package com.sec.android.app.sbrowser.certificate;

import com.sec.android.app.sbrowser.knox.KnoxPolicy;
import com.sec.sbrowser.spl.sdl.SdlLog;
import com.sec.terrace.browser.net.TerraceX509Util;
import java.security.cert.CertificateException;

/* loaded from: classes.dex */
public class CertificateErrorChecker {
    private static final String[] sRevokedMsgList = {"Certificate has been revoked, reason: ", "Certificate revocation after", "is revoked"};
    private static final String[] sUnableToCheckRevocationMsgList = {"Unable to determine revocation status due to network error", "Certificate status could not be determined.", "OCSP check failed!", "CRL distribution point extension could not be read", "No additional CRL locations could be decoded from CRL distribution point extension.", "Distribution points could not be read.", "No valid CRL found.", "Unable to get CRL for certificate"};

    /* loaded from: classes.dex */
    static class KnoxCertificateErrorCheckerDelegate implements TerraceX509Util.TerraceCertificateErrorChecker.Delegate {
        TerraceX509Util.TerraceCertificateErrorChecker mChecker;

        KnoxCertificateErrorCheckerDelegate() {
        }

        @Override // com.sec.terrace.browser.net.TerraceX509Util.TerraceCertificateErrorChecker.Delegate
        public int check(CertificateException certificateException) {
            String innerMessage;
            SdlLog.v("CertificateErrorChecker", "check - certificate error type e:" + certificateException.toString());
            if (KnoxPolicy.certificatePolicyIsRevocationCheckEnabled() && (innerMessage = CertificateErrorChecker.getInnerMessage(certificateException)) != null) {
                SdlLog.v("CertificateErrorChecker", "check - certificate error msg:" + innerMessage);
                for (String str : CertificateErrorChecker.sRevokedMsgList) {
                    if (innerMessage.contains(str)) {
                        return -101;
                    }
                }
                for (String str2 : CertificateErrorChecker.sUnableToCheckRevocationMsgList) {
                    if (innerMessage.contains(str2)) {
                        return -100;
                    }
                }
            }
            return -2;
        }

        @Override // com.sec.terrace.browser.net.TerraceX509Util.TerraceCertificateErrorChecker.Delegate
        public void initialize(TerraceX509Util.TerraceCertificateErrorChecker terraceCertificateErrorChecker) {
            this.mChecker = terraceCertificateErrorChecker;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class KnoxCertificateErrorCheckerDelegateFactory implements TerraceX509Util.TerraceCertificateErrorChecker.DelegateFactory {
        KnoxCertificateErrorCheckerDelegateFactory() {
        }

        @Override // com.sec.terrace.browser.net.TerraceX509Util.TerraceCertificateErrorChecker.DelegateFactory
        public TerraceX509Util.TerraceCertificateErrorChecker.Delegate getDelegate() {
            return new KnoxCertificateErrorCheckerDelegate();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getInnerMessage(Throwable th) {
        if (th == null) {
            return null;
        }
        String message = th.getMessage();
        return (message == null || !(message.contains("Additional certificate path checker failed.") || message.contains("Chain validation failed"))) ? message : getInnerMessage(th.getCause());
    }

    public static void initialize() {
        TerraceX509Util.setDelegateFactory(new KnoxCertificateErrorCheckerDelegateFactory());
    }
}
