package org.sufficientlysecure.keychain.util;

import android.content.res.AssetManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.sufficientlysecure.keychain.Constants;

/* loaded from: classes.dex */
public class TlsHelper {
    private static Map<String, byte[]> sStaticCA = new HashMap();

    /* loaded from: classes.dex */
    public static class TlsHelperException extends Exception {
        public TlsHelperException(Exception exc) {
            super(exc);
        }
    }

    public static void addStaticCA(String str, AssetManager assetManager, String str2) {
        try {
            InputStream open = assetManager.open(str2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            for (int read = open.read(); read != -1; read = open.read()) {
                byteArrayOutputStream.write(read);
            }
            open.close();
            addStaticCA(str, byteArrayOutputStream.toByteArray());
        } catch (IOException e) {
            Log.w(Constants.TAG, e);
        }
    }

    public static void addStaticCA(String str, byte[] bArr) {
        sStaticCA.put(str, bArr);
    }

    public static HttpsURLConnection openCAConnection(byte[] bArr, URL url) throws TlsHelperException, IOException {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", generateCertificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            return httpsURLConnection;
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new TlsHelperException(e);
        }
    }

    public static URLConnection openConnection(URL url) throws IOException, TlsHelperException {
        if (url.getProtocol().equals("https")) {
            for (String str : sStaticCA.keySet()) {
                if (url.getHost().endsWith(str)) {
                    return openCAConnection(sStaticCA.get(str), url);
                }
            }
        }
        return url.openConnection();
    }
}
