package com.smile.security;

import com.smile.telephony.ToneGenerator;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import smile.util.ResourceStore;

/* loaded from: classes3.dex */
public class TrustManager implements X509TrustManager {
    private static X509Certificate[] acceptedIssuers;
    private static List<X509TrustManager> pkixTrustManagers = new ArrayList();
    private InetAddress serverAddress;

    static {
        String[] strArr = {"security/cacert.p12", "security/cacerts.p12"};
        char[] cArr = new char[0];
        Vector vector = new Vector();
        for (int i = 0; i < 2; i++) {
            try {
                KeyStore keyStore = getkeyStore(strArr[i], cArr);
                if (keyStore != null) {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                    trustManagerFactory.init(keyStore);
                    X509TrustManager x509TrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
                    for (X509Certificate x509Certificate : x509TrustManager.getAcceptedIssuers()) {
                        vector.add(x509Certificate);
                    }
                    pkixTrustManagers.add(x509TrustManager);
                }
            } catch (Throwable th) {
                ResourceStore.error("TrustManager", th);
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        acceptedIssuers = x509CertificateArr;
        vector.copyInto(x509CertificateArr);
        ResourceStore.toLog("TrustManager acceptedIssuers " + acceptedIssuers.length + " pkixTrustManagers=" + pkixTrustManagers.size());
    }

    public TrustManager(InetAddress inetAddress) {
        this.serverAddress = inetAddress;
    }

    public static KeyStore getkeyStore(String str, char[] cArr) throws Exception {
        KeyStore loadkeyStoreFromJar = loadkeyStoreFromJar(str, cArr);
        return loadkeyStoreFromJar == null ? loadkeyStore(str, cArr) : loadkeyStoreFromJar;
    }

    public static KeyStore loadkeyStore(String str, char[] cArr) throws Exception {
        File file = new File(System.getProperty("user.home"), str);
        if (!file.exists()) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        FileInputStream fileInputStream = new FileInputStream(file);
        keyStore.load(fileInputStream, cArr);
        fileInputStream.close();
        return keyStore;
    }

    public static KeyStore loadkeyStoreFromJar(String str, char[] cArr) {
        try {
            InputStream resourceAsStream = TrustManager.class.getClassLoader().getResourceAsStream(str);
            if (resourceAsStream == null) {
                return null;
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(resourceAsStream, cArr);
            resourceAsStream.close();
            return keyStore;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z;
        InetAddress byName;
        String property = System.getProperty("acceptedCNs");
        boolean z2 = ToneGenerator.DTMFS.equals(property) || "true".equals(System.getProperty("noverifycert"));
        int i = 0;
        while (true) {
            if (i >= pkixTrustManagers.size()) {
                z = false;
                break;
            }
            try {
                try {
                    pkixTrustManagers.get(i).checkServerTrusted(x509CertificateArr, str);
                    z = true;
                    break;
                } catch (Throwable unused) {
                    continue;
                }
            } catch (Throwable unused2) {
            }
            i++;
        }
        if (!z && !z2) {
            String str2 = "Untrusted certificate " + (z2 ? "accepted" : " not accepted") + ": {";
            for (X509Certificate x509Certificate : x509CertificateArr) {
                str2 = str2 + " [" + x509Certificate.getSubjectX500Principal().getName() + "] ";
            }
            String str3 = str2 + "}";
            ResourceStore.toLog(str3);
            if (!z2 && !this.serverAddress.isSiteLocalAddress()) {
                throw new CertificateException(str3);
            }
        }
        if (z2) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        if (property != null) {
            for (String str4 : property.split(",")) {
                arrayList.add(str4);
            }
        }
        String hostName = this.serverAddress.getHostName();
        X509Certificate x509Certificate2 = x509CertificateArr[0];
        String name = x509Certificate2.getSubjectX500Principal().getName();
        int indexOf = name.indexOf("CN=");
        if (indexOf != -1) {
            String substring = name.substring(indexOf + 3);
            int indexOf2 = substring.indexOf(44);
            if (indexOf2 != -1) {
                substring = substring.substring(0, indexOf2);
            }
            substring.trim();
            ResourceStore.toLog("cn=" + substring + " serverName=" + hostName + " serverAddress=" + this.serverAddress + " host=" + this.serverAddress.getHostAddress() + " cns=" + arrayList);
            if (substring.equals(hostName) || substring.equals(this.serverAddress.getHostAddress()) || this.serverAddress.isSiteLocalAddress() || arrayList.contains(substring) || substring.equals(hostName.substring(hostName.indexOf(46) + 1))) {
                return;
            }
            if (substring.startsWith("*.") && (hostName.endsWith(substring.substring(1)) || hostName.equals(substring.substring(2)))) {
                return;
            }
            try {
                byName = InetAddress.getByName(substring);
            } catch (UnknownHostException e) {
                ResourceStore.toLog(e.toString());
            }
            if (this.serverAddress.equals(byName)) {
                return;
            }
            if ((byName instanceof Inet6Address) && substring.substring(substring.indexOf(46) + 1).equals(hostName.substring(hostName.indexOf(46) + 1))) {
                return;
            }
            InetAddress[] allByName = InetAddress.getAllByName(hostName);
            for (int i2 = 0; i2 < allByName.length; i2++) {
                ResourceStore.toLog("cn=" + substring + " serverName=" + hostName + " inetAddress=" + byName + " host=" + allByName[i2]);
                if (allByName[i2].equals(byName)) {
                    return;
                }
            }
            Collection<List<?>> subjectAlternativeNames = x509Certificate2.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                Iterator<List<?>> it = subjectAlternativeNames.iterator();
                while (it.hasNext()) {
                    String obj = it.next().get(1).toString();
                    if (obj.equals(hostName)) {
                        return;
                    }
                    if (obj.startsWith("*.") && (hostName.endsWith(obj.substring(1)) || hostName.equals(obj.substring(2)))) {
                        return;
                    }
                    if (arrayList.contains(obj)) {
                        return;
                    }
                }
            }
        }
        throw new CertificateException("Untrusted certificate. Target host name " + hostName + " does not match CN from the server certificate (" + name + ")");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return acceptedIssuers;
    }
}
