package rxhttp.g.j;

import com.huawei.hwmfoundation.utils.StringUtil;
import com.huawei.welink.hotfix.common.PatchRedirect;
import com.huawei.welink.hotfix.common.RedirectProxy;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* compiled from: X509TrustManagerImpl.java */
/* loaded from: classes7.dex */
public class b implements X509TrustManager {
    public static PatchRedirect $PatchRedirect;

    /* renamed from: b, reason: collision with root package name */
    private static String f37997b = b.class.getSimpleName();

    /* renamed from: c, reason: collision with root package name */
    private static String f37998c;

    /* renamed from: a, reason: collision with root package name */
    private List<PublicKey> f37999a;

    public b() {
        if (RedirectProxy.redirect("X509TrustManagerImpl()", new Object[0], this, $PatchRedirect).isSupport) {
            return;
        }
        this.f37999a = new ArrayList();
    }

    public b(String str) {
        if (RedirectProxy.redirect("X509TrustManagerImpl(java.lang.String)", new Object[]{str}, this, $PatchRedirect).isSupport) {
            return;
        }
        this.f37999a = new ArrayList();
        f37998c = str;
        a();
    }

    private void a() {
        if (RedirectProxy.redirect("initPemList()", new Object[0], this, $PatchRedirect).isSupport || StringUtil.isEmpty(f37998c)) {
            return;
        }
        File file = new File(f37998c);
        if (!file.exists() || !file.isDirectory()) {
            com.huawei.i.a.b(f37997b, "invalid pem path");
            return;
        }
        for (File file2 : file.listFiles()) {
            if (file2.getName().endsWith(".pem")) {
                try {
                    com.huawei.i.a.c(f37997b, file2.getCanonicalPath());
                    this.f37999a.add(CertificateFactory.getInstance("X509").generateCertificate(new FileInputStream(file2)).getPublicKey());
                } catch (IOException | CertificateException e2) {
                    com.huawei.i.a.c(f37997b, "failed to read pem files: " + e2.toString());
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (RedirectProxy.redirect("checkClientTrusted(java.security.cert.X509Certificate[],java.lang.String)", new Object[]{x509CertificateArr, str}, this, $PatchRedirect).isSupport) {
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (RedirectProxy.redirect("checkServerTrusted(java.security.cert.X509Certificate[],java.lang.String)", new Object[]{x509CertificateArr, str}, this, $PatchRedirect).isSupport) {
            return;
        }
        if (x509CertificateArr == null) {
            throw new CertificateException("certificate chain is null");
        }
        if (x509CertificateArr.length <= 0) {
            throw new CertificateException("certificate chain is empty");
        }
        if (str == null) {
            throw new CertificateException("certificate authType is null");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
            if (this.f37999a.size() > 0) {
                int size = this.f37999a.size();
                for (int i = 0; i < this.f37999a.size(); i++) {
                    try {
                        x509Certificate.verify(this.f37999a.get(i));
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        size--;
                    }
                }
                if (size == 0) {
                    com.huawei.i.a.c(f37997b, "checkServerTrusted failed.");
                    throw new CertificateException("check server");
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("getAcceptedIssuers()", new Object[0], this, $PatchRedirect);
        return redirect.isSupport ? (X509Certificate[]) redirect.result : new X509Certificate[0];
    }
}
