package kotlin;

import com.unity3d.ads.core.data.datasource.AndroidStaticDeviceInfoDataSource;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Enumeration;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes7.dex */
public class gvg implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    public KeyStore f18441a;
    public X509TrustManager b;
    public X509TrustManager c;

    public gvg() {
        j();
        this.b = h(null);
    }

    public gvg(X509TrustManager x509TrustManager) {
        j();
        this.b = x509TrustManager;
    }

    public static void a(StringBuilder sb, X509Certificate x509Certificate) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd");
        sb.append("\n");
        sb.append(x509Certificate.getSubjectDN().toString());
        sb.append("\n");
        sb.append(simpleDateFormat.format(x509Certificate.getNotBefore()));
        sb.append(" - ");
        sb.append(simpleDateFormat.format(x509Certificate.getNotAfter()));
        sb.append("\nSHA-256: ");
        sb.append(b(x509Certificate, "SHA-256"));
        sb.append("\nSHA-1: ");
        sb.append(b(x509Certificate, AndroidStaticDeviceInfoDataSource.ALGORITHM_SHA1));
        sb.append("\nSigned by: ");
        sb.append(x509Certificate.getIssuerDN().toString());
        sb.append("\n");
    }

    public static String b(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return i(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return e.getMessage();
        } catch (CertificateEncodingException e2) {
            return e2.getMessage();
        }
    }

    public static X509TrustManager[] g() {
        return new X509TrustManager[]{new gvg()};
    }

    public static String i(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            sb.append(String.format("%02x", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                sb.append(":");
            }
        }
        return sb.toString();
    }

    public static boolean l(Throwable th) {
        while (!(th instanceof CertificateExpiredException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    public static boolean m(Throwable th) {
        while (!(th instanceof CertPathValidatorException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    public void c(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
        String str2;
        d3a.d("secure.ssl.sys.tm", "checkCertTrusted(" + Arrays.toString(x509CertificateArr) + ", " + str + ", " + z + ")");
        try {
            d3a.d("secure.ssl.sys.tm", "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.c.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.c.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            d3a.e("secure.ssl.sys.tm", "checkCertTrusted: appTrustManager did not verify certificate. Will fall back to secondary verification mechanisms (if any).", e);
            if (l(e)) {
                str2 = "checkCertTrusted: accepting expired certificate from keystore";
            } else {
                if (!k(x509CertificateArr[0])) {
                    try {
                        if (this.b == null) {
                            d3a.d("secure.ssl.sys.tm", "No defaultTrustManager set. Verification failed, throwing " + e);
                            throw e;
                        }
                        d3a.d("secure.ssl.sys.tm", "checkCertTrusted: trying defaultTrustManager");
                        if (z) {
                            this.b.checkServerTrusted(x509CertificateArr, str);
                            return;
                        } else {
                            this.b.checkClientTrusted(x509CertificateArr, str);
                            return;
                        }
                    } catch (CertificateException e2) {
                        d3a.e("secure.ssl.sys.tm", "checkCertTrusted: defaultTrustManager failed", e2);
                        return;
                    }
                }
                str2 = "checkCertTrusted: accepting cert already stored in keystore";
            }
            d3a.d("secure.ssl.sys.tm", str2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        c(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        c(x509CertificateArr, str, true);
    }

    public void d(String str) throws KeyStoreException {
        this.f18441a.deleteEntry(str);
    }

    public Certificate e(String str) {
        try {
            return this.f18441a.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    public Enumeration<String> f() {
        try {
            return this.f18441a.aliases();
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        d3a.d("secure.ssl.sys.tm", "getAcceptedIssuers()");
        return this.b.getAcceptedIssuers();
    }

    public X509TrustManager h(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception e) {
            d3a.e("secure.ssl.sys.tm", "getTrustManager(" + keyStore + ")", e);
            return null;
        }
    }

    public void j() {
        KeyStore n = n();
        this.f18441a = n;
        this.c = h(n);
    }

    public final boolean k(X509Certificate x509Certificate) {
        try {
            return this.f18441a.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    public KeyStore n() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
            } catch (Exception e) {
                d3a.e("secure.ssl.sys.tm", "loadAppKeyStore", e);
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            d3a.e("secure.ssl.sys.tm", "getAppKeyStore()", e2);
            return null;
        }
    }
}
