package com.backbase.cxpandroid.rendering.inner.web.impl;

import android.util.Log;
import com.backbase.cxpandroid.configurations.Security;
import com.backbase.cxpandroid.configurations.inner.CxpConfigurationManager;
import com.backbase.cxpandroid.core.security.CxpSecurityMessageHandler;
import com.backbase.cxpandroid.core.utils.CxpLogger;
import com.backbase.cxpandroid.core.utils.StringUtils;
import com.backbase.cxpandroid.utils.net.NetworkConnector;
import com.backbase.cxpandroid.utils.net.NetworkConnectorBuilder;
import com.backbase.cxpandroid.utils.net.NetworkResponse;
import com.backbase.cxpandroid.utils.net.RequestListener;
import com.backbase.cxpandroid.utils.net.ServerRequestWorker;
import com.backbase.cxpandroid.utils.net.utils.DomainsMatcher;
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

/* loaded from: classes2.dex */
public class BBWebViewSecurityHelper {
    private static final String LOGTAG = "BBWebViewSecurityHelper";
    private DomainsMatcher domainsMatcher;
    private CxpSecurityMessageHandler securityMessageHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public class b implements HostnameVerifier {
        private b(BBWebViewSecurityHelper bBWebViewSecurityHelper) {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            Log.i("RestUtilImpl", "Approving certificate for " + str);
            return true;
        }
    }

    public BBWebViewSecurityHelper(DomainsMatcher domainsMatcher, CxpSecurityMessageHandler cxpSecurityMessageHandler) {
        this.domainsMatcher = domainsMatcher;
        this.securityMessageHandler = cxpSecurityMessageHandler;
    }

    private boolean sslPinnedCertificatesOnConfig() {
        return !CxpConfigurationManager.getConfiguration().getSecurity().getSslPinning().getCertificates().isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean allowUntrustedCertificates() {
        return CxpConfigurationManager.getConfiguration().getDevelopment().isDebugEnabled() && CxpConfigurationManager.getConfiguration().getDevelopment().isAllowUntrustedCertificates();
    }

    protected NetworkResponse checkChainOnly(String str) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        NetworkConnectorBuilder networkConnectorBuilder = new NetworkConnectorBuilder(str);
        networkConnectorBuilder.addHostNameVerifier(HttpsURLConnection.getDefaultHostnameVerifier());
        networkConnectorBuilder.addRequestMethod(NetworkConnector.RequestMethods.HEAD);
        networkConnectorBuilder.addSslSocketFactory(NetworkConnectorBuilder.Configurations.getDefaultSocketFactory());
        return networkConnectorBuilder.buildConnection().connect();
    }

    protected NetworkConnector getHandshakeConnector(String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        NetworkConnectorBuilder networkConnectorBuilder = new NetworkConnectorBuilder(str);
        networkConnectorBuilder.addHostNameVerifier(new b());
        networkConnectorBuilder.addRequestMethod(NetworkConnector.RequestMethods.HEAD);
        return networkConnectorBuilder.buildConnection();
    }

    protected boolean isValidCertificate(String str) {
        if (allowUntrustedCertificates()) {
            return true;
        }
        try {
            NetworkResponse checkChainOnly = this.domainsMatcher.domainMatchesPattern(str, CxpConfigurationManager.getConfiguration().getSecurity().getSslPinning().getDomainExceptions()) ? checkChainOnly(str) : validateSyncSslRequest(str);
            if (checkChainOnly.getResponseCode() != 495) {
                return true;
            }
            throw new CertificateException(checkChainOnly.getErrorMessage());
        } catch (Exception e10) {
            this.securityMessageHandler.sendSecurityError("SSL Certificate violation: " + e10.getLocalizedMessage());
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidRequest(String str) {
        Security security = CxpConfigurationManager.getConfiguration().getSecurity();
        List<String> allowedDomains = security.getAllowedDomains();
        if (security.isBlockWebViewRequests()) {
            this.securityMessageHandler.sendSecurityError("Request denied from Webview due to blockWebViewRequest configuration flag. (URL = " + str + ")");
            return false;
        }
        if (this.domainsMatcher.domainMatchesPattern(str, allowedDomains)) {
            if (str.startsWith("https") && sslPinnedCertificatesOnConfig()) {
                return isValidCertificate(str);
            }
            return true;
        }
        CxpLogger.error(LOGTAG, "URL blocked by whitelist: " + str);
        this.securityMessageHandler.sendSecurityError("URL blocked by whitelist: " + str);
        return false;
    }

    public void validateSslRequest(String str, RequestListener requestListener) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        new ServerRequestWorker(getHandshakeConnector(StringUtils.getHandshakeHost(new URL(str))), requestListener).start();
    }

    public NetworkResponse validateSyncSslRequest(String str) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        return getHandshakeConnector(StringUtils.getHandshakeHost(new URL(str))).connect();
    }
}
