package com.tencent.smtt.net.a;

import android.net.http.SslCertificate;
import android.util.Log;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
final class c {
    private static final c a = new c();

    private c() {
    }

    public static ae a(p pVar, SSLSocket sSLSocket, String str) {
        X509TrustManager x509TrustManager;
        boolean z;
        int i = 0;
        try {
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
            Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length <= 0) {
                if (sSLSocket != null) {
                    SSLSession session = sSLSocket.getSession();
                    if (session != null) {
                        session.invalidate();
                    }
                    sSLSocket.close();
                }
                throw new SSLHandshakeException("failed to retrieve peer certificates");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[peerCertificates.length];
            for (int i2 = 0; i2 < peerCertificates.length; i2++) {
                x509CertificateArr[i2] = (X509Certificate) peerCertificates[i2];
            }
            if (pVar != null && x509CertificateArr[0] != null) {
                pVar.a(new SslCertificate(x509CertificateArr[0]));
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            if (x509Certificate == null) {
                if (sSLSocket != null) {
                    SSLSession session2 = sSLSocket.getSession();
                    if (session2 != null) {
                        session2.invalidate();
                    }
                    sSLSocket.close();
                }
                throw new SSLHandshakeException("certificate for this site is null");
            }
            if (!h.a(x509Certificate, str)) {
                String str2 = "certificate not for this host: " + str;
                sSLSocket.getSession().invalidate();
                return new ae(2, x509Certificate);
            }
            int length = x509CertificateArr.length;
            if (x509CertificateArr.length > 1) {
                int i3 = 0;
                while (i3 < x509CertificateArr.length) {
                    int i4 = i3 + 1;
                    while (true) {
                        if (i4 >= x509CertificateArr.length) {
                            z = false;
                            break;
                        }
                        if (!x509CertificateArr[i3].getIssuerDN().equals(x509CertificateArr[i4].getSubjectDN())) {
                            i4++;
                        } else if (i4 != i3 + 1) {
                            X509Certificate x509Certificate2 = x509CertificateArr[i4];
                            x509CertificateArr[i4] = x509CertificateArr[i3 + 1];
                            x509CertificateArr[i3 + 1] = x509Certificate2;
                            z = true;
                        } else {
                            z = true;
                        }
                    }
                    if (!z) {
                        break;
                    }
                    i3++;
                }
                length = i3 + 1;
                X509Certificate x509Certificate3 = x509CertificateArr[length - 1];
                Date date = new Date();
                if (x509Certificate3.getSubjectDN().equals(x509Certificate3.getIssuerDN()) && date.after(x509Certificate3.getNotAfter())) {
                    length--;
                }
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[length];
            for (int i5 = 0; i5 < length; i5++) {
                x509CertificateArr2[i5] = x509CertificateArr[i5];
            }
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                while (true) {
                    if (i >= trustManagers.length) {
                        x509TrustManager = null;
                        break;
                    }
                    if (trustManagers[i] instanceof X509TrustManager) {
                        x509TrustManager = (X509TrustManager) trustManagers[i];
                        break;
                    }
                    i++;
                }
                if (x509TrustManager != null) {
                    x509TrustManager.checkClientTrusted(x509CertificateArr2, "RSA");
                }
                return null;
            } catch (KeyStoreException e) {
                e.printStackTrace();
                return null;
            } catch (NoSuchAlgorithmException e2) {
                e2.printStackTrace();
                return null;
            } catch (CertificateException e3) {
                sSLSocket.getSession().invalidate();
                Log.e("CertificateChainValidator", "the site is not trusted");
                return new ae(3, x509Certificate);
            }
        } catch (IOException e4) {
            String message = e4.getMessage();
            if (message == null) {
                message = "failed to perform SSL handshake";
            }
            if (sSLSocket != null) {
                SSLSession session3 = sSLSocket.getSession();
                if (session3 != null) {
                    session3.invalidate();
                }
                sSLSocket.close();
            }
            throw new SSLHandshakeException(message);
        }
    }

    public static c a() {
        return a;
    }
}
