package ak.im.module;

import ak.im.utils.Log;
import ak.im.utils.o3;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class AkeyChatX509 implements X509TrustManager {
    private static final String TAG = "AkeyChatX509";

    /* renamed from: a, reason: collision with root package name */
    X509TrustManager f1075a;
    CertificateFactory certFactory;
    private String domain;
    private URL mUrl;

    /* JADX WARN: Removed duplicated region for block: B:18:0x008a  */
    /* JADX WARN: Removed duplicated region for block: B:28:0x009a A[RETURN] */
    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:26:0x0087 -> B:16:0x0087). Please report as a decompilation issue!!! */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public AkeyChatX509(java.net.URL r6) throws java.security.cert.CertificateException {
        /*
            r5 = this;
            r5.<init>()
            r5.mUrl = r6
            if (r6 != 0) goto La
            java.lang.String r6 = ""
            goto Le
        La:
            java.lang.String r6 = r6.getHost()
        Le:
            r5.domain = r6
            java.lang.String r6 = "X.509"
            java.security.cert.CertificateFactory r6 = java.security.cert.CertificateFactory.getInstance(r6)
            r5.certFactory = r6
            r6 = 0
            java.lang.String r0 = "JKS"
            java.security.KeyStore r0 = java.security.KeyStore.getInstance(r0)     // Catch: java.lang.Exception -> L20
            goto L21
        L20:
            r0 = r6
        L21:
            r1 = 0
            javax.net.ssl.TrustManager[] r2 = new javax.net.ssl.TrustManager[r1]
            if (r0 == 0) goto L6d
            java.io.FileInputStream r3 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L51 java.lang.Exception -> L55
            java.lang.String r4 = "trustedCerts"
            r3.<init>(r4)     // Catch: java.lang.Throwable -> L51 java.lang.Exception -> L55
            java.lang.String r6 = "passphrase"
            char[] r6 = r6.toCharArray()     // Catch: java.lang.Exception -> L4f java.lang.Throwable -> L61
            r0.load(r3, r6)     // Catch: java.lang.Exception -> L4f java.lang.Throwable -> L61
            java.lang.String r6 = "SunX509"
            java.lang.String r4 = "SunJSSE"
            javax.net.ssl.TrustManagerFactory r6 = javax.net.ssl.TrustManagerFactory.getInstance(r6, r4)     // Catch: java.lang.Exception -> L4f java.lang.Throwable -> L61
            r6.init(r0)     // Catch: java.lang.Exception -> L4f java.lang.Throwable -> L61
            javax.net.ssl.TrustManager[] r2 = r6.getTrustManagers()     // Catch: java.lang.Exception -> L4f java.lang.Throwable -> L61
            r3.close()     // Catch: java.io.IOException -> L4a
            goto L87
        L4a:
            r6 = move-exception
            r6.printStackTrace()
            goto L87
        L4f:
            r6 = move-exception
            goto L58
        L51:
            r0 = move-exception
            r3 = r6
            r6 = r0
            goto L62
        L55:
            r0 = move-exception
            r3 = r6
            r6 = r0
        L58:
            r6.printStackTrace()     // Catch: java.lang.Throwable -> L61
            if (r3 == 0) goto L87
            r3.close()     // Catch: java.io.IOException -> L4a
            goto L87
        L61:
            r6 = move-exception
        L62:
            if (r3 == 0) goto L6c
            r3.close()     // Catch: java.io.IOException -> L68
            goto L6c
        L68:
            r0 = move-exception
            r0.printStackTrace()
        L6c:
            throw r6
        L6d:
            java.lang.String r0 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.NoSuchAlgorithmException -> L76
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r0)     // Catch: java.security.NoSuchAlgorithmException -> L76
            goto L7b
        L76:
            r0 = move-exception
            r0.printStackTrace()
            r0 = r6
        L7b:
            r0.init(r6)     // Catch: java.security.KeyStoreException -> L7f
            goto L83
        L7f:
            r6 = move-exception
            r6.printStackTrace()
        L83:
            javax.net.ssl.TrustManager[] r2 = r0.getTrustManagers()
        L87:
            int r6 = r2.length
            if (r1 >= r6) goto L9a
            r6 = r2[r1]
            boolean r6 = r6 instanceof javax.net.ssl.X509TrustManager
            if (r6 == 0) goto L97
            r6 = r2[r1]
            javax.net.ssl.X509TrustManager r6 = (javax.net.ssl.X509TrustManager) r6
            r5.f1075a = r6
            return
        L97:
            int r1 = r1 + 1
            goto L87
        L9a:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: ak.im.module.AkeyChatX509.<init>(java.net.URL):void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z;
        if (!o3.isNeedVerifyCertificate(this.mUrl)) {
            Log.w(TAG, "do not need verify certificate-check-server-trusted");
            return;
        }
        try {
            this.f1075a.checkClientTrusted(x509CertificateArr, str);
            z = false;
        } catch (CertificateException e) {
            e.printStackTrace();
            Log.e(TAG, "checkClientTrusted error is " + e.getMessage());
            z = true;
        }
        Date date = new Date();
        String name = x509CertificateArr[0].getSubjectDN().getName();
        int length = x509CertificateArr.length;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            try {
                x509Certificate.checkValidity(date);
            } catch (GeneralSecurityException unused) {
                Log.i(TAG, "invalid date of " + name);
            }
        }
        if (!z) {
            Log.w(TAG, "default verify pass do not continue");
            return;
        }
        Principal principal = null;
        int i = length - 1;
        while (i >= 0) {
            X509Certificate x509Certificate2 = x509CertificateArr[i];
            Principal issuerDN = x509Certificate2.getIssuerDN();
            Principal subjectDN = x509Certificate2.getSubjectDN();
            if (principal != null) {
                if (!issuerDN.equals(principal)) {
                    Log.w(TAG, "subject/issuer verification failed of " + name);
                    throw new CertificateException("subject/issuer verification failed of " + name);
                }
                try {
                    x509CertificateArr[i].verify(x509CertificateArr[i + 1].getPublicKey());
                } catch (GeneralSecurityException unused2) {
                    Log.w(TAG, "signature verification failed of " + name);
                    throw new CertificateException("signature verification failed of " + name);
                }
            }
            i--;
            principal = subjectDN;
        }
        Log.i(TAG, "cert chain trusted-1 " + name);
        String substring = name.startsWith("CN=") ? name.substring(3) : name;
        if (substring.startsWith("*.")) {
            substring = substring.substring(2);
        }
        if (!this.domain.contains(substring)) {
            throw new CertificateException("target verification failed of " + name);
        }
        Log.i(TAG, "cert domain trusted-2 " + name);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
