package com.tunnelbear.android.api;

import android.content.Context;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.tls.CertificateChainCleaner;

/* compiled from: TunnelBearTrustManager.java */
/* loaded from: classes.dex */
public class j implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f4949a;

    /* renamed from: b, reason: collision with root package name */
    private final CertificateChainCleaner f4950b = CertificateChainCleaner.Companion.get(this);

    /* renamed from: c, reason: collision with root package name */
    private final Context f4951c;

    /* renamed from: d, reason: collision with root package name */
    private String f4952d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate f4953e;

    public j(X509TrustManager x509TrustManager, Context context) {
        this.f4949a = x509TrustManager;
        this.f4951c = context.getApplicationContext();
    }

    public void a(String str) {
        this.f4952d = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.f4949a.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            List<Certificate> clean = this.f4950b.clean(Arrays.asList(x509CertificateArr), this.f4952d);
            if (this.f4953e == null) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    InputStream open = this.f4951c.getAssets().open("TunnelBearCertificate.crt");
                    this.f4953e = (X509Certificate) certificateFactory.generateCertificate(open);
                    open.close();
                } catch (FileNotFoundException e7) {
                    m.b.c("TunnelBearTrustManager", "Server certificate file missing " + e7.getMessage());
                } catch (IOException unused) {
                    m.b.c("TunnelBearTrustManager", "Generic IO Exception when loading the certificate.");
                } catch (CertificateException e8) {
                    m.b.c("TunnelBearTrustManager", "Unable to load TB certificate " + e8.getMessage());
                }
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) this.f4953e.getPublicKey();
            if (clean != null && clean.size() > 0) {
                Iterator<Certificate> it = clean.iterator();
                while (it.hasNext()) {
                    RSAPublicKey rSAPublicKey2 = (RSAPublicKey) ((X509Certificate) it.next()).getPublicKey();
                    if (rSAPublicKey.getAlgorithm().equals(rSAPublicKey2.getAlgorithm()) && rSAPublicKey.getPublicExponent().equals(rSAPublicKey2.getPublicExponent()) && rSAPublicKey.getModulus().equals(rSAPublicKey2.getModulus()) && rSAPublicKey2.getEncoded() != null && Arrays.equals(rSAPublicKey.getEncoded(), rSAPublicKey2.getEncoded())) {
                        this.f4949a.checkServerTrusted(x509CertificateArr, str);
                        return;
                    }
                }
            }
        } catch (Exception e9) {
            StringBuilder b8 = android.support.v4.media.c.b("Error while checking server certificate: ");
            b8.append(e9.getMessage());
            m.b.c("TunnelBearTrustManager", b8.toString());
        }
        StringBuilder b9 = android.support.v4.media.c.b("DBIZ-526: TunnelBearTrustManager will throw a CertificateException. mHostname = ");
        b9.append(this.f4952d);
        b9.append(" and authType = ");
        b9.append(str);
        m.b.c("TunnelBearTrustManager", b9.toString());
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.f4949a.getAcceptedIssuers();
    }
}
