package com.tencent.luggage.wxa.pb;

import com.tencent.luggage.wxa.oz.c;
import com.tencent.luggage.wxa.se.r;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;

/* loaded from: classes5.dex */
public final class c {

    /* renamed from: a, reason: collision with root package name */
    public static final a f25305a = new a(null);

    /* renamed from: c, reason: collision with root package name */
    private static final boolean f25306c = com.tencent.luggage.wxa.pa.a.a();

    /* renamed from: d, reason: collision with root package name */
    private static final Lazy f25307d = LazyKt.lazy(b.f25309a);

    /* renamed from: b, reason: collision with root package name */
    private final com.tencent.luggage.wxa.oz.c f25308b;

    /* loaded from: classes5.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final CertificateFactory a() {
            Lazy lazy = c.f25307d;
            a aVar = c.f25305a;
            return (CertificateFactory) lazy.getValue();
        }
    }

    /* loaded from: classes5.dex */
    static final class b extends Lambda implements Function0<CertificateFactory> {

        /* renamed from: a, reason: collision with root package name */
        public static final b f25309a = new b();

        b() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final CertificateFactory invoke() {
            try {
                return CertificateFactory.getInstance("X.509");
            } catch (Exception e) {
                r.a("MicroMsg.Verify.CertVerifyProcess", e, "initialize certificateFactory fail", new Object[0]);
                return null;
            }
        }
    }

    public c(com.tencent.luggage.wxa.oz.c certNetFetcher) {
        Intrinsics.checkParameterIsNotNull(certNetFetcher, "certNetFetcher");
        this.f25308b = certNetFetcher;
    }

    private final X509Certificate a(String str) {
        if (f25306c) {
            r.e("MicroMsg.Verify.CertVerifyProcess", "performAIAFetch, caIssuerUri: " + str);
        }
        CertificateFactory a2 = f25305a.a();
        if (a2 == null) {
            if (f25306c) {
                r.e("MicroMsg.Verify.CertVerifyProcess", "performAIAFetch, certificateFactory is null");
            }
            return null;
        }
        try {
            try {
                Certificate generateCertificate = a2.generateCertificate(new ByteArrayInputStream(c.b.a(this.f25308b, str, 0, 0, 6, null).a()));
                if (generateCertificate != null) {
                    return (X509Certificate) generateCertificate;
                }
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            } catch (Exception e) {
                r.a("MicroMsg.Verify.CertVerifyProcess", e, "performAIAFetch, generate certificate fail", new Object[0]);
                return null;
            }
        } catch (Exception e2) {
            r.c("MicroMsg.Verify.CertVerifyProcess", "performAIAFetch, fetch fail since " + e2);
            return null;
        }
    }

    private final X509Certificate a(List<X509Certificate> list, X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet();
        while (true) {
            hashSet.add(x509Certificate);
            X509Certificate x509Certificate2 = (X509Certificate) null;
            Iterator<X509Certificate> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509Certificate next = it.next();
                X500Principal subjectX500Principal = next.getSubjectX500Principal();
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                if (f25306c) {
                    r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, certSubject: " + subjectX500Principal + ", lastCertIssuer: " + issuerX500Principal);
                }
                if (Intrinsics.areEqual(subjectX500Principal, issuerX500Principal)) {
                    if (f25306c) {
                        r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, certSubject is the same as lastCertIssuer");
                    }
                    x509Certificate2 = next;
                }
            }
            if (x509Certificate2 == null) {
                return x509Certificate;
            }
            X500Principal subjectX500Principal2 = x509Certificate2.getSubjectX500Principal();
            X500Principal issuerX500Principal2 = x509Certificate2.getIssuerX500Principal();
            if (f25306c) {
                r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, lastIssuerCertSubject: " + subjectX500Principal2 + ", lastIssuerCertIssuer: " + issuerX500Principal2);
            }
            if (Intrinsics.areEqual(subjectX500Principal2, issuerX500Principal2)) {
                if (f25306c) {
                    r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, lastIssuerCertSubject is the same as lastIssuerCertIssuer");
                }
                return null;
            }
            if (hashSet.contains(x509Certificate2)) {
                return null;
            }
            x509Certificate = x509Certificate2;
        }
    }

    private final boolean a(X509TrustManager x509TrustManager, List<X509Certificate> list, String str) {
        String str2;
        if (f25306c) {
            r.e("MicroMsg.Verify.CertVerifyProcess", "tryVerifyWithAIAFetching");
        }
        if (list.isEmpty()) {
            str2 = "tryVerifyWithAIAFetching, chain is empty";
        } else {
            X509Certificate a2 = a(list, list.get(0));
            if (a2 != null) {
                int i = 0;
                loop0: while (true) {
                    com.tencent.luggage.wxa.pb.a a3 = com.tencent.luggage.wxa.pb.b.a(a2);
                    if (a3 == null) {
                        str2 = "tryVerifyWithAIAFetching, aiaInfo is null";
                        break;
                    }
                    if (a3.a().isEmpty()) {
                        str2 = "tryVerifyWithAIAFetching, caIssuersUris is empty";
                        break;
                    }
                    for (String str3 : a3.a()) {
                        i++;
                        if (5 < i) {
                            str2 = "tryVerifyWithAIAFetching, reach max fetch num";
                            break loop0;
                        }
                        X509Certificate a4 = a(str3);
                        if (a4 != null) {
                            list.add(a4);
                            if (b(x509TrustManager, list, str)) {
                                r.d("MicroMsg.Verify.CertVerifyProcess", "tryVerifyWithAIAFetching, verify success");
                                return true;
                            }
                        }
                    }
                    X509Certificate a5 = a(list, a2);
                    if (a5 == null || Intrinsics.areEqual(a5, a2)) {
                        break;
                    }
                    a2 = a5;
                }
                return false;
            }
            str2 = "tryVerifyWithAIAFetching, lastCertWithUnknownIssuer is null";
        }
        r.d("MicroMsg.Verify.CertVerifyProcess", str2);
        return false;
    }

    private final boolean b(X509TrustManager x509TrustManager, List<X509Certificate> list, String str) {
        try {
            Object[] array = list.toArray(new X509Certificate[0]);
            if (array == null) {
                throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            x509TrustManager.checkServerTrusted((X509Certificate[]) array, str);
            return true;
        } catch (Exception e) {
            if (!f25306c) {
                return false;
            }
            r.e("MicroMsg.Verify.CertVerifyProcess", "attemptVerifyAfterAIAFetch, verify fail since " + e);
            return false;
        }
    }

    public final void a(X509TrustManager trustManager, X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Intrinsics.checkParameterIsNotNull(trustManager, "trustManager");
        try {
            trustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (f25306c) {
                r.e("MicroMsg.Verify.CertVerifyProcess", "doVerify, verify fail since " + e);
            }
            if (x509CertificateArr == null) {
                throw e;
            }
            boolean z = false;
            try {
                z = a(trustManager, ArraysKt.toMutableList(x509CertificateArr), str);
            } catch (Exception e2) {
                if (f25306c) {
                    r.a("MicroMsg.Verify.CertVerifyProcess", e2, "tryVerifyWithAIAFetching, verify fail", new Object[0]);
                }
            }
            if (!z) {
                throw e;
            }
        }
    }
}
