package anetwork.channel.ssl;

import defpackage.eeq;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import mtopsdk.common.util.StringUtils;
import mtopsdk.common.util.TBSdkLog;
import pnf.p000this.object.does.not.Exist;

/* loaded from: classes2.dex */
public class ANetX509TrustManager implements X509TrustManager {
    private static final String TAG = "ANetX509TrustManager";
    X509TrustManager myX509TrustManager;

    public ANetX509TrustManager() {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        for (int i = 0; i < trustManagers.length; i++) {
            if (trustManagers[i] instanceof X509TrustManager) {
                this.myX509TrustManager = (X509TrustManager) trustManagers[i];
                return;
            }
        }
    }

    private Boolean validateChain(List<X509Certificate> list) {
        Exist.b(Exist.a() ? 1 : 0);
        Boolean bool = Boolean.FALSE;
        try {
            CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(list);
            X509Certificate[] acceptedIssuers = getAcceptedIssuers();
            ArrayList arrayList = new ArrayList();
            if (acceptedIssuers != null) {
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    arrayList.add(new TrustAnchor(x509Certificate, null));
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(new HashSet(arrayList));
            pKIXParameters.setRevocationEnabled(false);
            Security.setProperty("ocsp.enable", "true");
            return ((PKIXCertPathValidatorResult) CertPathValidator.getInstance(CertPathValidator.getDefaultType()).validate(generateCertPath, pKIXParameters)) != null ? Boolean.TRUE : bool;
        } catch (Exception e) {
            TBSdkLog.w(TAG, "validateChain exception", e);
            return bool;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        Exist.b(Exist.a() ? 1 : 0);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        Exist.b(Exist.a() ? 1 : 0);
        Calendar calendar = Calendar.getInstance();
        String e = eeq.e();
        long j = 0;
        if (StringUtils.isNotBlank(e)) {
            try {
                j = Long.parseLong(e);
            } catch (NumberFormatException e2) {
                TBSdkLog.e(TAG, "[getTimeOffset] parse t_offset failed");
            }
        }
        calendar.add(13, (int) j);
        Date time = calendar.getTime();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity(time);
        }
        try {
            this.myX509TrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e3) {
            TBSdkLog.w(TAG, "CertificateException", e3);
            Throwable th = e3;
            while (th.getCause() != null) {
                th = th.getCause();
                if ((th instanceof CertificateExpiredException) || (th instanceof CertificateNotYetValidException)) {
                    return;
                }
            }
            throw e3;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Exist.b(Exist.a() ? 1 : 0);
        return this.myX509TrustManager.getAcceptedIssuers();
    }
}
