package ctrip.android.network.sslpinning.pinning;

import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import ctrip.android.basebusiness.env.Env;
import ctrip.android.network.sslpinning.configuration.PublicKeyPin;
import ctrip.android.service.mobileconfig.CtripMobileConfigManager;
import ctrip.business.imageloader.util.WebpSupportUtils;
import ctrip.foundation.storage.CTKVStorage;
import ctrip.foundation.util.StringUtil;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.Interceptor;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes5.dex */
public class OkHttp3Helper {
    private static final String KVDomain = "SSLPinKVConfig";
    private static boolean enableSSLPinning = true;
    private static boolean hasCheckedMobileConfig;
    private static HashSet<String> balckList = new HashSet<>();
    private static X509TrustManager trustManager = new OkHttpRootTrustManager();
    private static Set<PublicKeyPin> publicKeyPins = new HashSet(Arrays.asList(new PublicKeyPin("2P5DNxKj470aMBycYc8iJI7l5cireUAkhhutWDAVD50="), new PublicKeyPin("MIKoeatlSqVA3aCIrE0/JYoP9vF4XSCTPHy+c9vAsKk="), new PublicKeyPin("r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=")));

    private static boolean disableSSLPinningFromConfig() {
        return CTKVStorage.getInstance().getBoolean(KVDomain, "disable_ssl_pinning", false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<PublicKeyPin> getDefaultPublicKeyPins() {
        if (publicKeyPins == null) {
            publicKeyPins = new HashSet(Arrays.asList(new PublicKeyPin("2P5DNxKj470aMBycYc8iJI7l5cireUAkhhutWDAVD50="), new PublicKeyPin("MIKoeatlSqVA3aCIrE0/JYoP9vF4XSCTPHy+c9vAsKk="), new PublicKeyPin("r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=")));
        }
        return publicKeyPins;
    }

    @NonNull
    @RequiresApi(api = 17)
    public static Interceptor getPinningInterceptor() {
        return new OkHttp3PinningInterceptor((OkHttpRootTrustManager) trustManager);
    }

    @NonNull
    public static SSLSocketFactory getSSLSocketFactory() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new X509TrustManager[]{trustManager}, null);
            return sSLContext.getSocketFactory();
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            e.printStackTrace();
            throw new IllegalStateException("SSLSocketFactory creation failed");
        }
    }

    @NonNull
    public static X509TrustManager getTrustManager() {
        return trustManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isEnableSSLPinning() {
        CtripMobileConfigManager.CtripMobileConfigModel mobileConfigModelByCategory;
        if (!hasCheckedMobileConfig && (mobileConfigModelByCategory = CtripMobileConfigManager.getMobileConfigModelByCategory("SSLPinningConfig")) != null && mobileConfigModelByCategory.configJSON() != null) {
            hasCheckedMobileConfig = true;
            JSONObject configJSON = mobileConfigModelByCategory.configJSON();
            enableSSLPinning = configJSON.optBoolean("enable", true);
            JSONArray optJSONArray = configJSON.optJSONArray("blackList");
            if (optJSONArray != null) {
                for (int i = 0; i < optJSONArray.length(); i++) {
                    String optString = optJSONArray.optString(i);
                    if (StringUtil.isNotEmpty(optString)) {
                        balckList.add(optString);
                    }
                }
            }
        }
        return enableSSLPinning && Env.isProductEnv() && !disableSSLPinningFromConfig();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isInBlackList(String str) {
        if (TextUtils.isEmpty(str) || balckList.isEmpty()) {
            return false;
        }
        return balckList.contains(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean needCertificateCheck(@NonNull String str) {
        return str.endsWith(".ctrip.com") || str.endsWith(".ctrip.cn") || str.endsWith(".ctripcorp.com") || str.endsWith(".tieyou.com") || str.endsWith(".hhtravel.com") || str.endsWith(WebpSupportUtils.WEBP_URL_KEY2_TAIL) || str.endsWith(".ctripbuy.hk") || str.endsWith(".trip.com") || str.endsWith(".ctrip.net") || str.endsWith(".suanya.com") || str.endsWith(".suanya.cn");
    }
}
