package rxhttp.f.k;

import com.huawei.hwmfoundation.utils.StringUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* compiled from: X509TrustManagerImpl.java */
/* loaded from: classes6.dex */
public class b implements X509TrustManager {

    /* renamed from: b, reason: collision with root package name */
    private static String f39361b = b.class.getSimpleName();

    /* renamed from: c, reason: collision with root package name */
    private static String f39362c;

    /* renamed from: a, reason: collision with root package name */
    private List<PublicKey> f39363a = new ArrayList();

    public b() {
    }

    public b(String str) {
        f39362c = str;
        a();
    }

    private void a() {
        if (StringUtil.isEmpty(f39362c)) {
            return;
        }
        File file = new File(f39362c);
        if (!file.exists() || !file.isDirectory()) {
            com.huawei.j.a.b(f39361b, "invalid pem path");
            return;
        }
        for (File file2 : file.listFiles()) {
            if (file2.getName().endsWith(".pem")) {
                try {
                    com.huawei.j.a.c(f39361b, file2.getCanonicalPath());
                    this.f39363a.add(CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(file2)).getPublicKey());
                } catch (IOException | CertificateException e2) {
                    com.huawei.j.a.c(f39361b, "failed to read pem files: " + e2.toString());
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null) {
            throw new CertificateException("certificate chain is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new CertificateException("certificate chain is empty");
        }
        if (str == null) {
            throw new CertificateException("certificate authType is null");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
            if (this.f39363a.size() > 0) {
                int size = this.f39363a.size();
                for (int i = 0; i < this.f39363a.size(); i++) {
                    try {
                        x509Certificate.verify(this.f39363a.get(i));
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        size--;
                    }
                }
                if (size == 0) {
                    com.huawei.j.a.c(f39361b, "checkServerTrusted failed.");
                    throw new CertificateException("check server");
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
