package cz.acrobits.libsoftphone.internal;

import android.net.http.X509TrustManagerExtensions;
import cz.acrobits.ali.JNI;
import cz.acrobits.ali.Log;
import cz.acrobits.libsoftphone.support.SDKServices;
import cz.acrobits.libsoftphone.support.service.AssetService;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes.dex */
final class CertificatesVerifier {
    public static final String ASSETS_PATH = "ca-certificates";
    private static final Log LOG = new Log(CertificatesVerifier.class);
    public static final String RSA = "RSA";
    public static final String X509 = "X509";
    protected static X509HostnameVerifier mHostnameVerifier;
    protected static X509TrustManagerExtensions[] mManagers;

    @JNI
    public CertificatesVerifier() {
    }

    private static X509TrustManagerExtensions createManager(TrustManagerFactory trustManagerFactory, KeyStore keyStore) {
        try {
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return new X509TrustManagerExtensions((X509TrustManager) trustManager);
                }
            }
            return null;
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    private static Throwable doVerify(X509Certificate[] x509CertificateArr, X509TrustManagerExtensions x509TrustManagerExtensions, String str) {
        try {
            x509TrustManagerExtensions.checkServerTrusted(x509CertificateArr, RSA, str);
            return null;
        } catch (CertificateException e) {
            return e;
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    @JNI
    private void load() {
        try {
            Log log = LOG;
            log.info("Initializing...");
            ArrayList arrayList = new ArrayList();
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(X509);
            arrayList.add(createManager(trustManagerFactory, null));
            AssetService assetService = (AssetService) SDKServices.get(AssetService.class);
            String[] list = assetService.list(ASSETS_PATH);
            if (list != null && list.length != 0) {
                log.info("Loading custom CAs");
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
                for (String str : list) {
                    String substring = str.substring(0, str.length() - 4);
                    LOG.debug(".. %s", substring);
                    keyStore.setCertificateEntry(substring, (X509Certificate) certificateFactory.generateCertificate(assetService.open("ca-certificates/" + str)));
                }
                arrayList.add(createManager(trustManagerFactory, keyStore));
            }
            mManagers = (X509TrustManagerExtensions[]) arrayList.toArray(new X509TrustManagerExtensions[arrayList.size()]);
            mHostnameVerifier = new BrowserCompatHostnameVerifier();
        } catch (Throwable th) {
            throw new IllegalStateException(th);
        }
    }

    @JNI
    public X509Certificate[] parse(byte[][] bArr) {
        int length = bArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
            for (int i = 0; i < length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr[i]));
            }
            return x509CertificateArr;
        } catch (Throwable th) {
            th.printStackTrace();
            return null;
        }
    }

    @JNI
    public boolean verify(String str, X509Certificate[] x509CertificateArr) {
        X509TrustManagerExtensions[] x509TrustManagerExtensionsArr = mManagers;
        if (x509TrustManagerExtensionsArr == null || x509TrustManagerExtensionsArr.length == 0) {
            LOG.error("No trust manager, cannot verify");
            return false;
        }
        try {
            mHostnameVerifier.verify(str, x509CertificateArr[0]);
            Throwable[] thArr = new Throwable[mManagers.length];
            int i = 0;
            while (true) {
                X509TrustManagerExtensions[] x509TrustManagerExtensionsArr2 = mManagers;
                if (i >= x509TrustManagerExtensionsArr2.length) {
                    Log log = LOG;
                    log.error("Certificate verification failed for %s", str);
                    if (log.isLoggable(2)) {
                        for (int i2 = 0; i2 < mManagers.length; i2++) {
                            LOG.info("manager #%d:\n%s", Integer.valueOf(i2), Log.getStackTrace(thArr[i2]));
                        }
                    }
                    return false;
                }
                Throwable doVerify = doVerify(x509CertificateArr, x509TrustManagerExtensionsArr2[i], str);
                thArr[i] = doVerify;
                if (doVerify == null) {
                    LOG.info("Certificate verified for %s", str);
                    return true;
                }
                i++;
            }
        } catch (SSLException e) {
            Log log2 = LOG;
            log2.error("Hostname verification failed for %s", str);
            if (log2.isLoggable(2)) {
                log2.info("%s", Log.getStackTrace(e));
            }
            return false;
        }
    }
}
