package com.nearme.network.n.c;

import android.text.TextUtils;
import android.util.Log;
import com.heytap.backup.sdk.common.utils.Constants;
import com.heytap.statistics.provider.PackJsonKey;
import com.nearme.network.exception.CertificateValidityException;
import com.nearme.network.exception.ProxyCertificateException;
import com.nearme.network.exception.RootCertificateNotExistException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.X509TrustManager;

/* compiled from: NearmeTrustManager.java */
/* loaded from: classes2.dex */
public class b implements X509TrustManager {
    protected X509TrustManager a;

    /* renamed from: b, reason: collision with root package name */
    boolean f1368b;
    com.nearme.network.cache.c c;
    KeyStore d;
    Map<String, String> e = new ConcurrentHashMap();
    Map<X509Certificate, String> f = new HashMap();
    List<X509Certificate> g = new ArrayList();
    AtomicBoolean h = new AtomicBoolean(false);
    Object i = new Object();
    ExecutorService j = Executors.newSingleThreadExecutor();

    /* compiled from: NearmeTrustManager.java */
    /* loaded from: classes2.dex */
    class a implements Runnable {
        final /* synthetic */ X509Certificate[] a;

        a(X509Certificate[] x509CertificateArr) {
            this.a = x509CertificateArr;
        }

        @Override // java.lang.Runnable
        public void run() {
            b bVar = b.this;
            X509Certificate[] x509CertificateArr = this.a;
            if (bVar == null) {
                throw null;
            }
            String b2 = com.bumptech.glide.load.b.b(x509CertificateArr[0]);
            if (TextUtils.isEmpty(b2) || !bVar.h.get() || bVar.e.containsKey(b2)) {
                return;
            }
            StringBuilder sb = new StringBuilder();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                Iterator<X509Certificate> it = bVar.f.keySet().iterator();
                while (true) {
                    if (it.hasNext()) {
                        X509Certificate next = it.next();
                        String lowerCase2 = next.getSubjectDN().getName().toLowerCase();
                        if (com.nearme.network.u.b.f()) {
                            Log.i(PackJsonKey.NETWORK, "cacheCerts, serverSubject =" + lowerCase + ", sysSubject = " + lowerCase2);
                        }
                        if (lowerCase.equals(lowerCase2)) {
                            sb.append(bVar.f.get(next));
                            sb.append(Constants.DataMigration.SPLIT_TAG);
                            break;
                        }
                    }
                }
            }
            String sb2 = sb.toString();
            if (TextUtils.isEmpty(sb2)) {
                return;
            }
            if (com.nearme.network.u.b.f()) {
                StringBuilder e = b.b.a.a.a.e("cacheCerts, host =", b2, ", aliases = ");
                e.append(sb.toString());
                Log.i(PackJsonKey.NETWORK, e.toString());
            }
            com.nearme.network.cache.c cVar = bVar.c;
            if (cVar != null) {
                cVar.put(b2, sb2);
            }
            bVar.e.put(b2, sb2);
        }
    }

    public b(X509TrustManager x509TrustManager, com.nearme.network.cache.c cVar) {
        this.f1368b = true;
        this.a = x509TrustManager;
        this.c = cVar;
        this.f1368b = com.nearme.network.u.b.d().d();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            this.d = keyStore;
            keyStore.load(null, null);
        } catch (Throwable th) {
            th.printStackTrace();
        }
        new Thread(new c(this)).start();
    }

    private void a() {
        if (this.h.get()) {
            return;
        }
        synchronized (this.i) {
            if (com.nearme.network.u.b.f()) {
                Log.i(PackJsonKey.NETWORK, "waitUntileLocalCertsLoaded, mlock localCertsLoaded =" + this.h.get());
            }
            if (!this.h.get()) {
                try {
                    if (com.nearme.network.u.b.f()) {
                        Log.i(PackJsonKey.NETWORK, "waitUntileLocalCertsLoaded, mlock wait");
                    }
                    this.i.wait();
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x007b  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x00a1  */
    /* JADX WARN: Removed duplicated region for block: B:77:0x01b5 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:78:0x01b6  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean a(java.security.cert.X509Certificate[] r15) {
        /*
            Method dump skipped, instructions count: 509
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nearme.network.n.c.b.a(java.security.cert.X509Certificate[]):boolean");
    }

    private boolean b(X509Certificate[] x509CertificateArr) {
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                Iterator<X509Certificate> it = this.g.iterator();
                while (it.hasNext()) {
                    if (lowerCase.equals(it.next().getSubjectDN().getName().toLowerCase())) {
                        Log.i(PackJsonKey.NETWORK, "isUserCerts, return true ");
                        return true;
                    }
                }
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        if (com.nearme.network.u.b.f()) {
            Log.i(PackJsonKey.NETWORK, "isUserCerts, return false ");
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager;
        if (!this.f1368b || (x509TrustManager = this.a) == null) {
            return;
        }
        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String name;
        Iterator<X509Certificate> it;
        boolean z = false;
        if (com.nearme.network.u.b.f()) {
            Log.i(PackJsonKey.NETWORK, "certificates:" + x509CertificateArr.length);
            for (X509Certificate x509Certificate : x509CertificateArr) {
                Log.i(PackJsonKey.NETWORK, "certificate:" + x509Certificate);
            }
        }
        try {
            try {
                if (this.f1368b && this.a != null) {
                    this.a.checkServerTrusted(x509CertificateArr, str);
                    if (!a(x509CertificateArr)) {
                        throw new ProxyCertificateException("Proxy Certificate");
                    }
                    this.j.submit(new a(x509CertificateArr));
                }
            } catch (CertificateException e) {
                try {
                    for (X509Certificate x509Certificate2 : x509CertificateArr) {
                        x509Certificate2.checkValidity();
                    }
                    if (x509CertificateArr.length > 0) {
                        X509Certificate x509Certificate3 = x509CertificateArr[x509CertificateArr.length - 1];
                        a();
                        try {
                            name = x509Certificate3.getSubjectX500Principal().getName();
                            it = this.f.keySet().iterator();
                        } catch (Throwable th) {
                            th.printStackTrace();
                        }
                        while (it.hasNext()) {
                            if (name.equals(it.next().getIssuerX500Principal().getName())) {
                                z = true;
                                break;
                            }
                        }
                        if (!z) {
                            throw new CertificateException(new RootCertificateNotExistException("Root certificate not exist"));
                        }
                    }
                    throw e;
                } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
                    throw new CertificateException(new CertificateValidityException("Certificate not validate"));
                }
            }
        } catch (ProxyCertificateException e2) {
            throw new CertificateException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager;
        return (!this.f1368b || (x509TrustManager = this.a) == null) ? new X509Certificate[0] : x509TrustManager.getAcceptedIssuers();
    }
}
