package sogou.webkit.net;

import android.net.http.HttpsConnection;
import android.net.http.SslCertificate;
import com.android.org.conscrypt.TrustManagerImpl;
import java.io.ByteArrayInputStream;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;
import sogou.webkit.adapter.m;
import sogou.webkit.annotation.KeepName;

@KeepName
/* loaded from: classes.dex */
public class CertificateChainValidator {
    private static final CertificateChainValidator sInstance = new CertificateChainValidator();
    private static final a sVerifier = new a();

    private CertificateChainValidator() {
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str) {
        if (sSLSocket != null) {
            SSLSession session = sSLSocket.getSession();
            if (session != null) {
                session.invalidate();
            }
            sSLSocket.close();
        }
        throw new SSLHandshakeException(str);
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str, String str2) {
        if (str == null) {
            str = str2;
        }
        closeSocketThrowException(sSLSocket, str);
    }

    public static CertificateChainValidator getInstance() {
        return sInstance;
    }

    public static void handleTrustStorageUpdate() {
        m.b();
    }

    public static SslError verifyServerCertificates(byte[][] bArr, String str, String str2) {
        CertificateFactory certificateFactory;
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("bad certificate chain");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            certificateFactory = null;
        }
        if (certificateFactory != null) {
            int i = 0;
            while (true) {
                int i2 = i;
                if (i2 >= bArr.length) {
                    break;
                }
                try {
                    x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr[i2]));
                } catch (CertificateException e2) {
                }
                i = i2 + 1;
            }
        }
        return verifyServerDomainAndCertificates(x509CertificateArr, str, str2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static SslError verifyServerDomainAndCertificates(X509Certificate[] x509CertificateArr, String str, String str2) {
        boolean z = false;
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (x509Certificate == null) {
            throw new IllegalArgumentException("certificate for this site is null");
        }
        if (str != null && !str.isEmpty() && sVerifier.a(str, x509Certificate)) {
            z = true;
        }
        if (!z) {
            return new SslError(2, x509Certificate);
        }
        try {
            X509TrustManager a2 = m.a();
            if (a2 == 0) {
                throw new IllegalArgumentException("can not get system x509TrustManager.");
            }
            try {
                Class.forName("com.android.org.conscrypt.TrustManagerImpl");
                if (a2 instanceof TrustManagerImpl) {
                    ((TrustManagerImpl) a2).checkServerTrusted(x509CertificateArr, str2, str);
                } else {
                    a2.checkServerTrusted(x509CertificateArr, str2);
                }
            } catch (ClassNotFoundException e) {
                try {
                    Class.forName("org.apache.harmony.xnet.provider.jsse.TrustManagerImpl");
                    if (a2 instanceof c) {
                        ((c) a2).a(x509CertificateArr, str2, str);
                    } else {
                        a2.checkServerTrusted(x509CertificateArr, str2);
                    }
                } catch (ClassNotFoundException e2) {
                    e2.printStackTrace();
                    throw new IllegalArgumentException("can not get system TrustManagerImpl.");
                }
            }
            return null;
        } catch (GeneralSecurityException e3) {
            return new SslError(3, x509Certificate);
        }
    }

    public SslError doHandshakeAndValidateServerCertificates(HttpsConnection httpsConnection, SSLSocket sSLSocket, String str) {
        if (!sSLSocket.getSession().isValid()) {
            closeSocketThrowException(sSLSocket, "failed to perform SSL handshake");
        }
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length == 0) {
            closeSocketThrowException(sSLSocket, "failed to retrieve peer certificates");
        } else if (httpsConnection != null && peerCertificates[0] != null) {
            sogou.webkit.adapter.c.a().c(httpsConnection, new SslCertificate((X509Certificate) peerCertificates[0]));
        }
        return verifyServerDomainAndCertificates((X509Certificate[]) peerCertificates, str, "RSA");
    }
}
