package com.tongweb.gmssl.jsse.security.ssl;

import com.tongweb.tianfu.a.a.C0069r;
import java.net.Socket;
import java.security.AlgorithmConstraints;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.SNIHostName;
import javax.net.ssl.SNIServerName;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import sun.security.util.HostnameChecker;
import sun.security.validator.Validator;

/* loaded from: input_file:com/tongweb/gmssl/jsse/security/ssl/bt.class */
final class bt extends X509ExtendedTrustManager implements X509TrustManager {
    private final String a;
    private final Collection<X509Certificate> b;
    private final PKIXBuilderParameters c;
    private volatile Validator d;
    private volatile Validator e;
    private static final C0046u f = C0046u.a("ssl");

    /* JADX INFO: Access modifiers changed from: package-private */
    public bt(String str, KeyStore keyStore) {
        this.a = str;
        this.c = null;
        if (keyStore == null) {
            this.b = Collections.emptySet();
        } else {
            this.b = C0069r.a(keyStore);
        }
        a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public bt(String str, PKIXBuilderParameters pKIXBuilderParameters) {
        this.a = str;
        this.c = pKIXBuilderParameters;
        Validator a = a("tls server");
        this.b = a.getTrustedCertificates();
        this.e = a;
        a();
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(x509CertificateArr, str, (Socket) null, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(x509CertificateArr, str, (Socket) null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = new X509Certificate[this.b.size()];
        this.b.toArray(x509CertificateArr);
        return x509CertificateArr;
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        a(x509CertificateArr, str, socket, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        a(x509CertificateArr, str, socket, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        a(x509CertificateArr, str, sSLEngine, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        a(x509CertificateArr, str, sSLEngine, false);
    }

    private Validator a(X509Certificate[] x509CertificateArr, String str, boolean z) {
        Validator validator;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("null or zero-length certificate chain");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length authentication type");
        }
        if (z) {
            Validator validator2 = this.d;
            validator = validator2;
            if (validator2 == null) {
                synchronized (this) {
                    Validator validator3 = this.d;
                    validator = validator3;
                    if (validator3 == null) {
                        validator = a("tls client");
                        this.d = validator;
                    }
                }
            }
        } else {
            Validator validator4 = this.e;
            validator = validator4;
            if (validator4 == null) {
                synchronized (this) {
                    Validator validator5 = this.e;
                    validator = validator5;
                    if (validator5 == null) {
                        validator = a("tls server");
                        this.e = validator;
                    }
                }
            }
        }
        return validator;
    }

    private void a(X509Certificate[] x509CertificateArr, String str, Socket socket, boolean z) {
        Validator a = a(x509CertificateArr, str, z);
        C0024ax c0024ax = null;
        if (socket != null && socket.isConnected() && (socket instanceof SSLSocket)) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession handshakeSession = sSLSocket.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("No handshake session");
            }
            String endpointIdentificationAlgorithm = sSLSocket.getSSLParameters().getEndpointIdentificationAlgorithm();
            if (endpointIdentificationAlgorithm != null && endpointIdentificationAlgorithm.length() != 0) {
                a(handshakeSession, x509CertificateArr[0], endpointIdentificationAlgorithm, z, a(socket));
            }
            c0024ax = C0016ap.a(handshakeSession.getProtocol()).m >= C0016ap.f.m ? handshakeSession instanceof ExtendedSSLSession ? new C0024ax(sSLSocket, ((ExtendedSSLSession) handshakeSession).getLocalSupportedSignatureAlgorithms(), false) : new C0024ax(sSLSocket, false) : new C0024ax(sSLSocket, false);
        }
        X509Certificate[] a2 = z ? a(a, x509CertificateArr, c0024ax, (String) null) : a(a, x509CertificateArr, c0024ax, str);
        if (f == null || !C0046u.b("trustmanager")) {
            return;
        }
        System.out.println("Found trusted certificate:");
        X509Certificate[] x509CertificateArr2 = a2;
        System.out.println(x509CertificateArr2[x509CertificateArr2.length - 1]);
    }

    private void a(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, boolean z) {
        Validator a = a(x509CertificateArr, str, z);
        C0024ax c0024ax = null;
        if (sSLEngine != null) {
            SSLSession handshakeSession = sSLEngine.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("No handshake session");
            }
            String endpointIdentificationAlgorithm = sSLEngine.getSSLParameters().getEndpointIdentificationAlgorithm();
            if (endpointIdentificationAlgorithm != null && endpointIdentificationAlgorithm.length() != 0) {
                a(handshakeSession, x509CertificateArr[0], endpointIdentificationAlgorithm, z, a(sSLEngine));
            }
            c0024ax = C0016ap.a(handshakeSession.getProtocol()).m >= C0016ap.f.m ? handshakeSession instanceof ExtendedSSLSession ? new C0024ax(sSLEngine, ((ExtendedSSLSession) handshakeSession).getLocalSupportedSignatureAlgorithms(), false) : new C0024ax(sSLEngine, false) : new C0024ax(sSLEngine, false);
        }
        X509Certificate[] a2 = z ? a(a, x509CertificateArr, c0024ax, (String) null) : a(a, x509CertificateArr, c0024ax, str);
        if (f == null || !C0046u.b("trustmanager")) {
            return;
        }
        System.out.println("Found trusted certificate:");
        X509Certificate[] x509CertificateArr2 = a2;
        System.out.println(x509CertificateArr2[x509CertificateArr2.length - 1]);
    }

    private void a() {
        if (f == null || !C0046u.b("trustmanager")) {
            return;
        }
        for (X509Certificate x509Certificate : this.b) {
            System.out.println("adding as trusted cert:");
            System.out.println("  Subject: " + x509Certificate.getSubjectX500Principal());
            System.out.println("  Issuer:  " + x509Certificate.getIssuerX500Principal());
            System.out.println("  Algorithm: " + x509Certificate.getPublicKey().getAlgorithm() + "; Serial number: 0x" + x509Certificate.getSerialNumber().toString(16));
            System.out.println("  Valid from " + x509Certificate.getNotBefore() + " until " + x509Certificate.getNotAfter());
            System.out.println();
        }
    }

    private Validator a(String str) {
        return this.c == null ? Validator.getInstance(this.a, str, this.b) : Validator.getInstance(this.a, str, this.c);
    }

    private static X509Certificate[] a(Validator validator, X509Certificate[] x509CertificateArr, AlgorithmConstraints algorithmConstraints, String str) {
        Object g = C0009ai.g();
        try {
            return validator.validate(x509CertificateArr, (Collection) null, algorithmConstraints, str);
        } finally {
            C0009ai.a(g);
        }
    }

    private static String a(List<SNIServerName> list) {
        SNIHostName sNIHostName = null;
        Iterator<SNIServerName> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SNIServerName next = it.next();
            if (next.getType() == 0) {
                if (next instanceof SNIHostName) {
                    sNIHostName = (SNIHostName) next;
                } else {
                    try {
                        sNIHostName = new SNIHostName(next.getEncoded());
                    } catch (IllegalArgumentException unused) {
                        if (f != null && C0046u.b("trustmanager")) {
                            System.out.println("Illegal server name: " + next);
                        }
                    }
                }
            }
        }
        if (sNIHostName != null) {
            return sNIHostName.getAsciiName();
        }
        return null;
    }

    private static List<SNIServerName> a(Socket socket) {
        SSLSession handshakeSession;
        return (socket != null && socket.isConnected() && (socket instanceof SSLSocket) && (handshakeSession = ((SSLSocket) socket).getHandshakeSession()) != null && (handshakeSession instanceof ExtendedSSLSession)) ? ((ExtendedSSLSession) handshakeSession).getRequestedServerNames() : Collections.emptyList();
    }

    private static List<SNIServerName> a(SSLEngine sSLEngine) {
        SSLSession handshakeSession;
        return (sSLEngine == null || (handshakeSession = sSLEngine.getHandshakeSession()) == null || !(handshakeSession instanceof ExtendedSSLSession)) ? Collections.emptyList() : ((ExtendedSSLSession) handshakeSession).getRequestedServerNames();
    }

    private static void a(SSLSession sSLSession, X509Certificate x509Certificate, String str, boolean z, List<SNIServerName> list) {
        String a;
        boolean z2 = false;
        String peerHost = sSLSession.getPeerHost();
        if (z && (a = a(list)) != null) {
            try {
                a(a, x509Certificate, str);
                z2 = true;
            } catch (CertificateException e) {
                if (a.equalsIgnoreCase(peerHost)) {
                    throw e;
                }
            }
        }
        if (z2) {
            return;
        }
        a(peerHost, x509Certificate, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(String str, X509Certificate x509Certificate, String str2) {
        if (str2 == null || str2.length() == 0) {
            return;
        }
        if (str != null && str.startsWith("[") && str.endsWith("]")) {
            str = str.substring(1, str.length() - 1);
        }
        if (str2.equalsIgnoreCase("HTTPS")) {
            HostnameChecker.getInstance((byte) 1).match(str, x509Certificate);
        } else {
            if (!str2.equalsIgnoreCase("LDAP") && !str2.equalsIgnoreCase("LDAPS")) {
                throw new CertificateException("Unknown identification algorithm: " + str2);
            }
            HostnameChecker.getInstance((byte) 2).match(str, x509Certificate);
        }
    }
}
