package com.sophos.nge.networksec.certpinning;

import G2.a;
import android.net.Network;
import b4.C0652b;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import java.io.BufferedInputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import l3.C1577b;
import l3.c;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.core5.http.HttpHeaders;
import org.jsoup.Connection;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Element;

/* loaded from: classes2.dex */
public class HttpsSecCheck {

    /* renamed from: a, reason: collision with root package name */
    private static HttpsSecCheck f20607a = new HttpsSecCheck();

    /* loaded from: classes2.dex */
    public enum ESimpleCheckResult {
        CHECK_RESULT_TRUE,
        CHECK_RESULT_FALSE,
        CHECK_RESULT_ERROR
    }

    private HttpsSecCheck() {
    }

    public static HttpsSecCheck e() {
        return f20607a;
    }

    private void g(HttpsURLConnection httpsURLConnection, List<String> list) {
        try {
            c a6 = c.a();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{a6}, new SecureRandom());
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
            httpsURLConnection.setHostnameVerifier(C1577b.a());
            a6.d(list);
            C1577b.a().b();
        } catch (Exception e6) {
            a4.c.f("NGEHSC", "TLS init failed", e6);
        }
    }

    public ESimpleCheckResult a(String str, Network network) {
        String headerField;
        ESimpleCheckResult eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_FALSE;
        try {
            URL url = new URL(str);
            HttpURLConnection httpURLConnection = null;
            try {
                try {
                    try {
                        try {
                            HttpURLConnection httpURLConnection2 = network != null ? (HttpURLConnection) network.openConnection(url) : (HttpURLConnection) url.openConnection();
                            httpURLConnection2.addRequestProperty(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.8");
                            httpURLConnection2.setUseCaches(false);
                            httpURLConnection2.setDefaultUseCaches(false);
                            httpURLConnection2.setInstanceFollowRedirects(false);
                            httpURLConnection2.setAllowUserInteraction(false);
                            httpURLConnection2.setRequestMethod("GET");
                            httpURLConnection2.setConnectTimeout(AuthenticationConstants.Broker.ACCOUNT_MANAGER_REMOVE_ACCOUNT_TIMEOUT_IN_MILLISECONDS);
                            httpURLConnection2.setReadTimeout(AuthenticationConstants.Broker.ACCOUNT_MANAGER_REMOVE_ACCOUNT_TIMEOUT_IN_MILLISECONDS);
                            httpURLConnection2.connect();
                            int responseCode = httpURLConnection2.getResponseCode();
                            if (responseCode == 404) {
                                a4.c.e("NGEHSC", "checkHttpUrlRedirectToHttps Https request failed StatusCode:" + responseCode + " for URL " + str);
                            } else if (responseCode != 200 && ((responseCode == 302 || responseCode == 301 || responseCode == 303 || responseCode == 307) && (headerField = httpURLConnection2.getHeaderField(HttpHeaders.LOCATION)) != null)) {
                                if (headerField.startsWith(AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX + url.getAuthority())) {
                                    eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_TRUE;
                                }
                            }
                            httpURLConnection2.disconnect();
                        } catch (Exception e6) {
                            a4.c.f("NGEHSC", "Cannot close inputstream", e6);
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                httpURLConnection.disconnect();
                            } catch (Exception e7) {
                                a4.c.f("NGEHSC", "Cannot close inputstream", e7);
                            }
                        }
                        throw th;
                    }
                } catch (Exception e8) {
                    a4.c.e("NGEHSC", "checkHttpUrlRedirectToHttps Error reading data " + e8.toString());
                    eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_ERROR;
                    if (0 != 0) {
                        httpURLConnection.disconnect();
                    }
                }
            } catch (SSLException e9) {
                a4.c.f("NGEHSC", "checkHttpUrlRedirectToHttps Https request failed", e9);
                eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_ERROR;
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
            }
            return eSimpleCheckResult;
        } catch (MalformedURLException unused) {
            return ESimpleCheckResult.CHECK_RESULT_ERROR;
        }
    }

    public ESimpleCheckResult b(String str, Network network) {
        ESimpleCheckResult eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_FALSE;
        try {
            URL url = new URL(str);
            HttpURLConnection httpURLConnection = null;
            try {
                try {
                    try {
                        try {
                            HttpsURLConnection httpsURLConnection = network != null ? (HttpsURLConnection) network.openConnection(url) : (HttpsURLConnection) url.openConnection();
                            httpsURLConnection.addRequestProperty(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.8");
                            httpsURLConnection.setUseCaches(false);
                            httpsURLConnection.setAllowUserInteraction(false);
                            httpsURLConnection.setRequestMethod("GET");
                            httpsURLConnection.setInstanceFollowRedirects(true);
                            httpsURLConnection.setConnectTimeout(AuthenticationConstants.Broker.ACCOUNT_MANAGER_REMOVE_ACCOUNT_TIMEOUT_IN_MILLISECONDS);
                            httpsURLConnection.connect();
                            int responseCode = httpsURLConnection.getResponseCode();
                            if (responseCode != 200) {
                                if (responseCode == 302 || responseCode == 301 || responseCode == 303 || responseCode == 307) {
                                    String headerField = httpsURLConnection.getHeaderField(HttpHeaders.LOCATION);
                                    if (headerField != null && headerField.startsWith(com.microsoft.identity.common.java.AuthenticationConstants.HTTPS_PROTOCOL_STRING)) {
                                        eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_TRUE;
                                    }
                                } else {
                                    a4.c.X("NGEHSC", "checkIfConnectionReallyIsHttps got unexpected response code " + responseCode);
                                    eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_ERROR;
                                }
                            } else if (httpsURLConnection.getURL().getProtocol().equals(com.microsoft.identity.common.java.AuthenticationConstants.HTTPS_PROTOCOL_STRING)) {
                                eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_TRUE;
                            } else {
                                httpsURLConnection.getURL().getProtocol().equals("http");
                            }
                            httpsURLConnection.disconnect();
                        } catch (Exception e6) {
                            a4.c.f("NGEHSC", "Cannot close inputstream checkIfConnectionReallyIsHttps", e6);
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                httpURLConnection.disconnect();
                            } catch (Exception e7) {
                                a4.c.f("NGEHSC", "Cannot close inputstream checkIfConnectionReallyIsHttps", e7);
                            }
                        }
                        throw th;
                    }
                } catch (Exception e8) {
                    eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_ERROR;
                    a4.c.X("NGEHSC", "checkIfConnectionReallyIsHttps Error reading data " + e8.toString());
                    if (0 != 0) {
                        httpURLConnection.disconnect();
                    }
                }
            } catch (SSLException e9) {
                eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_FALSE;
                a4.c.Y("NGEHSC", "checkIfConnectionReallyIsHttps Https request failed", e9);
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
            }
            return eSimpleCheckResult;
        } catch (MalformedURLException unused) {
            return ESimpleCheckResult.CHECK_RESULT_ERROR;
        }
    }

    public ESimpleCheckResult c(String str) {
        try {
            Connection connect = Jsoup.connect(str);
            connect.timeout(AuthenticationConstants.Broker.ACCOUNT_MANAGER_REMOVE_ACCOUNT_TIMEOUT_IN_MILLISECONDS);
            Iterator<Element> it = connect.get().select("a[href]").iterator();
            int i6 = 0;
            while (it.hasNext()) {
                if (!it.next().attr("href").startsWith(com.microsoft.identity.common.java.AuthenticationConstants.HTTPS_PROTOCOL_STRING)) {
                    i6++;
                }
            }
            a4.c.e("NGEHSC", "found " + i6 + " http links in URL: " + str);
            return i6 > 0 ? ESimpleCheckResult.CHECK_RESULT_TRUE : ESimpleCheckResult.CHECK_RESULT_FALSE;
        } catch (Exception e6) {
            a4.c.e("NGEHSC", "jsoup error: " + e6);
            return ESimpleCheckResult.CHECK_RESULT_ERROR;
        }
    }

    public ESimpleCheckResult d(String str, String str2, boolean z6) {
        try {
            BufferedInputStream bodyStream = Jsoup.connect(str).execute().bodyStream();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            do {
            } while (new DigestInputStream(bodyStream, messageDigest).read(new byte[1024], 0, 1024) != -1);
            String a6 = C0652b.a(messageDigest.digest());
            if (str2.equalsIgnoreCase(a6)) {
                return ESimpleCheckResult.CHECK_RESULT_TRUE;
            }
            String replaceAll = Jsoup.connect(str).execute().body().replaceAll("\\n|\\t", "");
            if (!replaceAll.contains("<!DOCTYPE html><html><head><title></title></head><body><a href=\"https://www.facebook.com\">Facebook</a><a href=\"https://www.twitter.com\">Twitter</a><a href=\"https://www.google.com\">Google</a><a href=\"https://mail.google.com\">Gmail</a><a href=\"https://www.linkedin.com\">Linkedin</a><a href=\"https://www.xing.com\">XING</a></body></html>")) {
                if (!z6) {
                    a.c("content_manipulation", "did_not_contain_our_code");
                }
                a4.c.X("NGEHSC", "response did not contain our default response");
            }
            int indexOfDifference = StringUtils.indexOfDifference("<!DOCTYPE html><html><head><title></title></head><body><a href=\"https://www.facebook.com\">Facebook</a><a href=\"https://www.twitter.com\">Twitter</a><a href=\"https://www.google.com\">Google</a><a href=\"https://mail.google.com\">Gmail</a><a href=\"https://www.linkedin.com\">Linkedin</a><a href=\"https://www.xing.com\">XING</a></body></html>", replaceAll);
            if (indexOfDifference >= 0 && indexOfDifference < replaceAll.length()) {
                a4.c.X("NGEHSC", "response was different at position: " + indexOfDifference);
                if (!z6) {
                    a.c("content_manipulation_100", indexOfDifference + ":" + replaceAll.substring(indexOfDifference, Math.min(indexOfDifference + 100, replaceAll.length() - 1)));
                }
            }
            a4.c.e("NGEHSC", "current hash: " + a6 + "\nhash mismatch for " + str);
            return ESimpleCheckResult.CHECK_RESULT_FALSE;
        } catch (Exception e6) {
            a4.c.e("NGEHSC", "jsoup error: " + e6);
            return ESimpleCheckResult.CHECK_RESULT_ERROR;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r5v10, types: [com.sophos.nge.networksec.certpinning.HttpsSecCheck$ESimpleCheckResult] */
    /* JADX WARN: Type inference failed for: r5v11 */
    /* JADX WARN: Type inference failed for: r5v18 */
    /* JADX WARN: Type inference failed for: r5v19 */
    /* JADX WARN: Type inference failed for: r5v20 */
    /* JADX WARN: Type inference failed for: r5v21 */
    /* JADX WARN: Type inference failed for: r5v5, types: [com.sophos.nge.networksec.certpinning.HttpsSecCheck$ESimpleCheckResult] */
    /* JADX WARN: Type inference failed for: r5v7, types: [com.sophos.nge.networksec.certpinning.HttpsSecCheck$ESimpleCheckResult] */
    /* JADX WARN: Type inference failed for: r5v8 */
    /* JADX WARN: Type inference failed for: r7v11, types: [java.net.HttpURLConnection] */
    /* JADX WARN: Type inference failed for: r7v3, types: [java.net.HttpURLConnection] */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:31:0x0076 -> B:15:0x00a6). Please report as a decompilation issue!!! */
    public ESimpleCheckResult f(String str, List<String> list, Network network) {
        ESimpleCheckResult eSimpleCheckResult;
        try {
            URL url = new URL(str);
            HttpURLConnection httpURLConnection = null;
            try {
                try {
                    try {
                        HttpsURLConnection httpsURLConnection = network != null ? (HttpURLConnection) network.openConnection(url) : (HttpURLConnection) url.openConnection();
                        if (httpsURLConnection instanceof HttpsURLConnection) {
                            g(httpsURLConnection, list);
                        }
                        httpsURLConnection.addRequestProperty(HttpHeaders.ACCEPT_LANGUAGE, "en-US,en;q=0.8");
                        httpsURLConnection.setUseCaches(false);
                        httpsURLConnection.setDefaultUseCaches(false);
                        httpsURLConnection.setInstanceFollowRedirects(false);
                        httpsURLConnection.setAllowUserInteraction(false);
                        httpsURLConnection.setRequestMethod("GET");
                        httpsURLConnection.setConnectTimeout(AuthenticationConstants.Broker.ACCOUNT_MANAGER_REMOVE_ACCOUNT_TIMEOUT_IN_MILLISECONDS);
                        httpsURLConnection.connect();
                        if (c.a().c()) {
                            eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_TRUE;
                        } else {
                            a4.c.e("NGEHSC", "Networksec TrustManager reported cert mismatch for url " + ((String) str));
                            eSimpleCheckResult = ESimpleCheckResult.CHECK_RESULT_FALSE;
                        }
                        httpsURLConnection.disconnect();
                        str = eSimpleCheckResult;
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                httpURLConnection.disconnect();
                            } catch (Exception e6) {
                                a4.c.f("NGEHSC", "Cannot close inputstream", e6);
                            }
                        }
                        throw th;
                    }
                } catch (Exception e7) {
                    a4.c.f("NGEHSC", "Cannot close inputstream", e7);
                    str = str;
                }
            } catch (SSLException e8) {
                a4.c.f("NGEHSC", "Https request failed", e8);
                str = ESimpleCheckResult.CHECK_RESULT_ERROR;
                if (0 != 0) {
                    httpURLConnection.disconnect();
                    str = str;
                }
            } catch (Exception e9) {
                a4.c.e("NGEHSC", "checkURL Error reading data " + e9.toString());
                str = ESimpleCheckResult.CHECK_RESULT_ERROR;
                if (0 != 0) {
                    httpURLConnection.disconnect();
                    str = str;
                }
            }
            return str;
        } catch (MalformedURLException unused) {
            return ESimpleCheckResult.CHECK_RESULT_ERROR;
        }
    }
}
