package defpackage;

import android.annotation.SuppressLint;
import android.os.Build;
import com.huawei.hwmlogger.HCLog;
import com.zipow.videobox.util.bi;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@SuppressLint({"CustomX509TrustManager"})
/* loaded from: classes.dex */
public class kt6 implements X509TrustManager {
    public static String d = null;
    public static String[] e = null;
    public static String f = null;
    public static volatile boolean g = false;

    /* renamed from: a, reason: collision with root package name */
    public final Map<BigInteger, Boolean> f6160a;
    public final Map<String, X509CRL> b;
    public List<X509TrustManager> c;

    public kt6(String str, String[] strArr, String str2, String str3, boolean z) {
        this.f6160a = new ConcurrentHashMap();
        this.b = new ConcurrentHashMap();
        this.c = new CopyOnWriteArrayList();
        d = str;
        f = str2;
        e = strArr;
        g = z;
        i();
        j(str3);
        k();
    }

    public kt6(String str, String[] strArr, String str2, boolean z) {
        this(str, strArr, str2, "", z);
    }

    public kt6(boolean z) {
        this.f6160a = new ConcurrentHashMap();
        this.b = new ConcurrentHashMap();
        this.c = new CopyOnWriteArrayList();
        i();
        g = z;
    }

    public final void a(KeyStore keyStore, String str) {
        int i;
        int i2 = 0;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            int length = trustManagers.length;
            i = 0;
            while (i2 < length) {
                try {
                    TrustManager trustManager = trustManagers[i2];
                    if (trustManager instanceof X509TrustManager) {
                        this.c.add((X509TrustManager) trustManager);
                        i++;
                    }
                    i2++;
                } catch (Exception e2) {
                    e = e2;
                    i2 = i;
                    HCLog.b("X509TrustManagerImpl", " addX509TrustManagers error : " + e);
                    i = i2;
                    HCLog.c("X509TrustManagerImpl", " addX509TrustManagers count : " + i);
                }
            }
        } catch (Exception e3) {
            e = e3;
        }
        HCLog.c("X509TrustManagerImpl", " addX509TrustManagers count : " + i);
    }

    public final void b(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        HCLog.c("X509TrustManagerImpl", " enter doCheckServerTrusted , chain : " + x509CertificateArr.length + ", authType : " + str + " , issuer : " + (x509CertificateArr.length > 0 ? x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN().toString() : ""));
        int size = this.c.size();
        for (int i = 0; i < size; i++) {
            try {
                this.c.get(i).checkServerTrusted(x509CertificateArr, str);
                HCLog.c("X509TrustManagerImpl", " doCheckServerTrusted succeed , index : " + i);
                return;
            } catch (IllegalArgumentException | CertificateException e2) {
                HCLog.b("X509TrustManagerImpl", " doCheckServerTrusted error : " + e2 + " , index : " + i + " , isCertRevokedCheckIgnored : " + g);
                if (g && l(e2, i)) {
                    return;
                }
                if (i == size - 1) {
                    HCLog.b("X509TrustManagerImpl", " doCheckServerTrusted failed ");
                    throw new CertificateException("Certificate chain is not trusted");
                }
            }
        }
    }

    public final File[] c() {
        if (ns5.t(d)) {
            HCLog.b("X509TrustManagerImpl", " loadBksCA empty pemPath ");
            return new File[0];
        }
        File file = new File(d);
        if (file.exists() && file.isDirectory()) {
            File[] listFiles = file.listFiles();
            return listFiles == null ? new File[0] : listFiles;
        }
        HCLog.b("X509TrustManagerImpl", " loadBksCA invalid pemPath ");
        return new File[0];
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null) {
            throw new CertificateException("Certificate chain is null");
        }
        if (x509CertificateArr.length == 0) {
            throw new CertificateException("Certificate chain is empty");
        }
        if (str == null) {
            throw new CertificateException("Certificate authType is null");
        }
        b(x509CertificateArr, str);
        if (g) {
            HCLog.c("X509TrustManagerImpl", " ignore cert revoked check ");
        } else if (ns5.t(f)) {
            HCLog.c("X509TrustManagerImpl", " crl path is empty ");
        } else if (g(x509CertificateArr)) {
            throw new CertificateException("Certificate has revoked");
        }
    }

    public final String d(X509Certificate x509Certificate) throws CertificateParsingException, UnsupportedEncodingException {
        String e2 = e(x509Certificate);
        if (e2 != null) {
            return e2;
        }
        HCLog.c("X509TrustManagerImpl", " getCrl is null ");
        return f(x509Certificate);
    }

    public final String e(X509Certificate x509Certificate) throws CertificateParsingException {
        List<?> next;
        Collection<List<?>> issuerAlternativeNames = x509Certificate.getIssuerAlternativeNames();
        if (issuerAlternativeNames == null) {
            return null;
        }
        Iterator<List<?>> it = issuerAlternativeNames.iterator();
        while (it.hasNext() && (next = it.next()) != null) {
            for (Object obj : next) {
                if (obj instanceof String) {
                    String str = (String) obj;
                    if (str.endsWith(".crl")) {
                        return str;
                    }
                }
            }
        }
        return null;
    }

    public final String f(X509Certificate x509Certificate) throws UnsupportedEncodingException {
        byte[] extensionValue;
        Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs == null) {
            return null;
        }
        for (String str : nonCriticalExtensionOIDs) {
            if (str != null && (extensionValue = x509Certificate.getExtensionValue(str)) != null) {
                String str2 = new String(extensionValue, StandardCharsets.UTF_8);
                if (str2.endsWith(".crl")) {
                    return str2.substring(str2.contains(bi.b) ? str2.lastIndexOf(bi.b) : str2.lastIndexOf(bi.f3523a));
                }
            }
        }
        return null;
    }

    public final boolean g(X509Certificate[] x509CertificateArr) {
        boolean h;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                h = h(x509Certificate);
                this.f6160a.put(x509Certificate.getSerialNumber(), Boolean.valueOf(h));
                HCLog.c("X509TrustManagerImpl", " hasRevoked : " + h + " [ number : " + x509Certificate.getSerialNumber() + " - " + x509Certificate.getIssuerDN().getName() + " ] ");
            } catch (IOException | CertificateException e2) {
                HCLog.c("X509TrustManagerImpl", " hasRevoked error : " + e2);
            }
            if (h) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.c.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e2) {
            HCLog.b("X509TrustManagerImpl", " getAcceptedIssuers error : " + e2);
            return new X509Certificate[0];
        }
    }

    public final boolean h(X509Certificate x509Certificate) throws IOException, CertificateException {
        HCLog.c("X509TrustManagerImpl", " enter isRevoke ");
        if (this.f6160a.containsKey(x509Certificate.getSerialNumber())) {
            return Boolean.TRUE.equals(this.f6160a.get(x509Certificate.getSerialNumber()));
        }
        String d2 = d(x509Certificate);
        if (d2 == null) {
            HCLog.c("X509TrustManagerImpl", " isRevoke crl is null ");
            return false;
        }
        String substring = d2.substring(d2.lastIndexOf("/"));
        StringBuilder sb = new StringBuilder();
        sb.append(" isRevoke crlPath is valid : ");
        sb.append(ns5.w(substring) && ns5.w(f));
        sb.append(" , relativePath : ");
        sb.append(substring);
        HCLog.c("X509TrustManagerImpl", sb.toString());
        String str = f + substring;
        X509CRL x509crl = this.b.get(d2);
        if (x509crl == null) {
            x509crl = a33.c(str);
            if (x509crl == null) {
                HCLog.f("X509TrustManagerImpl", " isRevoke x509CRL is null ");
                return false;
            }
            this.b.put(d2, x509crl);
        }
        HCLog.c("X509TrustManagerImpl", " isRevoke start ");
        if (x509crl.isRevoked(x509Certificate)) {
            HCLog.b("X509TrustManagerImpl", " isRevoked : " + x509Certificate.getSerialNumber());
            return true;
        }
        for (X509CRLEntry x509CRLEntry : x509crl.getRevokedCertificates()) {
            if (x509CRLEntry != null && x509CRLEntry.getSerialNumber().equals(x509Certificate.getSerialNumber())) {
                HCLog.b("X509TrustManagerImpl", " isRevoked in entities : " + x509Certificate.getSerialNumber());
                return true;
            }
        }
        return false;
    }

    public final void i() {
        HCLog.c("X509TrustManagerImpl", " enter loadAndroidSystemCA ");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            a(keyStore, "X509");
        } catch (Exception e2) {
            HCLog.c("X509TrustManagerImpl", " loadAndroidSystemCA error : " + e2);
        }
    }

    public final void j(String str) {
        HCLog.c("X509TrustManagerImpl", " enter loadBksCA ");
        for (File file : c()) {
            try {
                if (file.getName().endsWith(".bks")) {
                    String canonicalPath = file.getCanonicalPath();
                    try {
                        FileInputStream fileInputStream = new FileInputStream(canonicalPath);
                        try {
                            KeyStore keyStore = KeyStore.getInstance("bks");
                            keyStore.load(fileInputStream, str == null ? null : str.toCharArray());
                            a(keyStore, "X509");
                            fileInputStream.close();
                        } catch (Throwable th) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                            break;
                        }
                    } catch (Exception e2) {
                        HCLog.b("X509TrustManagerImpl", " doLoadBksCA  error : " + e2 + " , caPath : " + canonicalPath);
                    }
                } else {
                    continue;
                }
            } catch (IOException e3) {
                HCLog.c("X509TrustManagerImpl", " loadBksCA error : " + e3);
            }
        }
    }

    public final void k() {
        X509Certificate d2;
        HCLog.c("X509TrustManagerImpl", " enter loadCustomCA ");
        for (File file : c()) {
            try {
                for (String str : e) {
                    if (file.getName().equals(str) && (d2 = a33.d(file.getCanonicalPath())) != null) {
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(null);
                        keyStore.setCertificateEntry(str, d2);
                        a(keyStore, "X509");
                        HCLog.c("X509TrustManagerImpl", " loadCustomCA " + str + " finished ");
                    }
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                HCLog.c("X509TrustManagerImpl", " loadCustomCA error : " + e2);
            }
        }
    }

    public final boolean l(Throwable th, int i) {
        if (m(th, i)) {
            return true;
        }
        for (Throwable cause = th.getCause(); cause != null; cause = cause.getCause()) {
            if (m(cause, i)) {
                return true;
            }
        }
        return false;
    }

    public final boolean m(Throwable th, int i) {
        CertPathValidatorException.Reason reason;
        CertPathValidatorException.BasicReason basicReason;
        CertPathValidatorException.Reason reason2;
        CertPathValidatorException.BasicReason basicReason2;
        CertPathValidatorException.Reason reason3;
        CertPathValidatorException.BasicReason basicReason3;
        if (th instanceof CertificateExpiredException) {
            HCLog.c("X509TrustManagerImpl", " shouldIgnoreException index : " + i + " , ignore CertificateExpiredException : " + th);
            return true;
        }
        if (th instanceof CertificateNotYetValidException) {
            HCLog.c("X509TrustManagerImpl", " shouldIgnoreException index : " + i + " , ignore CertificateNotYetValidException : " + th);
            return true;
        }
        if (Build.VERSION.SDK_INT < 24) {
            return false;
        }
        if (th instanceof CertificateRevokedException) {
            HCLog.c("X509TrustManagerImpl", " shouldIgnoreException index : " + i + " , ignore CertificateRevokedException : " + th);
            return true;
        }
        if (!(th instanceof CertPathValidatorException)) {
            return false;
        }
        CertPathValidatorException certPathValidatorException = (CertPathValidatorException) th;
        reason = certPathValidatorException.getReason();
        basicReason = CertPathValidatorException.BasicReason.EXPIRED;
        if (reason == basicReason) {
            HCLog.c("X509TrustManagerImpl", " shouldIgnoreException index : " + i + " , ignore CertPathValidatorException EXPIRED : " + th);
            return true;
        }
        reason2 = certPathValidatorException.getReason();
        basicReason2 = CertPathValidatorException.BasicReason.NOT_YET_VALID;
        if (reason2 == basicReason2) {
            HCLog.c("X509TrustManagerImpl", " shouldIgnoreException index : " + i + " , ignore CertPathValidatorException NOT_YET_VALID : " + th);
            return true;
        }
        reason3 = certPathValidatorException.getReason();
        basicReason3 = CertPathValidatorException.BasicReason.REVOKED;
        if (reason3 != basicReason3) {
            return false;
        }
        HCLog.c("X509TrustManagerImpl", " shouldIgnoreException index : " + i + " , ignore CertPathValidatorException REVOKED : " + th);
        return true;
    }
}
