package d.i.d;

import d.q.f.d;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import o.z;

/* compiled from: SSLTool.java */
/* loaded from: classes2.dex */
public class m {

    /* compiled from: SSLTool.java */
    /* loaded from: classes2.dex */
    public static class b implements HostnameVerifier {
        private b() {
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return str.endsWith("fxnotary.com") || str.endsWith("myhuaweicloud.com") || str.endsWith("ezcun.com");
        }
    }

    /* compiled from: SSLTool.java */
    /* loaded from: classes2.dex */
    public static class c implements X509TrustManager {
        private c() {
        }

        private String[] a(X509Certificate x509Certificate) {
            return new String[]{x509Certificate.getSubjectDN().getName(), x509Certificate.getIssuerDN().getName(), d.b.d(x509Certificate.getPublicKey().getEncoded())};
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr == null) {
                throw new CertificateException("checkServerTrusted: X509Certificate array is null");
            }
            if (x509CertificateArr.length < 1) {
                throw new CertificateException("checkServerTrusted: X509Certificate is empty");
            }
            if (!"ECDHE_RSA".equals(str) && !"GENERIC".equals(str)) {
                d.q.h.b.d("checkServerTrusted: AuthType is ", str);
                throw new CertificateException("checkServerTrusted: AuthType is not ECDHE_RSA");
            }
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException e2) {
                d.q.h.b.c(e2);
            }
            if (j.a.f.c(a(x509CertificateArr[0])[0].startsWith("CN=*.fxnotary.com") ? "fxnotary.cer" : "huawei.cer", "huawei.cer")) {
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    private static SSLSocketFactory a() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new c()}, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e2) {
            d.q.h.b.c(e2);
            return null;
        }
    }

    public static void b(z.a aVar) {
        aVar.Z(new b());
        SSLSocketFactory a2 = a();
        if (a2 == null) {
            return;
        }
        aVar.Q0(a2, new c());
    }
}
