package eu.faircode.email;

import android.content.Context;
import android.text.TextUtils;
import eu.faircode.email.EntityLog;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SSLHelper {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public interface ITrust {
        void checkServerTrusted(X509Certificate[] x509CertificateArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean customTrustManager() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManager[] getTrustManagers(final Context context, final String str, final int i9, final boolean z8, final boolean z9, final boolean z10, boolean z11, final boolean z12, final String str2, final ITrust iTrust) {
        TrustManagerFactory trustManagerFactory;
        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
        } catch (Throwable th) {
            Log.e(th);
            trustManagerFactory = null;
        }
        TrustManager[] trustManagers = trustManagerFactory == null ? null : trustManagerFactory.getTrustManagers();
        StringBuilder sb = new StringBuilder();
        sb.append("Trust managers=");
        sb.append(trustManagers != null ? Integer.valueOf(trustManagers.length) : null);
        Log.i(sb.toString());
        if (trustManagers == null || trustManagers.length == 0 || !(trustManagers[0] instanceof X509TrustManager)) {
            Log.e("Missing root trust manager");
            return trustManagers;
        }
        if (trustManagers.length > 1) {
            for (TrustManager trustManager : trustManagers) {
                Log.e("Trust manager " + trustManager.getClass());
            }
        }
        final X509TrustManager a9 = z11 ? new s.c((X509TrustManager) trustManagers[0]).b(new t.a(context)).c(new s.a() { // from class: eu.faircode.email.SSLHelper.1
            @Override // s.a
            public void log(String str3, s.k kVar) {
                Log.persist(EntityLog.Type.Network, "Transparency: " + str3 + " " + kVar);
            }
        }).a() : (X509TrustManager) trustManagers[0];
        return new TrustManager[]{new X509TrustManager() { // from class: eu.faircode.email.SSLHelper.2
            private boolean isExpired(Throwable th2) {
                while (th2 != null) {
                    if (th2 instanceof CertificateExpiredException) {
                        return true;
                    }
                    th2 = th2.getCause();
                }
                return false;
            }

            private boolean noAnchor(Throwable th2) {
                while (th2 != null) {
                    if (th2 instanceof CertPathValidatorException) {
                        return true;
                    }
                    th2 = th2.getCause();
                }
                return false;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) {
                if (z8) {
                    a9.checkClientTrusted(x509CertificateArr, str3);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) {
                ITrust iTrust2 = iTrust;
                if (iTrust2 != null) {
                    iTrust2.checkServerTrusted(x509CertificateArr);
                }
                if (z8) {
                    String str4 = str2;
                    if (str4 != null && SSLHelper.matches(x509CertificateArr[0], str4)) {
                        Log.i("Trusted selected fingerprint");
                        return;
                    }
                    try {
                        Log.i("Auth type=" + str3);
                        a9.checkServerTrusted(x509CertificateArr, str3);
                    } catch (CertificateException e9) {
                        Principal subjectDN = x509CertificateArr[0].getSubjectDN();
                        if (subjectDN == null) {
                            throw e9;
                        }
                        if (z10) {
                            throw new CertificateException(subjectDN.getName(), e9);
                        }
                        if (!noAnchor(e9) && !isExpired(e9)) {
                            throw new CertificateException(subjectDN.getName(), e9);
                        }
                        Log.i(e9);
                    }
                    if (z9) {
                        DnsHelper.verifyDane(x509CertificateArr, str, i9);
                    }
                    if (z12) {
                        List<String> dnsNames = EntityCertificate.getDnsNames(x509CertificateArr[0]);
                        if (EntityCertificate.matches(str, dnsNames)) {
                            return;
                        }
                        if (!z10) {
                            try {
                                try {
                                    InetAddress byName = DnsHelper.getByName(context, str);
                                    Log.i("Checking server ip=" + byName);
                                    for (String str5 : dnsNames) {
                                        if (str5.startsWith("*.")) {
                                            str5 = str5.substring(2);
                                        }
                                        Log.i("Checking cert name=" + str5);
                                        try {
                                            for (InetAddress inetAddress : DnsHelper.getAllByName(context, str5)) {
                                                if (Arrays.equals(byName.getAddress(), inetAddress.getAddress())) {
                                                    Log.i("Accepted " + str5 + " for " + str);
                                                    return;
                                                }
                                            }
                                        } catch (UnknownHostException e10) {
                                            Log.w(e10);
                                        }
                                    }
                                } catch (UnknownHostException e11) {
                                    Log.w(e11);
                                }
                            } catch (Throwable th2) {
                                Log.e(th2);
                            }
                        }
                        String str6 = str + " not in certificate: " + TextUtils.join(",", dnsNames);
                        Log.i(str6);
                        throw new CertificateException(str6);
                    }
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return a9.getAcceptedIssuers();
            }
        }};
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean matches(X509Certificate x509Certificate, String str) {
        try {
            String fingerprintSha1 = EntityCertificate.getFingerprintSha1(x509Certificate);
            int indexOf = str.indexOf(47);
            if (indexOf < 0) {
                return str.equals(fingerprintSha1);
            }
            if (str.substring(indexOf + 1).equals(EntityCertificate.getKeyId(x509Certificate))) {
                return true;
            }
            return str.substring(0, indexOf).equals(fingerprintSha1);
        } catch (Throwable th) {
            Log.w(th);
            return false;
        }
    }
}
