package hik.common.hi.core.function.msg.business;

import com.gxlog.GLog;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
class HttpsUtils {
    private static final String TAG = "Function-HttpsUtils";

    /* loaded from: classes4.dex */
    public static class SSLParams {
        public SSLSocketFactory sslSocketFactory;
        public X509TrustManager trustManager;
    }

    /* loaded from: classes4.dex */
    static class SafeTrustManager implements X509TrustManager {
        private X509Certificate mCertificate;

        public SafeTrustManager(X509Certificate x509Certificate) {
            this.mCertificate = x509Certificate;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (this.mCertificate == null) {
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    GLog.d(HttpsUtils.TAG, "checkServerTrusted chain == null || chain.length==0");
                    return;
                }
                GLog.d(HttpsUtils.TAG, "checkServerTrusted chain.length = " + x509CertificateArr.length);
                try {
                    x509CertificateArr[0].checkValidity();
                    return;
                } catch (Exception unused) {
                    throw new CertificateException("Certificate not valid or trusted.");
                }
            }
            GLog.d(HttpsUtils.TAG, "checkServerTrusted");
            if (x509CertificateArr == null) {
                throw new IllegalArgumentException("Check Server X509Certificates is null");
            }
            if (x509CertificateArr.length <= 0) {
                throw new IllegalArgumentException("Check Server X509Certificates is empty");
            }
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
                try {
                    x509Certificate.verify(this.mCertificate.getPublicKey());
                    GLog.d(HttpsUtils.TAG, "verify success");
                } catch (InvalidKeyException e) {
                    e.printStackTrace();
                } catch (NoSuchAlgorithmException e2) {
                    e2.printStackTrace();
                } catch (NoSuchProviderException e3) {
                    e3.printStackTrace();
                } catch (SignatureException e4) {
                    e4.printStackTrace();
                }
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    HttpsUtils() {
    }

    public static SSLParams getSSLParams() {
        SSLParams sSLParams = new SSLParams();
        try {
            SafeTrustManager safeTrustManager = new SafeTrustManager(null);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{safeTrustManager}, new SecureRandom());
            sSLParams.sslSocketFactory = new SSLSocketFactoryCompat(sSLContext.getSocketFactory());
            sSLParams.trustManager = safeTrustManager;
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
        return sSLParams;
    }
}
