package com.good.gd.ndkproxy.net.ssl;

import com.good.gd.ndkproxy.GDLog;
import com.good.gd.ndkproxy.NativeExecutionHandler;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class GDX509 {
    private static GDX509 c;
    private X509TrustManager a = null;
    private boolean b = false;

    private GDX509() throws Exception {
        GDLog.DBGPRINTF(16, "GDX509::GDX509() : keystore prop:" + System.getProperty("javax.net.ssl.keyStore") + ", pwd:" + System.getProperty("javax.net.ssl.keyStorePassword") + "\n");
        try {
            GDLog.DBGPRINTF(16, "GDX509: Attempting to initialize C++ peer\n");
            synchronized (NativeExecutionHandler.a) {
                ndkInit();
            }
        } catch (Exception e) {
            throw new Exception("GDX509: Cannot initialize C++ peer", e);
        }
    }

    public static GDX509 a() throws Exception {
        if (c == null) {
            c = new GDX509();
        }
        return c;
    }

    private boolean a(List list) {
        boolean z;
        GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChainUsingTM() IN\n");
        try {
            if (this.a == null) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (trustManagers != null) {
                    for (TrustManager trustManager : trustManagers) {
                        if (trustManager instanceof X509TrustManager) {
                            this.a = (X509TrustManager) trustManager;
                        }
                    }
                }
            }
            this.a.checkServerTrusted((X509Certificate[]) list.toArray(new X509Certificate[list.size()]), "RSA");
            z = true;
        } catch (Exception e) {
            GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChainUsingTM() - exception: " + e + "\n");
            e.printStackTrace();
            z = false;
        }
        GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChainUsingTM() OUT:" + z + "\n");
        return z;
    }

    private static boolean a(List list, X509Certificate x509Certificate, CertificateFactory certificateFactory) {
        PKIXCertPathValidatorResult pKIXCertPathValidatorResult;
        boolean z;
        GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChainUsingOwnTrustAnchor() IN\n");
        try {
            CertPath generateCertPath = certificateFactory.generateCertPath((List<? extends Certificate>) list);
            CertPathValidator certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
            pKIXParameters.setRevocationEnabled(false);
            pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) certPathValidator.validate(generateCertPath, pKIXParameters);
            z = true;
        } catch (Exception e) {
            GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChainUsingOwnTrustAnchor() - exception: " + e + "\n");
            e.printStackTrace();
            pKIXCertPathValidatorResult = null;
            z = false;
        }
        GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChainUsingOwnTrustAnchor() OUT: result=" + z + ", validation result=" + pKIXCertPathValidatorResult + "\n");
        return z;
    }

    private static List b(List list) {
        boolean z;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) list.toArray(new X509Certificate[list.size()]);
        int length = x509CertificateArr.length;
        if (x509CertificateArr.length > 1) {
            int i = 0;
            while (i < x509CertificateArr.length) {
                int i2 = i + 1;
                while (true) {
                    if (i2 >= x509CertificateArr.length) {
                        z = false;
                        break;
                    }
                    if (!x509CertificateArr[i].getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                        i2++;
                    } else if (i2 != i + 1) {
                        X509Certificate x509Certificate = x509CertificateArr[i2];
                        x509CertificateArr[i2] = x509CertificateArr[i + 1];
                        x509CertificateArr[i + 1] = x509Certificate;
                        z = true;
                    } else {
                        z = true;
                    }
                }
                if (!z) {
                    break;
                }
                i++;
            }
            length = i + 1;
            X509Certificate x509Certificate2 = x509CertificateArr[length - 1];
            Date date = new Date();
            if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN()) && date.after(x509Certificate2.getNotAfter())) {
                length--;
            }
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[length];
        for (int i3 = 0; i3 < length; i3++) {
            x509CertificateArr2[i3] = x509CertificateArr[i3];
        }
        return Arrays.asList(x509CertificateArr2);
    }

    private boolean verifyCertificateChain(byte[][] bArr) {
        return verifyCertificateChain(bArr, null);
    }

    private boolean verifyCertificateChain(byte[][] bArr, byte[] bArr2) {
        boolean z;
        X509Certificate x509Certificate;
        GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() IN\n");
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ArrayList arrayList = new ArrayList(bArr.length);
            for (byte[] bArr3 : bArr) {
                try {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr3)));
                } catch (CertificateException e) {
                    GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() - " + e + "\n");
                    e.printStackTrace();
                }
            }
            List b = b(arrayList);
            for (int i = 0; i < b.size(); i++) {
                b.get(i);
            }
            ArrayList arrayList2 = new ArrayList();
            for (int i2 = 0; i2 < b.size(); i2++) {
                X509Certificate x509Certificate2 = (X509Certificate) b.get(i2);
                if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                    GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() - cert #" + i2 + " is self signed.\n");
                }
                if (bArr2 == null || i2 != b.size() - 1) {
                    arrayList2.add(x509Certificate2);
                    GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain(): Adding array[" + i2 + "]\n");
                }
            }
            for (int i3 = 0; i3 < arrayList2.size(); i3++) {
                arrayList2.get(i3);
            }
            if (bArr2 != null) {
                GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() - parsing root cert.\n");
                try {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2));
                } catch (CertificateException e2) {
                    GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() root cert - " + e2 + "\n");
                    e2.printStackTrace();
                    x509Certificate = null;
                }
                z = x509Certificate == null ? false : a(arrayList2, x509Certificate, certificateFactory);
            } else {
                z = a(arrayList2);
            }
        } catch (Exception e3) {
            GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() - " + e3 + "\n");
            e3.printStackTrace();
            z = false;
        }
        GDLog.DBGPRINTF(16, "GDX509::verifyCertificateChain() OUT: result=" + z + "\n");
        return z;
    }

    final native void ndkInit();
}
