package com.smccore.http;

import com.accurisnetworks.accuroam.AccuROAMConstants;
import com.smccore.util.Log;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;

/* loaded from: classes.dex */
public class HttpsAllowAllUtil {
    private static final String HACKED_HTTPS_SCHEME_BACKUP = "hackedhttps";
    private static final String ORIGINAL_HTTPS_SCHEME_BACKUP = "originalhttps";
    private static final String TAG = HttpsAllowAllUtil.class.getSimpleName();
    private HostnameVerifier hackedHostnameVerifier;
    private SSLSocketFactory hackedSocketFactory;
    private HostnameVerifier originalHostnameVerifier;
    private SSLSocketFactory originalSocketFactory;
    private TrustManager[] trustManagers;
    private boolean allSSLAllowed = false;
    private boolean allHostnameAllowed = false;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public static class _FakeX509TrustManager implements X509TrustManager {
        private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[0];

        protected _FakeX509TrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return _AcceptedIssuers;
        }

        public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
            return true;
        }

        public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
            return true;
        }
    }

    public void allowAllHostname() {
        if (this.allHostnameAllowed) {
            return;
        }
        this.allHostnameAllowed = true;
        Log.d(TAG, "Avoid in prod if possible: we are allowing all hostnames.");
        if (this.hackedHostnameVerifier == null) {
            this.hackedHostnameVerifier = new AllowAllHostnameVerifier();
        }
        if (this.originalHostnameVerifier == null) {
            this.originalHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
        }
        HttpsURLConnection.setDefaultHostnameVerifier(this.hackedHostnameVerifier);
    }

    public void allowAllSSL() {
        try {
            if (this.allSSLAllowed) {
                return;
            }
            Log.d(TAG, "DEV ONLY: we are allowing all certificates for HttpsURLConnection");
            allowAllHostname();
            if (this.originalSocketFactory == null) {
                this.originalSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
            }
            SSLSocketFactory allowAllSocketFactory = getAllowAllSocketFactory();
            if (allowAllSocketFactory == null) {
                Log.e(TAG, "Unable to allow all certificates. SSLSocketFactory is null");
                return;
            }
            HttpsURLConnection.setDefaultSSLSocketFactory(allowAllSocketFactory);
            this.allSSLAllowed = true;
            Log.d(TAG, "DEV ONLY: we are allowing all certificates for an instance of HttpClient");
        } catch (Exception e) {
            Log.e(TAG, "Exception in allowSSL", e.getMessage());
        }
    }

    public void allowAllSSL(SSLSocketFactory sSLSocketFactory) {
        try {
            if (this.allSSLAllowed) {
                return;
            }
            Log.d(TAG, "DEV ONLY: we are allowing all certificates for HttpsURLConnection");
            allowAllHostname();
            if (this.originalSocketFactory == null) {
                this.originalSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
            }
            if (sSLSocketFactory == null) {
                Log.e(TAG, "Unable to allow all certificates. SSLSocketFactory is null");
            } else {
                HttpsURLConnection.setDefaultSSLSocketFactory(sSLSocketFactory);
                this.allSSLAllowed = true;
            }
        } catch (Exception e) {
            Log.e(TAG, "Exception in allowSSL", e.getMessage());
        }
    }

    public void disableAllowAllHostname() {
        if (this.allHostnameAllowed) {
            disableAllowAllSSL();
            HttpsURLConnection.setDefaultHostnameVerifier(this.originalHostnameVerifier);
            this.allHostnameAllowed = false;
        }
    }

    public void disableAllowAllSSL() {
        if (this.allSSLAllowed) {
            HttpsURLConnection.setDefaultSSLSocketFactory(this.originalSocketFactory);
            this.allSSLAllowed = false;
        }
    }

    public boolean getAllHostnameAllowed() {
        return this.allHostnameAllowed;
    }

    public boolean getAllSSLAllowed() {
        return this.allSSLAllowed;
    }

    protected SSLSocketFactory getAllowAllSocketFactory() {
        if (this.hackedSocketFactory == null) {
            if (this.trustManagers == null) {
                this.trustManagers = new TrustManager[]{new _FakeX509TrustManager()};
            }
            try {
                SSLContext sSLContext = SSLContext.getInstance(AccuROAMConstants.SSL_PROTOCOL);
                sSLContext.init(null, this.trustManagers, new SecureRandom());
                this.hackedSocketFactory = sSLContext.getSocketFactory();
            } catch (KeyManagementException e) {
                Log.e("allowAllSSL", e.toString());
                return null;
            } catch (NoSuchAlgorithmException e2) {
                Log.e("allowAllSSL", e2.toString());
                return null;
            }
        }
        return this.hackedSocketFactory;
    }

    public void httpClientAllowAllSSL(HttpClient httpClient, String[] strArr, HandshakeCompletedListener handshakeCompletedListener) {
        Scheme scheme;
        SchemeRegistry schemeRegistry = httpClient.getConnectionManager().getSchemeRegistry();
        Scheme scheme2 = schemeRegistry.get("https");
        if (scheme2.getSocketFactory() instanceof AllowingAllSSLSocketFactory) {
            return;
        }
        SSLSocketFactory allowAllSocketFactory = getAllowAllSocketFactory();
        if (allowAllSocketFactory == null) {
            Log.e(TAG, "Unable to allow all certificates. SSLSocketFactory is null");
            return;
        }
        Log.d(TAG, "DEV ONLY: we are allowing all certificates for an instance of HttpClient");
        allowAllSSL(allowAllSocketFactory);
        Scheme scheme3 = schemeRegistry.get(HACKED_HTTPS_SCHEME_BACKUP);
        if (scheme3 == null) {
            try {
                AllowingAllSSLSocketFactory allowingAllSSLSocketFactory = new AllowingAllSSLSocketFactory(allowAllSocketFactory, strArr);
                allowingAllSSLSocketFactory.setHandshakeCompletionListener(handshakeCompletedListener);
                scheme = new Scheme("https", allowingAllSSLSocketFactory, scheme2.getDefaultPort());
            } catch (Exception e) {
                Log.e(TAG, Log.getStackTraceString(e));
                return;
            }
        } else {
            scheme = new Scheme("https", scheme3.getSocketFactory(), scheme3.getDefaultPort());
            schemeRegistry.unregister(HACKED_HTTPS_SCHEME_BACKUP);
        }
        Scheme scheme4 = new Scheme(ORIGINAL_HTTPS_SCHEME_BACKUP, scheme2.getSocketFactory(), scheme2.getDefaultPort());
        schemeRegistry.register(scheme);
        schemeRegistry.register(scheme4);
    }

    public void httpClientDisableAllSSL(HttpClient httpClient) {
        SchemeRegistry schemeRegistry = httpClient.getConnectionManager().getSchemeRegistry();
        Scheme scheme = schemeRegistry.get("https");
        if (scheme.getSocketFactory() instanceof AllowingAllSSLSocketFactory) {
            disableAllowAllSSL();
            Scheme scheme2 = schemeRegistry.get(ORIGINAL_HTTPS_SCHEME_BACKUP);
            Scheme scheme3 = new Scheme(HACKED_HTTPS_SCHEME_BACKUP, scheme.getSocketFactory(), scheme.getDefaultPort());
            Scheme scheme4 = new Scheme("https", scheme2.getSocketFactory(), scheme2.getDefaultPort());
            schemeRegistry.unregister(ORIGINAL_HTTPS_SCHEME_BACKUP);
            schemeRegistry.register(scheme3);
            schemeRegistry.register(scheme4);
        }
    }
}
