package com.amazon.android.m;

import com.amazon.android.framework.util.KiwiLogger;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private static final KiwiLogger f345a = new KiwiLogger("CertVerifier");
    private static final Set e;

    /* renamed from: b, reason: collision with root package name */
    private final PKIXParameters f346b;
    private final CertPathValidator c;
    private final Set d;

    static {
        HashSet hashSet = new HashSet();
        e = hashSet;
        hashSet.add("verisign");
        e.add("thawte");
    }

    public b() throws GeneralSecurityException {
        X509Certificate[] acceptedIssuers;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        this.d = new HashSet();
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if ((trustManager instanceof X509TrustManager) && (acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers()) != null) {
                int i = 0;
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    if (a(x509Certificate)) {
                        if (KiwiLogger.TRACE_ON) {
                            f345a.trace("Trusted Cert: " + x509Certificate.getSubjectX500Principal().getName());
                        }
                        this.d.add(new TrustAnchor(x509Certificate, null));
                        i++;
                    }
                }
                if (KiwiLogger.TRACE_ON) {
                    f345a.trace(String.format("loaded %d certs\n", Integer.valueOf(i)));
                }
            }
        }
        if (this.d.isEmpty()) {
            f345a.error("TrustManager did not return valid accepted issuers, likely 3P custom TrustManager implementation issue.");
        }
        this.f346b = new PKIXParameters((Set<TrustAnchor>) this.d);
        this.f346b.setRevocationEnabled(false);
        this.c = CertPathValidator.getInstance("PKIX");
    }

    private static boolean a(X509Certificate x509Certificate) {
        String lowerCase = x509Certificate.getSubjectDN().getName().toLowerCase();
        Iterator it = e.iterator();
        while (it.hasNext()) {
            if (lowerCase.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    public final boolean a(CertPath certPath) {
        try {
            this.c.validate(certPath, this.f346b);
            return true;
        } catch (CertPathValidatorException e2) {
            if (!(e2.getCause() instanceof CertificateExpiredException)) {
                return false;
            }
            if (KiwiLogger.TRACE_ON) {
                f345a.trace("CertVerifier doesn't care about an out of date certificate.");
            }
            return true;
        } catch (Exception e3) {
            if (!KiwiLogger.TRACE_ON) {
                return false;
            }
            f345a.error("Failed to verify cert path: " + e3, e3);
            return false;
        }
    }
}
