package ru.CryptoPro.sspiSSL;

import com.facebook.common.util.UriUtil;
import java.net.Socket;
import java.security.AlgorithmConstraints;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import ru.CryptoPro.ssl.SSLLogger;
import ru.CryptoPro.ssl.util.TLSSettings;
import ru.CryptoPro.sspiSSL.util.HostnameChecker;

/* loaded from: classes4.dex */
final class cl_28 extends X509ExtendedTrustManager implements X509TrustManager {
    private final String a;
    private final Collection b;
    private final PKIXBuilderParameters c;
    private volatile ru.CryptoPro.sspiSSL.pc_2.cl_5 d;
    private volatile ru.CryptoPro.sspiSSL.pc_2.cl_5 e;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_28(String str, KeyStore keyStore) throws KeyStoreException {
        this.a = str;
        this.c = null;
        this.b = keyStore == null ? Collections.emptySet() : ru.CryptoPro.sspiSSL.pc_2.cl_2.a(keyStore);
        b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public cl_28(String str, PKIXBuilderParameters pKIXBuilderParameters) {
        this.a = str;
        this.c = pKIXBuilderParameters;
        ru.CryptoPro.sspiSSL.pc_2.cl_5 a = a("tls server");
        this.b = a.a();
        this.e = a;
        b();
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0028, code lost:
    
        r0 = new javax.net.ssl.SNIHostName(r0.getEncoded());
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x002a, code lost:
    
        ru.CryptoPro.ssl.SSLLogger.fine("Illegal server name: " + r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x001a, code lost:
    
        if ((r0 instanceof javax.net.ssl.SNIHostName) == false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x001c, code lost:
    
        r0 = (javax.net.ssl.SNIHostName) r0;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.lang.String a(java.util.List r3) {
        /*
            java.util.Iterator r3 = r3.iterator()
        L4:
            boolean r0 = r3.hasNext()
            r1 = 0
            if (r0 == 0) goto L40
            java.lang.Object r0 = r3.next()
            javax.net.ssl.SNIServerName r0 = (javax.net.ssl.SNIServerName) r0
            int r2 = r0.getType()
            if (r2 == 0) goto L18
            goto L4
        L18:
            boolean r3 = r0 instanceof javax.net.ssl.SNIHostName
            if (r3 == 0) goto L1f
            javax.net.ssl.SNIHostName r0 = (javax.net.ssl.SNIHostName) r0
            goto L41
        L1f:
            javax.net.ssl.SNIHostName r3 = new javax.net.ssl.SNIHostName     // Catch: java.lang.IllegalArgumentException -> L2a
            byte[] r2 = r0.getEncoded()     // Catch: java.lang.IllegalArgumentException -> L2a
            r3.<init>(r2)     // Catch: java.lang.IllegalArgumentException -> L2a
            r0 = r3
            goto L41
        L2a:
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r2 = "Illegal server name: "
            java.lang.StringBuilder r3 = r3.append(r2)
            java.lang.StringBuilder r3 = r3.append(r0)
            java.lang.String r3 = r3.toString()
            ru.CryptoPro.ssl.SSLLogger.fine(r3)
        L40:
            r0 = r1
        L41:
            if (r0 == 0) goto L48
            java.lang.String r3 = r0.getAsciiName()
            return r3
        L48:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.sspiSSL.cl_28.a(java.util.List):java.lang.String");
    }

    static List a(Socket socket) {
        SSLSession handshakeSession;
        return (socket != null && socket.isConnected() && (socket instanceof SSLSocket) && (handshakeSession = ((SSLSocket) socket).getHandshakeSession()) != null && (handshakeSession instanceof ExtendedSSLSession)) ? ((ExtendedSSLSession) handshakeSession).getRequestedServerNames() : Collections.emptyList();
    }

    static List a(SSLEngine sSLEngine) {
        SSLSession handshakeSession;
        return (sSLEngine == null || (handshakeSession = sSLEngine.getHandshakeSession()) == null || !(handshakeSession instanceof ExtendedSSLSession)) ? Collections.emptyList() : ((ExtendedSSLSession) handshakeSession).getRequestedServerNames();
    }

    private ru.CryptoPro.sspiSSL.pc_2.cl_5 a(String str) {
        PKIXBuilderParameters pKIXBuilderParameters = this.c;
        return pKIXBuilderParameters == null ? ru.CryptoPro.sspiSSL.pc_2.cl_5.a(this.a, str, this.b) : ru.CryptoPro.sspiSSL.pc_2.cl_5.a(this.a, str, pKIXBuilderParameters);
    }

    private ru.CryptoPro.sspiSSL.pc_2.cl_5 a(X509Certificate[] x509CertificateArr, String str, boolean z) {
        ru.CryptoPro.sspiSSL.pc_2.cl_5 cl_5Var;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("null or zero-length certificate chain");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length authentication type");
        }
        if (z) {
            cl_5Var = this.d;
            if (cl_5Var == null) {
                synchronized (this) {
                    cl_5Var = this.d;
                    if (cl_5Var == null) {
                        cl_5Var = a("tls client");
                        this.d = cl_5Var;
                    }
                }
            }
        } else {
            cl_5Var = this.e;
            if (cl_5Var == null) {
                synchronized (this) {
                    cl_5Var = this.e;
                    if (cl_5Var == null) {
                        cl_5Var = a("tls server");
                        this.e = cl_5Var;
                    }
                }
            }
        }
        return cl_5Var;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(String str, X509Certificate x509Certificate, String str2) throws CertificateException {
        HostnameChecker hostnameChecker;
        if (str2 == null || str2.length() == 0) {
            return;
        }
        if (str != null && str.startsWith("[") && str.endsWith("]")) {
            str = str.substring(1, str.length() - 1);
        }
        if (str2.equalsIgnoreCase("HTTPS")) {
            hostnameChecker = HostnameChecker.getInstance((byte) 1);
        } else {
            if (!str2.equalsIgnoreCase("LDAP") && !str2.equalsIgnoreCase("LDAPS")) {
                throw new CertificateException("Unknown identification algorithm: " + str2);
            }
            hostnameChecker = HostnameChecker.getInstance((byte) 2);
        }
        hostnameChecker.match(str, x509Certificate);
    }

    /* JADX WARN: Removed duplicated region for block: B:12:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x001d  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static void a(javax.net.ssl.SSLSession r0, java.security.cert.X509Certificate r1, java.lang.String r2, boolean r3, java.util.List r4) throws java.security.cert.CertificateException {
        /*
            java.lang.String r0 = r0.getPeerHost()
            if (r3 == 0) goto L1a
            java.lang.String r3 = a(r4)
            if (r3 == 0) goto L1a
            a(r3, r1, r2)     // Catch: java.security.cert.CertificateException -> L11
            r3 = 1
            goto L1b
        L11:
            r4 = move-exception
            boolean r3 = r3.equalsIgnoreCase(r0)
            if (r3 != 0) goto L19
            goto L1a
        L19:
            throw r4
        L1a:
            r3 = 0
        L1b:
            if (r3 != 0) goto L20
            a(r0, r1, r2)
        L20:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.CryptoPro.sspiSSL.cl_28.a(javax.net.ssl.SSLSession, java.security.cert.X509Certificate, java.lang.String, boolean, java.util.List):void");
    }

    private void a(X509Certificate[] x509CertificateArr, String str, Socket socket, boolean z) throws CertificateException {
        cl_14 cl_14Var;
        ru.CryptoPro.sspiSSL.pc_2.cl_5 a = a(x509CertificateArr, str, z);
        if (socket != null && socket.isConnected() && (socket instanceof SSLSocket)) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession handshakeSession = sSLSocket.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("No handshake session");
            }
            if (!z) {
                String endpointIdentificationAlgorithm = sSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
                if ((endpointIdentificationAlgorithm == null || endpointIdentificationAlgorithm.length() == 0) && TLSSettings.getTlsProhibitDisabledValidation()) {
                    endpointIdentificationAlgorithm = UriUtil.HTTPS_SCHEME;
                }
                if (endpointIdentificationAlgorithm != null && endpointIdentificationAlgorithm.length() != 0) {
                    a(handshakeSession.getPeerHost(), x509CertificateArr[0], endpointIdentificationAlgorithm);
                }
            }
            cl_14Var = cl_13.a(handshakeSession.getProtocol()).n >= cl_13.h.n ? handshakeSession instanceof ExtendedSSLSession ? new cl_14(sSLSocket, ((ExtendedSSLSession) handshakeSession).getLocalSupportedSignatureAlgorithms(), false) : new cl_14(sSLSocket, false) : new cl_14(sSLSocket, false);
        } else {
            cl_14Var = null;
        }
        SSLLogger.fine("Found trusted certificate:", a(a, x509CertificateArr, cl_14Var, str)[r7.length - 1]);
    }

    private void a(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, boolean z) throws CertificateException {
        cl_14 cl_14Var;
        ru.CryptoPro.sspiSSL.pc_2.cl_5 a = a(x509CertificateArr, str, z);
        if (sSLEngine != null) {
            SSLSession handshakeSession = sSLEngine.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("No handshake session");
            }
            if (!z) {
                String endpointIdentificationAlgorithm = sSLEngine.getSSLParameters().getEndpointIdentificationAlgorithm();
                if ((endpointIdentificationAlgorithm == null || endpointIdentificationAlgorithm.length() == 0) && TLSSettings.getTlsProhibitDisabledValidation()) {
                    endpointIdentificationAlgorithm = UriUtil.HTTPS_SCHEME;
                }
                if (endpointIdentificationAlgorithm != null && endpointIdentificationAlgorithm.length() != 0) {
                    a(handshakeSession.getPeerHost(), x509CertificateArr[0], endpointIdentificationAlgorithm);
                }
            }
            cl_14Var = cl_13.a(handshakeSession.getProtocol()).n >= cl_13.h.n ? handshakeSession instanceof ExtendedSSLSession ? new cl_14(sSLEngine, ((ExtendedSSLSession) handshakeSession).getLocalSupportedSignatureAlgorithms(), false) : new cl_14(sSLEngine, false) : new cl_14(sSLEngine, false);
        } else {
            cl_14Var = null;
        }
        SSLLogger.fine("Found trusted certificate:", a(a, x509CertificateArr, cl_14Var, str)[r7.length - 1]);
    }

    private static X509Certificate[] a(ru.CryptoPro.sspiSSL.pc_2.cl_5 cl_5Var, X509Certificate[] x509CertificateArr, AlgorithmConstraints algorithmConstraints, String str) throws CertificateException {
        return cl_5Var.b(x509CertificateArr, null, algorithmConstraints, str);
    }

    private void b() {
        SSLLogger.fine("\n%% adding as trusted certificates %%\n--------");
        if (SSLLogger.isFineEnabled()) {
            for (X509Certificate x509Certificate : this.b) {
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("adding as trusted cert:\n");
                stringBuffer.append("  Subject: ");
                stringBuffer.append(x509Certificate.getSubjectX500Principal());
                stringBuffer.append("\n");
                stringBuffer.append("  Issuer: ");
                stringBuffer.append(x509Certificate.getIssuerX500Principal());
                stringBuffer.append("\n");
                stringBuffer.append("  Algorithm: ");
                stringBuffer.append(x509Certificate.getPublicKey().getAlgorithm());
                stringBuffer.append("\n");
                stringBuffer.append("  Serial number: 0x");
                stringBuffer.append(x509Certificate.getSerialNumber().toString(16));
                stringBuffer.append("\n");
                stringBuffer.append("  Valid from ");
                stringBuffer.append(x509Certificate.getNotBefore());
                stringBuffer.append("\n");
                stringBuffer.append(" until ");
                stringBuffer.append(x509Certificate.getNotAfter());
                stringBuffer.append("\n");
                SSLLogger.fine(stringBuffer.toString());
            }
        }
    }

    public String a() {
        return this.a;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        a(x509CertificateArr, str, (Socket) null, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        a(x509CertificateArr, str, socket, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        a(x509CertificateArr, str, sSLEngine, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        a(x509CertificateArr, str, (Socket) null, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        a(x509CertificateArr, str, socket, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        a(x509CertificateArr, str, sSLEngine, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.b.size()];
        this.b.toArray(x509CertificateArr);
        return x509CertificateArr;
    }
}
