package com.citrix.client.certificatehandling;

import android.net.http.SslCertificate;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class AcceptUserSelectedCertsTrustManager implements X509TrustManager {
    private static AcceptUserSelectedCertsTrustManager m_instance = null;
    private ArrayList<X509Certificate[]> m_UserAcceptedCertChains;
    private X509TrustManager m_standardTrustManager;
    private Lock m_syncLock;
    private ValidateCertificateCallback m_userValidateCertCallback;

    private AcceptUserSelectedCertsTrustManager(ValidateCertificateCallback validateCertificateCallback) throws NoSuchAlgorithmException, KeyStoreException {
        this.m_standardTrustManager = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        this.m_standardTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        this.m_UserAcceptedCertChains = new ArrayList<>();
        this.m_userValidateCertCallback = validateCertificateCallback;
        this.m_syncLock = new ReentrantLock();
    }

    public static AcceptUserSelectedCertsTrustManager getInstance() {
        return m_instance;
    }

    public static synchronized AcceptUserSelectedCertsTrustManager getInstance(ValidateCertificateCallback validateCertificateCallback) throws NoSuchAlgorithmException, KeyStoreException {
        AcceptUserSelectedCertsTrustManager acceptUserSelectedCertsTrustManager;
        synchronized (AcceptUserSelectedCertsTrustManager.class) {
            if (m_instance == null) {
                m_instance = new AcceptUserSelectedCertsTrustManager(validateCertificateCallback);
            } else {
                m_instance.setCallback(validateCertificateCallback);
            }
            acceptUserSelectedCertsTrustManager = m_instance;
        }
        return acceptUserSelectedCertsTrustManager;
    }

    private int getSSLError(X509Certificate x509Certificate, Exception exc) {
        if (exc == null) {
            return 3;
        }
        if (exc instanceof CertificateExpiredException) {
            return 1;
        }
        if (exc instanceof CertificateNotYetValidException) {
            return 0;
        }
        try {
            x509Certificate.checkValidity();
            x509Certificate.getEncoded();
            return 3;
        } catch (CertificateEncodingException e) {
            return 5;
        } catch (CertificateExpiredException e2) {
            return 1;
        } catch (CertificateNotYetValidException e3) {
            return 0;
        }
    }

    private void setCallback(ValidateCertificateCallback validateCertificateCallback) {
        this.m_userValidateCertCallback = validateCertificateCallback;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    public boolean checkSSLAccepted(SslCertificate sslCertificate) {
        boolean z = false;
        Iterator<X509Certificate[]> it = this.m_UserAcceptedCertChains.iterator();
        while (it.hasNext()) {
            X509Certificate[] next = it.next();
            int length = next.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    X509Certificate x509Certificate = next[i];
                    if (x509Certificate != null && SslCertificateComparision.certificateEquals(sslCertificate, new SslCertificate(x509Certificate))) {
                        z = true;
                        break;
                    }
                    i++;
                } else {
                    break;
                }
            }
        }
        return z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Exception exc;
        try {
            this.m_syncLock.lock();
            this.m_standardTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            try {
                exc = e;
                for (Exception exc2 = (Exception) e.getCause(); exc2 != null; exc2 = (Exception) exc2.getCause()) {
                    exc = exc2;
                }
            } catch (ClassCastException e2) {
                exc = null;
            }
            int sSLError = getSSLError(x509CertificateArr[0], exc);
            SslCertificate sslCertificate = new SslCertificate(x509CertificateArr[0]);
            boolean z = false;
            Iterator<X509Certificate[]> it = this.m_UserAcceptedCertChains.iterator();
            while (it.hasNext() && !(z = Arrays.deepEquals(it.next(), x509CertificateArr))) {
            }
            if (!z) {
                if (!this.m_userValidateCertCallback.promptUserForCertificateChainTrust(sslCertificate, sSLError)) {
                    throw new CertificateRejectedByUserException();
                }
                this.m_UserAcceptedCertChains.add(x509CertificateArr);
            }
        } finally {
            this.m_syncLock.unlock();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
