package com.paic.base.utils;

import f.o.a.a;
import f.o.a.e;
import f.o.a.f;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class OCFTX509TrustManager implements X509TrustManager {
    private static final String TAG = "OCFTX509TrustManager";
    public static a changeQuickRedirect;
    private static OCFTX509TrustManager ocrTrustManager = new OCFTX509TrustManager();
    public static final String[] OCFT_SUPPORT_ISSURERS = {"GeoTrust", "Symantec", "DigiCert", "VeriSign"};

    private OCFTX509TrustManager() {
    }

    private boolean checkIssuerDnName(X509Certificate x509Certificate, String[] strArr) {
        f f2 = e.f(new Object[]{x509Certificate, strArr}, this, changeQuickRedirect, false, 3462, new Class[]{X509Certificate.class, String[].class}, Boolean.TYPE);
        if (f2.f14742a) {
            return ((Boolean) f2.f14743b).booleanValue();
        }
        String name = x509Certificate.getIssuerDN().getName();
        String name2 = x509Certificate.getSubjectDN().getName();
        for (String str : strArr) {
            if (name != null && name.contains(str)) {
                return true;
            }
            if (name2 != null && name2.contains(str)) {
                return true;
            }
        }
        return false;
    }

    public static SSLSocketFactory getSSLFactory() throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException {
        f f2 = e.f(new Object[0], null, changeQuickRedirect, true, 3464, new Class[0], SSLSocketFactory.class);
        if (f2.f14742a) {
            return (SSLSocketFactory) f2.f14743b;
        }
        TrustManager[] trustManagerArr = {ocrTrustManager};
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerArr, new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public void checkCertificateChain(X509Certificate[] x509CertificateArr, String[] strArr) throws Exception {
        boolean z;
        int i2 = 0;
        if (e.f(new Object[]{x509CertificateArr, strArr}, this, changeQuickRedirect, false, 3463, new Class[]{X509Certificate[].class, String[].class}, Void.TYPE).f14742a) {
            return;
        }
        int length = x509CertificateArr.length;
        int i3 = 0;
        while (true) {
            if (i3 >= length) {
                z = false;
                break;
            }
            X509Certificate x509Certificate = x509CertificateArr[i3];
            x509Certificate.checkValidity();
            if (checkIssuerDnName(x509Certificate, strArr)) {
                z = true;
                break;
            }
            i3++;
        }
        if (!z) {
            throw new CertificateException("颁发证书结构不正确！");
        }
        if (x509CertificateArr.length == 1) {
            x509CertificateArr[0].verify(x509CertificateArr[0].getPublicKey());
            return;
        }
        while (i2 < x509CertificateArr.length - 1) {
            X509Certificate x509Certificate2 = x509CertificateArr[i2];
            i2++;
            x509Certificate2.verify(x509CertificateArr[i2].getPublicKey());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r9v4, types: [java.lang.Exception] */
    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (e.f(new Object[]{x509CertificateArr, str}, this, changeQuickRedirect, false, 3461, new Class[]{X509Certificate[].class, String.class}, Void.TYPE).f14742a) {
            return;
        }
        CertificateException certificateException = null;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            certificateException = new CertificateException("Certificate chain is invalid.");
        } else if (str == null || str.length() == 0) {
            certificateException = new CertificateException("Authentication type is invalid.");
        } else {
            try {
                checkCertificateChain(x509CertificateArr, getSupportIssuers());
            } catch (Exception e2) {
                certificateException = e2;
            }
        }
        if (certificateException != null) {
            throw new CertificateException(certificateException.getMessage());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public String[] getSupportIssuers() {
        return OCFT_SUPPORT_ISSURERS;
    }
}
