package com.sonicwall.mobileconnect.util;

import com.sonicwall.mobileconnect.logging.Logger;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class AvX509TrustManager extends X509ExtendedTrustManager implements X509TrustManager, HostnameVerifier {
    private static final String TAG = "AvX509TrustManager";
    private static final Logger logger = Logger.getInstance();
    private String algorithm;
    private X509TrustManager defaultTrustManager;
    private String fingerprint;
    private X509TrustManager localTrustManager;
    private boolean trusted;

    public AvX509TrustManager(KeyStore keyStore) {
        init(keyStore, null, null);
    }

    public AvX509TrustManager(KeyStore keyStore, String str, String str2) {
        init(keyStore, str, str2);
    }

    private void init(KeyStore keyStore, String str, String str2) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.defaultTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (Exception e) {
            logger.logError(TAG, e);
        }
        try {
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory2.init(keyStore);
            this.localTrustManager = (X509TrustManager) trustManagerFactory2.getTrustManagers()[0];
        } catch (Exception e2) {
            logger.logError(TAG, e2);
        }
        this.fingerprint = str;
        this.algorithm = (str2 == null || !str2.equalsIgnoreCase("sha1")) ? "SHA-256" : "SHA-1";
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        logger.logDebug(TAG, "checkClientTrusted() chain<" + x509CertificateArr + "> authType<" + str + ">");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        logger.logDebug(TAG, "checkClientTrusted() chain<" + x509CertificateArr + "> authType<" + str + "> socket<" + socket + ">");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        logger.logDebug(TAG, "checkClientTrusted() chain<" + x509CertificateArr + "> authType<" + str + "> engine<" + sSLEngine + ">");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        logger.logDebug(TAG, "checkServerTrusted() chain<" + x509CertificateArr + "> authType<" + str + ">");
        try {
            try {
                this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException unused) {
                this.localTrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        } catch (Exception e) {
            if (this.fingerprint != null) {
                boolean equalsIgnoreCase = this.fingerprint.equalsIgnoreCase(Util.getFingerprint(x509CertificateArr[0], this.algorithm));
                this.trusted = equalsIgnoreCase;
                if (equalsIgnoreCase) {
                    logger.logDebug(TAG, "checkServerTrusted: Fingerprint match for SecureHost");
                    return;
                }
            }
            logger.logDebug(TAG, "checkServerTrusted: Verification failed");
            throw new CertificateException("Certificate is not trusted", e.getCause());
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        logger.logDebug(TAG, "checkServerTrusted() chain<" + x509CertificateArr + "> authType<" + str + "> socket<" + socket + ">");
        try {
            try {
                this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (Exception e) {
                if (this.fingerprint != null) {
                    boolean equalsIgnoreCase = this.fingerprint.equalsIgnoreCase(Util.getFingerprint(x509CertificateArr[0], this.algorithm));
                    this.trusted = equalsIgnoreCase;
                    if (equalsIgnoreCase) {
                        logger.logDebug(TAG, "checkServerTrusted: Fingerprint match for SecureHost");
                        return;
                    }
                }
                logger.logDebug(TAG, "checkServerTrusted: Verification failed");
                throw new CertificateException("Certificate is not trusted", e.getCause());
            }
        } catch (CertificateException unused) {
            this.localTrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        logger.logDebug(TAG, "checkServerTrusted() chain<" + x509CertificateArr + "> authType<" + str + "> engine<" + sSLEngine + ">");
        try {
            try {
                this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (Exception e) {
                if (this.fingerprint != null) {
                    boolean equalsIgnoreCase = this.fingerprint.equalsIgnoreCase(Util.getFingerprint(x509CertificateArr[0], this.algorithm));
                    this.trusted = equalsIgnoreCase;
                    if (equalsIgnoreCase) {
                        logger.logDebug(TAG, "checkServerTrusted: Fingerprint match for SecureHost");
                        return;
                    }
                }
                logger.logDebug(TAG, "checkServerTrusted: Verification failed");
                throw new CertificateException("Certificate is not trusted", e.getCause());
            }
        } catch (CertificateException unused) {
            this.localTrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        logger.logDebug(TAG, "getAcceptedIssuers() Called");
        return new X509Certificate[0];
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        logger.logDebug(TAG, "verify() host<" + str + "> session<" + sSLSession + ">");
        boolean z = this.trusted || HttpsURLConnection.getDefaultHostnameVerifier().verify(str, sSLSession);
        if (!z) {
            Certificate[] certificateArr = null;
            try {
                certificateArr = sSLSession.getPeerCertificates();
            } catch (SSLPeerUnverifiedException e) {
                logger.logError(TAG, e);
            }
            X509Certificate[] acceptedIssuers = this.localTrustManager.getAcceptedIssuers();
            if (acceptedIssuers != null && certificateArr != null) {
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    if (x509Certificate.equals(certificateArr[0])) {
                        return true;
                    }
                }
            }
        }
        return z;
    }
}
