package com.yirendai.net;

import android.util.Log;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class d implements X509TrustManager {
    private final Certificate a;
    private final Certificate b;
    private final Certificate c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public d(KeyStore keyStore) {
        this.a = keyStore.getCertificate("VeriSign");
        this.b = keyStore.getCertificate("G5");
        this.c = keyStore.getCertificate("G4");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        Throwable e;
        CertificateException certificateException;
        X509Certificate x509Certificate;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            e = new CertificateException("Certificate chain is invalid.");
        } else if (str == null || str.length() == 0) {
            e = new CertificateException("Authentication type is invalid.");
        } else {
            Log.i("MyX509TrustManager", "Chain includes " + x509CertificateArr.length + " certificates.");
            try {
                int length = x509CertificateArr.length;
                int i = 0;
                X509Certificate x509Certificate2 = null;
                X509Certificate x509Certificate3 = null;
                X509Certificate x509Certificate4 = null;
                while (i < length) {
                    X509Certificate x509Certificate5 = x509CertificateArr[i];
                    Log.i("MyX509TrustManager", "Server Certificate Details:");
                    Log.i("MyX509TrustManager", "---------------------------");
                    Log.i("MyX509TrustManager", "IssuerDN: " + x509Certificate5.getIssuerDN().toString());
                    Log.i("MyX509TrustManager", "SubjectDN: " + x509Certificate5.getSubjectDN().toString());
                    Log.i("MyX509TrustManager", "Serial Number: " + x509Certificate5.getSerialNumber());
                    Log.i("MyX509TrustManager", "Version: " + x509Certificate5.getVersion());
                    Log.i("MyX509TrustManager", "Not before: " + x509Certificate5.getNotBefore().toString());
                    Log.i("MyX509TrustManager", "Not after: " + x509Certificate5.getNotAfter().toString());
                    Log.i("MyX509TrustManager", "key: " + x509Certificate5.getPublicKey());
                    Log.i("MyX509TrustManager", "---------------------------");
                    if (x509Certificate5 != null) {
                        x509Certificate5.checkValidity();
                        if (x509Certificate5.getSubjectDN().toString().contains("G5")) {
                            X509Certificate x509Certificate6 = x509Certificate2;
                            x509Certificate = x509Certificate5;
                            x509Certificate5 = x509Certificate6;
                        } else if (x509Certificate5.getSubjectDN().toString().contains("G4")) {
                            x509Certificate = x509Certificate3;
                        } else if (x509Certificate5.getSubjectDN().toString().contains("yirendai")) {
                            x509Certificate4 = x509Certificate5;
                            x509Certificate5 = x509Certificate2;
                            x509Certificate = x509Certificate3;
                        }
                        i++;
                        x509Certificate3 = x509Certificate;
                        x509Certificate2 = x509Certificate5;
                    } else {
                        Log.e("MyX509TrustManager", "Certificate null");
                    }
                    x509Certificate5 = x509Certificate2;
                    x509Certificate = x509Certificate3;
                    i++;
                    x509Certificate3 = x509Certificate;
                    x509Certificate2 = x509Certificate5;
                }
                Log.e("MyX509TrustManager", "g5 nei=" + this.b.getPublicKey() + "g4 nei=" + this.c.getPublicKey());
                if (x509Certificate3 == null || x509Certificate2 == null || x509Certificate4 == null) {
                    if (x509Certificate4 != null) {
                        x509Certificate4.verify(this.c.getPublicKey());
                        certificateException = null;
                    } else {
                        certificateException = new CertificateException("Certificate chain is self_gen.");
                    }
                } else if (x509Certificate3.getIssuerDN().toString().contains("OU=Class 3 Public Primary Certification Authority,")) {
                    x509Certificate3.verify(this.a.getPublicKey());
                    x509Certificate2.verify(x509Certificate3.getPublicKey());
                    x509Certificate4.verify(x509Certificate2.getPublicKey());
                    certificateException = null;
                } else if (x509Certificate3.getIssuerDN().toString().contains("CN=VeriSign Class 3 Public Primary Certification Authority - G5,")) {
                    x509Certificate2.verify(this.b.getPublicKey());
                    x509Certificate4.verify(x509Certificate2.getPublicKey());
                    certificateException = null;
                } else {
                    x509Certificate4.verify(this.c.getPublicKey());
                    certificateException = null;
                }
                e = (x509Certificate4 == null || x509Certificate4.getSubjectDN().toString().contains("yirendai.com")) ? certificateException : new CertificateException("Certificate domain is uncorrect.");
            } catch (InvalidKeyException e2) {
                e = e2;
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
            } catch (NoSuchProviderException e4) {
                e = e4;
            } catch (SignatureException e5) {
                e = e5;
            }
        }
        if (e != null) {
            Log.e("MyX509TrustManager", "Certificate error", e);
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
