package com.aspire.util.loader.g0;

import com.aspire.service.login.k;
import com.aspire.util.AspLog;
import com.aspire.util.AspireUtils;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.X509TrustManager;

/* compiled from: TrustManagerChain.java */
/* loaded from: classes.dex */
public class c implements X509TrustManager {

    /* renamed from: c, reason: collision with root package name */
    public static final String f10119c = "TrustManagerChain";

    /* renamed from: a, reason: collision with root package name */
    protected X509Certificate f10120a = null;

    /* renamed from: b, reason: collision with root package name */
    protected String f10121b;

    /* compiled from: TrustManagerChain.java */
    /* loaded from: classes.dex */
    class a implements Runnable {
        a() {
        }

        @Override // java.lang.Runnable
        public void run() {
            c cVar = c.this;
            cVar.f10120a = cVar.a(cVar.f10121b);
        }
    }

    public c() {
        this.f10121b = "@@f8059e604b2c58e54f7c6f37f2ad86e05ae028ba23f5cf5229257b8bf2896cbd";
        this.f10121b = k.b("mmsec", "@@f8059e604b2c58e54f7c6f37f2ad86e05ae028ba23f5cf5229257b8bf2896cbd", true);
        AspLog.d(f10119c, "TrustManagerChain:" + this.f10121b);
        AspireUtils.queueWork(new a());
    }

    protected String a(X509Certificate x509Certificate, boolean z) {
        String str = "";
        if (x509Certificate != null) {
            try {
                String[] split = z ? x509Certificate.getIssuerX500Principal().getName().split(",") : x509Certificate.getSubjectX500Principal().getName().split(",");
                int length = split.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str2 = split[i];
                    if (str2.startsWith("CN=")) {
                        str = str2;
                        break;
                    }
                    i++;
                }
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        AspLog.d(f10119c, "getCertCommonName,cn:" + str);
        return str;
    }

    protected X509Certificate a(String str) {
        AspLog.d(f10119c, "getCAFromSystem, cn:" + str);
        X509Certificate x509Certificate = null;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate2 = (X509Certificate) keyStore.getCertificate(aliases.nextElement().toString());
                String a2 = a(x509Certificate2, false);
                AspLog.d(f10119c, "getCAFromSystem,commonName:" + a2);
                if (a2 != null && a2.equals(str)) {
                    AspLog.d(f10119c, "find CA! subject:" + x509Certificate2.getSubjectX500Principal() + ",issuer:" + x509Certificate2.getIssuerX500Principal());
                    x509Certificate = x509Certificate2;
                }
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        return x509Certificate;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z;
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("checkServerTrusted error,X509Certificate is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new IllegalArgumentException("checkServerTrusted error,X509Certificate is empty");
        }
        int i = 0;
        while (i < x509CertificateArr.length - 1) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            i++;
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            x509Certificate.checkValidity();
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new CertificateException("cert verify failed");
            }
        }
        X509Certificate x509Certificate3 = x509CertificateArr[x509CertificateArr.length - 1];
        x509Certificate3.checkValidity();
        try {
            x509Certificate3.verify(x509Certificate3.getPublicKey());
            z = true;
        } catch (Exception e3) {
            e3.printStackTrace();
            z = false;
        }
        if (z) {
            String a2 = a(x509Certificate3, false);
            AspLog.d(f10119c, "self signed ok,check CA CommonName=" + a2);
            if (!this.f10121b.equals(a2)) {
                throw new CertificateException("cert verify failed,ca not right");
            }
        }
        if (z) {
            return;
        }
        AspLog.d(f10119c, "self signed nok,check from system");
        X509Certificate x509Certificate4 = null;
        String a3 = a(x509Certificate3, true);
        if (this.f10121b.equals(a3)) {
            x509Certificate4 = this.f10120a;
            if (x509Certificate4 == null) {
                x509Certificate4 = a(a3);
            }
            if (this.f10120a == null) {
                this.f10120a = x509Certificate4;
            }
        }
        if (x509Certificate4 == null) {
            AspLog.e(f10119c, "Can not find CA from system!");
            throw new CertificateException("cert-chain verify failed");
        }
        try {
            x509Certificate3.verify(x509Certificate4.getPublicKey());
            AspLog.d(f10119c, "cert-chain verify succeed!");
        } catch (Exception e4) {
            e4.printStackTrace();
            throw new CertificateException("cert-chain verify failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
