package news;

import android.text.TextUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import news.bkp;
import news.bks;

/* compiled from: news */
/* loaded from: classes.dex */
public class ty {
    private static final Map<String, X509Certificate> a = Collections.synchronizedMap(new HashMap());

    /* compiled from: news */
    /* loaded from: classes.dex */
    public class a implements Serializable {

        @aiv(a = "cert")
        public String a;

        @aiv(a = "sign")
        public String b;
    }

    /* compiled from: news */
    /* loaded from: classes.dex */
    public class b implements Serializable {

        @aiv(a = "code")
        public int a;

        @aiv(a = "msg")
        public String b;

        @aiv(a = "result")
        public a c;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: news */
    /* loaded from: classes.dex */
    public static class c implements X509TrustManager {
        private final X509TrustManager a;
        private boolean b = false;

        public c(X509TrustManager x509TrustManager) {
            this.a = x509TrustManager;
        }

        public void a() {
            this.b = true;
        }

        public void b() {
            this.b = false;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (this.a != null) {
                this.a.checkClientTrusted(x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (this.a != null) {
                this.a.checkServerTrusted(x509CertificateArr, str);
            }
            if (ty.a.isEmpty()) {
                ty.d();
            }
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new CertificateException("No cert found.");
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
            }
            wb d = wa.a().d();
            if (d == null) {
                return;
            }
            List<String> a = d.a();
            if (a.isEmpty()) {
                return;
            }
            X509Certificate x509Certificate2 = x509CertificateArr[0];
            List b = ty.b(x509Certificate2);
            if (b.isEmpty()) {
                throw new CertificateException("No dns found in cert.");
            }
            for (String str2 : a) {
                if (!TextUtils.isEmpty(str2)) {
                    Iterator it = b.iterator();
                    while (it.hasNext()) {
                        if (((String) it.next()).endsWith("." + str2)) {
                            Certificate certificate = (Certificate) ty.a.get(str2);
                            if (certificate == null || !x509Certificate2.getPublicKey().equals(certificate.getPublicKey())) {
                                throw new CertificateException("Invalid cert.");
                            }
                            return;
                        }
                    }
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return (this.b || this.a == null) ? new X509Certificate[0] : this.a.getAcceptedIssuers();
        }
    }

    public static void a(String str) {
        if (TextUtils.isEmpty(str)) {
            return;
        }
        bkl e = bkl.e("https://mini.caisif.com/api/dl/cert");
        bks c2 = new bks.a().a().a(e.o().d(e.f().replace(".caisif.com", "." + str)).c()).c();
        bkp.a aVar = new bkp.a();
        aVar.a(3L, TimeUnit.SECONDS);
        aVar.b(5L, TimeUnit.SECONDS);
        aVar.c(5L, TimeUnit.SECONDS);
        aVar.a(true);
        b(aVar);
        aVar.a(new bok());
        bku a2 = aVar.a().a(c2).a();
        if (a2 == null || !a2.c()) {
            throw new IOException(a2 != null ? a2.d() : "Invalid cert.");
        }
        b bVar = (b) bow.a(a2.g().f(), b.class);
        if (bVar == null || bVar.a != 9999) {
            throw new IOException(bVar != null ? bVar.b : "Invalid cert.");
        }
        String str2 = bVar.c.a;
        String str3 = bVar.c.b;
        if (!a(str2, str3)) {
            throw new IOException("Invalid certificate.");
        }
        X509Certificate b2 = b(new String(boo.a(str2)));
        if (b2 != null) {
            a.put(str, b2);
            a(str, str2, str3);
        }
    }

    public static void a(String str, String str2, String str3) {
        String stringBuffer;
        String a2 = e().a("domain.list", "");
        if (TextUtils.isEmpty(a2)) {
            stringBuffer = str;
        } else {
            String[] split = a2.split("#");
            HashSet hashSet = new HashSet();
            Collections.addAll(hashSet, split);
            hashSet.add(str);
            StringBuffer stringBuffer2 = new StringBuffer();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                stringBuffer2.append((String) it.next());
                stringBuffer2.append("#");
            }
            stringBuffer2.deleteCharAt(stringBuffer2.length() - 1);
            stringBuffer = stringBuffer2.toString();
        }
        e().b("domain.list", stringBuffer);
        String a3 = bpa.a(str);
        e().b(a3 + ".cert", str2);
        e().b(a3 + ".sign", str3);
    }

    public static void a(bkp.a aVar) {
        c cVar = new c(c());
        cVar.a();
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{cVar}, new SecureRandom());
            aVar.a(sSLContext.getSocketFactory(), cVar);
        } catch (Throwable th) {
            th.printStackTrace();
        }
        cVar.b();
    }

    private static boolean a(String str, String str2) {
        try {
            return bpd.a(str, bpd.a(new ByteArrayInputStream("-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC//kphkfkMyIJvYJAdnxWnvLkQ\npmOL+MQvX5jL/FsAtvqQmhmF1FgBEXT4R6YUV8pPEiU2dqJ1eVJycSK382HEhTl7\n8xlyJAkuEJM4jIGhifF4E9EhQvbLlW2Vmt903dY+5svzf5Lepcd2jRmTe1bg+JR1\nYUqFLWR3G+u9g4Q3/QIDAQAB\n-----END PUBLIC KEY-----\n".getBytes())), str2);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    private static X509Certificate b(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<String> b(X509Certificate x509Certificate) {
        Integer num;
        String str;
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list != null && list.size() >= 2 && (num = (Integer) list.get(0)) != null && num.intValue() == 2 && (str = (String) list.get(1)) != null) {
                    arrayList.add(str);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e) {
            return Collections.emptyList();
        }
    }

    public static void b(bkp.a aVar) {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            ua uaVar = new ua();
            sSLContext.init(null, new TrustManager[]{uaVar}, null);
            aVar.a(sSLContext.getSocketFactory(), uaVar);
        } catch (Throwable th) {
            th.printStackTrace();
        }
    }

    private static X509TrustManager c() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void d() {
        X509Certificate b2;
        List<String> a2;
        X509Certificate b3;
        HashMap hashMap = new HashMap();
        wb c2 = wa.a().c();
        if (c2 != null && (a2 = c2.a()) != null && !a2.isEmpty()) {
            String str = a2.get(0);
            if (!TextUtils.isEmpty(str) && (b3 = b("-----BEGIN CERTIFICATE-----\nMIIGDjCCBPagAwIBAgISA0VnEhHKhzRuO+gQG2gAdjKkMA0GCSqGSIb3DQEBCwUA\nMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\nExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MjcwNzA0MjZaFw0x\nODEyMjYwNzA0MjZaMBUxEzARBgNVBAMTCmNhaXNpZi5jb20wggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDzxxhBAJeD2p/VbMMHkZIHfRwQzxHg70Zc2Oin\nryXUCSCbgSCih6Z65ob5WbTTdM3dc+vLrYK+ma6fkMP0hv70T+xVIf4ak2XDzeK7\nBM5L0Z2XI4qfCHd4pNn2GDZciMJEq1BnPwZ7ToOrqPKqkp3ftSyCpYHdRaJMBp4p\nlLBDodIOXKfgQ/c7zHTKraw3OFLbfLeF8PyxChbrLKPTu1nqndP7UaUOalxTxyzg\nqHoz/G54Rw42c6krmV+rogn3zBXXsTrVZyFBdTg5MFcnRPM5Q8SeDgw/YBeGRC9p\noWqeGP7bQQYAudjuUvtx52F80Z8BbvCyXGCZGXXsvUBGNmTTAgMBAAGjggMhMIID\nHTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBw3dBI3Kw65RmeKZk6vhAITYgDgMB8G\nA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEBBGMwYTAu\nBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0Lm9yZzAv\nBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9yZy8w\nIwYDVR0RBBwwGoIMKi5jYWlzaWYuY29tggpjYWlzaWYuY29tMIH+BgNVHSAEgfYw\ngfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0\ncDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBD\nZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBh\ncnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0\nZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3Np\ndG9yeS8wggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDBFkrgp3LS1DktyArBB3DU\n8MSb3pkaSEDB+gdRZPYzYAAAAWYaDsBxAAAEAwBHMEUCIQCoZGRnA0JsNbsZ0FFr\nioJpZTWSj64ZtKsk9r/cZcDr4gIgE+Rqtsmw0kjSE88mDdVRE+tGZegaPz3gUDS9\nwlrAvwYAdwApPFGWVMg5ZbqqUPxYB9S3b79Yeily3KTDDPTlRUf0eAAAAWYaDsDB\nAAAEAwBIMEYCIQC9pTyt+DxFxu/GcaWxq1GeptzYLkWBoGH/pb/ddCjIvAIhANBD\nieswUY4vOhm8BaBBPosOLv2ENoR/zzHgokQLPMkgMA0GCSqGSIb3DQEBCwUAA4IB\nAQAn0I3EUlSeJkrpiX6QatQ5p+vOxYih19889t/KPgntSa2In7ircLAB8RBj3o2a\nvLDYxpdLQi1s0J2ovZt7612VnZk+kY4Eb24BjjNRifhq6Tfymncjfi9ZeUm9M+L/\n4wwmLKBQuRe3WB4OPVDFpv0C9cJMXML9eXyBlEZlcQUmGfcJUaUm7GGlybs/iETY\nwcjWwvLHWwpv8yqDr0Ip2jcK1XlA0Nj/ZOMStiIUaNhFksLmR+GG6MgNaWYNgTjp\n9KHhFG6YWNhGjZg5D3QqolpvzJS8xJ1Dwu/+rP2b9v4M0vH9LGim71ScXuT+Zg6x\n5PazW0o9hspxK0KDnRYLuT+q\n-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----\nMIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\nSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\nGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF\nq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8\nSMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0\nZ8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA\na6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj\n/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T\nAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG\nCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv\nbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k\nc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw\nVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC\nARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz\nMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu\nY3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF\nAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo\nuM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/\nwApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu\nX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG\nPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6\nKOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n-----END CERTIFICATE-----")) != null) {
                hashMap.put(str, b3);
            }
        }
        String a3 = e().a("domain.list", "");
        if (!TextUtils.isEmpty(a3)) {
            String[] split = a3.split("#");
            for (String str2 : split) {
                if (!TextUtils.isEmpty(str2)) {
                    String a4 = bpa.a(str2);
                    String a5 = e().a(a4 + ".cert", "");
                    if (a(a5, e().a(a4 + ".sign", "")) && (b2 = b(new String(boo.a(a5)))) != null) {
                        hashMap.put(str2, b2);
                    }
                }
            }
        }
        synchronized (a) {
            a.clear();
            a.putAll(hashMap);
        }
    }

    private static bpf e() {
        return wa.a().b();
    }
}
