package cn.com.jit.mctk.net.ssl.checker;

import cn.com.jit.ida.util.pki.PKIException;
import cn.com.jit.ida.util.pki.cert.X509Cert;
import cn.com.jit.ida.util.pki.cipher.JCrypto;
import cn.com.jit.ida.util.pki.cipher.Session;
import cn.com.jit.mctk.log.config.MLog;
import cn.com.jit.mctk.net.connect.IConnect;
import java.security.cert.CertificateException;
import java.util.List;

/* loaded from: classes.dex */
public class SSLServSignChecker implements SSLTrustChecker {
    public static List<X509Cert> trustCertList;

    public SSLServSignChecker(List<X509Cert> list) {
        trustCertList = list;
    }

    private Session getSession() {
        JCrypto jCrypto = JCrypto.getInstance();
        try {
            jCrypto.initialize(JCrypto.JSOFT_LIB, null);
            return jCrypto.openSession(JCrypto.JSOFT_LIB);
        } catch (PKIException e) {
            MLog.e(IConnect.HTTPCLIENT, "PKIException", e);
            return null;
        }
    }

    @Override // cn.com.jit.mctk.net.ssl.checker.SSLTrustChecker
    public void check(X509Cert x509Cert) {
        Session session = getSession();
        boolean z = false;
        for (X509Cert x509Cert2 : trustCertList) {
            try {
                boolean verify = x509Cert.verify(x509Cert2.getPublicKey(), session);
                MLog.i(IConnect.HTTPCLIENT, "isVerifySign =>" + verify + " ,ca cert=>" + x509Cert2.getSubject() + ", serverCert=>" + x509Cert.getSubject());
                if (verify) {
                    return;
                } else {
                    z = verify;
                }
            } catch (Throwable th) {
                MLog.e(IConnect.HTTPCLIENT, "checkServerTrusted cert =" + x509Cert.getSubject(), th);
                throw new CertificateException("JIT CA sign serverCert error");
            }
        }
        if (!z) {
            throw new CertificateException("no JIT CA sign serverCert");
        }
    }
}
