package d.d.u;

import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* compiled from: CustomTrustManager.java */
/* loaded from: classes.dex */
public class a implements X509TrustManager {
    private X509TrustManager c;

    /* renamed from: d, reason: collision with root package name */
    private KeyStore f8210d;
    private X509Certificate e;
    private d f;
    private final String b = a.class.getSimpleName();

    /* renamed from: a, reason: collision with root package name */
    private int f8209a = 1;

    public a(X509Certificate x509Certificate) {
        this.e = x509Certificate;
        f();
    }

    private X509Certificate c(List<X509Certificate> list) {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate next = it.next();
            X509Certificate e = e(next, list);
            if (e == null || e.equals(next)) {
                return next;
            }
        }
        return null;
    }

    private X509Certificate d(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN()) && !x509Certificate2.equals(x509Certificate)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private X509Certificate e(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private void f() {
        this.f = new g();
    }

    private X509Certificate[] g(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        int length = x509CertificateArr.length - 1;
        X509Certificate c = c(asList);
        x509CertificateArr2[length] = c;
        while (true) {
            c = d(c, asList);
            if (c == null || length <= 0) {
                break;
            }
            length--;
            x509CertificateArr2[length] = c;
        }
        return x509CertificateArr2;
    }

    public void a(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String str2;
        StringBuilder sb;
        if (this.f.b()) {
            try {
                try {
                    this.c.checkServerTrusted(x509CertificateArr, str);
                    str2 = this.b;
                    sb = new StringBuilder();
                } catch (CertificateException e) {
                    if (this.f8210d != null) {
                        try {
                            X509Certificate[] g = g(x509CertificateArr);
                            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                            CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(Arrays.asList(g));
                            PKIXParameters pKIXParameters = new PKIXParameters(this.f8210d);
                            pKIXParameters.setRevocationEnabled(false);
                            certPathValidator.validate(generateCertPath, pKIXParameters);
                        } catch (Exception unused) {
                            throw e;
                        }
                    }
                    str2 = this.b;
                    sb = new StringBuilder();
                }
                sb.append("验证服务端证书结果:");
                sb.append(true);
                d.d.l.b.a(str2, sb.toString());
            } catch (Throwable th) {
                d.d.l.b.a(this.b, "验证服务端证书结果:false");
                throw th;
            }
        }
    }

    public void b(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.f.b()) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                throw new IllegalArgumentException("Check Server X509Certificate[] is null or empty");
            }
            try {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    x509Certificate.checkValidity();
                    try {
                        x509Certificate.verify(this.e.getPublicKey());
                    } catch (Exception e) {
                        e.printStackTrace();
                        throw new CertificateException(e.getMessage());
                    }
                }
                d.d.l.b.a(this.b, "验证服务端证书结果:true");
            } catch (Throwable th) {
                d.d.l.b.a(this.b, "验证服务端证书结果:false");
                throw th;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.f.a()) {
            d.d.l.b.a(this.b, "验证客户端证书: authType=" + str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.f.b()) {
            int i = this.f8209a;
            if (i == 1) {
                b(x509CertificateArr, str);
            } else {
                if (i == 0) {
                    a(x509CertificateArr, str);
                    return;
                }
                throw new CertificateException("unexpected type:" + this.f8209a);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        d.d.l.b.a(this.b, "getAcceptedIssuers");
        return new X509Certificate[0];
    }
}
