package com.ushareit.net.http.ssl;

import com.adjust.sdk.Constants;
import com.ushareit.ads.utils.StringUtils;
import com.ushareit.common.appertizers.Logger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Enumeration;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public class SystemCertTrustManager implements X509TrustManager {
    private static final String TAG = "secure.ssl.sys.tm";
    private KeyStore appKeyStore;
    private X509TrustManager appTrustManager;
    private X509TrustManager defaultTrustManager;

    public SystemCertTrustManager() {
        init();
        this.defaultTrustManager = getTrustManager(null);
    }

    public SystemCertTrustManager(X509TrustManager x509TrustManager) {
        init();
        this.defaultTrustManager = x509TrustManager;
    }

    private static void certDetails(StringBuilder sb, X509Certificate x509Certificate) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
        sb.append(StringUtils.SEP_ENTER);
        sb.append(x509Certificate.getSubjectDN().toString());
        sb.append(StringUtils.SEP_ENTER);
        sb.append(simpleDateFormat.format(x509Certificate.getNotBefore()));
        sb.append(" - ");
        sb.append(simpleDateFormat.format(x509Certificate.getNotAfter()));
        sb.append("\nSHA-256: ");
        sb.append(certHash(x509Certificate, Constants.SHA256));
        sb.append("\nSHA-1: ");
        sb.append(certHash(x509Certificate, Constants.SHA1));
        sb.append("\nSigned by: ");
        sb.append(x509Certificate.getIssuerDN().toString());
        sb.append(StringUtils.SEP_ENTER);
    }

    private static String certHash(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return e.getMessage();
        } catch (CertificateEncodingException e2) {
            return e2.getMessage();
        }
    }

    public static X509TrustManager[] getInstanceList() {
        return new X509TrustManager[]{new SystemCertTrustManager()};
    }

    private static String hexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            sb.append(String.format("%02x", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                sb.append(com.xiaomi.mipush.sdk.Constants.COLON_SEPARATOR);
            }
        }
        return sb.toString();
    }

    private boolean isCertKnown(X509Certificate x509Certificate) {
        try {
            return this.appKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    private static boolean isExpiredException(Throwable th) {
        while (!(th instanceof CertificateExpiredException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    private static boolean isPathException(Throwable th) {
        while (!(th instanceof CertPathValidatorException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    public void checkCertTrusted(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
        Logger.d(TAG, "checkCertTrusted(" + Arrays.toString(x509CertificateArr) + StringUtils.SEP_COMMA + str + StringUtils.SEP_COMMA + z + ")");
        try {
            Logger.d(TAG, "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.appTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.appTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            Logger.d(TAG, "checkCertTrusted: appTrustManager did not verify certificate. Will fall back to secondary verification mechanisms (if any).", e);
            if (isExpiredException(e)) {
                Logger.d(TAG, "checkCertTrusted: accepting expired certificate from keystore");
                return;
            }
            if (isCertKnown(x509CertificateArr[0])) {
                Logger.d(TAG, "checkCertTrusted: accepting cert already stored in keystore");
                return;
            }
            try {
                if (this.defaultTrustManager == null) {
                    Logger.d(TAG, "No defaultTrustManager set. Verification failed, throwing " + e);
                    throw e;
                }
                Logger.d(TAG, "checkCertTrusted: trying defaultTrustManager");
                if (z) {
                    this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                } else {
                    this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e2) {
                Logger.d(TAG, "checkCertTrusted: defaultTrustManager failed", e2);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, true);
    }

    public void deleteCertificate(String str) throws KeyStoreException {
        this.appKeyStore.deleteEntry(str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Logger.d(TAG, "getAcceptedIssuers()");
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    public Certificate getCertificate(String str) {
        try {
            return this.appKeyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    public Enumeration<String> getCertificates() {
        try {
            return this.appKeyStore.aliases();
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    X509TrustManager getTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception e) {
            Logger.d(TAG, "getTrustManager(" + keyStore + ")", e);
            return null;
        }
    }

    void init() {
        this.appKeyStore = loadAppKeyStore();
        this.appTrustManager = getTrustManager(this.appKeyStore);
    }

    KeyStore loadAppKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
            } catch (Exception e) {
                Logger.d(TAG, "loadAppKeyStore", e);
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            Logger.d(TAG, "getAppKeyStore()", e2);
            return null;
        }
    }
}
