package com.android.server.wifi.hotspot2;

import android.net.Network;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import android.util.Pair;
import com.android.server.wifi.aware.WifiAwareDataPathStateManager;
import com.android.server.wifi.hotspot2.PasspointProvisioner;
import com.android.server.wifi.hotspot2.soap.HttpsServiceConnection;
import com.android.server.wifi.hotspot2.soap.HttpsTransport;
import com.android.server.wifi.hotspot2.soap.SoapParser;
import com.android.server.wifi.hotspot2.soap.SppResponseMessage;
import com.android.wifi.x.org.ksoap2.HeaderProperty;
import com.android.wifi.x.org.ksoap2.serialization.AttributeInfo;
import com.android.wifi.x.org.ksoap2.serialization.SoapObject;
import com.android.wifi.x.org.ksoap2.serialization.SoapSerializationEnvelope;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class OsuServerConnection {
    private Handler mHandler;
    private HttpsTransport mHttpsTransport;
    private Looper mLooper;
    private Network mNetwork;
    private PasspointProvisioner.OsuServerCallbacks mOsuServerCallbacks;
    private HandlerThread mOsuServerHandlerThread;
    private SSLSocketFactory mSocketFactory;
    private WFATrustManager mTrustManager;
    private URL mUrl;
    private HttpsServiceConnection mServiceConnection = null;
    private HttpsURLConnection mUrlConnection = null;
    private boolean mSetupComplete = false;
    private boolean mVerboseLoggingEnabled = false;

    /* loaded from: classes.dex */
    class WFATrustManager implements X509TrustManager {
        private X509TrustManager mDelegate;
        private List mServerCerts;

        WFATrustManager(X509TrustManager x509TrustManager) {
            this.mDelegate = x509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (OsuServerConnection.this.mVerboseLoggingEnabled) {
                Log.v("PasspointOsuServerConnection", "checkClientTrusted " + str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (OsuServerConnection.this.mVerboseLoggingEnabled) {
                Log.v("PasspointOsuServerConnection", "checkServerTrusted " + str);
            }
            boolean z = false;
            try {
                this.mDelegate.checkServerTrusted(x509CertificateArr, str);
                this.mServerCerts = Arrays.asList(x509CertificateArr);
                z = true;
            } catch (CertificateException e) {
                Log.e("PasspointOsuServerConnection", "Certificate validation failure: " + e);
                int i = 0;
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    Log.e("PasspointOsuServerConnection", "Cert " + i + " details: " + x509Certificate.getSubjectDN());
                    Log.e("PasspointOsuServerConnection", "Not before: " + x509Certificate.getNotBefore() + ", not after: " + x509Certificate.getNotAfter());
                    Log.e("PasspointOsuServerConnection", "Cert " + i + " issuer: " + x509Certificate.getIssuerDN());
                    i++;
                }
            }
            if (OsuServerConnection.this.mOsuServerCallbacks != null) {
                OsuServerConnection.this.mOsuServerCallbacks.onServerValidationStatus(OsuServerConnection.this.mOsuServerCallbacks.getSessionId(), z);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            if (!OsuServerConnection.this.mVerboseLoggingEnabled) {
                return null;
            }
            Log.v("PasspointOsuServerConnection", "getAcceptedIssuers ");
            return null;
        }

        public X509Certificate getProviderCert() {
            if (this.mServerCerts == null || this.mServerCerts.size() <= 0) {
                return null;
            }
            X509Certificate x509Certificate = null;
            String host = OsuServerConnection.this.mUrl.getHost();
            try {
                for (X509Certificate x509Certificate2 : this.mServerCerts) {
                    Collection<List<?>> subjectAlternativeNames = x509Certificate2.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        Iterator<List<?>> it = subjectAlternativeNames.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            List<?> next = it.next();
                            if (next != null && next.size() >= 2 && next.get(0).getClass() == Integer.class && next.get(1).toString().equals(host)) {
                                x509Certificate = x509Certificate2;
                                if (OsuServerConnection.this.mVerboseLoggingEnabled) {
                                    Log.v("PasspointOsuServerConnection", "OsuCert found");
                                }
                            }
                        }
                    }
                }
            } catch (CertificateParsingException e) {
                Log.e("PasspointOsuServerConnection", "Unable to match certificate to " + host);
                if (OsuServerConnection.this.mVerboseLoggingEnabled) {
                    e.printStackTrace();
                }
            }
            return x509Certificate;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OsuServerConnection(Looper looper) {
        this.mLooper = looper;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: cleanupConnection, reason: merged with bridge method [inline-methods] */
    public void lambda$cleanup$3() {
        if (this.mUrlConnection != null) {
            this.mUrlConnection.disconnect();
            this.mUrlConnection = null;
        }
        if (this.mServiceConnection != null) {
            this.mServiceConnection.disconnect();
            this.mServiceConnection = null;
        }
    }

    private X509Certificate getCert(String str) {
        if (str != null) {
            try {
                if (str.toLowerCase(Locale.US).startsWith("https://")) {
                    try {
                        try {
                            URL url = new URL(str);
                            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                            if (this.mServiceConnection != null) {
                                this.mServiceConnection.disconnect();
                            }
                            this.mServiceConnection = getServiceConnection(url, this.mNetwork);
                            if (this.mServiceConnection == null) {
                                this.mServiceConnection.disconnect();
                                this.mServiceConnection = null;
                                return null;
                            }
                            this.mServiceConnection.setRequestMethod("GET");
                            this.mServiceConnection.setRequestProperty("Accept-Encoding", "gzip");
                            if (this.mServiceConnection.getResponseCode() != 200) {
                                Log.e("PasspointOsuServerConnection", "The response code of the HTTPS GET to " + str + " is not OK, but " + this.mServiceConnection.getResponseCode());
                                this.mServiceConnection.disconnect();
                                this.mServiceConnection = null;
                                return null;
                            }
                            boolean z = false;
                            boolean z2 = false;
                            for (HeaderProperty headerProperty : this.mServiceConnection.getResponseProperties()) {
                                if (headerProperty != null && headerProperty.getKey() != null && headerProperty.getValue() != null) {
                                    if (headerProperty.getKey().equalsIgnoreCase("Content-Type") && (headerProperty.getValue().equals("application/pkcs7-mime") || headerProperty.getValue().equals("application/x-x509-ca-cert"))) {
                                        if (this.mVerboseLoggingEnabled) {
                                            Log.v("PasspointOsuServerConnection", "a certificate found in a HTTPS response from " + str);
                                        }
                                        z = true;
                                    }
                                    if (headerProperty.getKey().equalsIgnoreCase("Content-Transfer-Encoding") && headerProperty.getValue().equalsIgnoreCase("base64")) {
                                        if (this.mVerboseLoggingEnabled) {
                                            Log.v("PasspointOsuServerConnection", "base64 encoding content in a HTTP response from " + str);
                                        }
                                        z2 = true;
                                    }
                                }
                            }
                            if (!z) {
                                Log.e("PasspointOsuServerConnection", "no X509Certificate found in the HTTPS response");
                                this.mServiceConnection.disconnect();
                                this.mServiceConnection = null;
                                return null;
                            }
                            InputStream openInputStream = this.mServiceConnection.openInputStream();
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            byte[] bArr = new byte[8192];
                            while (true) {
                                int read = openInputStream.read(bArr, 0, 8192);
                                if (read == -1) {
                                    break;
                                }
                                byteArrayOutputStream.write(bArr, 0, read);
                            }
                            openInputStream.close();
                            byteArrayOutputStream.flush();
                            byte[] byteArray = byteArrayOutputStream.toByteArray();
                            if (z2) {
                                byteArray = Base64.decode(new String(byteArray), 0);
                            }
                            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(byteArray));
                            if (this.mVerboseLoggingEnabled) {
                                Log.v("PasspointOsuServerConnection", "cert : " + x509Certificate.getSubjectDN());
                            }
                            this.mServiceConnection.disconnect();
                            this.mServiceConnection = null;
                            return x509Certificate;
                        } catch (IllegalArgumentException e) {
                            Log.e("PasspointOsuServerConnection", "Failed to decode the data: " + e);
                            this.mServiceConnection.disconnect();
                            this.mServiceConnection = null;
                            return null;
                        }
                    } catch (IOException e2) {
                        Log.e("PasspointOsuServerConnection", "Failed to get the data from " + str + ": " + e2);
                        this.mServiceConnection.disconnect();
                        this.mServiceConnection = null;
                        return null;
                    } catch (CertificateException e3) {
                        Log.e("PasspointOsuServerConnection", "Failed to get instance for CertificateFactory " + e3);
                        this.mServiceConnection.disconnect();
                        this.mServiceConnection = null;
                        return null;
                    }
                }
            } catch (Throwable th) {
                this.mServiceConnection.disconnect();
                this.mServiceConnection = null;
                throw th;
            }
        }
        Log.e("PasspointOsuServerConnection", "invalid certUrl provided");
        return null;
    }

    private HttpsServiceConnection getServiceConnection(URL url, Network network) {
        try {
            this.mHttpsTransport = HttpsTransport.createInstance(network, url);
            HttpsServiceConnection httpsServiceConnection = (HttpsServiceConnection) this.mHttpsTransport.getServiceConnection();
            if (httpsServiceConnection != null) {
                httpsServiceConnection.setSSLSocketFactory(this.mSocketFactory);
            }
            return httpsServiceConnection;
        } catch (IOException e) {
            Log.e("PasspointOsuServerConnection", "Unable to establish a URL connection");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: performRetrievingTrustRootCerts, reason: merged with bridge method [inline-methods] */
    public void lambda$retrieveTrustRootCerts$2(Map map) {
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : map.entrySet()) {
            ArrayList arrayList = new ArrayList();
            Iterator it = ((Map) entry.getValue()).entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry entry2 = (Map.Entry) it.next();
                if (entry2.getValue() == null) {
                    hashMap.clear();
                    break;
                }
                X509Certificate cert = getCert((String) entry2.getKey());
                if (cert == null) {
                    hashMap.clear();
                    break;
                }
                if (ServiceProviderVerifier.verifyCertFingerprint(cert, (byte[]) entry2.getValue())) {
                    arrayList.add(cert);
                } else {
                    hashMap.clear();
                    Log.e("PasspointOsuServerConnection", "Fingerprint does not match the certificate " + (cert.getSubjectDN() != null ? cert.getSubjectDN().getName() : ""));
                }
            }
            if (!arrayList.isEmpty()) {
                hashMap.put((Integer) entry.getKey(), arrayList);
            }
        }
        if (this.mOsuServerCallbacks != null) {
            this.mOsuServerCallbacks.onReceivedTrustRootCertificates(this.mOsuServerCallbacks.getSessionId(), hashMap);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: performSoapMessageExchange, reason: merged with bridge method [inline-methods] */
    public void lambda$exchangeSoapMessage$1(SoapSerializationEnvelope soapSerializationEnvelope) {
        if (this.mServiceConnection != null) {
            this.mServiceConnection.disconnect();
        }
        this.mServiceConnection = getServiceConnection(this.mUrl, this.mNetwork);
        try {
            if (this.mServiceConnection == null) {
                Log.e("PasspointOsuServerConnection", "ServiceConnection for https is null");
                if (this.mOsuServerCallbacks != null) {
                    this.mOsuServerCallbacks.onReceivedSoapMessage(this.mOsuServerCallbacks.getSessionId(), null);
                    return;
                }
                return;
            }
            this.mHttpsTransport.call("", soapSerializationEnvelope);
            Object obj = soapSerializationEnvelope.bodyIn;
            if (obj == null) {
                Log.e("PasspointOsuServerConnection", "SoapObject is null");
                if (this.mOsuServerCallbacks != null) {
                    this.mOsuServerCallbacks.onReceivedSoapMessage(this.mOsuServerCallbacks.getSessionId(), null);
                }
                return;
            }
            if (!(obj instanceof SoapObject)) {
                Log.e("PasspointOsuServerConnection", "Not a SoapObject instance");
                if (this.mOsuServerCallbacks != null) {
                    this.mOsuServerCallbacks.onReceivedSoapMessage(this.mOsuServerCallbacks.getSessionId(), null);
                }
                return;
            }
            SoapObject soapObject = (SoapObject) obj;
            if (this.mVerboseLoggingEnabled) {
                for (int i = 0; i < soapObject.getAttributeCount(); i++) {
                    AttributeInfo attributeInfo = new AttributeInfo();
                    soapObject.getAttributeInfo(i, attributeInfo);
                    Log.v("PasspointOsuServerConnection", "Attribute : " + attributeInfo.toString());
                }
                Log.v("PasspointOsuServerConnection", "response : " + soapObject.toString());
            }
            SppResponseMessage response = SoapParser.getResponse(soapObject);
            this.mServiceConnection.disconnect();
            this.mServiceConnection = null;
            if (this.mOsuServerCallbacks != null) {
                this.mOsuServerCallbacks.onReceivedSoapMessage(this.mOsuServerCallbacks.getSessionId(), response);
            }
        } catch (Exception e) {
            if (e instanceof SSLHandshakeException) {
                Log.e("PasspointOsuServerConnection", "Failed to make TLS connection: " + e);
            } else {
                Log.e("PasspointOsuServerConnection", "Failed to exchange the SOAP message: " + e);
            }
            if (this.mOsuServerCallbacks != null) {
                this.mOsuServerCallbacks.onReceivedSoapMessage(this.mOsuServerCallbacks.getSessionId(), null);
            }
        } finally {
            this.mServiceConnection.disconnect();
            this.mServiceConnection = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: performTlsConnection, reason: merged with bridge method [inline-methods] */
    public void lambda$connect$0(URL url, Network network) {
        this.mNetwork = network;
        this.mUrl = url;
        try {
            URLConnection openConnection = this.mNetwork.openConnection(this.mUrl);
            if (!(openConnection instanceof HttpsURLConnection)) {
                Log.e("PasspointOsuServerConnection", "Invalid URL connection");
                if (this.mOsuServerCallbacks != null) {
                    this.mOsuServerCallbacks.onServerConnectionStatus(this.mOsuServerCallbacks.getSessionId(), false);
                    return;
                }
                return;
            }
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
            try {
                httpsURLConnection.setSSLSocketFactory(this.mSocketFactory);
                httpsURLConnection.setConnectTimeout(WifiAwareDataPathStateManager.ADDRESS_VALIDATION_TIMEOUT_MS);
                httpsURLConnection.setReadTimeout(WifiAwareDataPathStateManager.ADDRESS_VALIDATION_TIMEOUT_MS);
                httpsURLConnection.connect();
                this.mUrlConnection = httpsURLConnection;
                if (this.mOsuServerCallbacks != null) {
                    this.mOsuServerCallbacks.onServerConnectionStatus(this.mOsuServerCallbacks.getSessionId(), true);
                }
            } catch (IOException e) {
                Log.e("PasspointOsuServerConnection", "Unable to establish a URL connection: " + e);
                if (this.mOsuServerCallbacks != null) {
                    this.mOsuServerCallbacks.onServerConnectionStatus(this.mOsuServerCallbacks.getSessionId(), false);
                }
            }
        } catch (IOException e2) {
            Log.e("PasspointOsuServerConnection", "Unable to establish a URL connection: " + e2);
            if (this.mOsuServerCallbacks != null) {
                this.mOsuServerCallbacks.onServerConnectionStatus(this.mOsuServerCallbacks.getSessionId(), false);
            }
        }
    }

    public boolean canValidateServer() {
        return this.mSetupComplete;
    }

    public void cleanup() {
        this.mHandler.post(new Runnable() { // from class: com.android.server.wifi.hotspot2.OsuServerConnection$$ExternalSyntheticLambda3
            @Override // java.lang.Runnable
            public final void run() {
                OsuServerConnection.this.lambda$cleanup$3();
            }
        });
    }

    public boolean connect(final URL url, final Network network) {
        if (url == null) {
            Log.e("PasspointOsuServerConnection", "URL is null");
            return false;
        }
        if (network == null) {
            Log.e("PasspointOsuServerConnection", "network is null");
            return false;
        }
        if (TextUtils.equals(url.getProtocol(), "https")) {
            this.mHandler.post(new Runnable() { // from class: com.android.server.wifi.hotspot2.OsuServerConnection$$ExternalSyntheticLambda2
                @Override // java.lang.Runnable
                public final void run() {
                    OsuServerConnection.this.lambda$connect$0(url, network);
                }
            });
            return true;
        }
        Log.e("PasspointOsuServerConnection", "OSU server URL must be HTTPS");
        return false;
    }

    public void enableVerboseLogging(boolean z) {
        this.mVerboseLoggingEnabled = z;
    }

    public boolean exchangeSoapMessage(final SoapSerializationEnvelope soapSerializationEnvelope) {
        if (this.mNetwork == null) {
            Log.e("PasspointOsuServerConnection", "Network is not established");
            return false;
        }
        if (this.mUrlConnection == null) {
            Log.e("PasspointOsuServerConnection", "Server certificate is not validated");
            return false;
        }
        if (soapSerializationEnvelope == null) {
            Log.e("PasspointOsuServerConnection", "soapEnvelope is null");
            return false;
        }
        this.mHandler.post(new Runnable() { // from class: com.android.server.wifi.hotspot2.OsuServerConnection$$ExternalSyntheticLambda0
            @Override // java.lang.Runnable
            public final void run() {
                OsuServerConnection.this.lambda$exchangeSoapMessage$1(soapSerializationEnvelope);
            }
        });
        return true;
    }

    public void init(SSLContext sSLContext, TrustManagerFactory trustManagerFactory) {
        if (sSLContext == null || trustManagerFactory == null) {
            Log.e("PasspointOsuServerConnection", "Invalid arguments passed to init");
            return;
        }
        X509TrustManager x509TrustManager = null;
        try {
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
                i++;
            }
            if (x509TrustManager == null) {
                Log.e("PasspointOsuServerConnection", "Unable to initialize trust manager");
                return;
            }
            this.mTrustManager = new WFATrustManager(x509TrustManager);
            sSLContext.init(null, new TrustManager[]{this.mTrustManager}, null);
            this.mSocketFactory = sSLContext.getSocketFactory();
            this.mSetupComplete = true;
            if (this.mLooper == null) {
                this.mOsuServerHandlerThread = new HandlerThread("OsuServerHandler");
                this.mOsuServerHandlerThread.start();
                this.mLooper = this.mOsuServerHandlerThread.getLooper();
            }
            this.mHandler = new Handler(this.mLooper);
        } catch (KeyManagementException e) {
            Log.w("PasspointOsuServerConnection", "Initialization failed");
            e.printStackTrace();
        }
    }

    public boolean retrieveTrustRootCerts(final Map map) {
        if (this.mNetwork == null) {
            Log.e("PasspointOsuServerConnection", "Network is not established");
            return false;
        }
        if (this.mUrlConnection == null) {
            Log.e("PasspointOsuServerConnection", "Server certificate is not validated");
            return false;
        }
        if (map == null || map.isEmpty()) {
            Log.e("PasspointOsuServerConnection", "TrustCertsInfo is not valid");
            return false;
        }
        this.mHandler.post(new Runnable() { // from class: com.android.server.wifi.hotspot2.OsuServerConnection$$ExternalSyntheticLambda1
            @Override // java.lang.Runnable
            public final void run() {
                OsuServerConnection.this.lambda$retrieveTrustRootCerts$2(map);
            }
        });
        return true;
    }

    public void setEventCallback(PasspointProvisioner.OsuServerCallbacks osuServerCallbacks) {
        this.mOsuServerCallbacks = osuServerCallbacks;
    }

    public boolean validateProvider(Map map) {
        if (map.size() == 0) {
            return false;
        }
        for (Pair pair : ServiceProviderVerifier.getProviderNames(this.mTrustManager.getProviderCert())) {
            if (pair.first != null && !TextUtils.isEmpty((CharSequence) pair.second) && TextUtils.equals((CharSequence) pair.second, (CharSequence) map.get(((Locale) pair.first).getISO3Language()))) {
                if (!this.mVerboseLoggingEnabled) {
                    return true;
                }
                Log.v("PasspointOsuServerConnection", "OSU certificate is valid for " + ((Locale) pair.first).getISO3Language() + "/" + ((String) pair.second));
                return true;
            }
        }
        return false;
    }
}
