSLSocketFactory = a;
            }
        }
        return sSLSocketFactory;
    }

    public static void a(btq btqVar) {
        c = btqVar;
    }

    public static void a(HostAuth hostAuth, SSLSocket sSLSocket, boolean z, String str) {
        if (hostAuth == null || hostAuth.p == 8) {
            return;
        }
        sSLSocket.startHandshake();
        SSLSession session = sSLSocket.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        X509Certificate[] a2 = a(session);
        if (a2 == null || a2.length == 0) {
            throw new SSLException("Certificate chain is empty!");
        }
        if (!z && !b.verify(str, session)) {
            hostAuth.a(6, a2[0], a2);
            String valueOf = String.valueOf(hostAuth.c);
            throw new SSLPeerUnverifiedException(valueOf.length() != 0 ? "Certificate hostname not useable for server: ".concat(valueOf) : new String("Certificate hostname not useable for server: "));
        }
        if (cwk.x.a()) {
            X509Certificate x509Certificate = a2[0];
            try {
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException e) {
                cug.d(bnr.a, e, "SSLUtils: Cert is expired", new Object[0]);
                hostAuth.a(4, x509Certificate, a2);
                throw new SSLException(e.getMessage(), e);
            } catch (CertificateNotYetValidException e2) {
                cug.d(bnr.a, e2, "SSLUtils: Cert is not yet valid", new Object[0]);
                hostAuth.a(10, x509Certificate, a2);
                throw new SSLException(e2.getMessage(), e2);
            }
        }
    }

    public static X509Certificate[] a(HostAuth hostAuth) {
        X509Certificate[] x509CertificateArr = null;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new X509TrustManager[]{new btp()}, null);
            SSLSocket sSLSocket = (SSLSocket) sSLContext.getSocketFactory().createSocket(hostAuth.c, hostAuth.d);
            x509CertificateArr = a(sSLSocket.getSession());
            sSLSocket.close();
            return x509CertificateArr;
        } catch (IOException | GeneralSecurityException e) {
            cug.d(bnr.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
            return x509CertificateArr;
        }
    }

    private static X509Certificate[] a(SSLSession sSLSession) {
        X509Certificate[] x509CertificateArr = null;
        try {
            javax.security.cert.X509Certificate[] peerCertificateChain = sSLSession.getPeerCertificateChain();
            x509CertificateArr = new X509Certificate[peerCertificateChain.length];
            int length = peerCertificateChain.length;
            int i = 0;
            int i2 = 0;
            while (i < length) {
                int i3 = i2 + 1;
                x509CertificateArr[i2] = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(peerCertificateChain[i].getEncoded()));
                i++;
                i2 = i3;
            }
        } catch (CertificateException | SSLPeerUnverifiedException | CertificateEncodingException e) {
            cug.d(bnr.a, e, "SSLUtils: Couldn't get certificate", new Object[0]);
        }
        return x509CertificateArr;
    }

    public static btm b(Context context, HostAuth hostAuth, KeyManager keyManager, boolean z) {
        btm btmVar = new btm(a(context, hostAuth, keyManager, z));
        if (z) {
            X509HostnameVerifier x509HostnameVerifier = btm.a;
            if (x509HostnameVerifier == null) {
                throw new IllegalArgumentException("Hostname verifier may not be null");
            }
            btmVar.f = x509HostnameVerifier;
        }
        return btmVar;
    }
}
