package com.joom.network.http;

import defpackage.kvt;
import defpackage.kvu;
import defpackage.kyy;
import defpackage.kza;
import defpackage.ldt;
import defpackage.sfo;
import defpackage.sfw;
import defpackage.sjd;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.NoSuchElementException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class CustomTrustManager implements X509TrustManager {
    private final X509TrustManager delegate;
    private final ldt fdU;
    private final boolean gqF;
    private final kyy gqG;
    private final kza gqH;
    private final kvt logger = kvu.getLogger("CustomTrustManager");

    /* loaded from: classes.dex */
    public static final class a {
        private final ldt fdU;
        private final kyy gqG;
        private final kza gqH;

        public a(kyy kyyVar, kza kzaVar, ldt ldtVar) {
            this.gqG = kyyVar;
            this.gqH = kzaVar;
            this.fdU = ldtVar;
        }

        public final CustomTrustManager gy(boolean z) {
            return new CustomTrustManager(z, this.gqG, this.gqH, this.fdU);
        }
    }

    public CustomTrustManager(boolean z, kyy kyyVar, kza kzaVar, ldt ldtVar) {
        this.gqF = z;
        this.gqG = kyyVar;
        this.gqH = kzaVar;
        this.fdU = ldtVar;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
            this.logger.error("Unexpected default trust managers {}", (Object) trustManagers);
        }
        TrustManager trustManager = trustManagers[0];
        if (trustManager == null) {
            throw new sfo("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }
        this.delegate = (X509TrustManager) trustManager;
    }

    private final X509Certificate a(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (sjd.m(x509Certificate2.getIssuerDN(), x509Certificate.getSubjectDN()) && (sjd.m(x509Certificate2, x509Certificate) ^ true)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private final void a(X509Certificate[] x509CertificateArr, String str) {
        if (!this.fdU.bIT()) {
            a(x509CertificateArr, this.gqG.bHc());
            return;
        }
        try {
            this.delegate.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            try {
                a(x509CertificateArr, this.gqG.bHc());
                this.gqH.f(x509CertificateArr);
            } catch (Exception unused) {
                throw e;
            }
        }
    }

    private final void a(X509Certificate[] x509CertificateArr, KeyStore keyStore) {
        try {
            X509Certificate[] b = b(c(x509CertificateArr), keyStore);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList((X509Certificate[]) Arrays.copyOf(b, b.length)));
            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
            pKIXParameters.setRevocationEnabled(false);
            certPathValidator.validate(generateCertPath, pKIXParameters);
        } catch (CertPathValidatorException e) {
            CertPathValidatorException certPathValidatorException = e;
            this.logger.error("Certificate chain is not trusted", (Throwable) certPathValidatorException);
            throw new CertificateException(certPathValidatorException);
        } catch (Exception e2) {
            Exception exc = e2;
            this.logger.error("Failed to manually validate server", (Throwable) exc);
            throw exc;
        }
    }

    private final X509Certificate b(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate2 : x509CertificateArr) {
            if (sjd.m(x509Certificate2.getSubjectDN(), x509Certificate.getIssuerDN())) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private final X509Certificate[] b(X509Certificate[] x509CertificateArr, KeyStore keyStore) {
        int length = x509CertificateArr.length - 1;
        while (true) {
            if (length < 0) {
                length = -1;
                break;
            }
            if (keyStore.containsAlias(x509CertificateArr[length].getSubjectX500Principal().getName())) {
                break;
            }
            length--;
        }
        return length <= 0 ? x509CertificateArr : (X509Certificate[]) sfw.copyOfRange(x509CertificateArr, length, x509CertificateArr.length);
    }

    private final X509Certificate[] c(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr.length <= 1) {
            return x509CertificateArr;
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        int length = x509CertificateArr.length - 1;
        X509Certificate d = d(x509CertificateArr);
        x509CertificateArr2[length] = d;
        while (length > 0) {
            d = a(d, x509CertificateArr);
            if (d == null) {
                break;
            }
            length--;
            x509CertificateArr2[length] = d;
        }
        return (X509Certificate[]) sfw.B(x509CertificateArr2);
    }

    private final X509Certificate d(X509Certificate[] x509CertificateArr) {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            X509Certificate b = b(x509Certificate, x509CertificateArr);
            if (b == null || sjd.m(b, x509Certificate)) {
                return x509Certificate;
            }
        }
        throw new NoSuchElementException("Array contains no element matching the predicate.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr != null) {
            if (!(x509CertificateArr.length == 0)) {
                a(x509CertificateArr, str);
                if (this.gqF) {
                    try {
                        a(x509CertificateArr, this.gqG.bHd());
                        return;
                    } catch (CertificateException unused) {
                        this.gqH.e(x509CertificateArr);
                        return;
                    }
                }
                return;
            }
        }
        throw new IllegalArgumentException("Certificate chain is empty");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
