package com.esri.arcgisruntime.internal.d.a;

import com.esri.arcgisruntime.io.MismatchedHostnameException;
import com.esri.arcgisruntime.security.SelfSignedCertificateException;
import com.esri.arcgisruntime.security.SelfSignedCertificateListener;
import com.esri.arcgisruntime.security.SelfSignedResponse;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class a implements X509TrustManager {
    private static SelfSignedCertificateListener sSelfSignedCertificateListener = null;
    private static boolean sTrustAllSigners = false;
    private final X509TrustManager mKeystoreTrustManager;
    private final X509TrustManager mStandardTrustManager = a((KeyStore) null);
    private static final Map<X509Certificate, Boolean> sCertSession = new ConcurrentHashMap(4, 0.75f, 4);
    private static final List<X509Certificate> sSelfSignedCerts = new ArrayList();
    private static final Map<X509Certificate, SelfSignedResponse> sPendingCerts = new ConcurrentHashMap(4, 0.75f, 4);

    public a(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        if (keyStore != null) {
            this.mKeystoreTrustManager = a(keyStore);
        } else {
            this.mKeystoreTrustManager = null;
        }
    }

    public static SelfSignedCertificateListener a() {
        return sSelfSignedCertificateListener;
    }

    private X509TrustManager a(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 0) {
            return (X509TrustManager) trustManagers[0];
        }
        throw new NoSuchAlgorithmException("no trust manager found");
    }

    public static void a(SelfSignedCertificateListener selfSignedCertificateListener) {
        sSelfSignedCertificateListener = selfSignedCertificateListener;
    }

    public static void a(IOException iOException, SelfSignedResponse selfSignedResponse) {
        X509Certificate c = c(iOException);
        if (c == null || sCertSession.containsKey(c)) {
            return;
        }
        sPendingCerts.put(c, selfSignedResponse);
    }

    public static void a(boolean z) {
        sTrustAllSigners = z;
        if (z) {
            return;
        }
        try {
            d.a();
        } catch (IOException unused) {
        }
    }

    public static boolean a(IOException iOException) {
        return (iOException instanceof MismatchedHostnameException) && !((MismatchedHostnameException) iOException).isSelfSigned();
    }

    public static boolean a(X509Certificate x509Certificate) {
        boolean contains;
        synchronized (sSelfSignedCerts) {
            contains = sSelfSignedCerts.contains(x509Certificate);
        }
        return contains;
    }

    public static Boolean b(X509Certificate x509Certificate) {
        if (sCertSession.containsKey(x509Certificate)) {
            return sCertSession.get(x509Certificate);
        }
        if (!sPendingCerts.containsKey(x509Certificate)) {
            return null;
        }
        SelfSignedResponse remove = sPendingCerts.remove(x509Certificate);
        Boolean valueOf = Boolean.valueOf(remove.isTrusted());
        if (remove.isCacheEnabled()) {
            sCertSession.put(x509Certificate, valueOf);
        }
        return valueOf;
    }

    public static boolean b() {
        return sTrustAllSigners;
    }

    public static boolean b(IOException iOException) {
        Boolean b;
        X509Certificate c = c(iOException);
        if (c == null || (b = b(c)) == null) {
            return false;
        }
        return !b.booleanValue();
    }

    private static X509Certificate c(IOException iOException) {
        if (iOException instanceof SSLHandshakeException) {
            if (iOException.getCause() instanceof SelfSignedCertificateException) {
                return ((SelfSignedCertificateException) iOException.getCause()).getCertificate();
            }
        } else if (iOException instanceof MismatchedHostnameException) {
            return ((MismatchedHostnameException) iOException).getCertificate();
        }
        return null;
    }

    public static void c() {
        sCertSession.clear();
        try {
            d.a();
        } catch (IOException unused) {
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            this.mStandardTrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            X509TrustManager x509TrustManager = this.mKeystoreTrustManager;
            if (x509TrustManager == null) {
                throw e;
            }
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z;
        try {
            this.mStandardTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            try {
                if (this.mKeystoreTrustManager == null) {
                    throw e;
                }
                this.mKeystoreTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e2) {
                e = e2;
                try {
                    x509CertificateArr[0].checkValidity();
                    z = false;
                } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
                    z = true;
                }
                if (e.getCause() != null && (e.getCause() instanceof CertPathValidatorException) && !z) {
                    synchronized (sSelfSignedCerts) {
                        if (!sSelfSignedCerts.contains(x509CertificateArr[0])) {
                            sSelfSignedCerts.add(x509CertificateArr[0]);
                        }
                        if (sTrustAllSigners) {
                            return;
                        } else {
                            e = new SelfSignedCertificateException(e.getMessage(), e, x509CertificateArr[0]);
                        }
                    }
                }
                Boolean b = b(x509CertificateArr[0]);
                if (b == null) {
                    SelfSignedCertificateListener selfSignedCertificateListener = sSelfSignedCertificateListener;
                    if (selfSignedCertificateListener == null) {
                        throw e;
                    }
                    SelfSignedResponse checkServerTrusted = selfSignedCertificateListener.checkServerTrusted(x509CertificateArr, str);
                    if (checkServerTrusted == null) {
                        throw e;
                    }
                    boolean isTrusted = checkServerTrusted.isTrusted();
                    if (checkServerTrusted.isCacheEnabled()) {
                        sCertSession.put(x509CertificateArr[0], Boolean.valueOf(isTrusted));
                    }
                    b = Boolean.valueOf(isTrusted);
                }
                if (!b.booleanValue()) {
                    throw e;
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mKeystoreTrustManager != null ? (X509Certificate[]) com.esri.arcgisruntime.internal.m.f.a(this.mStandardTrustManager.getAcceptedIssuers(), this.mKeystoreTrustManager.getAcceptedIssuers()) : this.mStandardTrustManager.getAcceptedIssuers();
    }
}
