package com.huawei.ott.sdk.license.http;

import com.huawei.ott.sdk.log.DebugLog;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: TbsSdkJava */
/* loaded from: classes.dex */
public class HttpTrustManager implements X509TrustManager {
    private static final String TAG = HttpTrustManager.class.getSimpleName();
    private X509Certificate[] trustCerts;
    private boolean verifyCert;

    public HttpTrustManager(KeyStore keyStore, boolean z) throws NoSuchAlgorithmException, KeyStoreException {
        X509TrustManager x509TrustManager;
        this.trustCerts = null;
        this.verifyCert = true;
        this.verifyCert = z;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        int i = 0;
        while (true) {
            if (i >= trustManagers.length) {
                x509TrustManager = null;
                break;
            } else {
                if (trustManagers[i] instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManagers[i];
                    break;
                }
                i++;
            }
        }
        if (x509TrustManager != null) {
            this.trustCerts = x509TrustManager.getAcceptedIssuers();
        }
    }

    private void checkIssuerDN(X509Certificate[] x509CertificateArr) throws CertificateException {
        boolean z;
        if (this.trustCerts != null) {
            z = false;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                X509Certificate[] x509CertificateArr2 = this.trustCerts;
                int length = x509CertificateArr2.length;
                int i = 0;
                while (true) {
                    if (i < length) {
                        if (x509Certificate.getIssuerDN().equals(x509CertificateArr2[i].getIssuerDN())) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                }
            }
        } else {
            z = false;
        }
        if (!z) {
            throw new CertificateException();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0025, code lost:
    
        r4.verify(r7.getPublicKey());
     */
    /* JADX WARN: Code restructure failed: missing block: B:17:0x002c, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x002d, code lost:
    
        com.huawei.ott.sdk.log.DebugLog.error(com.huawei.ott.sdk.license.http.HttpTrustManager.TAG, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x0037, code lost:
    
        throw new java.security.cert.CertificateException(r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void checkSignature(java.security.cert.X509Certificate[] r11) throws java.security.cert.CertificateException {
        /*
            r10 = this;
            r1 = 0
            java.security.cert.X509Certificate[] r0 = r10.trustCerts
            if (r0 == 0) goto L3b
            int r3 = r11.length
            r2 = r1
        L7:
            if (r2 >= r3) goto L3b
            r4 = r11[r2]
            java.security.cert.X509Certificate[] r5 = r10.trustCerts
            int r6 = r5.length
            r0 = r1
        Lf:
            if (r0 >= r6) goto L28
            r7 = r5[r0]
            java.security.Principal r8 = r4.getIssuerDN()
            java.security.Principal r9 = r7.getIssuerDN()
            boolean r8 = r8.equals(r9)
            if (r8 == 0) goto L38
            java.security.PublicKey r0 = r7.getPublicKey()
            r4.verify(r0)     // Catch: java.lang.Exception -> L2c
        L28:
            int r0 = r2 + 1
            r2 = r0
            goto L7
        L2c:
            r0 = move-exception
            java.lang.String r1 = com.huawei.ott.sdk.license.http.HttpTrustManager.TAG
            com.huawei.ott.sdk.log.DebugLog.error(r1, r0)
            java.security.cert.CertificateException r1 = new java.security.cert.CertificateException
            r1.<init>(r0)
            throw r1
        L38:
            int r0 = r0 + 1
            goto Lf
        L3b:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.ott.sdk.license.http.HttpTrustManager.checkSignature(java.security.cert.X509Certificate[]):void");
    }

    private void checkValid(X509Certificate[] x509CertificateArr) throws CertificateException {
        Date date = new Date(System.currentTimeMillis());
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity(date);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        DebugLog.error(TAG, "checkClientTrusted");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.verifyCert) {
            checkValid(x509CertificateArr);
            checkIssuerDN(x509CertificateArr);
            checkSignature(x509CertificateArr);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
