package com.hp.epe.security.network;

import android.os.Build;
import com.hp.eprint.ppl.client.util.Constants;
import com.hp.eprint.ppl.client.util.Log;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpHost;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;

/* loaded from: classes.dex */
public class SslAnalyzerImpl extends SslAnalyzer {
    private SSLContext sslContext;

    private boolean cantConfigureSslContext() {
        this.sslContext = null;
        try {
            if (Build.VERSION.SDK_INT >= 16) {
                this.sslContext = SSLContext.getInstance("TLSv1.2");
            } else {
                this.sslContext = SSLContext.getInstance("TLSv1");
            }
        } catch (NoSuchAlgorithmException e) {
            Log.e(Constants.LOG_TAG, "SslAnalyzer::NoSuchAlgorithmException while creating SSLContext", e);
            try {
                this.sslContext = SSLContext.getInstance(SSLSocketFactory.TLS);
            } catch (NoSuchAlgorithmException e2) {
                Log.e(Constants.LOG_TAG, "SslAnalyzer::NoSuchAlgorithmException while creating SSLContext second attempt", e2);
                return true;
            }
        }
        try {
            this.sslContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.hp.epe.security.network.SslAnalyzerImpl.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }}, null);
            return false;
        } catch (KeyManagementException e3) {
            Log.d(Constants.LOG_TAG, "SslAnalyzer::KeyManagementException while sslContext.init=cannot define ssltype");
            return true;
        }
    }

    @Override // com.hp.epe.security.network.SslAnalyzer
    public SslType tryHTTPConnection(URL url) {
        try {
            try {
                return ((HttpURLConnection) new URL(HttpHost.DEFAULT_SCHEME_NAME, url.getHost(), url.getPort(), getVersionPath(url)).openConnection()).getResponseCode() != 200 ? SslType.could_not_connect : SslType.http;
            } catch (IOException e) {
                e = e;
                Log.e(Constants.LOG_TAG, "SslAnalyzer::tryHTTPSConnection:: cannot connect with http::" + e.getMessage());
                return SslType.could_not_connect;
            }
        } catch (IOException e2) {
            e = e2;
        }
    }

    @Override // com.hp.epe.security.network.SslAnalyzer
    public SslType tryHTTPSConnection(URL url, int i, boolean z) {
        if (cantConfigureSslContext()) {
            return SslType.unknown;
        }
        try {
            SSLSocket sSLSocket = (SSLSocket) this.sslContext.getSocketFactory().createSocket();
            sSLSocket.connect(new InetSocketAddress(url.getHost(), getPort(url)), i);
            sSLSocket.startHandshake();
            if (!new BrowserCompatHostnameVerifier().verify(url.getHost(), sSLSocket.getSession())) {
                return SslType.https_hostname_does_not_match;
            }
            Log.d(Constants.LOG_TAG, "SslAnalyzer::hostname verifier=self-signed condition 1 out of 2");
            try {
                try {
                    try {
                        X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSocket.getSession().getPeerCertificates();
                        Log.d(Constants.LOG_TAG, "SslAnalyzer::peer certificates " + (x509CertificateArr == null ? " no certificates" : Integer.valueOf(x509CertificateArr.length)));
                        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                            SslType sslType = SslType.https_certificate_invalid;
                            Log.d(Constants.LOG_TAG, "SslAnalyzer::tryHTTPSConnection::finally::socket.close()");
                            try {
                                sSLSocket.close();
                                return sslType;
                            } catch (IOException e) {
                                Log.d(Constants.LOG_TAG, "SslAnalyzer::test ssl::IOException while closing socket::" + e.getMessage());
                                return sslType;
                            }
                        }
                        Log.d(Constants.LOG_TAG, "SslAnalyzer::peer certificates " + x509CertificateArr[0].getIssuerDN().getName());
                        x509CertificateArr[0].checkValidity();
                        Log.d(Constants.LOG_TAG, "tmf algo value = " + TrustManagerFactory.getDefaultAlgorithm());
                        try {
                            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                            trustManagerFactory.init((KeyStore) null);
                            X509TrustManager x509TrustManager = null;
                            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                            int length = trustManagers.length;
                            int i2 = 0;
                            while (true) {
                                if (i2 >= length) {
                                    break;
                                }
                                TrustManager trustManager = trustManagers[i2];
                                if (trustManager instanceof X509TrustManager) {
                                    x509TrustManager = (X509TrustManager) trustManager;
                                    break;
                                }
                                i2++;
                            }
                            if (x509TrustManager == null) {
                                Log.d(Constants.LOG_TAG, "SslAnalyzer::will return unknown");
                                return SslType.unknown;
                            }
                            try {
                                x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
                                Log.d(Constants.LOG_TAG, "SslAnalyzer:: RSA will return https_trusted");
                                return SslType.https_trusted;
                            } catch (CertificateException e2) {
                                Log.d(Constants.LOG_TAG, "SslAnalyzer:: CertificationException is::" + e2.getMessage() + " will return https_self_signed");
                                return SslType.https_self_signed;
                            }
                        } catch (KeyStoreException e3) {
                            Log.d(Constants.LOG_TAG, "SslAnalyzer::KeyStoreException while TrustManagerfactory.init=cannot define ssltype");
                            return SslType.unknown;
                        } catch (NoSuchAlgorithmException e4) {
                            Log.d(Constants.LOG_TAG, "SslAnalyzer::NoSuchAlgorithmException while TrustManagerfactory.init=cannot define ssltype");
                            return SslType.unknown;
                        }
                    } finally {
                        Log.d(Constants.LOG_TAG, "SslAnalyzer::tryHTTPSConnection::finally::socket.close()");
                        try {
                            sSLSocket.close();
                        } catch (IOException e5) {
                            Log.d(Constants.LOG_TAG, "SslAnalyzer::test ssl::IOException while closing socket::" + e5.getMessage());
                        }
                    }
                } catch (CertificateExpiredException e6) {
                    Log.d(Constants.LOG_TAG, "SslAnalyzer::CertificateExpiredException::" + e6.getMessage());
                    SslType sslType2 = SslType.https_certificate_invalid;
                    Log.d(Constants.LOG_TAG, "SslAnalyzer::tryHTTPSConnection::finally::socket.close()");
                    try {
                        sSLSocket.close();
                        return sslType2;
                    } catch (IOException e7) {
                        Log.d(Constants.LOG_TAG, "SslAnalyzer::test ssl::IOException while closing socket::" + e7.getMessage());
                        return sslType2;
                    }
                }
            } catch (CertificateNotYetValidException e8) {
                Log.d(Constants.LOG_TAG, "SslAnalyzer::CertificateNotYetValid::" + e8.getMessage());
                SslType sslType3 = SslType.https_certificate_invalid;
                Log.d(Constants.LOG_TAG, "SslAnalyzer::tryHTTPSConnection::finally::socket.close()");
                try {
                    sSLSocket.close();
                    return sslType3;
                } catch (IOException e9) {
                    Log.d(Constants.LOG_TAG, "SslAnalyzer::test ssl::IOException while closing socket::" + e9.getMessage());
                    return sslType3;
                }
            } catch (SSLPeerUnverifiedException e10) {
                Log.d(Constants.LOG_TAG, "SslAnalyzer::SSLPeerUnverifiedException during getPeerCertificates=self-signed condition 2 out of 2");
                SslType sslType4 = SslType.https_self_signed;
                Log.d(Constants.LOG_TAG, "SslAnalyzer::tryHTTPSConnection::finally::socket.close()");
                try {
                    sSLSocket.close();
                    return sslType4;
                } catch (IOException e11) {
                    Log.d(Constants.LOG_TAG, "SslAnalyzer::test ssl::IOException while closing socket::" + e11.getMessage());
                    return sslType4;
                }
            }
        } catch (IOException e12) {
            Log.e(Constants.LOG_TAG, "SslAnalyzer::IOException during SSL connection getMessage() = " + e12.getMessage());
            return SslType.could_not_connect;
        }
    }
}
