package nl.xservices.plugins;

import android.util.Log;
import java.io.IOException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.HttpsURLConnection;
import javax.security.cert.CertificateException;
import org.apache.cordova.CallbackContext;
import org.apache.cordova.CordovaPlugin;
import org.json.JSONArray;
import org.json.JSONException;

/* loaded from: classes.dex */
public class SSLCertificateChecker extends CordovaPlugin {
    private static final String ACTION_CHECK_EVENT = "check";
    private static char[] HEX_CHARS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};

    private static String dumpHex(byte[] bArr) {
        int length = bArr.length;
        StringBuilder sb = new StringBuilder((length * 3) - 1);
        for (int i = 0; i < length; i++) {
            if (i > 0) {
                sb.append(' ');
            }
            sb.append(HEX_CHARS[(bArr[i] >> 4) & 15]);
            sb.append(HEX_CHARS[bArr[i] & 15]);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ArrayList<String> getFingerprints(String str) throws IOException, NoSuchAlgorithmException, CertificateException, CertificateEncodingException {
        ArrayList<String> arrayList = new ArrayList<>();
        boolean z = false;
        Certificate[] certificateArr = new Certificate[0];
        try {
            URL url = new URL(str);
            String host = url.getHost();
            Log.w("Certificate", "Creating connection to host: " + host);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            try {
                Log.w("Certificate", "Opening connection to host: " + host);
                httpsURLConnection.setConnectTimeout(5000);
                httpsURLConnection.setReadTimeout(10000);
                httpsURLConnection.connect();
                try {
                    Log.w("Certificate", "Getting certificates from host: " + host);
                    Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
                    Log.w("Certificate", "Certificate count: " + serverCertificates.length);
                    for (int i = 0; i < serverCertificates.length; i++) {
                        Log.w("Certificate", "Certificate " + i + " type: " + serverCertificates[i].getClass().getName());
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                        messageDigest.update(serverCertificates[i].getEncoded());
                        String dumpHex = dumpHex(messageDigest.digest());
                        arrayList.add(dumpHex);
                        Log.w("Certificate", "Certificate " + i + " thumbprint: " + dumpHex);
                        if (!z && (serverCertificates[i] instanceof X509Certificate)) {
                            String principal = ((X509Certificate) serverCertificates[i]).getSubjectDN().toString();
                            Log.w("Certificate", "Certificate " + i + " subject: " + principal);
                            String[] split = principal.split(",");
                            for (int i2 = 0; i2 < split.length; i2++) {
                                if (split[i2].startsWith("CN=")) {
                                    String substring = split[i2].substring(3);
                                    if (substring.startsWith("*.")) {
                                        substring = substring.substring(2);
                                    }
                                    Log.w("Certificate", "Certificate " + i + " domain: " + substring);
                                    if (host.endsWith(substring)) {
                                        z = true;
                                        Log.w("Certificate", "Certificate  domain match");
                                    } else {
                                        Log.w("Certificate", "Certificate  domain does not match");
                                    }
                                }
                            }
                        }
                    }
                    return !z ? new ArrayList<>() : arrayList;
                } catch (Exception e) {
                    Log.e("Certificate", "Error getting certificates from " + str + ": " + e.getMessage());
                    return arrayList;
                }
            } catch (Exception e2) {
                Log.e("Certificate", "Error opening connection to " + str + ": " + e2.getMessage());
                return arrayList;
            }
        } catch (Exception e3) {
            Log.e("Certificate", "Error creating connection to " + str + ": " + e3.getMessage());
            return arrayList;
        }
    }

    @Override // org.apache.cordova.CordovaPlugin
    public boolean execute(String str, final JSONArray jSONArray, final CallbackContext callbackContext) throws JSONException {
        if (ACTION_CHECK_EVENT.equals(str)) {
            this.cordova.getThreadPool().execute(new Runnable() { // from class: nl.xservices.plugins.SSLCertificateChecker.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        String string = jSONArray.getString(0);
                        String[] split = jSONArray.getString(1).split(",");
                        ArrayList fingerprints = SSLCertificateChecker.getFingerprints(string);
                        Log.w("Certificate", "Checking " + fingerprints.size() + " certificates against known fingerprints:");
                        for (String str2 : split) {
                            Log.w("Certificate", "Known fingerprint: " + str2);
                        }
                        boolean z = false;
                        for (int i = 0; i < fingerprints.size(); i++) {
                            int i2 = 0;
                            while (true) {
                                if (i2 >= split.length) {
                                    break;
                                }
                                if (((String) fingerprints.get(i)).equalsIgnoreCase(split[i2])) {
                                    z = true;
                                    break;
                                }
                                i2++;
                            }
                            if (z) {
                                break;
                            }
                        }
                        if (z) {
                            Log.w("Certificate", "Connection is secure.");
                            callbackContext.success("CONNECTION_SECURE");
                        } else {
                            Log.e("Certificate", "Connection is not secure.");
                            callbackContext.success("CONNECTION_NOT_SECURE");
                        }
                    } catch (Exception e) {
                        Log.e("Certificate", "Error checking thumbprints: " + e.getMessage());
                        callbackContext.error("CONNECTION_FAILED. Details: " + e.getMessage());
                    }
                }
            });
            return true;
        }
        callbackContext.error("sslCertificateChecker." + str + " is not a supported function. Did you mean '" + ACTION_CHECK_EVENT + "'?");
        return false;
    }
}
