package org.f.i.b;

import java.io.Serializable;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.f.d.n;
import org.f.f.r;
import org.f.v;

/* compiled from: TlsTrustManager.java */
/* loaded from: classes2.dex */
public class j implements X509TrustManager {

    /* renamed from: b, reason: collision with root package name */
    private static org.f.c.e f10146b = org.f.c.f.b(j.class);

    /* renamed from: a, reason: collision with root package name */
    X509TrustManager f10147a;

    /* renamed from: c, reason: collision with root package name */
    private boolean f10148c;

    /* renamed from: d, reason: collision with root package name */
    private v f10149d;

    /* renamed from: e, reason: collision with root package name */
    private org.f.d.a f10150e;
    private g<X509Certificate> f;

    public j(X509TrustManager x509TrustManager, boolean z, v vVar, org.f.d.a aVar, g<X509Certificate> gVar) {
        this.f10147a = x509TrustManager;
        this.f10148c = z;
        this.f10149d = vVar;
        this.f10150e = aVar;
        this.f = gVar;
    }

    private boolean a(X509Certificate[] x509CertificateArr, r rVar, boolean z) {
        if (rVar == null || rVar.length() <= 0) {
            return false;
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            r a2 = f.a(x509Certificate);
            if (f10146b.a()) {
                f10146b.a((Serializable) ("Comparing certificate fingerprint " + a2 + " with " + rVar));
            }
            if (a2 == null) {
                f10146b.b("Failed to determine fingerprint for certificate " + x509Certificate + " and algorithm " + x509Certificate.getSigAlgName());
            } else if (a2.equals(rVar)) {
                if (!f10146b.b()) {
                    return true;
                }
                f10146b.a((CharSequence) ("Peer is trusted by fingerprint '" + rVar + "' of certificate: '" + x509Certificate + "'"));
                return true;
            }
        }
        this.f10150e.a(new org.f.b.c(this, z ? n.bL : n.bJ));
        throw new CertificateException("No fingerprint of provided certificates " + Arrays.asList(x509CertificateArr) + " matched " + rVar.toHexString());
    }

    public static X509Certificate[] a(X509TrustManager x509TrustManager, g<X509Certificate> gVar) {
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        if (acceptedIssuers == null || gVar == null) {
            return acceptedIssuers;
        }
        ArrayList arrayList = new ArrayList(acceptedIssuers.length);
        for (X509Certificate x509Certificate : acceptedIssuers) {
            try {
                if (gVar.a((g<X509Certificate>) x509Certificate)) {
                    arrayList.add(x509Certificate);
                }
            } catch (CertificateException unused) {
                f10146b.a((Serializable) ("Security callback " + gVar + " rejected " + x509Certificate));
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }

    protected g<X509Certificate> a() {
        k kVar;
        return (!(this.f10149d.h() instanceof k) || (kVar = (k) this.f10149d.h()) == null || kVar.getTlsTmSecurityCallback() == null) ? this.f : kVar.getTlsTmSecurityCallback();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        v vVar = this.f10149d;
        if (vVar != null && vVar.h() != null) {
            r clientFingerprint = this.f10149d.h().getClientFingerprint();
            if (a(x509CertificateArr, clientFingerprint, false)) {
                return;
            }
            this.f10150e.a(new org.f.b.c(this, n.bJ));
            throw new CertificateException("Client certificate validation by fingerprint failed for '" + x509CertificateArr[0] + "' (does not match " + clientFingerprint.toHexString() + ")");
        }
        g<X509Certificate> a2 = a();
        try {
            if (this.f10148c || a2 == null) {
                this.f10147a.checkClientTrusted(x509CertificateArr, str);
                return;
            }
            if (!a2.b((g<X509Certificate>) x509CertificateArr[0])) {
                this.f10150e.a(new org.f.b.c(this, n.bJ));
                throw new CertificateException("Client certificate validation by fingerprint failed for '" + x509CertificateArr[0] + "'");
            }
            if (f10146b.b()) {
                f10146b.a((CharSequence) ("Client is trusted with certificate '" + x509CertificateArr[0] + "'"));
            }
        } catch (CertificateException e2) {
            this.f10150e.a(new org.f.b.c(this, n.bF));
            this.f10150e.a(new org.f.b.c(this, n.bJ));
            f10146b.c("Client certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        r rVar;
        Boolean valueOf;
        X500Principal subjectX500Principal;
        Object obj = null;
        if (this.f10149d.h() != null) {
            rVar = this.f10149d.h().getServerFingerprint();
            if (a(x509CertificateArr, rVar, true)) {
                return;
            }
        } else {
            rVar = null;
        }
        try {
            obj = f.a(x509CertificateArr[0].getSubjectAlternativeNames(), 2);
        } catch (CertificateParsingException unused) {
            this.f10150e.a(new org.f.b.c(this, n.bL));
            f10146b.c("CertificateParsingException while verifying server certificate " + Arrays.asList(x509CertificateArr));
        }
        if (obj == null && (subjectX500Principal = x509CertificateArr[0].getSubjectX500Principal()) != null) {
            obj = subjectX500Principal.getName();
        }
        if (obj != null && rVar != null && rVar.length() == 0 && this.f10149d.h() != null && this.f10149d.h().getIdentity() != null) {
            String lowerCase = ((String) obj).toLowerCase();
            String rVar2 = this.f10149d.h().getIdentity().toString();
            if (rVar2.length() > 0) {
                if (rVar2.charAt(0) == '*') {
                    int indexOf = lowerCase.indexOf(46);
                    if (indexOf > 0) {
                        lowerCase = lowerCase.substring(indexOf);
                    }
                    rVar2 = rVar2.substring(1);
                }
                if (rVar2.equalsIgnoreCase(lowerCase)) {
                    if (f10146b.b()) {
                        f10146b.a((CharSequence) ("Peer hostname " + rVar2 + " matches dNSName " + lowerCase));
                        return;
                    }
                    return;
                }
            }
            if (f10146b.a()) {
                f10146b.a((Serializable) ("Peer hostname " + rVar2 + " did not match dNSName " + lowerCase));
            }
        }
        try {
            this.f10147a.checkServerTrusted(x509CertificateArr, str);
            g<X509Certificate> a2 = a();
            if (!this.f10148c || a2 == null || (valueOf = Boolean.valueOf(a2.a(x509CertificateArr))) == null || valueOf.booleanValue()) {
                return;
            }
            f10146b.a((CharSequence) ("Server is NOT trusted with certificate '" + Arrays.asList(x509CertificateArr) + "'"));
            throw new CertificateException("Server's certificate is not trusted by this application (although it was trusted by the JRE): " + Arrays.asList(x509CertificateArr));
        } catch (CertificateException e2) {
            this.f10150e.a(new org.f.b.c(this, n.bF));
            this.f10150e.a(new org.f.b.c(this, n.bL));
            f10146b.c("Server certificate validation failed for '" + x509CertificateArr[0] + "'");
            throw e2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return a(this.f10147a, a());
    }
}
