package com.citi.mobile.framework.network.controller;

import android.net.ConnectivityManager;
import android.text.TextUtils;
import com.citi.mobile.framework.common.error.ApplicationException;
import com.citi.mobile.framework.common.error.BaseException;
import com.citi.mobile.framework.common.error.Error;
import com.citi.mobile.framework.common.utils.NetworkUtils;
import com.citi.mobile.framework.common.utils.logger.Logger;
import com.citi.mobile.framework.common.utils.rx.RxEventBus;
import com.citi.mobile.framework.network.model.CertValidator;
import com.citi.mobile.framework.network.model.CertificateResult;
import io.reactivex.Observable;
import io.reactivex.ObservableSource;
import io.reactivex.functions.Function;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import javax.net.ssl.HttpsURLConnection;
import runtime.Strings.StringIndexer;

/* loaded from: classes3.dex */
public class CertValidationServiceControllerImpl implements CertValidationServiceController {
    private static final int CONNECT_TIMEOUT = 10000;
    private static final int READ_TIMEOUT = 10000;
    private static final String TAG = "CertValidationServiceControllerImpl";
    private Function<String, Observable<?>> executeUrl;
    private final ConnectivityManager mConnectivityManager;
    private final RxEventBus mRxentBus;

    public CertValidationServiceControllerImpl(ConnectivityManager connectivityManager, RxEventBus rxEventBus) {
        this.mConnectivityManager = connectivityManager;
        this.mRxentBus = rxEventBus;
    }

    private CertificateResult checkDNSValidator(String str, Certificate certificate, CertificateResult certificateResult) {
        try {
            Iterator<String> it = getCNsFromChain(certificate).iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (!TextUtils.isEmpty(next) && next.equalsIgnoreCase(str)) {
                    certificateResult.setStatus(3);
                    return certificateResult;
                }
            }
        } catch (CertificateException unused) {
            certificateResult.setStatus(4);
        }
        certificateResult.setStatus(4);
        return certificateResult;
    }

    private void checkOCSPStatus(Certificate[] certificateArr, X509Certificate x509Certificate, CertificateResult certificateResult) {
        try {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            for (Certificate certificate : certificateArr) {
                if (isSelfSigned(certificate)) {
                    hashSet.add((X509Certificate) certificate);
                } else {
                    hashSet2.add((X509Certificate) certificate);
                }
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            HashSet hashSet3 = new HashSet();
            hashSet3.add(new TrustAnchor((X509Certificate) certificateArr[certificateArr.length - 1], null));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet3, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(hashSet2), "BC"));
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
            if (isOCSP(pKIXCertPathBuilderResult.getTrustAnchor(), pKIXCertPathBuilderResult.getCertPath())) {
                certificateResult.setStatus(3);
            } else {
                certificateResult.setStatus(5);
            }
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException | CertPathBuilderException unused) {
            certificateResult.setStatus(5);
        }
    }

    private CertificateResult checkValidity(X509Certificate x509Certificate, CertificateResult certificateResult) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException unused) {
            certificateResult.setStatus(1);
        } catch (CertificateNotYetValidException unused2) {
            certificateResult.setStatus(2);
        }
        certificateResult.setStatus(3);
        return certificateResult;
    }

    private String convertInputStreamToString(InputStream inputStream) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            } catch (IOException e) {
                Logger.e("TAG", e.getMessage());
            }
        }
        return sb.toString();
    }

    private Observable<String> executeInternal(final String str, final CertValidation certValidation, final CertValidator certValidator) {
        return Observable.fromCallable(new Callable() { // from class: com.citi.mobile.framework.network.controller.-$$Lambda$CertValidationServiceControllerImpl$rLuiTv6Y3yeFGjaPxgm44Ir3JtU
            @Override // java.util.concurrent.Callable
            public final Object call() {
                return CertValidationServiceControllerImpl.this.lambda$executeInternal$2$CertValidationServiceControllerImpl(str, certValidator, certValidation);
            }
        });
    }

    private ArrayList<String> getCNsFromChain(Certificate certificate) throws CertificateException {
        ArrayList<String> arrayList = new ArrayList<>();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()));
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                subjectAlternativeNames = Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                if (list.size() >= 2) {
                    arrayList.add(list.get(1).toString());
                }
            }
        } catch (CertificateParsingException e) {
            Logger.e("Error parsing SubjectAltName in certificate: " + x509Certificate + "\r\nerror:" + e.getLocalizedMessage(), e);
        }
        for (int i = 0; i < arrayList.size(); i++) {
            arrayList.set(i, arrayList.get(i).replace("*.", ""));
        }
        return arrayList;
    }

    private Observable<?> getExecObservable() {
        return Observable.just(Boolean.valueOf(NetworkUtils.checkInternet(this.mConnectivityManager, this.mRxentBus))).flatMap(new Function() { // from class: com.citi.mobile.framework.network.controller.-$$Lambda$CertValidationServiceControllerImpl$KezLokKJra6wrC7oRnBEQaw1h1A
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                return CertValidationServiceControllerImpl.lambda$getExecObservable$1((Boolean) obj);
            }
        });
    }

    private boolean isOCSP(TrustAnchor trustAnchor, CertPath certPath) {
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(trustAnchor);
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
            pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.ONLY_END_ENTITY));
            pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
            pKIXParameters.setRevocationEnabled(true);
            certPathValidator.validate(certPath, pKIXParameters);
            return true;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | CertPathValidatorException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ ObservableSource lambda$getExecObservable$1(Boolean bool) throws Exception {
        if (bool.booleanValue()) {
            Logger.d("available", new Object[0]);
            return Observable.just("success");
        }
        Logger.e("Network Not available >>>>>>>>>>>>>>", new Object[0]);
        return Observable.error(new ApplicationException(Error.ErrorCode.CODE_NO_NETWORK_EXCEPTION));
    }

    private BaseException mapApiException(int i) {
        return i != 400 ? i != 500 ? i != 403 ? i != 404 ? new ApplicationException(String.valueOf(i)) : new ApplicationException(Error.ErrorCode.CODE_RESOURCE_NOT_FOUND_EXCEPTION) : new ApplicationException("ERROR_403") : new ApplicationException("ERROR_500") : new ApplicationException(Error.ErrorCode.CODE_INVALID_REQUEST_EXCEPTION);
    }

    private CertificateResult updateCertDetails(CertificateResult certificateResult, X509Certificate x509Certificate) {
        certificateResult.setIssuedOn(x509Certificate.getNotBefore());
        certificateResult.setExpiryDate(x509Certificate.getNotAfter());
        certificateResult.setExpiryDate(x509Certificate.getNotAfter());
        return certificateResult;
    }

    @Override // com.citi.mobile.framework.network.controller.CertValidationServiceController
    public Observable<String> execute(final String str, final CertValidation certValidation, final CertValidator certValidator) {
        return getExecObservable().flatMap(new Function() { // from class: com.citi.mobile.framework.network.controller.-$$Lambda$CertValidationServiceControllerImpl$S8lN29y-RxPI4ZxMZvEF6rvI9MY
            @Override // io.reactivex.functions.Function
            public final Object apply(Object obj) {
                return CertValidationServiceControllerImpl.this.lambda$execute$0$CertValidationServiceControllerImpl(str, certValidation, certValidator, obj);
            }
        });
    }

    public boolean isSelfSigned(Certificate certificate) {
        try {
            certificate.verify(certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException | SignatureException | Exception unused) {
            return false;
        }
    }

    public /* synthetic */ ObservableSource lambda$execute$0$CertValidationServiceControllerImpl(String str, CertValidation certValidation, CertValidator certValidator, Object obj) throws Exception {
        return executeInternal(str, certValidation, certValidator);
    }

    public /* synthetic */ String lambda$executeInternal$2$CertValidationServiceControllerImpl(String str, CertValidator certValidator, CertValidation certValidation) throws Exception {
        HttpsURLConnection httpsURLConnection = null;
        try {
            URL url = new URL(str);
            HttpsURLConnection httpsURLConnection2 = (HttpsURLConnection) url.openConnection();
            try {
                httpsURLConnection2.setReadTimeout(10000);
                httpsURLConnection2.setConnectTimeout(10000);
                httpsURLConnection2.setRequestProperty(StringIndexer._getString("3704"), "application/json");
                httpsURLConnection2.setRequestProperty("Authorization", "AUTH");
                httpsURLConnection2.setDoInput(true);
                httpsURLConnection2.connect();
                Certificate[] serverCertificates = httpsURLConnection2.getServerCertificates();
                CertificateResult certificateResult = new CertificateResult(str, url.getHost());
                updateCertDetails(certificateResult, (X509Certificate) serverCertificates[0]);
                if (certValidator != null) {
                    if (certValidator.isCertValidityCheckEnabled()) {
                        checkValidity((X509Certificate) serverCertificates[0], certificateResult);
                    }
                    if (certValidator.isHostCheckEnabled()) {
                        checkDNSValidator(url.getHost(), serverCertificates[0], certificateResult);
                    }
                }
                if (certificateResult.getStatus() != 3 || certValidation == null || !certValidation.isCertAuthentic(certificateResult)) {
                    throw new ApplicationException(String.valueOf(certificateResult.getStatus()));
                }
                int responseCode = httpsURLConnection2.getResponseCode();
                if (responseCode != 200) {
                    throw mapApiException(responseCode);
                }
                String convertInputStreamToString = convertInputStreamToString(httpsURLConnection2.getInputStream());
                if (httpsURLConnection2 != null) {
                    httpsURLConnection2.disconnect();
                }
                return convertInputStreamToString;
            } catch (Throwable th) {
                th = th;
                httpsURLConnection = httpsURLConnection2;
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }
}
