package com.tencent.mm.plugin.appbrand.network.workaround.verify;

import com.tencent.mm.plugin.appbrand.network.workaround.fetch.ICertNetFetcher;
import com.tencent.mm.plugin.appbrand.network.workaround.utils.CommonsKt;
import com.tencent.mm.sdk.platformtools.Log;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Lazy;
import kotlin.Metadata;
import kotlin.collections.m;
import kotlin.i;
import kotlin.jvm.internal.j;
import kotlin.jvm.internal.r;

@Metadata(d1 = {"\u0000:\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0002\n\u0002\u0010\u0011\n\u0002\b\t\u0018\u0000 \u00182\u00020\u0001:\u0001\u0018B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J(\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\b\u0010\f\u001a\u0004\u0018\u00010\rH\u0002J/\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0007\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u000b\u0018\u00010\u00102\b\u0010\f\u001a\u0004\u0018\u00010\r¢\u0006\u0002\u0010\u0011J \u0010\u0012\u001a\u0004\u0018\u00010\u000b2\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\u0006\u0010\u0014\u001a\u00020\u000bH\u0002J\u0012\u0010\u0015\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0016\u001a\u00020\rH\u0002J(\u0010\u0017\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\b\u0010\f\u001a\u0004\u0018\u00010\rH\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0019"}, d2 = {"Lcom/tencent/mm/plugin/appbrand/network/workaround/verify/CertVerifyProcess;", "", "certNetFetcher", "Lcom/tencent/mm/plugin/appbrand/network/workaround/fetch/ICertNetFetcher;", "(Lcom/tencent/mm/plugin/appbrand/network/workaround/fetch/ICertNetFetcher;)V", "attemptVerifyAfterAIAFetch", "", "trustManager", "Ljavax/net/ssl/X509TrustManager;", "chain", "", "Ljava/security/cert/X509Certificate;", "authType", "", "doVerify", "", "", "(Ljavax/net/ssl/X509TrustManager;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "findLastCertWithUnknownIssuer", "certs", "startCert", "performAIAFetch", "caIssuerUri", "tryVerifyWithAIAFetching", "Companion", "luggage-commons_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes2.dex */
public final class CertVerifyProcess {
    private static final String CERTIFICATE_TYPE_X509 = "X.509";

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final boolean DEBUG_CERT_VERIFY_PROCESS = CommonsKt.isDebugEnv();
    private static final int MAX_AIA_FETCH_NUM = 5;
    private static final String TAG = "MicroMsg.Verify.CertVerifyProcess";
    private static final Lazy<CertificateFactory> certificateFactory$delegate;
    private byte _hellAccFlag_;
    private final ICertNetFetcher certNetFetcher;

    @Metadata(d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u001d\u0010\n\u001a\u0004\u0018\u00010\u000b8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u000e\u0010\u000f\u001a\u0004\b\f\u0010\r¨\u0006\u0010"}, d2 = {"Lcom/tencent/mm/plugin/appbrand/network/workaround/verify/CertVerifyProcess$Companion;", "", "()V", "CERTIFICATE_TYPE_X509", "", "DEBUG_CERT_VERIFY_PROCESS", "", "MAX_AIA_FETCH_NUM", "", "TAG", "certificateFactory", "Ljava/security/cert/CertificateFactory;", "getCertificateFactory", "()Ljava/security/cert/CertificateFactory;", "certificateFactory$delegate", "Lkotlin/Lazy;", "luggage-commons_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes2.dex */
    public static final class Companion {
        private byte _hellAccFlag_;

        private Companion() {
        }

        public /* synthetic */ Companion(j jVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final CertificateFactory getCertificateFactory() {
            return (CertificateFactory) CertVerifyProcess.certificateFactory$delegate.getValue();
        }
    }

    static {
        Lazy<CertificateFactory> b;
        b = i.b(CertVerifyProcess$Companion$certificateFactory$2.INSTANCE);
        certificateFactory$delegate = b;
    }

    public CertVerifyProcess(ICertNetFetcher iCertNetFetcher) {
        r.g(iCertNetFetcher, "certNetFetcher");
        this.certNetFetcher = iCertNetFetcher;
    }

    private final boolean attemptVerifyAfterAIAFetch(X509TrustManager trustManager, List<X509Certificate> chain, String authType) {
        try {
            Object[] array = chain.toArray(new X509Certificate[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            trustManager.checkServerTrusted((X509Certificate[]) array, authType);
            return true;
        } catch (Exception e) {
            if (!DEBUG_CERT_VERIFY_PROCESS) {
                return false;
            }
            Log.d(TAG, "attemptVerifyAfterAIAFetch, verify fail since " + e);
            return false;
        }
    }

    private final X509Certificate findLastCertWithUnknownIssuer(List<X509Certificate> certs, X509Certificate startCert) {
        X509Certificate x509Certificate;
        HashSet hashSet = new HashSet();
        while (true) {
            hashSet.add(startCert);
            Iterator<X509Certificate> it = certs.iterator();
            while (true) {
                if (!it.hasNext()) {
                    x509Certificate = null;
                    break;
                }
                x509Certificate = it.next();
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                X500Principal issuerX500Principal = startCert.getIssuerX500Principal();
                boolean z = DEBUG_CERT_VERIFY_PROCESS;
                if (z) {
                    Log.d(TAG, "findLastCertWithUnknownIssuer, certSubject: " + subjectX500Principal + ", lastCertIssuer: " + issuerX500Principal);
                }
                if (r.b(subjectX500Principal, issuerX500Principal)) {
                    if (z) {
                        Log.d(TAG, "findLastCertWithUnknownIssuer, certSubject is the same as lastCertIssuer");
                    }
                }
            }
            if (x509Certificate == null) {
                return startCert;
            }
            X500Principal subjectX500Principal2 = x509Certificate.getSubjectX500Principal();
            X500Principal issuerX500Principal2 = x509Certificate.getIssuerX500Principal();
            boolean z2 = DEBUG_CERT_VERIFY_PROCESS;
            if (z2) {
                Log.d(TAG, "findLastCertWithUnknownIssuer, lastIssuerCertSubject: " + subjectX500Principal2 + ", lastIssuerCertIssuer: " + issuerX500Principal2);
            }
            if (r.b(subjectX500Principal2, issuerX500Principal2)) {
                if (z2) {
                    Log.d(TAG, "findLastCertWithUnknownIssuer, lastIssuerCertSubject is the same as lastIssuerCertIssuer");
                }
                return null;
            }
            if (hashSet.contains(x509Certificate)) {
                return null;
            }
            startCert = x509Certificate;
        }
    }

    private final X509Certificate performAIAFetch(String caIssuerUri) {
        boolean z = DEBUG_CERT_VERIFY_PROCESS;
        if (z) {
            Log.d(TAG, "performAIAFetch, caIssuerUri: " + caIssuerUri);
        }
        CertificateFactory certificateFactory = INSTANCE.getCertificateFactory();
        if (certificateFactory == null) {
            if (z) {
                Log.d(TAG, "performAIAFetch, certificateFactory is null");
            }
            return null;
        }
        try {
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(ICertNetFetcher.DefaultImpls.fetchCaIssuers$default(this.certNetFetcher, caIssuerUri, 0, 0, 6, null).waitForResult()));
                if (generateCertificate != null) {
                    return (X509Certificate) generateCertificate;
                }
                throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            } catch (Exception e) {
                Log.printErrStackTrace(TAG, e, "performAIAFetch, generate certificate fail", new Object[0]);
                return null;
            }
        } catch (Exception e2) {
            Log.w(TAG, "performAIAFetch, fetch fail since " + e2);
            return null;
        }
    }

    private final boolean tryVerifyWithAIAFetching(X509TrustManager trustManager, List<X509Certificate> chain, String authType) {
        String str;
        if (DEBUG_CERT_VERIFY_PROCESS) {
            Log.d(TAG, "tryVerifyWithAIAFetching");
        }
        if (chain.isEmpty()) {
            str = "tryVerifyWithAIAFetching, chain is empty";
        } else {
            X509Certificate findLastCertWithUnknownIssuer = findLastCertWithUnknownIssuer(chain, chain.get(0));
            if (findLastCertWithUnknownIssuer != null) {
                int i2 = 0;
                loop0: while (true) {
                    AuthorityInfoAccess parseAIA = AuthorityInfoAccessKt.parseAIA(findLastCertWithUnknownIssuer);
                    if (parseAIA == null) {
                        str = "tryVerifyWithAIAFetching, aiaInfo is null";
                        break;
                    }
                    if (parseAIA.getCaIssuersUris().isEmpty()) {
                        str = "tryVerifyWithAIAFetching, caIssuersUris is empty";
                        break;
                    }
                    for (String str2 : parseAIA.getCaIssuersUris()) {
                        i2++;
                        if (5 < i2) {
                            str = "tryVerifyWithAIAFetching, reach max fetch num";
                            break loop0;
                        }
                        X509Certificate performAIAFetch = performAIAFetch(str2);
                        if (performAIAFetch != null) {
                            chain.add(performAIAFetch);
                            if (attemptVerifyAfterAIAFetch(trustManager, chain, authType)) {
                                Log.i(TAG, "tryVerifyWithAIAFetching, verify success");
                                return true;
                            }
                        }
                    }
                    X509Certificate findLastCertWithUnknownIssuer2 = findLastCertWithUnknownIssuer(chain, findLastCertWithUnknownIssuer);
                    if (findLastCertWithUnknownIssuer2 == null || r.b(findLastCertWithUnknownIssuer2, findLastCertWithUnknownIssuer)) {
                        break;
                    }
                    findLastCertWithUnknownIssuer = findLastCertWithUnknownIssuer2;
                }
                return false;
            }
            str = "tryVerifyWithAIAFetching, lastCertWithUnknownIssuer is null";
        }
        Log.i(TAG, str);
        return false;
    }

    public final void doVerify(X509TrustManager trustManager, X509Certificate[] chain, String authType) {
        List<X509Certificate> t0;
        r.g(trustManager, "trustManager");
        try {
            trustManager.checkServerTrusted(chain, authType);
        } catch (CertificateException e) {
            if (DEBUG_CERT_VERIFY_PROCESS) {
                Log.d(TAG, "doVerify, verify fail since " + e);
            }
            if (chain == null) {
                throw e;
            }
            boolean z = false;
            try {
                t0 = m.t0(chain);
                z = tryVerifyWithAIAFetching(trustManager, t0, authType);
            } catch (Exception e2) {
                if (DEBUG_CERT_VERIFY_PROCESS) {
                    Log.printErrStackTrace(TAG, e2, "tryVerifyWithAIAFetching, verify fail", new Object[0]);
                }
            }
            if (!z) {
                throw e;
            }
        }
    }
}
