package com.xunmeng.basiccomponent.superlink.internal;

import android.text.TextUtils;
import com.xunmeng.core.config.Configuration;
import com.xunmeng.core.log.Logger;
import com.xunmeng.pinduoduo.b.h;
import com.xunmeng.pinduoduo.basekit.util.TimeStamp;
import com.xunmeng.pinduoduo.basekit.util.r;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

/* loaded from: classes2.dex */
public class a {
    public static SSLContext a;

    static {
        if (com.xunmeng.manwe.hotfix.b.a(57496, null, new Object[0])) {
            return;
        }
        Configuration.getInstance().registerListener("super_link.cert_info", new com.xunmeng.core.config.d() { // from class: com.xunmeng.basiccomponent.superlink.internal.a.1
            {
                com.xunmeng.manwe.hotfix.b.a(57497, this, new Object[0]);
            }

            @Override // com.xunmeng.core.config.d
            public void onConfigChanged(String str, String str2, String str3) {
                if (!com.xunmeng.manwe.hotfix.b.a(57498, this, new Object[]{str, str2, str3}) && h.a("super_link.cert_info", (Object) str)) {
                    a.a = null;
                }
            }
        });
    }

    public static SSLContext a() {
        if (com.xunmeng.manwe.hotfix.b.b(57494, null, new Object[0])) {
            return (SSLContext) com.xunmeng.manwe.hotfix.b.a();
        }
        SSLContext sSLContext = a;
        if (sSLContext != null) {
            return sSLContext;
        }
        String configuration = Configuration.getInstance().getConfiguration("super_link.cert_info", "");
        Logger.i("SuperLink.CertificateUtils", "certInfoStr: %s", configuration);
        if (TextUtils.isEmpty(configuration)) {
            return null;
        }
        CertificateInfo certificateInfo = (CertificateInfo) r.a(configuration, CertificateInfo.class);
        if (certificateInfo == null) {
            Logger.e("SuperLink.CertificateUtils", "certInfo is null");
            return null;
        }
        String certHost = certificateInfo.getCertHost();
        try {
            SSLContext sSLContext2 = SSLContext.getInstance("TLS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(com.xunmeng.pinduoduo.basekit.commonutil.a.a(certificateInfo.getBase64Cert()));
            String password = certificateInfo.getPassword();
            keyStore.load(byteArrayInputStream, password.toCharArray());
            if (!a(keyStore, certHost)) {
                return null;
            }
            keyManagerFactory.init(keyStore, password.toCharArray());
            sSLContext2.init(keyManagerFactory.getKeyManagers(), null, null);
            a = sSLContext2;
            return sSLContext2;
        } catch (Throwable th) {
            Logger.e("SuperLink.CertificateUtils", "makeSSLContextWithP12CertificateFromAssets certInfo:%s, e:%s", configuration, th.toString());
            b.a(6003, th.toString(), certHost);
            return null;
        }
    }

    private static boolean a(KeyStore keyStore, String str) {
        if (com.xunmeng.manwe.hotfix.b.b(57495, null, new Object[]{keyStore, str})) {
            return ((Boolean) com.xunmeng.manwe.hotfix.b.a()).booleanValue();
        }
        String str2 = "";
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                try {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        ((X509Certificate) certificate).checkValidity(new Date(TimeStamp.getRealLocalTimeV2()));
                    }
                    str2 = nextElement;
                } catch (CertificateExpiredException unused) {
                    str2 = nextElement;
                    Logger.e("cert:%s is expired", str2);
                    b.a(6001, "cert is expired", str2, str);
                    return false;
                } catch (CertificateNotYetValidException unused2) {
                    str2 = nextElement;
                    Logger.e("cert:%s is not yet valid", str2);
                    b.a(6002, "cert is not yet valid", str2, str);
                    return false;
                } catch (Throwable th) {
                    th = th;
                    str2 = nextElement;
                    Logger.e("SuperLink.CertificateUtils", "checkCertValidity occur exception:%s", th.toString());
                    b.a(6003, th.toString(), str2, str);
                    return true;
                }
            }
        } catch (CertificateExpiredException unused3) {
        } catch (CertificateNotYetValidException unused4) {
        } catch (Throwable th2) {
            th = th2;
        }
        return true;
    }
}
