package com.cn.whr.iot.http;

import com.cn.whr.iot.commonutil.StringUtils;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionPool;
import okhttp3.OkHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
class OkHttpClientUtil {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OkHttpClientUtil.class);

    private OkHttpClientUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OkHttpClient getSslClientIgnoreExpire(OkHttpClient okHttpClient, InputStream inputStream) {
        final String str;
        final String str2;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            if (inputStream != null) {
                Certificate generateCertificate = certificateFactory.generateCertificate(inputStream);
                Principal subjectDN = ((X509Certificate) generateCertificate).getSubjectDN();
                Principal issuerDN = ((X509Certificate) generateCertificate).getIssuerDN();
                str2 = subjectDN.getName();
                str = issuerDN.getName();
            } else {
                str = null;
                str2 = null;
            }
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.cn.whr.iot.http.OkHttpClientUtil.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) {
                    if (OkHttpClientUtil.log.isInfoEnabled()) {
                        OkHttpClientUtil.log.info("do nothing in checkClientTrusted");
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
                    if (StringUtils.isNotEmpty(str2) && StringUtils.isNotEmpty(str)) {
                        try {
                            x509CertificateArr[0].checkValidity();
                            if (!x509CertificateArr[0].getSubjectDN().getName().equals(str2)) {
                                throw new CertificateException("server's SubjectDN is not equals to client's SubjectDN");
                            }
                            if (!x509CertificateArr[0].getIssuerDN().getName().equals(str)) {
                                throw new CertificateException("server's IssuerDN is not equals to client's IssuerDN");
                            }
                        } catch (CertificateExpiredException e) {
                            if (OkHttpClientUtil.log.isErrorEnabled()) {
                                OkHttpClientUtil.log.error(e.toString());
                            }
                            throw new CertificateException("Certificate not valid or trusted.");
                        }
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            OkHttpClient.Builder newBuilder = okHttpClient.newBuilder();
            newBuilder.connectTimeout(55L, TimeUnit.SECONDS).readTimeout(40L, TimeUnit.SECONDS);
            newBuilder.connectionPool(new ConnectionPool(3, 10L, TimeUnit.MINUTES));
            newBuilder.sslSocketFactory(socketFactory, (X509TrustManager) trustManagerArr[0]);
            if (inputStream == null) {
                newBuilder.hostnameVerifier(new HostnameVerifier() { // from class: com.cn.whr.iot.http.-$$Lambda$OkHttpClientUtil$WcB-DfnF0OgZdRt_c6ZWvKLuOGc
                    @Override // javax.net.ssl.HostnameVerifier
                    public final boolean verify(String str3, SSLSession sSLSession) {
                        return OkHttpClientUtil.lambda$getSslClientIgnoreExpire$0(str3, sSLSession);
                    }
                });
            }
            return newBuilder.build();
        } catch (KeyManagementException | NoSuchAlgorithmException | CertificateException e) {
            Logger logger = log;
            if (logger.isErrorEnabled()) {
                logger.error("https ssl certificate file error:" + e.getLocalizedMessage());
            }
            return okHttpClient;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ boolean lambda$getSslClientIgnoreExpire$0(String str, SSLSession sSLSession) {
        return true;
    }
}
