package nl.outright.trustlib;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.StringTokenizer;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SimpleTrustManager implements X509TrustManager, HostnameVerifier {
    private X509Certificate[] trustedCAs;

    public SimpleTrustManager(FileCertificateImporter fileCertificateImporter) {
        List<X509Certificate> certificates = fileCertificateImporter.getCertificates();
        this.trustedCAs = new X509Certificate[certificates.size()];
        for (int i = 0; i < certificates.size(); i++) {
            this.trustedCAs[i] = certificates.get(i);
        }
    }

    private X509Certificate findCA(X509Certificate x509Certificate) {
        for (int i = 0; i < this.trustedCAs.length; i++) {
            if (this.trustedCAs[i].getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                return this.trustedCAs[i];
            }
        }
        return null;
    }

    private void printChain(X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            System.out.println("CERT #" + i + ":");
            System.out.println(x509CertificateArr[i].toString());
            System.out.println(String.format("%x", Integer.valueOf(x509CertificateArr[i].getBasicConstraints())));
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        System.out.println("checkClientTrusted: " + str + ", chain=" + x509CertificateArr.length);
        printChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        System.out.println("checkServerTrusted: " + str + ", chain=" + x509CertificateArr.length);
        System.out.println("Subject: " + x509CertificateArr[0].getSubjectDN());
        System.out.println("Issuer: " + x509CertificateArr[0].getIssuerDN());
        x509CertificateArr[0].checkValidity();
        System.out.println("Validity: OK");
        X509Certificate findCA = findCA(x509CertificateArr[0]);
        if (findCA == null) {
            throw new CertificateException("unable to find signing CA certificate");
        }
        try {
            x509CertificateArr[0].verify(findCA.getPublicKey());
            System.out.println("Cert verified against CA");
        } catch (InvalidKeyException e) {
            throw new CertificateException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        } catch (NoSuchProviderException e3) {
            throw new RuntimeException(e3);
        } catch (SignatureException e4) {
            throw new CertificateException(e4);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.trustedCAs;
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        try {
            X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
            System.out.println("Verifying host " + str + " against " + x509Certificate.getSubjectDN().getName());
            StringTokenizer stringTokenizer = new StringTokenizer(new StringTokenizer(x509Certificate.getSubjectDN().getName(), ",").nextToken(), "=");
            stringTokenizer.nextToken();
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith("*.") && str.equals(nextToken.substring(2))) {
                System.out.println("wildcard matches parent. OK");
                return true;
            }
        } catch (NullPointerException e) {
        } catch (SSLPeerUnverifiedException e2) {
        }
        System.out.println("no domain match");
        return false;
    }
}
