package ak.im.module;

import ak.im.a;
import ak.im.n;
import ak.im.utils.f4;
import ak.im.utils.y4;
import android.util.Base64;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class AkeyChatX509PrivateCA implements X509TrustManager {
    private static final String TAG = "AkeyChatX509PrivateCA";

    /* renamed from: a, reason: collision with root package name */
    X509TrustManager f1130a;

    /* renamed from: b, reason: collision with root package name */
    X509TrustManager f1131b;
    private String domain;
    private boolean ezVerify;
    private URL mUrl;

    public AkeyChatX509PrivateCA(URL url, boolean z) throws CertificateException {
        this.ezVerify = false;
        this.ezVerify = z;
        this.mUrl = url;
        this.domain = url == null ? "" : url.getHost();
        f4.i(TAG, "x509 cert verification for url " + url + ", domain " + this.domain);
        systemDefaultTrustManager();
        privateDefaultTrustManager();
    }

    private boolean checkCertificateBySelf(X509TrustManager x509TrustManager, X509Certificate[] x509CertificateArr) {
        Principal principal;
        X509Certificate x509Certificate;
        int length;
        boolean z;
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        X509Certificate x509Certificate2 = x509CertificateArr[x509CertificateArr.length - 1];
        int length2 = acceptedIssuers.length;
        int i = 0;
        while (true) {
            principal = null;
            if (i >= length2) {
                x509Certificate = null;
                break;
            }
            x509Certificate = acceptedIssuers[i];
            if (x509Certificate.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                break;
            }
            i++;
        }
        if (x509Certificate == null) {
            f4.i(TAG, "checkCertificateBySelf local is not exist");
            return false;
        }
        if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
            x509CertificateArr[x509CertificateArr.length - 1] = x509Certificate;
            f4.i(TAG, "server certificate is root,replace local certificate to server");
            length = x509CertificateArr.length - 1;
            z = false;
        } else {
            length = x509CertificateArr.length;
            z = true;
        }
        int i2 = length;
        while (i2 >= 0) {
            f4.i(TAG, "checkCertificateBySelf " + i2);
            X509Certificate x509Certificate3 = (z && i2 == length) ? x509Certificate : x509CertificateArr[i2];
            Principal issuerDN = x509Certificate3.getIssuerDN();
            Principal subjectDN = x509Certificate3.getSubjectDN();
            if (principal != null) {
                if (!issuerDN.equals(principal)) {
                    f4.i(TAG, "checkCertificateBySelf dn is not match,sd is " + principal + ",id is " + issuerDN);
                    return false;
                }
                try {
                    x509CertificateArr[i2].verify(x509CertificateArr[i2 + 1].getPublicKey());
                } catch (Exception unused) {
                    f4.i(TAG, "checkCertificateBySelf publickey is not match");
                    return false;
                }
            }
            i2--;
            principal = subjectDN;
        }
        return true;
    }

    private void logServerCertificate(X509Certificate[] x509CertificateArr) {
        int i;
        try {
            if (x509CertificateArr.length > 0) {
                String encodeToString = Base64.encodeToString(x509CertificateArr[0].getEncoded(), 2);
                ArrayList arrayList = new ArrayList();
                arrayList.add("-----BEGIN CERTIFICATE-----");
                if (encodeToString.length() > 0) {
                    int length = encodeToString.length() / 64;
                    int length2 = encodeToString.length() % 64;
                    if (length2 != 0) {
                        length++;
                    }
                    for (int i2 = 0; i2 < length; i2++) {
                        int i3 = i2 * 64;
                        if (i2 == length - 1 && length2 != 0) {
                            i = length2;
                            arrayList.add(encodeToString.substring(i3, i + i3));
                        }
                        i = 64;
                        arrayList.add(encodeToString.substring(i3, i + i3));
                    }
                }
                arrayList.add("-----END CERTIFICATE-----");
                f4.e(TAG, "Server X509Certificate:\n" + y4.generateListString(arrayList, "\n"));
            }
        } catch (Exception e) {
            e.printStackTrace();
            f4.i(TAG, "logServerCertificate failed ,msg is " + e.getMessage());
        }
    }

    private void privateDefaultTrustManager() throws CertificateException {
        InputStream inputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                inputStream = a.get().getResources().openRawResource(n.trusted);
                X509Certificate[] x509CertificateArr = (X509Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(inputStream).toArray(new X509Certificate[0]);
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    keyStore.setCertificateEntry("ca" + i, x509CertificateArr[i]);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i2 = 0; i2 < trustManagers.length; i2++) {
                    if (trustManagers[i2] instanceof X509TrustManager) {
                        X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[i2];
                        this.f1130a = x509TrustManager;
                        for (X509Certificate x509Certificate : x509TrustManager.getAcceptedIssuers()) {
                            f4.i(TAG, "x509 trust manager: " + x509Certificate.getSubjectDN());
                        }
                        try {
                            inputStream.close();
                            return;
                        } catch (IOException unused) {
                            throw new CertificateException("Failed to load AKEY.ME private CA certificate");
                        }
                    }
                }
                try {
                    inputStream.close();
                } catch (IOException unused2) {
                    throw new CertificateException("Failed to load AKEY.ME private CA certificate");
                }
            } catch (Exception e) {
                f4.e(TAG, "Failed to load let's encrypt root CA certificate: " + e);
                throw new CertificateException("Failed to load AKEY.ME private CA certificate");
            }
        } catch (Throwable th) {
            try {
                inputStream.close();
                throw th;
            } catch (IOException unused3) {
                throw new CertificateException("Failed to load AKEY.ME private CA certificate");
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0072  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0082 A[ORIG_RETURN, RETURN] */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:20:0x006f -> B:12:0x006f). Please report as a decompilation issue!!! */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void systemDefaultTrustManager() {
        /*
            r6 = this;
            r0 = 0
            java.lang.String r1 = "JKS"
            java.security.KeyStore r1 = java.security.KeyStore.getInstance(r1)     // Catch: java.lang.Exception -> L8
            goto L9
        L8:
            r1 = r0
        L9:
            r2 = 0
            javax.net.ssl.TrustManager[] r3 = new javax.net.ssl.TrustManager[r2]
            if (r1 == 0) goto L55
            java.io.FileInputStream r4 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L39 java.lang.Exception -> L3d
            java.lang.String r5 = "trustedCerts"
            r4.<init>(r5)     // Catch: java.lang.Throwable -> L39 java.lang.Exception -> L3d
            java.lang.String r0 = "passphrase"
            char[] r0 = r0.toCharArray()     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L49
            r1.load(r4, r0)     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L49
            java.lang.String r0 = "SunX509"
            java.lang.String r5 = "SunJSSE"
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r0, r5)     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L49
            r0.init(r1)     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L49
            javax.net.ssl.TrustManager[] r3 = r0.getTrustManagers()     // Catch: java.lang.Exception -> L37 java.lang.Throwable -> L49
            r4.close()     // Catch: java.io.IOException -> L32
            goto L6f
        L32:
            r0 = move-exception
            r0.printStackTrace()
            goto L6f
        L37:
            r0 = move-exception
            goto L40
        L39:
            r1 = move-exception
            r4 = r0
            r0 = r1
            goto L4a
        L3d:
            r1 = move-exception
            r4 = r0
            r0 = r1
        L40:
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L49
            if (r4 == 0) goto L6f
            r4.close()     // Catch: java.io.IOException -> L32
            goto L6f
        L49:
            r0 = move-exception
        L4a:
            if (r4 == 0) goto L54
            r4.close()     // Catch: java.io.IOException -> L50
            goto L54
        L50:
            r1 = move-exception
            r1.printStackTrace()
        L54:
            throw r0
        L55:
            java.lang.String r1 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.NoSuchAlgorithmException -> L5e
            javax.net.ssl.TrustManagerFactory r1 = javax.net.ssl.TrustManagerFactory.getInstance(r1)     // Catch: java.security.NoSuchAlgorithmException -> L5e
            goto L63
        L5e:
            r1 = move-exception
            r1.printStackTrace()
            r1 = r0
        L63:
            r1.init(r0)     // Catch: java.security.KeyStoreException -> L67
            goto L6b
        L67:
            r0 = move-exception
            r0.printStackTrace()
        L6b:
            javax.net.ssl.TrustManager[] r3 = r1.getTrustManagers()
        L6f:
            int r0 = r3.length
            if (r2 >= r0) goto L82
            r0 = r3[r2]
            boolean r0 = r0 instanceof javax.net.ssl.X509TrustManager
            if (r0 == 0) goto L7f
            r0 = r3[r2]
            javax.net.ssl.X509TrustManager r0 = (javax.net.ssl.X509TrustManager) r0
            r6.f1131b = r0
            goto L82
        L7f:
            int r2 = r2 + 1
            goto L6f
        L82:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: ak.im.module.AkeyChatX509PrivateCA.systemDefaultTrustManager():void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    /* JADX WARN: Removed duplicated region for block: B:32:0x00f9  */
    /* JADX WARN: Removed duplicated region for block: B:43:0x0170  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x01df A[Catch: Exception -> 0x025f, TryCatch #0 {Exception -> 0x025f, blocks: (B:49:0x01d9, B:51:0x01df, B:52:0x01e3, B:54:0x01e9, B:56:0x01fc, B:59:0x0204, B:61:0x0210, B:62:0x022c, B:64:0x0237, B:65:0x0243, B:68:0x0249, B:70:0x0251, B:72:0x0257), top: B:48:0x01d9 }] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0087  */
    /* JADX WARN: Removed duplicated region for block: B:89:0x029f  */
    /* JADX WARN: Removed duplicated region for block: B:92:0x0106  */
    @Override // javax.net.ssl.X509TrustManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkServerTrusted(java.security.cert.X509Certificate[] r18, java.lang.String r19) throws java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 695
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ak.im.module.AkeyChatX509PrivateCA.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
