package com.fsck.k9.mail.store;

import android.util.Log;
import com.fsck.k9.crypto.None;
import com.fsck.k9.helper.DomainNameChecker;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;

/* loaded from: classes.dex */
public final class TrustManagerFactory {
    private static final String LOG_TAG = "TrustManagerFactory";
    private static X509TrustManager defaultTrustManager;
    private static KeyStore keyStore;
    private static File keyStoreFile;
    private static X509Certificate[] lastCertChain = null;
    private static X509TrustManager localTrustManager;
    private static X509TrustManager unsecureTrustManager;

    /* loaded from: classes.dex */
    private static class SecureX509TrustManager implements X509TrustManager {
        private static final Map<String, SecureX509TrustManager> mTrustManager = new HashMap();
        private final String mHost;

        private SecureX509TrustManager(String str) {
            this.mHost = str;
        }

        public static synchronized X509TrustManager getInstance(String str) {
            SecureX509TrustManager secureX509TrustManager;
            synchronized (SecureX509TrustManager.class) {
                if (mTrustManager.containsKey(str)) {
                    secureX509TrustManager = mTrustManager.get(str);
                } else {
                    secureX509TrustManager = new SecureX509TrustManager(str);
                    mTrustManager.put(str, secureX509TrustManager);
                }
            }
            return secureX509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            TrustManagerFactory.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            TrustManagerFactory.setLastCertChain(x509CertificateArr);
            try {
                TrustManagerFactory.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                TrustManagerFactory.localTrustManager.checkServerTrusted(new X509Certificate[]{x509CertificateArr[0]}, str);
            }
            if (DomainNameChecker.match(x509CertificateArr[0], this.mHost)) {
                return;
            }
            try {
                String principal = x509CertificateArr[0].getSubjectDN().toString();
                if (principal != null) {
                    if (principal.equalsIgnoreCase(TrustManagerFactory.keyStore.getCertificateAlias(x509CertificateArr[0]))) {
                        return;
                    }
                }
                throw new CertificateException("Certificate domain name does not match " + this.mHost);
            } catch (KeyStoreException e2) {
                throw new CertificateException("Certificate cannot be verified; KeyStore Exception: " + e2);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return TrustManagerFactory.defaultTrustManager.getAcceptedIssuers();
        }
    }

    /* loaded from: classes.dex */
    private static class SimpleX509TrustManager implements X509TrustManager {
        private SimpleX509TrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:27:0x0087, code lost:
    
        com.fsck.k9.mail.store.TrustManagerFactory.defaultTrustManager = (javax.net.ssl.X509TrustManager) r8;
     */
    static {
        /*
            Method dump skipped, instructions count: 212
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.fsck.k9.mail.store.TrustManagerFactory.<clinit>():void");
    }

    private TrustManagerFactory() {
    }

    public static void addCertificateChain(String str, X509Certificate[] x509CertificateArr) throws CertificateException {
        FileOutputStream fileOutputStream;
        try {
            javax.net.ssl.TrustManagerFactory trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance("X509");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                keyStore.setCertificateEntry(x509Certificate.getSubjectDN().toString(), x509Certificate);
            }
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        localTrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                    i++;
                }
            }
            FileOutputStream fileOutputStream2 = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(keyStoreFile);
                } catch (Throwable th) {
                    th = th;
                }
            } catch (FileNotFoundException e) {
                e = e;
            } catch (IOException e2) {
                e = e2;
            } catch (CertificateException e3) {
                e = e3;
            }
            try {
                keyStore.store(fileOutputStream, None.NAME.toCharArray());
                IOUtils.closeQuietly((OutputStream) fileOutputStream);
            } catch (FileNotFoundException e4) {
                e = e4;
                throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
            } catch (IOException e5) {
                e = e5;
                throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
            } catch (CertificateException e6) {
                e = e6;
                throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
            } catch (Throwable th2) {
                th = th2;
                fileOutputStream2 = fileOutputStream;
                IOUtils.closeQuietly((OutputStream) fileOutputStream2);
                throw th;
            }
        } catch (KeyStoreException e7) {
            Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e7);
        } catch (NoSuchAlgorithmException e8) {
            Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e8);
        }
    }

    public static X509TrustManager get(String str, boolean z) {
        return z ? SecureX509TrustManager.getInstance(str) : unsecureTrustManager;
    }

    public static KeyStore getKeyStore() {
        return keyStore;
    }

    public static X509Certificate[] getLastCertChain() {
        return lastCertChain;
    }

    public static void setLastCertChain(X509Certificate[] x509CertificateArr) {
        lastCertChain = x509CertificateArr;
    }
}
