package ak.im.module;

import ak.im.d;
import ak.im.utils.cy;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.X509TrustManager;

/* compiled from: AkeyChatX509.java */
/* loaded from: classes.dex */
public class k implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    X509TrustManager f533a;
    CertificateFactory b;
    private X509Certificate c;
    private X509Certificate d;
    private String e;
    private URL f;

    /* JADX WARN: Removed duplicated region for block: B:17:0x00e1  */
    /* JADX WARN: Removed duplicated region for block: B:56:0x00b9 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public k(java.net.URL r6) throws java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 242
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ak.im.module.k.<init>(java.net.URL):void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z;
        boolean z2;
        if (!ak.im.utils.a.isNeedVerifyCertificate(this.f)) {
            cy.w("AkeyChatX509", "do not need verify certificate-check-server-trusted");
            return;
        }
        int i = 0;
        try {
            this.f533a.checkClientTrusted(x509CertificateArr, str);
            z = false;
        } catch (CertificateException e) {
            com.google.a.a.a.a.a.a.printStackTrace(e);
            z = true;
        }
        Date date = new Date();
        String name = x509CertificateArr[0].getSubjectDN().getName();
        int length = x509CertificateArr.length;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (GeneralSecurityException unused) {
                throw new CertificateException("invalid date of " + name);
            }
        }
        if (!z) {
            cy.w("AkeyChatX509", "default verify pass do not continue");
            return;
        }
        Principal principal = null;
        int i2 = length - 1;
        while (i2 >= 0) {
            X509Certificate x509Certificate2 = x509CertificateArr[i2];
            Principal issuerDN = x509Certificate2.getIssuerDN();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            if (principal != null) {
                if (!issuerDN.equals(principal)) {
                    cy.w("AkeyChatX509", "subject/issuer verification failed of " + name);
                    throw new CertificateException("subject/issuer verification failed of " + name);
                }
                try {
                    x509CertificateArr[i2].verify(x509CertificateArr[i2 + 1].getPublicKey());
                } catch (GeneralSecurityException unused2) {
                    cy.w("AkeyChatX509", "signature verification failed of " + name);
                    throw new CertificateException("signature verification failed of " + name);
                }
            }
            i2--;
            principal = subjectDN;
        }
        cy.i("AkeyChatX509", "cert chain trusted-1 " + name);
        String substring = name.startsWith("CN=") ? name.substring("CN=".length()) : name;
        if (substring.startsWith("*.")) {
            substring = substring.substring(2);
        }
        if (!this.e.contains(substring)) {
            throw new CertificateException("target verification failed of " + name);
        }
        cy.i("AkeyChatX509", "cert domain trusted-2 " + name);
        cy.i("AkeyChatX509", "cert expired trusted " + name);
        int length2 = x509CertificateArr.length;
        int i3 = 0;
        while (true) {
            if (i3 >= length2) {
                z2 = false;
                break;
            }
            X509Certificate x509Certificate3 = x509CertificateArr[i3];
            cy.i("AkeyChatX509", "check chain cert:" + x509Certificate3.getSubjectDN().getName());
            if (x509Certificate3.equals(this.c)) {
                z2 = true;
                break;
            }
            i3++;
        }
        cy.i("AkeyChatX509", "check verify result:" + z2);
        if (z2) {
            cy.w("AkeyChatX509", "cert 1 verify pass so do not need verify cert 2");
        } else {
            InputStream openRawResource = ak.im.b.get().getResources().openRawResource(d.j.intermediate_ca2);
            if (openRawResource != null) {
                this.d = (X509Certificate) this.b.generateCertificate(openRawResource);
                int length3 = x509CertificateArr.length;
                while (true) {
                    if (i >= length3) {
                        break;
                    }
                    if (x509CertificateArr[i].equals(this.d)) {
                        z2 = true;
                        break;
                    }
                    i++;
                }
            }
        }
        if (!z2) {
            throw new CertificateException("no matching pinned certificate found of " + name);
        }
        cy.i("AkeyChatX509", "cert pinning trusted " + name);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
