package com.nearme.network.j.c;

import android.text.TextUtils;
import android.util.Log;
import com.alipay.sdk.util.i;
import com.heytap.statistics.provider.PackJsonKey;
import com.nearme.network.exception.CertificateValidityException;
import com.nearme.network.exception.ProxyCertificateException;
import com.nearme.network.exception.RootCertificateNotExistException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.X509TrustManager;

/* compiled from: NearmeTrustManager.java */
/* loaded from: classes3.dex */
public class b implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    protected X509TrustManager f9444a;
    boolean b;

    /* renamed from: c, reason: collision with root package name */
    com.nearme.network.g.c f9445c;

    /* renamed from: d, reason: collision with root package name */
    KeyStore f9446d;

    /* renamed from: e, reason: collision with root package name */
    Map<String, String> f9447e = new ConcurrentHashMap();

    /* renamed from: f, reason: collision with root package name */
    Map<X509Certificate, String> f9448f = new HashMap();

    /* renamed from: g, reason: collision with root package name */
    List<X509Certificate> f9449g = new ArrayList();

    /* renamed from: h, reason: collision with root package name */
    AtomicBoolean f9450h = new AtomicBoolean(false);

    /* renamed from: i, reason: collision with root package name */
    Object f9451i = new Object();
    ExecutorService j = Executors.newSingleThreadExecutor();

    /* compiled from: NearmeTrustManager.java */
    /* loaded from: classes3.dex */
    class a implements Runnable {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ X509Certificate[] f9452a;

        a(X509Certificate[] x509CertificateArr) {
            this.f9452a = x509CertificateArr;
        }

        @Override // java.lang.Runnable
        public void run() {
            b.this.b(this.f9452a);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: NearmeTrustManager.java */
    /* renamed from: com.nearme.network.j.c.b$b, reason: collision with other inner class name */
    /* loaded from: classes3.dex */
    public class RunnableC0290b implements Runnable {
        RunnableC0290b() {
        }

        @Override // java.lang.Runnable
        public void run() {
            long currentTimeMillis = System.currentTimeMillis();
            synchronized (b.this.f9451i) {
                com.nearme.network.r.a.b(b.this.f9446d, b.this.f9449g, b.this.f9448f);
                b.this.f9450h.set(true);
                b.this.f9451i.notifyAll();
            }
            if (com.nearme.network.r.b.b) {
                Log.i(PackJsonKey.NETWORK, "getCertsFromKeyStore costs:" + (System.currentTimeMillis() - currentTimeMillis));
            }
        }
    }

    public b(X509TrustManager x509TrustManager, com.nearme.network.g.c cVar) {
        this.b = true;
        this.f9444a = x509TrustManager;
        this.f9445c = cVar;
        boolean booleanValue = Boolean.valueOf(System.getProperty("HTTPS_CHECK", "true")).booleanValue();
        com.nearme.network.r.b.f9538a = booleanValue;
        this.b = booleanValue;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            this.f9446d = keyStore;
            keyStore.load(null, null);
        } catch (Throwable th) {
            th.printStackTrace();
        }
        c();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(X509Certificate[] x509CertificateArr) {
        String c2 = com.nearme.network.r.a.c(x509CertificateArr[0]);
        if (TextUtils.isEmpty(c2) || !this.f9450h.get() || this.f9447e.containsKey(c2)) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
            Iterator<X509Certificate> it = this.f9448f.keySet().iterator();
            while (true) {
                if (it.hasNext()) {
                    X509Certificate next = it.next();
                    String lowerCase2 = next.getSubjectDN().getName().toLowerCase();
                    if (com.nearme.network.r.b.b) {
                        Log.i(PackJsonKey.NETWORK, "cacheCerts, serverSubject =" + lowerCase + ", sysSubject = " + lowerCase2);
                    }
                    if (lowerCase.equals(lowerCase2)) {
                        sb.append(this.f9448f.get(next));
                        sb.append(i.b);
                        break;
                    }
                }
            }
        }
        String sb2 = sb.toString();
        if (TextUtils.isEmpty(sb2)) {
            return;
        }
        if (com.nearme.network.r.b.b) {
            Log.i(PackJsonKey.NETWORK, "cacheCerts, host =" + c2 + ", aliases = " + sb.toString());
        }
        com.nearme.network.g.c cVar = this.f9445c;
        if (cVar != null) {
            cVar.put(c2, sb2);
        }
        this.f9447e.put(c2, sb2);
    }

    private void c() {
        new Thread(new RunnableC0290b()).start();
    }

    private boolean d(X509Certificate[] x509CertificateArr, List<String> list) {
        X509Certificate[] a2 = com.nearme.network.r.a.a(list, this.f9446d);
        if (a2 == null) {
            if (com.nearme.network.r.b.b) {
                Log.i(PackJsonKey.NETWORK, "isAllSysCerts, return false ");
            }
            return false;
        }
        try {
            boolean z = false;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                if (com.nearme.network.r.b.b) {
                    Log.i(PackJsonKey.NETWORK, "isAllSysCerts, serverSubject =" + lowerCase);
                }
                int length = a2.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        break;
                    }
                    String lowerCase2 = a2[i2].getSubjectDN().getName().toLowerCase();
                    if (com.nearme.network.r.b.b) {
                        Log.i(PackJsonKey.NETWORK, "isAllSysCerts, systemSubject =" + lowerCase2);
                    }
                    if (lowerCase.equals(lowerCase2)) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (z) {
                    break;
                }
            }
            if (com.nearme.network.r.b.b) {
                Log.i(PackJsonKey.NETWORK, "isAllSysCerts, isServer =" + z);
            }
            if (!z) {
                if (com.nearme.network.r.b.b) {
                    Log.i(PackJsonKey.NETWORK, "isAllSysCerts, return false ");
                }
                return false;
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        if (com.nearme.network.r.b.b) {
            Log.i(PackJsonKey.NETWORK, "isAllSysCerts, return true ");
        }
        return true;
    }

    private boolean e(X509Certificate[] x509CertificateArr) {
        if (com.nearme.network.r.b.b) {
            Log.i(PackJsonKey.NETWORK, "isTrusted, localCertsLoaded =" + this.f9450h.get());
        }
        if (this.f9450h.get()) {
            return !h(x509CertificateArr);
        }
        if (f(x509CertificateArr)) {
            return true;
        }
        if (!g(x509CertificateArr)) {
            return false;
        }
        i(x509CertificateArr);
        return true;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x004b  */
    /* JADX WARN: Removed duplicated region for block: B:19:0x0070  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean f(java.security.cert.X509Certificate[] r7) {
        /*
            r6 = this;
            r0 = 0
            r1 = r7[r0]
            java.lang.String r1 = com.nearme.network.r.a.c(r1)
            boolean r2 = com.nearme.network.r.b.b
            java.lang.String r3 = "network"
            if (r2 == 0) goto L21
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r2.<init>()
            java.lang.String r4 = "isTrustedUsingCache, host ="
            r2.append(r4)
            r2.append(r1)
            java.lang.String r2 = r2.toString()
            android.util.Log.i(r3, r2)
        L21:
            java.util.ArrayList r2 = new java.util.ArrayList
            r2.<init>()
            boolean r4 = android.text.TextUtils.isEmpty(r1)
            if (r4 != 0) goto L84
            java.util.Map<java.lang.String, java.lang.String> r4 = r6.f9447e
            boolean r4 = r4.containsKey(r1)
            if (r4 == 0) goto L3d
            java.util.Map<java.lang.String, java.lang.String> r4 = r6.f9447e
            java.lang.Object r1 = r4.get(r1)
        L3a:
            java.lang.String r1 = (java.lang.String) r1
            goto L47
        L3d:
            com.nearme.network.g.c r4 = r6.f9445c
            if (r4 == 0) goto L46
            java.lang.Object r1 = r4.get(r1)
            goto L3a
        L46:
            r1 = 0
        L47:
            boolean r4 = com.nearme.network.r.b.b
            if (r4 == 0) goto L5f
            java.lang.StringBuilder r4 = new java.lang.StringBuilder
            r4.<init>()
            java.lang.String r5 = "isTrustedUsingCache, strAliases ="
            r4.append(r5)
            r4.append(r1)
            java.lang.String r4 = r4.toString()
            android.util.Log.i(r3, r4)
        L5f:
            boolean r3 = android.text.TextUtils.isEmpty(r1)
            if (r3 != 0) goto L84
            java.lang.String r3 = ";"
            java.lang.String[] r1 = r1.split(r3)
            if (r1 == 0) goto L84
            int r3 = r1.length
        L6e:
            if (r0 >= r3) goto L84
            r4 = r1[r0]
            boolean r5 = android.text.TextUtils.isEmpty(r4)
            if (r5 != 0) goto L81
            boolean r5 = r2.contains(r4)
            if (r5 != 0) goto L81
            r2.add(r4)
        L81:
            int r0 = r0 + 1
            goto L6e
        L84:
            boolean r7 = r6.d(r7, r2)
            return r7
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nearme.network.j.c.b.f(java.security.cert.X509Certificate[]):boolean");
    }

    private boolean g(X509Certificate[] x509CertificateArr) {
        k();
        return !h(x509CertificateArr);
    }

    private boolean h(X509Certificate[] x509CertificateArr) {
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                Iterator<X509Certificate> it = this.f9449g.iterator();
                while (it.hasNext()) {
                    if (lowerCase.equals(it.next().getSubjectDN().getName().toLowerCase())) {
                        Log.i(PackJsonKey.NETWORK, "isUserCerts, return true ");
                        return true;
                    }
                }
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        if (com.nearme.network.r.b.b) {
            Log.i(PackJsonKey.NETWORK, "isUserCerts, return false ");
        }
        return false;
    }

    private void i(X509Certificate[] x509CertificateArr) {
        String c2 = com.nearme.network.r.a.c(x509CertificateArr[0]);
        if (!TextUtils.isEmpty(c2) && this.f9450h.get() && this.f9447e.containsKey(c2)) {
            if (com.nearme.network.r.b.b) {
                Log.i(PackJsonKey.NETWORK, "removeCache, host =" + c2);
            }
            this.f9447e.remove(c2);
        }
    }

    private boolean j(X509Certificate x509Certificate) {
        k();
        try {
            String name = x509Certificate.getSubjectX500Principal().getName();
            Iterator<X509Certificate> it = this.f9448f.keySet().iterator();
            while (it.hasNext()) {
                if (name.equals(it.next().getIssuerX500Principal().getName())) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            th.printStackTrace();
            return true;
        }
    }

    private void k() {
        if (this.f9450h.get()) {
            return;
        }
        synchronized (this.f9451i) {
            if (com.nearme.network.r.b.b) {
                Log.i(PackJsonKey.NETWORK, "waitUntileLocalCertsLoaded, mlock localCertsLoaded =" + this.f9450h.get());
            }
            if (!this.f9450h.get()) {
                try {
                    if (com.nearme.network.r.b.b) {
                        Log.i(PackJsonKey.NETWORK, "waitUntileLocalCertsLoaded, mlock wait");
                    }
                    this.f9451i.wait();
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager;
        if (!this.b || (x509TrustManager = this.f9444a) == null) {
            return;
        }
        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            try {
                if (this.b && this.f9444a != null) {
                    this.f9444a.checkServerTrusted(x509CertificateArr, str);
                    if (!e(x509CertificateArr)) {
                        throw new ProxyCertificateException("Proxy Certificate");
                    }
                    this.j.submit(new a(x509CertificateArr));
                }
            } catch (CertificateException e2) {
                try {
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        x509Certificate.checkValidity();
                    }
                    if (x509CertificateArr != null && x509CertificateArr.length > 0 && !j(x509CertificateArr[x509CertificateArr.length - 1])) {
                        throw new CertificateException(new RootCertificateNotExistException("Root certificate not exist"));
                    }
                    throw e2;
                } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
                    throw new CertificateException(new CertificateValidityException("Certificate not validate"));
                }
            }
        } catch (ProxyCertificateException e3) {
            throw new CertificateException(e3);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager;
        return (!this.b || (x509TrustManager = this.f9444a) == null) ? new X509Certificate[0] : x509TrustManager.getAcceptedIssuers();
    }
}
