package com.onpoint.opmw.security;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public final class TrustManagerFactory {
    private static final boolean DBG = false;
    private static final String LOG_TAG = "TrustManagerFactory";
    private static X509TrustManager defaultTrustManager;
    private static KeyStore keyStore;
    private static File keyStoreFile;
    private static X509Certificate[] lastCertChain;
    private static X509TrustManager localTrustManager;

    /* loaded from: classes3.dex */
    public static class SecureX509TrustManager implements X509TrustManager {
        private static SecureX509TrustManager me;
        private String mHost;

        private SecureX509TrustManager() {
        }

        public static X509TrustManager getInstance(String str) {
            if (me == null) {
                me = new SecureX509TrustManager();
            }
            SecureX509TrustManager secureX509TrustManager = me;
            secureX509TrustManager.mHost = str;
            return secureX509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            TrustManagerFactory.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            TrustManagerFactory.setLastCertChain(x509CertificateArr);
            try {
                TrustManagerFactory.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException unused) {
                TrustManagerFactory.localTrustManager.checkServerTrusted(new X509Certificate[]{x509CertificateArr[0]}, str);
            }
            try {
                String principal = x509CertificateArr[0].getSubjectDN().toString();
                if (principal != null) {
                    if (principal.equalsIgnoreCase(TrustManagerFactory.keyStore.getCertificateAlias(x509CertificateArr[0]))) {
                        return;
                    }
                }
                throw new CertificateException("Certificate domain name does not match " + this.mHost);
            } catch (KeyStoreException e) {
                throw new CertificateException("Certificate cannot be verified; KeyStore Exception: " + e);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return TrustManagerFactory.defaultTrustManager.getAcceptedIssuers();
        }

        public void setHost(String str) {
            this.mHost = str;
        }
    }

    public static void addCertificateChain(String str, X509Certificate[] x509CertificateArr) {
        try {
            javax.net.ssl.TrustManagerFactory trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance("X509");
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                keyStore.setCertificateEntry(x509CertificateArr[i2].getSubjectDN().toString(), x509CertificateArr[i2]);
            }
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        localTrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                }
            }
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(keyStoreFile);
                keyStore.store(fileOutputStream, "".toCharArray());
                fileOutputStream.close();
            } catch (FileNotFoundException e) {
                throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
            } catch (IOException e2) {
                throw new CertificateException("Unable to write KeyStore: " + e2.getMessage());
            } catch (CertificateException e3) {
                throw new CertificateException("Unable to write KeyStore: " + e3.getMessage());
            }
        } catch (KeyStoreException | NoSuchAlgorithmException unused) {
        }
    }

    public static X509TrustManager get(String str) {
        return SecureX509TrustManager.getInstance(str);
    }

    public static KeyStore getKeyStore() {
        return keyStore;
    }

    public static X509Certificate[] getLastCertChain() {
        return lastCertChain;
    }

    public static void setLastCertChain(X509Certificate[] x509CertificateArr) {
        lastCertChain = x509CertificateArr;
    }
}
