package cn.org.bjca.signet.component.core.utils;

import java.io.ByteArrayInputStream;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import javax.net.ssl.X509TrustManager;

/* compiled from: HttpUtil.java */
/* loaded from: classes2.dex */
class MsspTrustManager implements X509TrustManager {
    private final String[] cert;
    private boolean trusted = false;

    public MsspTrustManager(String[] strArr) {
        this.cert = strArr;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || StringUtil.isEmpty(str)) {
            throw new IllegalArgumentException("服务器返回参数异常");
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        int i = 0;
        while (true) {
            String[] strArr = this.cert;
            if (i >= strArr.length) {
                break;
            }
            try {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(StringUtil.base64Decode(strArr[i])));
                HashSet hashSet = new HashSet();
                hashSet.add(new TrustAnchor(x509Certificate, null));
                PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
                pKIXParameters.setRevocationEnabled(false);
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                    arrayList.add(x509Certificate2);
                }
                CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(arrayList), pKIXParameters);
                this.trusted = true;
                break;
            } catch (Exception e) {
                e.printStackTrace();
                this.trusted = false;
                i++;
            }
        }
        if (!this.trusted) {
            throw new CertificateException("服务器证书链验证失败");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
