package org.apache.cordova.certinfo;

import android.util.Base64;
import com.google.firebase.messaging.Constants;
import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.cordova.CallbackContext;
import org.apache.cordova.CordovaPlugin;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class CertInfo extends CordovaPlugin {
    private static final String ACTION_FETCH_EVENT = "fetch";
    private static char[] HEX_CHARS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class CertificateResult {
        private boolean domainMismatched;
        private Exception exception;

        private CertificateResult() {
            this.exception = null;
            this.domainMismatched = false;
        }

        public Exception getException() {
            return this.exception;
        }

        public boolean isDomainMismatched() {
            return this.domainMismatched;
        }

        public boolean isTrusted() {
            return this.exception == null;
        }

        public void setDomainMismatched(boolean z) {
            this.domainMismatched = z;
        }

        public void setException(Exception exc) {
            this.exception = exc;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class TrustManagerDelegate implements X509TrustManager {
        private static X509TrustManager DEFAULT_TRUST_MANAGER;
        private CertificateResult certificateResult;

        static {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        DEFAULT_TRUST_MANAGER = (X509TrustManager) trustManager;
                        return;
                    }
                }
            } catch (KeyStoreException e) {
                e.printStackTrace();
            } catch (NoSuchAlgorithmException e2) {
                e2.printStackTrace();
            }
        }

        private TrustManagerDelegate() {
            this.certificateResult = null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            DEFAULT_TRUST_MANAGER.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                DEFAULT_TRUST_MANAGER.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                CertificateResult certificateResult = this.certificateResult;
                if (certificateResult == null) {
                    throw e;
                }
                certificateResult.setException(e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return DEFAULT_TRUST_MANAGER.getAcceptedIssuers();
        }

        public CertificateResult getCertificateResult() {
            return this.certificateResult;
        }

        public void setCertificateResult(CertificateResult certificateResult) {
            this.certificateResult = certificateResult;
        }
    }

    private static String dumpHex(byte[] bArr) {
        int length = bArr.length;
        StringBuilder sb = new StringBuilder((length * 3) - 1);
        for (int i = 0; i < length; i++) {
            if (i > 0) {
                sb.append(' ');
            }
            sb.append(HEX_CHARS[(bArr[i] >> 4) & 15]);
            sb.append(HEX_CHARS[bArr[i] & 15]);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate getCertificate(String str, CertificateResult certificateResult) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(str).openConnection();
        if (certificateResult != null) {
            httpsURLConnection.setSSLSocketFactory(getTrustedFactory(certificateResult));
            httpsURLConnection.setHostnameVerifier(getTrustedVerifier(certificateResult));
        }
        httpsURLConnection.setConnectTimeout(5000);
        httpsURLConnection.connect();
        X509Certificate x509Certificate = (X509Certificate) httpsURLConnection.getServerCertificates()[0];
        httpsURLConnection.disconnect();
        return x509Certificate;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getFingerprint(byte[] bArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        messageDigest.update(bArr);
        return dumpHex(messageDigest.digest());
    }

    private static SSLSocketFactory getTrustedFactory(CertificateResult certificateResult) throws IOException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            TrustManagerDelegate trustManagerDelegate = new TrustManagerDelegate();
            trustManagerDelegate.setCertificateResult(certificateResult);
            sSLContext.init(null, new TrustManager[]{trustManagerDelegate}, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (GeneralSecurityException e) {
            throw new IOException("Security exception configuring SSL context", e);
        }
    }

    private static HostnameVerifier getTrustedVerifier(final CertificateResult certificateResult) {
        return new HostnameVerifier() { // from class: org.apache.cordova.certinfo.CertInfo.2
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession)) {
                    CertificateResult.this.setException(new CertificateException("Hostname not matched"));
                    CertificateResult.this.setDomainMismatched(true);
                }
                return true;
            }
        };
    }

    @Override // org.apache.cordova.CordovaPlugin
    public boolean execute(String str, final JSONArray jSONArray, final CallbackContext callbackContext) throws JSONException {
        if (ACTION_FETCH_EVENT.equals(str)) {
            this.cordova.getThreadPool().execute(new Runnable() { // from class: org.apache.cordova.certinfo.CertInfo.1
                /* JADX WARN: Multi-variable type inference failed */
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        String string = jSONArray.getString(0);
                        CertificateResult certificateResult = (jSONArray.length() > 1 && jSONArray.getBoolean(1)) == true ? new CertificateResult() : null;
                        X509Certificate certificate = CertInfo.getCertificate(string, certificateResult);
                        byte[] encoded = certificate.getEncoded();
                        String fingerprint = CertInfo.getFingerprint(encoded);
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put("trusted", certificateResult == null || certificateResult.isTrusted());
                        if (certificateResult != null && !certificateResult.isTrusted()) {
                            jSONObject.put("mismatched", certificateResult.isDomainMismatched());
                            jSONObject.put(Constants.IPC_BUNDLE_KEY_SEND_ERROR, certificateResult.getException().getMessage());
                        }
                        jSONObject.put("certificate", Base64.encodeToString(encoded, 2));
                        jSONObject.put("fingerprint", fingerprint);
                        jSONObject.put("subject", certificate.getSubjectX500Principal());
                        jSONObject.put("issuer", certificate.getIssuerX500Principal());
                        callbackContext.success(jSONObject);
                    } catch (Exception e) {
                        callbackContext.error("CONNECTION_FAILED. Details: " + e.getMessage());
                    }
                }
            });
            return true;
        }
        callbackContext.error("CertInfo." + str + " is not a supported function. Did you mean '" + ACTION_FETCH_EVENT + "'?");
        return false;
    }
}
