package com.zello.platform;

import com.zello.ui.ZelloBase;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: ZelloTlsTrustManager.java */
/* loaded from: classes.dex */
public class pd implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private static final String[] f4914a = {"tls.zello.com", "tls.zellowork.com"};

    /* renamed from: b, reason: collision with root package name */
    private static X509TrustManager f4915b;

    /* renamed from: c, reason: collision with root package name */
    private static X509TrustManager f4916c;

    /* renamed from: d, reason: collision with root package name */
    private final String f4917d;

    /* renamed from: e, reason: collision with root package name */
    private final X509TrustManager f4918e;

    public pd(String str) {
        this.f4917d = str;
        this.f4918e = a(str) ? a() : b();
    }

    private static X509TrustManager a() {
        if (f4915b == null) {
            synchronized (pd.class) {
                if (f4915b == null) {
                    f4915b = b("zello-root-ca.crt");
                }
            }
        }
        return f4915b;
    }

    public static boolean a(String str) {
        return str != null && c.e.a.a.b(f4914a, str) > -1;
    }

    private X509Certificate[] a(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return x509CertificateArr;
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr2[i] = new C0815bc(x509CertificateArr[i]);
        }
        return x509CertificateArr2;
    }

    private static X509TrustManager b() {
        if (f4916c == null) {
            synchronized (pd.class) {
                if (f4916c == null) {
                    f4916c = b("zes-root-ca.crt");
                }
            }
        }
        return f4916c;
    }

    private static X509TrustManager b(String str) {
        X509TrustManager x509TrustManager;
        InputStream inputStream;
        CertificateFactory certificateFactory;
        TrustManager[] trustManagers;
        long d2 = gd.d();
        InputStream inputStream2 = null;
        try {
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
                inputStream = ZelloBase.p().getAssets().open(str);
            } catch (Throwable th) {
                th = th;
                inputStream = inputStream2;
            }
        } catch (Exception e2) {
            e = e2;
            x509TrustManager = null;
        }
        try {
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(inputStream);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", generateCertificate);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                trustManagers = trustManagerFactory.getTrustManagers();
            } catch (Exception e3) {
                e = e3;
                x509TrustManager = null;
            }
            if (trustManagers == null || trustManagers.length <= 0 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new Exception("No valid trust managers returned");
            }
            x509TrustManager = (X509TrustManager) trustManagers[0];
            try {
                c.g.a.e.Ua.a((Object) ("Loaded Zello CA from " + str + " in " + (gd.d() - d2) + " ms"));
                kd.a(inputStream);
            } catch (Exception e4) {
                e = e4;
                inputStream2 = inputStream;
                c.g.a.e.Ua.c("Failed to load Zello CA: " + e);
                kd.a(inputStream2);
                return x509TrustManager;
            }
            return x509TrustManager;
        } catch (Throwable th2) {
            th = th2;
            kd.a(inputStream);
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager x509TrustManager;
        if (x509CertificateArr == null || x509CertificateArr.length <= 0 || (x509TrustManager = this.f4918e) == null) {
            return;
        }
        x509TrustManager.checkClientTrusted(a(x509CertificateArr), str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        String str2;
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            return;
        }
        String name = x509CertificateArr[0].getSubjectX500Principal().getName("CANONICAL");
        if (this.f4918e == null) {
            c.g.a.e.Ua.a((Object) "WARNING. Skipped CA check");
            return;
        }
        if (this.f4917d != null) {
            if (name != null) {
                for (String str3 : name.split(",")) {
                    if (str3.startsWith("cn=")) {
                        str2 = str3.substring(3);
                        break;
                    }
                }
            }
            str2 = "";
            if (!this.f4917d.equalsIgnoreCase(str2)) {
                StringBuilder c2 = c.a.a.a.a.c("Certificate name doesn't match: ", str2, " vs ");
                c2.append(this.f4917d);
                throw new CertificateException(c2.toString());
            }
        } else {
            c.g.a.e.Ua.a((Object) "WARNING. Skipped CN check");
        }
        this.f4918e.checkServerTrusted(a(x509CertificateArr), str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = this.f4918e;
        if (x509TrustManager != null) {
            return x509TrustManager.getAcceptedIssuers();
        }
        return null;
    }
}
