package com.fsck.k9.net.ssl;

import android.util.Log;
import com.fsck.k9.helper.DomainNameChecker;
import com.fsck.k9.mail.CertificateChainException;
import com.fsck.k9.security.LocalKeyStore;
import com.xiaomi.mipush.sdk.Constants;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes9.dex */
public final class TrustManagerFactory {
    private static final String LOG_TAG = "TrustManagerFactory";
    private static X509TrustManager defaultTrustManager;
    private static LocalKeyStore keyStore;

    /* loaded from: classes9.dex */
    private static class SecureX509TrustManager implements X509TrustManager {
        private static final Map<String, SecureX509TrustManager> mTrustManager = new HashMap();
        private final String mHost;
        private final int mPort;

        private SecureX509TrustManager(String str, int i) {
            this.mHost = str;
            this.mPort = i;
        }

        public static synchronized X509TrustManager getInstance(String str, int i) {
            SecureX509TrustManager secureX509TrustManager;
            synchronized (SecureX509TrustManager.class) {
                String str2 = str + Constants.COLON_SEPARATOR + i;
                if (mTrustManager.containsKey(str2)) {
                    secureX509TrustManager = mTrustManager.get(str2);
                } else {
                    secureX509TrustManager = new SecureX509TrustManager(str, i);
                    mTrustManager.put(str2, secureX509TrustManager);
                }
            }
            return secureX509TrustManager;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            TrustManagerFactory.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            String str2;
            String str3 = null;
            boolean z = false;
            try {
                TrustManagerFactory.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                z = true;
            } catch (CertificateException e) {
                str3 = e.getMessage();
            }
            X509Certificate x509Certificate = x509CertificateArr[0];
            if ((z && DomainNameChecker.match(x509Certificate, this.mHost)) || TrustManagerFactory.keyStore.isValidCertificate(x509Certificate, this.mHost, this.mPort)) {
                return;
            }
            if (str3 == null) {
                if (z) {
                    str2 = "Certificate domain name does not match " + this.mHost;
                } else {
                    str2 = "Couldn't find certificate in local key store";
                }
                str3 = str2;
            }
            throw new CertificateChainException(str3, x509CertificateArr);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return TrustManagerFactory.defaultTrustManager.getAcceptedIssuers();
        }
    }

    static {
        try {
            keyStore = LocalKeyStore.getInstance();
            javax.net.ssl.TrustManagerFactory trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        defaultTrustManager = (X509TrustManager) trustManager;
                        return;
                    }
                }
            }
        } catch (KeyStoreException e) {
            Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
        } catch (NoSuchAlgorithmException e2) {
            Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e2);
        }
    }

    private TrustManagerFactory() {
    }

    public static X509TrustManager get(String str, int i) {
        return SecureX509TrustManager.getInstance(str, i);
    }
}
