package cz.acrobits.internal;

import android.content.res.AssetManager;
import cz.acrobits.ali.AndroidUtil;
import cz.acrobits.ali.Log;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes3.dex */
public class CertificatesVerifier {
    public static final String ASSETS_PATH = "ca-certificates";
    public static final String RSA = "RSA";
    private static final Log.Tag TAG = new Log.Tag((Class<?>) CertificatesVerifier.class);
    public static final String X509 = "X509";
    protected static X509HostnameVerifier mHostnameVerifier;
    protected static X509TrustManager[] mManagers;

    public static X509TrustManager createManager(TrustManagerFactory trustManagerFactory, KeyStore keyStore) {
        try {
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    private void load() {
        try {
            Log.info(TAG, "Initializing...");
            ArrayList arrayList = new ArrayList();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(X509);
            arrayList.add(createManager(trustManagerFactory, null));
            AssetManager assets = AndroidUtil.getApplicationContext().getAssets();
            String[] list = assets.list(ASSETS_PATH);
            if (list != null) {
                Log.debug(TAG, "Loading custom CAs:");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
                for (String str : list) {
                    String substring = str.substring(0, str.length() - 4);
                    Log.debug(TAG, ".. %s", substring);
                    keyStore.setCertificateEntry(substring, (X509Certificate) certificateFactory.generateCertificate(assets.open("ca-certificates/" + str)));
                }
                arrayList.add(createManager(trustManagerFactory, keyStore));
            }
            mManagers = (X509TrustManager[]) arrayList.toArray(new X509TrustManager[arrayList.size()]);
            mHostnameVerifier = new BrowserCompatHostnameVerifier();
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    public static Throwable verify(X509Certificate[] x509CertificateArr, X509TrustManager x509TrustManager) {
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, RSA);
            return null;
        } catch (CertificateException e) {
            return e;
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    public X509Certificate[] parseChain(byte[][] bArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= x509CertificateArr.length) {
                    return x509CertificateArr;
                }
                x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr[i2]));
                i = i2 + 1;
            }
        } catch (Throwable th) {
            th.printStackTrace();
            return null;
        }
    }

    public boolean verify(String str, X509Certificate[] x509CertificateArr) {
        if (mManagers == null || mManagers.length == 0) {
            Log.warning(TAG, "No trust manager, cannot verify");
            return false;
        }
        try {
            mHostnameVerifier.verify(str, x509CertificateArr[0]);
            Throwable[] thArr = new Throwable[mManagers.length];
            for (int i = 0; i < mManagers.length; i++) {
                Throwable verify = verify(x509CertificateArr, mManagers[i]);
                thArr[i] = verify;
                if (verify == null) {
                    Log.info(TAG, "Certificate verified for %s", str);
                    return true;
                }
            }
            Log.warning(TAG, "Certificate verification failed for %s", str);
            for (Throwable th : thArr) {
                Log.debug(TAG, ".. %s", th.getMessage());
            }
            return false;
        } catch (SSLException e) {
            Log.warning(TAG, "Hostname verification failed for %s", str);
            Log.debug(TAG, ".. %s", e.getMessage());
            return false;
        }
    }
}
