package com.fiberlink.maas360.android.b;

import android.text.TextUtils;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: MaaS360HttpPinningTrustManager.java */
/* loaded from: classes.dex */
public class f implements X509TrustManager {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static final String LOG_TAG;
    private final X509Certificate alwaysTrustCert;
    private final boolean pinAllHosts;

    static {
        $assertionsDisabled = !f.class.desiredAssertionStatus();
        LOG_TAG = f.class.getSimpleName();
    }

    public f(X509Certificate x509Certificate, boolean z) throws KeyStoreException {
        this.alwaysTrustCert = x509Certificate;
        this.pinAllHosts = z;
    }

    private TrustManagerFactory a() throws CertificateException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            return trustManagerFactory;
        } catch (Exception e) {
            com.fiberlink.maas360.b.c.c(LOG_TAG, e, "CP : Error initializing Trust Manager factory.");
            throw new CertificateException(e);
        }
    }

    private boolean a(X509Certificate[] x509CertificateArr, c cVar) {
        return cVar.d().contains(x509CertificateArr[x509CertificateArr.length - 1]);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            for (TrustManager trustManager : a().getTrustManagers()) {
                ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            com.fiberlink.maas360.b.c.c(LOG_TAG, "CP : checkClientTrusted failed");
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        try {
            String a2 = a.a();
            if (!TextUtils.isEmpty(a2)) {
                a2 = a2.toLowerCase();
                com.fiberlink.maas360.b.c.a(LOG_TAG, "CP : Checking server certificate for request host: ", a2);
            }
            String str2 = a2;
            if (!$assertionsDisabled && x509CertificateArr == null) {
                throw new AssertionError();
            }
            if (x509CertificateArr == null) {
                com.fiberlink.maas360.b.c.c(LOG_TAG, "CP : X509Certificate array is null");
                throw new IllegalArgumentException("X509Certificate array is null");
            }
            if (!$assertionsDisabled && x509CertificateArr.length <= 0) {
                throw new AssertionError();
            }
            if (x509CertificateArr.length <= 0) {
                com.fiberlink.maas360.b.c.c(LOG_TAG, "CP : X509Certificate is empty");
                throw new IllegalArgumentException("X509Certificate is empty");
            }
            c a3 = c.a();
            if (this.pinAllHosts || a3.c(str2)) {
                if (this.pinAllHosts) {
                    if (a3.c().contains(x509CertificateArr[0]) || a(x509CertificateArr, a3)) {
                        z = true;
                    }
                } else if (a3.b(str2).contains(x509CertificateArr[0]) || a(x509CertificateArr, a3)) {
                    z = true;
                }
                if (z) {
                    com.fiberlink.maas360.b.c.a(LOG_TAG, "CP : X509Certificate matching with pinned certificate");
                    return;
                } else {
                    com.fiberlink.maas360.b.c.c(LOG_TAG, "CP : X509Certificate is not matching with pinned certificate");
                    a3.a(str2);
                    throw new CertificateException("X509Certificate is not matching with pinned certificate");
                }
            }
            if (this.alwaysTrustCert != null && this.alwaysTrustCert.equals(x509CertificateArr[0])) {
                com.fiberlink.maas360.b.c.a(LOG_TAG, "CP : X509Certificate matching with always-trust certificate");
                return;
            }
            try {
                for (TrustManager trustManager : a().getTrustManagers()) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                }
                com.fiberlink.maas360.b.c.a(LOG_TAG, "CP : X509Certificate matching with usual SSL/TLS checks");
            } catch (CertificateException e) {
                com.fiberlink.maas360.b.c.c(LOG_TAG, "CP : X509Certificate is not matching with with usual SSL/TLS checks");
                throw e;
            }
        } finally {
            a.b();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
