package com.company.sdk.webview.security;

import android.app.Application;
import com.company.sdk.webview.util.CLog;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class TaoX509TrustManager implements X509TrustManager {
    X509TrustManager m_defaultMgr;
    Certificate m_verisignCert;

    public TaoX509TrustManager(Application application, String str) throws Exception {
        this.m_verisignCert = null;
        this.m_defaultMgr = null;
        InputStream inputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                inputStream = application.getAssets().open(str);
                this.m_verisignCert = certificateFactory.generateCertificate(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
                this.m_verisignCert = null;
                CLog.e("usertrack_data", "1,verisign.cer load fail");
                if (inputStream != null) {
                    inputStream.close();
                }
            }
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i = 0; i < trustManagers.length; i++) {
                    if (trustManagers[i] instanceof X509TrustManager) {
                        this.m_defaultMgr = (X509TrustManager) trustManagers[i];
                        return;
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                this.m_defaultMgr = null;
                CLog.e("usertrack_data", "6,got default trust fail");
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CLog.d("https", "checkClientTrusted");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CLog.d("https", "https verify begin");
        if (this.m_verisignCert == null) {
            return;
        }
        boolean z = false;
        if (x509CertificateArr.length > 0) {
            try {
                String name = x509CertificateArr[0].getSubjectX500Principal().getName();
                CLog.d("https", name);
                z = name.contains(".taobao.com");
                if (!z) {
                    z = name.contains(".alipay.com");
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        if (z) {
            String str2 = "";
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    x509Certificate.checkValidity();
                } catch (CertificateExpiredException e2) {
                    throw e2;
                } catch (CertificateNotYetValidException e3) {
                    throw e3;
                } catch (Exception e4) {
                    e4.printStackTrace();
                }
                boolean z2 = false;
                try {
                    x509Certificate.verify(this.m_verisignCert.getPublicKey());
                } catch (InvalidKeyException e5) {
                    str2 = e5.getMessage();
                    z2 = true;
                } catch (NoSuchAlgorithmException e6) {
                    str2 = e6.getMessage();
                    z2 = true;
                } catch (NoSuchProviderException e7) {
                    str2 = e7.getMessage();
                    z2 = true;
                } catch (SignatureException e8) {
                    str2 = e8.getMessage();
                    z2 = true;
                } catch (Exception e9) {
                    e9.printStackTrace();
                    z2 = true;
                }
                if (!z2) {
                    CLog.d("https", "--- verify success:" + x509Certificate.getSubjectDN());
                    return;
                }
            }
            CLog.d("https", " customize https verify failed:" + str2);
            if (this.m_defaultMgr != null) {
                try {
                    this.m_defaultMgr.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e10) {
                    throw e10;
                } catch (Exception e11) {
                    e11.printStackTrace();
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
