package com.btb.meap.mas.tas.client.ssl;

import android.os.Build;
import com.tionsoft.pc.core.constants.Const;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public class SecureSslContextFactory {
    private static final String PROTOCOL = "TLS";
    private SSLContext mClientContext;

    public SSLContext getClientContext() {
        return this.mClientContext;
    }

    public boolean setSecureKeyStore(TasClientSslConfig tasClientSslConfig) throws Exception {
        SSLContext sSLContext;
        if (tasClientSslConfig == null) {
            throw new Error("Failed to initialize the client-side SSLContext");
        }
        try {
            SslContextFactory sslContextFactory = new SslContextFactory();
            sslContextFactory.setProtocol(tasClientSslConfig.getProtocol());
            sslContextFactory.setKeyManagerFactoryAlgorithm(tasClientSslConfig.getKeyManagerAlgorithm());
            KeyStoreFactory keyStoreFactory = new KeyStoreFactory();
            keyStoreFactory.setPassword(tasClientSslConfig.getPasswd());
            keyStoreFactory.setType(tasClientSslConfig.getCertType());
            if (tasClientSslConfig.getInCertFile() == null) {
                return false;
            }
            keyStoreFactory.setData(IOUtils.toByteArray(tasClientSslConfig.getInCertFile()));
            KeyStore newInstance = keyStoreFactory.newInstance();
            sslContextFactory.setKeyManagerFactoryKeyStore(newInstance);
            sslContextFactory.setKeyManagerFactoryKeyStorePassword(tasClientSslConfig.getPasswd());
            if (tasClientSslConfig.isHandshake() && Build.VERSION.SDK_INT > 15) {
                sslContextFactory.setTrustManagerFactory(new EasyBogusTrustManagerFactory(newInstance, Const.Tls.TLS_KEY_MANAGER));
                sSLContext = sslContextFactory.newInstance();
                this.mClientContext = sSLContext;
                return true;
            }
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.btb.meap.mas.tas.client.ssl.SecureSslContextFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (x509Certificate != null && x509Certificate.getCriticalExtensionOIDs() != null) {
                            x509Certificate.getCriticalExtensionOIDs().remove("2.5.29.15");
                        }
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }}, null);
            this.mClientContext = sSLContext;
            return true;
        } catch (Exception unused) {
            return false;
        }
    }
}
