package com.blackberry.email.utils;

import android.content.Context;
import android.util.AndroidRuntimeException;
import com.blackberry.email.provider.contract.HostAuth;
import com.blackberry.security.certexem.CertificateExemptionManager;
import com.blackberry.security.certexem.CertificateExemptionManagerConnectionStatus;
import com.blackberry.security.certexem.CertificateExemptionManagerException;
import com.blackberry.security.certexem.CertificateExemptionManagerFactory;
import com.blackberry.security.certexem.CertificateScope;
import com.blackberry.security.trustmgr.PeerIdentity;
import com.blackberry.security.trustmgr.PkixProfile;
import com.blackberry.security.trustmgr.ProfileType;
import com.blackberry.security.trustmgr.ValidationResult;
import com.blackberry.security.trustmgr.ValidatorEngineFactory;
import com.blackberry.security.trustmgr.jca.BBTrustManagerBuilder;
import com.blackberry.security.trustmgr.jca.BBTrustManagerHandler;
import com.blackberry.security.trustmgr.jca.BBTrustManagerUtil;
import com.blackberry.security.trustmgr.jca.CertificateValidationException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.X509TrustManager;

/* compiled from: ExtBBX509TrustManager.java */
/* loaded from: classes.dex */
public class s implements X509TrustManager {
    private static final String TAG = "ExtBBX509TrustManager";
    private static ValidatorEngineFactory caf = null;
    private static final int caj = -1;
    private Context appContext;
    private HostAuth baw;
    private Executor cac = ValidatorEngineFactory.DEFAULT_SHORT_TASK_EXECUTOR;
    private Executor cad = ValidatorEngineFactory.DEFAULT_LONG_TASK_EXECUTOR;
    private Date cae = null;
    private KeyStore cag;
    private BBTrustManagerBuilder cah;
    private X509TrustManager cai;

    /* compiled from: ExtBBX509TrustManager.java */
    /* renamed from: com.blackberry.email.utils.s$1, reason: invalid class name */
    /* loaded from: classes.dex */
    class AnonymousClass1 implements BBTrustManagerHandler {
        AnonymousClass1() {
        }

        @Override // com.blackberry.security.trustmgr.jca.BBTrustManagerHandler
        public boolean allow(ValidationResult validationResult) {
            return s.this.a(validationResult);
        }
    }

    public s(Context context, HostAuth hostAuth) {
        this.cag = null;
        this.cah = null;
        this.appContext = context;
        this.baw = hostAuth;
        if (caf == null) {
            caf = ValidatorEngineFactory.getInstance(this.appContext, this.cac, this.cad, new ProfileType[]{ProfileType.PKIX, ProfileType.BLACKLIST});
        }
        try {
            this.cag = new PkixProfile().getDefaultTrustStore();
            com.blackberry.common.f.p.b(TAG, "trustStore: %s", this.cag.getProvider().getName());
            this.cah = new BBTrustManagerBuilder(this.cag);
            if (this.baw.hJ != null) {
                this.cah.setServerIdentity(new PeerIdentity(PeerIdentity.Type.DNS, this.baw.hJ));
            }
            this.cah.setDate(this.cae);
            this.cah.setCertificateValidatorFactory(caf);
            this.cah.setTimeout(20L, TimeUnit.SECONDS);
            this.cah.setHandler(new AnonymousClass1());
            this.cai = this.cah.buildX509TrustManager();
        } catch (CertificateException e) {
            com.blackberry.common.f.p.e(TAG, e, "Default truststore failed", new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean a(ValidationResult validationResult) {
        boolean z;
        CertificateScope certificateScope = new CertificateScope(this.baw.yz(), validationResult);
        if (this.baw.bPc == 0) {
            return false;
        }
        try {
            CertificateExemptionManager service = CertificateExemptionManagerFactory.getService(this.appContext);
            service.connect();
            if (service.getConnectionStatus() != CertificateExemptionManagerConnectionStatus.CONNECTED) {
                com.blackberry.common.f.p.d(TAG, "CertificateExemption Service connection failed", new Object[0]);
                return false;
            }
            try {
                z = service.exists(certificateScope, validationResult);
            } catch (CertificateExemptionManagerException e) {
                com.blackberry.common.f.p.d(TAG, e, "Checking exemption failed", new Object[0]);
                z = false;
            }
            service.disconnect();
            if (service.getConnectionStatus() != CertificateExemptionManagerConnectionStatus.DISCONNECTED) {
                com.blackberry.common.f.p.d(TAG, "CertificateExemption Service connection failed", new Object[0]);
            }
            if (z) {
                com.blackberry.common.f.p.b(TAG, "Certificate Exemption exists for %s", this.baw.bPd);
            } else {
                com.blackberry.common.f.p.b(TAG, "Certificate Exemption doesn't exist for %s", this.baw.bPd);
            }
            return z;
        } catch (AndroidRuntimeException e2) {
            com.blackberry.common.f.p.d(TAG, e2, "Exception instantiating CertExemption Service", new Object[0]);
            return false;
        }
    }

    private void zU() {
        if (caf == null) {
            caf = ValidatorEngineFactory.getInstance(this.appContext, this.cac, this.cad, new ProfileType[]{ProfileType.PKIX, ProfileType.BLACKLIST});
        }
        try {
            this.cag = new PkixProfile().getDefaultTrustStore();
            com.blackberry.common.f.p.b(TAG, "trustStore: %s", this.cag.getProvider().getName());
            this.cah = new BBTrustManagerBuilder(this.cag);
            if (this.baw.hJ != null) {
                this.cah.setServerIdentity(new PeerIdentity(PeerIdentity.Type.DNS, this.baw.hJ));
            }
            this.cah.setDate(this.cae);
            this.cah.setCertificateValidatorFactory(caf);
            this.cah.setTimeout(20L, TimeUnit.SECONDS);
            this.cah.setHandler(new AnonymousClass1());
            this.cai = this.cah.buildX509TrustManager();
        } catch (CertificateException e) {
            com.blackberry.common.f.p.e(TAG, e, "Default truststore failed", new Object[0]);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        com.blackberry.common.f.p.b(TAG, "checkClientTrusted Using ExtBBX509TrustManager", new Object[0]);
        try {
            this.cai.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateValidationException e) {
            com.blackberry.common.f.p.b(TAG, e, "checkClientTrusted Failed: %s ", e.getValidationResult());
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        boolean z = true;
        com.blackberry.common.f.p.b(TAG, "checkServerTrusted Using ExtBBX509TrustManager", new Object[0]);
        try {
            this.cai.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateValidationException e) {
            ValidationResult validationResult = BBTrustManagerUtil.getValidationResult(e);
            if (validationResult != null) {
                com.blackberry.common.f.p.e(TAG, "checkServerTrusted Failed with %s", validationResult.getCommonWarnings().toString());
                f fVar = new f(validationResult.getCommonWarnings());
                if (validationResult.getPresentedPeerIdentity() == null) {
                    com.blackberry.common.f.p.c(TAG, "checkServerTrusted TrustManager return NULL peerIdentity", new Object[0]);
                } else {
                    com.blackberry.common.f.p.b(TAG, "checkServerTrusted Failed with %s", validationResult.getPresentedPeerIdentity().getEncoded());
                }
                if (this.baw != null) {
                    switch (fVar.zQ()) {
                        case 1:
                            z = false;
                            break;
                        case 2:
                            if (this.baw.bPc == 2) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    fVar.a(this.appContext, false, this.baw.bPc);
                } else {
                    fVar.a(this.appContext, false, -1);
                }
            }
            if (z) {
                com.blackberry.common.f.p.b(TAG, "Critical validation error", new Object[0]);
                throw e;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        com.blackberry.common.f.p.b(TAG, "getAcceptedIssuers Using ExtBBX509TrustManager", new Object[0]);
        return this.cai.getAcceptedIssuers();
    }
}
