package com.alibaba.intl.android.network.http.security;

import android.content.res.AssetManager;
import android.util.Log;
import com.alibaba.intl.android.network.CertVerifyListener;
import com.alibaba.intl.android.network.NetworkManager;
import com.alibaba.intl.android.network.util.IOUtils;
import com.alibaba.intl.android.network.util.LogUtil;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class Ali509TrustManager implements X509TrustManager {
    private static final String TAG = "Ali509TrustManager";
    private LinkedHashMap<String, Certificate> mCertContainer;
    private CertVerifyListener mCertListener;
    private ArrayList<String> mCertNameList;
    private X509TrustManager mExtendTrustManager;
    private boolean mIsBlockCertInApp;
    private X509TrustManager mOrigTrustmanager;

    public Ali509TrustManager(CertVerifyListener certVerifyListener, boolean z, X509TrustManager x509TrustManager) throws Exception {
        InputStream inputStream = null;
        this.mCertListener = certVerifyListener;
        this.mIsBlockCertInApp = z;
        this.mExtendTrustManager = x509TrustManager;
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        this.mCertNameList = new ArrayList<>();
        this.mCertContainer = new LinkedHashMap<>();
        AssetManager assets = NetworkManager.getApplication().getAssets();
        this.mCertNameList.add("VeriSignClass3PublicPrimaryCertificationAuthority-G5.cer");
        this.mCertNameList.add("Root-R1.crt");
        this.mCertNameList.add("Root-R2.crt");
        this.mCertNameList.add("Root-R3.crt");
        this.mCertNameList.add("Root-R4.crt");
        this.mCertNameList.add("Root-R5.crt");
        this.mCertNameList.add("VeriSignClass3PublicPrimaryCertificationAuthority-G3.cer");
        this.mCertNameList.add("VeriSignClass3PublicPrimaryCertificationAuthority-G4.cer");
        this.mCertNameList.add("VeriSignClass4PublicPrimaryCertificationAuthority-G3.cer");
        this.mCertNameList.add("verisign.cer");
        this.mCertNameList.add("VeriSignUniversalRootCertificationAuthority.cer");
        this.mCertNameList.add("DigiCertHighAssuranceEVRootCA.crt");
        this.mCertNameList.add("DigiCertGlobalRootG2.crt");
        this.mCertNameList.add("DigiCertGlobalRootG3.crt");
        this.mCertNameList.add("DigiCertAssuredIDRootG2.crt");
        this.mCertNameList.add("DigiCertAssuredIDRootG3.crt");
        Iterator<String> it = this.mCertNameList.iterator();
        while (true) {
            InputStream inputStream2 = inputStream;
            if (!it.hasNext()) {
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init((KeyStore) null);
                    this.mOrigTrustmanager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
                    return;
                } catch (Exception e) {
                    e.printStackTrace();
                    return;
                }
            }
            String next = it.next();
            try {
                try {
                    inputStream2 = assets.open(next);
                    this.mCertContainer.put(next, certificateFactory.generateCertificate(inputStream2));
                    IOUtils.close(inputStream2);
                } catch (Throwable th) {
                    IOUtils.close(inputStream2);
                    throw th;
                }
            } catch (Exception e2) {
                LogUtil.e(TAG, "error loading " + next);
                IOUtils.close(inputStream2);
            }
            inputStream = inputStream2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        LogUtil.e(TAG, "checkClientTrusted");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String name;
        String message;
        if (this.mIsBlockCertInApp && this.mOrigTrustmanager != null) {
            Log.e(TAG, "checkServerTrusted: original trust manager");
            try {
                this.mOrigTrustmanager.checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (Exception e) {
                if (this.mCertListener != null) {
                    this.mCertListener.CertVerifyFailed(e.getMessage());
                }
                throw new CertificateException(e.getMessage());
            }
        }
        if (this.mExtendTrustManager != null) {
            Log.e(TAG, "checkServerTrusted: extend trust manager");
            try {
                this.mExtendTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (Exception e2) {
                LogUtil.e(TAG, "mExtendTrustManager verify failed", e2);
            }
        }
        LogUtil.e(TAG, "https verify begin");
        if (x509CertificateArr.length <= 0 || (name = x509CertificateArr[0].getSubjectX500Principal().getName()) == null) {
            return;
        }
        int length = x509CertificateArr.length - 1;
        String str2 = "";
        while (length >= 0) {
            X509Certificate x509Certificate = x509CertificateArr[length];
            x509Certificate.checkValidity();
            Iterator<String> it = this.mCertContainer.keySet().iterator();
            String str3 = str2;
            boolean z = false;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                try {
                    x509Certificate.verify(this.mCertContainer.get(it.next()).getPublicKey());
                    z = false;
                    break;
                } catch (InvalidKeyException e3) {
                    message = e3.getMessage();
                } catch (NoSuchAlgorithmException e4) {
                    message = e4.getMessage();
                } catch (NoSuchProviderException e5) {
                    message = e5.getMessage();
                } catch (SignatureException e6) {
                    message = e6.getMessage();
                } catch (Exception e7) {
                    message = e7.getMessage();
                }
                str3 = message;
                z = true;
            }
            if (!z) {
                LogUtil.e(TAG, "https verify success!");
                return;
            } else {
                length--;
                str2 = str3;
            }
        }
        LogUtil.e(TAG, "https verify failed:" + str2);
        if (this.mCertListener != null) {
            this.mCertListener.CertVerifyFailed(name);
        }
        throw new CertificateException(str2);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
