package com.heytap.instant.upgrade.util;

import android.text.TextUtils;
import com.alipay.sdk.util.j;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class CustomTrustManager implements X509TrustManager {
    private static final String TAG = "upgrade_trmng";
    KeyStore mKeyStore;
    protected X509TrustManager trustManager;
    private final boolean needCheckHttpsCert = true;
    Map<String, String> mMemoryCache = new ConcurrentHashMap();
    Map<X509Certificate, String> sysCerts = new HashMap();
    List<X509Certificate> userCerts = new ArrayList();
    AtomicBoolean localCertsLoaded = new AtomicBoolean(false);
    Object mLock = new Object();
    ExecutorService executorService = Executors.newSingleThreadExecutor();

    public CustomTrustManager(X509TrustManager x509TrustManager) {
        this.trustManager = x509TrustManager;
        try {
            this.mKeyStore = KeyStore.getInstance("AndroidCAStore");
            this.mKeyStore.load(null, null);
        } catch (Throwable th) {
            th.printStackTrace();
        }
        getCertsFromKeyStore();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cacheCerts(X509Certificate[] x509CertificateArr) {
        String hostFromCert = CertificateUtil.getHostFromCert(x509CertificateArr[0]);
        if (TextUtils.isEmpty(hostFromCert) || !this.localCertsLoaded.get() || this.mMemoryCache.containsKey(hostFromCert)) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
            Iterator<X509Certificate> it = this.sysCerts.keySet().iterator();
            while (true) {
                if (it.hasNext()) {
                    X509Certificate next = it.next();
                    if (lowerCase.equals(next.getSubjectDN().getName().toLowerCase())) {
                        sb.append(this.sysCerts.get(next));
                        sb.append(j.f8064b);
                        break;
                    }
                }
            }
        }
        String sb2 = sb.toString();
        if (TextUtils.isEmpty(sb2)) {
            return;
        }
        this.mMemoryCache.put(hostFromCert, sb2);
    }

    private void getCertsFromKeyStore() {
        new Thread(new Runnable() { // from class: com.heytap.instant.upgrade.util.CustomTrustManager.2
            @Override // java.lang.Runnable
            public void run() {
                System.currentTimeMillis();
                synchronized (CustomTrustManager.this.mLock) {
                    CertificateUtil.getCertsFromKeyStore(CustomTrustManager.this.mKeyStore, CustomTrustManager.this.userCerts, CustomTrustManager.this.sysCerts);
                    CustomTrustManager.this.localCertsLoaded.set(true);
                    CustomTrustManager.this.mLock.notifyAll();
                }
            }
        }).start();
    }

    private boolean isAllSysCerts(X509Certificate[] x509CertificateArr, List<String> list) {
        boolean z;
        X509Certificate[] certsFromAlias = CertificateUtil.getCertsFromAlias(list, this.mKeyStore);
        if (certsFromAlias == null) {
            return false;
        }
        try {
            z = false;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                int length = certsFromAlias.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (lowerCase.equals(certsFromAlias[i].getSubjectDN().getName().toLowerCase())) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    break;
                }
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        return z;
    }

    private boolean isTrusted(X509Certificate[] x509CertificateArr) {
        if (this.localCertsLoaded.get()) {
            return !isUserCerts(x509CertificateArr);
        }
        if (isTrustedUsingCache(x509CertificateArr)) {
            return true;
        }
        if (!isTrustedUsingKeyStroe(x509CertificateArr)) {
            return false;
        }
        removeCache(x509CertificateArr);
        return true;
    }

    private boolean isTrustedUsingCache(X509Certificate[] x509CertificateArr) {
        String[] split;
        String hostFromCert = CertificateUtil.getHostFromCert(x509CertificateArr[0]);
        ArrayList arrayList = new ArrayList();
        if (!TextUtils.isEmpty(hostFromCert)) {
            String str = this.mMemoryCache.containsKey(hostFromCert) ? this.mMemoryCache.get(hostFromCert) : null;
            if (!TextUtils.isEmpty(str) && (split = str.split(j.f8064b)) != null) {
                for (String str2 : split) {
                    if (!TextUtils.isEmpty(str2) && !arrayList.contains(str2)) {
                        arrayList.add(str2);
                    }
                }
            }
        }
        return isAllSysCerts(x509CertificateArr, arrayList);
    }

    private boolean isTrustedUsingKeyStroe(X509Certificate[] x509CertificateArr) {
        waitUntileLocalCertsLoaded();
        return !isUserCerts(x509CertificateArr);
    }

    private boolean isUserCerts(X509Certificate[] x509CertificateArr) {
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                Iterator<X509Certificate> it = this.userCerts.iterator();
                while (it.hasNext()) {
                    if (lowerCase.equals(it.next().getSubjectDN().getName().toLowerCase())) {
                        return true;
                    }
                }
            }
        } catch (Throwable th) {
            th.printStackTrace();
        }
        return false;
    }

    private void removeCache(X509Certificate[] x509CertificateArr) {
        String hostFromCert = CertificateUtil.getHostFromCert(x509CertificateArr[0]);
        if (!TextUtils.isEmpty(hostFromCert) && this.localCertsLoaded.get() && this.mMemoryCache.containsKey(hostFromCert)) {
            this.mMemoryCache.remove(hostFromCert);
        }
    }

    private void waitUntileLocalCertsLoaded() {
        if (this.localCertsLoaded.get()) {
            return;
        }
        synchronized (this.mLock) {
            if (!this.localCertsLoaded.get()) {
                try {
                    this.mLock.wait();
                } catch (InterruptedException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager x509TrustManager = this.trustManager;
        if (x509TrustManager != null) {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(final X509Certificate[] x509CertificateArr, String str) {
        try {
            try {
                if (this.trustManager != null) {
                    this.trustManager.checkServerTrusted(x509CertificateArr, str);
                    if (!isTrusted(x509CertificateArr)) {
                        throw new CertificateException("Proxy Certificate");
                    }
                    this.executorService.submit(new Runnable() { // from class: com.heytap.instant.upgrade.util.CustomTrustManager.1
                        @Override // java.lang.Runnable
                        public void run() {
                            CustomTrustManager.this.cacheCerts(x509CertificateArr);
                        }
                    });
                }
            } catch (CertificateException e2) {
                throw e2;
            }
        } catch (Throwable th) {
            throw new CertificateException(th);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = this.trustManager;
        return x509TrustManager != null ? x509TrustManager.getAcceptedIssuers() : new X509Certificate[0];
    }
}
