package max;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class sa4 implements X509TrustManager {
    public static final pb4 d = ob4.a(sa4.class);
    public static Pattern e = Pattern.compile("(?i)(cn=)([^,]*)");
    public String a;
    public X509TrustManager b;
    public boolean c;

    public sa4(String str, w94 w94Var) {
        boolean z = w94Var.s;
        this.c = z;
        if (z) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        this.b = (X509TrustManager) trustManager;
                    }
                }
            } catch (Exception e2) {
                d.c("Unable to get TrustManager: ", e2);
            }
        }
        this.a = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (this.c) {
            X509TrustManager x509TrustManager = this.b;
            if (x509TrustManager == null) {
                throw new CertificateException("No X509TrustManager found, unable to verify cert");
            }
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (this.c) {
            X509TrustManager x509TrustManager = this.b;
            if (x509TrustManager == null) {
                throw new CertificateException("No X509TrustManager found, unable to verify cert");
            }
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            boolean z = false;
            X509Certificate x509Certificate = x509CertificateArr[0];
            ArrayList arrayList = new ArrayList();
            String name = x509Certificate.getSubjectDN().getName();
            Matcher matcher = e.matcher(name);
            if (matcher.find()) {
                name = matcher.group(2);
            }
            arrayList.add(name);
            try {
                Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                if (subjectAlternativeNames != null) {
                    for (List<?> list : subjectAlternativeNames) {
                        if (((Integer) list.get(0)).intValue() == 2) {
                            arrayList.add((String) list.get(1));
                        }
                    }
                }
            } catch (CertificateParsingException e2) {
                d.c("Unable to parse certificate: ", e2);
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (!str2.startsWith("*.")) {
                    if (this.a.equals(str2)) {
                        z = true;
                        break;
                    }
                } else {
                    if (this.a.endsWith(str2.substring(1))) {
                        z = true;
                        break;
                    }
                }
            }
            if (z) {
                return;
            }
            StringBuilder U = vu.U("Hostname is ");
            U.append(this.a);
            U.append(" which did not match identities: ");
            U.append(arrayList);
            throw new CertificateException(U.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.c ? this.b.getAcceptedIssuers() : new X509Certificate[0];
    }
}
