package com.tencent.mm.plugin.appbrand.p;

import com.tencent.matrix.trace.core.AppMethodBeat;
import com.tencent.mm.sdk.platformtools.ad;
import com.tencent.mm.sdk.platformtools.bt;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes5.dex */
public final class n implements X509TrustManager {
    private LinkedList<X509TrustManager> kEg;
    private LinkedList<X509TrustManager> kEh;
    private KeyStore kEi;
    private final boolean kEj;
    private List<String> kEk;
    private KeyStore kEl;
    private X509Certificate[] kEm;

    public n() {
        this(false);
    }

    public n(boolean z) {
        AppMethodBeat.i(144434);
        this.kEk = null;
        this.kEl = null;
        this.kEg = new LinkedList<>();
        this.kEh = new LinkedList<>();
        this.kEj = z;
        try {
            this.kEi = KeyStore.getInstance(KeyStore.getDefaultType());
            this.kEi.load(null, null);
            AppMethodBeat.o(144434);
        } catch (Exception e2) {
            ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e2, "Exception: Local KeyStore init failed", new Object[0]);
            AppMethodBeat.o(144434);
        }
    }

    private void bfF() {
        AppMethodBeat.i(144439);
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int i = 0;
            while (trustManagers != null) {
                if (i >= trustManagers.length) {
                    break;
                }
                this.kEg.add((X509TrustManager) trustManagers[i]);
                i++;
            }
            AppMethodBeat.o(144439);
        } catch (Exception e2) {
            ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e2, "Exception: init SystemTrustManager", new Object[0]);
            AppMethodBeat.o(144439);
        }
    }

    private void bfG() {
        AppMethodBeat.i(144440);
        if (this.kEi == null) {
            AppMethodBeat.o(144440);
            return;
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.kEi);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int i = 0;
            while (trustManagers != null) {
                if (i >= trustManagers.length) {
                    break;
                }
                this.kEh.add((X509TrustManager) trustManagers[i]);
                i++;
            }
            AppMethodBeat.o(144440);
        } catch (Exception e2) {
            ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e2, "Exception: init LocalTrustManager", new Object[0]);
            AppMethodBeat.o(144440);
        }
    }

    private void bfH() {
        AppMethodBeat.i(144441);
        ArrayList arrayList = new ArrayList();
        long currentTimeMillis = System.currentTimeMillis();
        Iterator<X509TrustManager> it = this.kEg.iterator();
        while (it.hasNext()) {
            X509Certificate[] acceptedIssuers = it.next().getAcceptedIssuers();
            if (acceptedIssuers != null) {
                arrayList.addAll(Arrays.asList(acceptedIssuers));
            }
        }
        long currentTimeMillis2 = System.currentTimeMillis();
        Iterator<X509TrustManager> it2 = this.kEh.iterator();
        while (it2.hasNext()) {
            X509Certificate[] acceptedIssuers2 = it2.next().getAcceptedIssuers();
            if (acceptedIssuers2 != null) {
                arrayList.addAll(Arrays.asList(acceptedIssuers2));
            }
        }
        long currentTimeMillis3 = System.currentTimeMillis();
        this.kEm = new X509Certificate[arrayList.size()];
        this.kEm = (X509Certificate[]) arrayList.toArray(this.kEm);
        ad.i("MicroMsg.AppBrandX509TrustManager", "initAcceptedIssuers: %d, %d, %d", Long.valueOf(currentTimeMillis2 - currentTimeMillis), Long.valueOf(currentTimeMillis3 - currentTimeMillis2), Long.valueOf(System.currentTimeMillis() - currentTimeMillis3));
        AppMethodBeat.o(144441);
    }

    public final void E(InputStream inputStream) {
        AppMethodBeat.i(144435);
        if (this.kEi == null) {
            ad.e("MicroMsg.AppBrandX509TrustManager", "local keystore is null");
            AppMethodBeat.o(144435);
            return;
        }
        try {
            try {
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
                inputStream.close();
                this.kEi.setCertificateEntry(new StringBuilder().append(((X509Certificate) generateCertificate).getSubjectDN()).toString(), generateCertificate);
                AppMethodBeat.o(144435);
            } catch (Throwable th) {
                inputStream.close();
                AppMethodBeat.o(144435);
                throw th;
            }
        } catch (Exception e2) {
            ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e2, "Exception: initLocalSelfSignedCertificate", new Object[0]);
            AppMethodBeat.o(144435);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        AppMethodBeat.i(144437);
        CertificateException certificateException = new CertificateException("Client Certification not supported");
        AppMethodBeat.o(144437);
        throw certificateException;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z;
        AppMethodBeat.i(144438);
        boolean z2 = false;
        ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 0L, 1L, false);
        ad.i("MicroMsg.AppBrandX509TrustManager", "trust manager size:" + this.kEg.size());
        Iterator<X509TrustManager> it = this.kEg.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509TrustManager next = it.next();
            try {
                ad.i("MicroMsg.AppBrandX509TrustManager", "try system trust:" + next.toString());
                next.checkServerTrusted(x509CertificateArr, str);
                ad.i("MicroMsg.AppBrandX509TrustManager", "system trust:" + next.toString());
                z2 = true;
                break;
            } catch (CertificateException e2) {
                ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e2, "CertificateException: SystemTrustManagers checkServerTrusted", new Object[0]);
                z2 = false;
            }
        }
        if (z2) {
            ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted systemTrusted true");
            ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 1L, 1L, false);
            AppMethodBeat.o(144438);
            return;
        }
        ad.i("MicroMsg.AppBrandX509TrustManager", "try local trust size:%d", Integer.valueOf(this.kEh.size()));
        boolean z3 = false;
        Iterator<X509TrustManager> it2 = this.kEh.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            X509TrustManager next2 = it2.next();
            try {
                next2.checkServerTrusted(x509CertificateArr, str);
                ad.i("MicroMsg.AppBrandX509TrustManager", "local trust:" + next2.toString());
                z3 = true;
                break;
            } catch (CertificateException e3) {
                ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e3, "CertificateException: LocalTrustManagers checkServerTrusted", new Object[0]);
                z3 = false;
            }
        }
        if (z3) {
            ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted localTrusted true");
            ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 2L, 1L, false);
            AppMethodBeat.o(144438);
            return;
        }
        if (this.kEj) {
            ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted debug type");
            boolean z4 = false;
            try {
                try {
                    if (this.kEl == null) {
                        this.kEl = KeyStore.getInstance("AndroidCAStore");
                        this.kEl.load(null, null);
                    }
                    if (this.kEk == null) {
                        this.kEk = new ArrayList();
                        Enumeration<String> aliases = this.kEl.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            if (nextElement != null && nextElement.startsWith("user:")) {
                                this.kEk.add(nextElement);
                            }
                        }
                    }
                    if (this.kEk.size() > 0) {
                        Iterator<String> it3 = this.kEk.iterator();
                        z = false;
                        while (it3.hasNext()) {
                            try {
                                try {
                                    X509Certificate x509Certificate = (X509Certificate) this.kEl.getCertificate(it3.next());
                                    int length = x509CertificateArr.length;
                                    int i = 0;
                                    while (true) {
                                        if (i < length) {
                                            try {
                                                x509CertificateArr[i].verify(x509Certificate.getPublicKey());
                                                z = true;
                                                break;
                                            } catch (Exception e4) {
                                                ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e4, "Exception: check user verify certificate", new Object[0]);
                                                i++;
                                            }
                                        }
                                    }
                                } catch (Exception e5) {
                                    e = e5;
                                    z4 = z;
                                    ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e, "Exception: check user certificate", new Object[0]);
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 8L, 1L, false);
                                    if (z4) {
                                        ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check success");
                                        ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 3L, 1L, false);
                                        AppMethodBeat.o(144438);
                                        return;
                                    } else {
                                        ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check fail");
                                        ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 10L, 1L, false);
                                        CertificateException certificateException = new CertificateException("Server Certificate not trusted");
                                        AppMethodBeat.o(144438);
                                        throw certificateException;
                                    }
                                }
                            } catch (IOException e6) {
                                e = e6;
                                z4 = z;
                                ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e, "IOException: check user certificate", new Object[0]);
                                ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 7L, 1L, false);
                                if (z4) {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check success");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 3L, 1L, false);
                                    AppMethodBeat.o(144438);
                                    return;
                                } else {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check fail");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 10L, 1L, false);
                                    CertificateException certificateException2 = new CertificateException("Server Certificate not trusted");
                                    AppMethodBeat.o(144438);
                                    throw certificateException2;
                                }
                            } catch (KeyStoreException e7) {
                                e = e7;
                                z4 = z;
                                ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e, "KeyStoreException: check user certificate", new Object[0]);
                                ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 5L, 1L, false);
                                if (z4) {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check success");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 3L, 1L, false);
                                    AppMethodBeat.o(144438);
                                    return;
                                } else {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check fail");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 10L, 1L, false);
                                    CertificateException certificateException22 = new CertificateException("Server Certificate not trusted");
                                    AppMethodBeat.o(144438);
                                    throw certificateException22;
                                }
                            } catch (NoSuchAlgorithmException e8) {
                                e = e8;
                                z4 = z;
                                ad.printErrStackTrace("MicroMsg.AppBrandX509TrustManager", e, "NoSuchAlgorithmException: check user certificate", new Object[0]);
                                ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 6L, 1L, false);
                                if (z4) {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check success");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 3L, 1L, false);
                                    AppMethodBeat.o(144438);
                                    return;
                                } else {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check fail");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 10L, 1L, false);
                                    CertificateException certificateException222 = new CertificateException("Server Certificate not trusted");
                                    AppMethodBeat.o(144438);
                                    throw certificateException222;
                                }
                            } catch (Throwable th) {
                                th = th;
                                z4 = z;
                                if (z4) {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check success");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 3L, 1L, false);
                                    AppMethodBeat.o(144438);
                                    return;
                                } else {
                                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check fail");
                                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 10L, 1L, false);
                                    AppMethodBeat.o(144438);
                                    throw th;
                                }
                            }
                        }
                    } else {
                        ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check aliasList null");
                        ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 9L, 1L, false);
                        z = false;
                    }
                    if (z) {
                        ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check success");
                        ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 3L, 1L, false);
                        AppMethodBeat.o(144438);
                        return;
                    }
                    ad.i("MicroMsg.AppBrandX509TrustManager", "checkServerTrusted self check fail");
                    ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 10L, 1L, false);
                } catch (Throwable th2) {
                    th = th2;
                }
            } catch (IOException e9) {
                e = e9;
            } catch (KeyStoreException e10) {
                e = e10;
            } catch (NoSuchAlgorithmException e11) {
                e = e11;
            } catch (Exception e12) {
                e = e12;
            }
        } else {
            ((com.tencent.mm.plugin.appbrand.t.a) com.tencent.luggage.a.e.L(com.tencent.mm.plugin.appbrand.t.a.class)).idkeyStat(1011L, 4L, 1L, false);
        }
        CertificateException certificateException2222 = new CertificateException("Server Certificate not trusted");
        AppMethodBeat.o(144438);
        throw certificateException2222;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return this.kEm;
    }

    public final void init() {
        AppMethodBeat.i(144436);
        long exY = bt.exY();
        bfF();
        bfG();
        bfH();
        ad.d("MicroMsg.AppBrandX509TrustManager", "init() cost[%dms]", Long.valueOf(bt.exY() - exY));
        AppMethodBeat.o(144436);
    }
}
