package ru.restream.vckit;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import androidx.annotation.RequiresApi;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class SSLHandshake {

    /* loaded from: classes3.dex */
    private static class Lazy {
        private static final X509TrustManager defaultTrustManager;
        private static final X509TrustManagerExtensionsCompat defaultTrustManagerExtensions;
        private static final SSLHostnameVerifier hostnameVerifier = SSLHostnameVerifier.strictInstance();

        static {
            X509TrustManager access$000 = SSLHandshake.access$000();
            defaultTrustManager = access$000;
            defaultTrustManagerExtensions = X509TrustManagerExtensionsCompat.from(access$000);
        }

        private Lazy() {
        }
    }

    /* loaded from: classes3.dex */
    public static class Native {
        public static native void init();
    }

    /* loaded from: classes3.dex */
    private static class X509TrustManagerExtensionsCompat {
        private final X509TrustManagerExtensionsApi api;

        /* loaded from: classes3.dex */
        public interface X509TrustManagerExtensionsApi {
            void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @RequiresApi(api = 17)
        /* loaded from: classes3.dex */
        public static class X509TrustManagerExtensionsApi17Impl implements X509TrustManagerExtensionsApi {
            private final X509TrustManagerExtensions extensions;

            X509TrustManagerExtensionsApi17Impl(X509TrustManager x509TrustManager) {
                this.extensions = new X509TrustManagerExtensions(x509TrustManager);
            }

            @Override // ru.restream.vckit.SSLHandshake.X509TrustManagerExtensionsCompat.X509TrustManagerExtensionsApi
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
                this.extensions.checkServerTrusted(x509CertificateArr, str, str2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: classes3.dex */
        public static class X509TrustManagerExtensionsApiImpl implements X509TrustManagerExtensionsApi {
            private final X509TrustManager delegate;

            private X509TrustManagerExtensionsApiImpl(X509TrustManager x509TrustManager) {
                this.delegate = x509TrustManager;
            }

            @Override // ru.restream.vckit.SSLHandshake.X509TrustManagerExtensionsCompat.X509TrustManagerExtensionsApi
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
                this.delegate.checkServerTrusted(x509CertificateArr, str);
            }
        }

        X509TrustManagerExtensionsCompat(X509TrustManagerExtensionsApi x509TrustManagerExtensionsApi) {
            this.api = x509TrustManagerExtensionsApi;
        }

        public static X509TrustManagerExtensionsCompat from(X509TrustManager x509TrustManager) {
            return Build.VERSION.SDK_INT >= 17 ? new X509TrustManagerExtensionsCompat(new X509TrustManagerExtensionsApi17Impl(x509TrustManager)) : new X509TrustManagerExtensionsCompat(new X509TrustManagerExtensionsApiImpl(x509TrustManager));
        }

        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
            this.api.checkServerTrusted(x509CertificateArr, str, str2);
        }
    }

    static /* synthetic */ X509TrustManager access$000() {
        return createDefaultX509TrustManager();
    }

    private static X509Certificate[] createCertChain(byte[][] bArr) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr[i]));
        }
        return x509CertificateArr;
    }

    /* JADX WARN: Code restructure failed: missing block: B:8:0x001a, code lost:
    
        r1 = (javax.net.ssl.X509TrustManager) r4;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static javax.net.ssl.X509TrustManager createDefaultX509TrustManager() {
        /*
            java.lang.String r0 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r0)     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            r1 = 0
            r0.init(r1)     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            javax.net.ssl.TrustManager[] r0 = r0.getTrustManagers()     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            int r2 = r0.length     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            r3 = 0
        L12:
            if (r3 >= r2) goto L21
            r4 = r0[r3]     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            boolean r5 = r4 instanceof javax.net.ssl.X509TrustManager     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            if (r5 == 0) goto L1e
            r1 = r4
            javax.net.ssl.X509TrustManager r1 = (javax.net.ssl.X509TrustManager) r1     // Catch: java.security.KeyStoreException -> L2c java.security.NoSuchAlgorithmException -> L35
            goto L21
        L1e:
            int r3 = r3 + 1
            goto L12
        L21:
            if (r1 == 0) goto L24
            return r1
        L24:
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            java.lang.String r1 = "Default X509TrustManager not found."
            r0.<init>(r1)
            throw r0
        L2c:
            r0 = move-exception
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            java.lang.String r2 = "X.509 TrustManagerFactory cannot be initialized"
            r1.<init>(r2, r0)
            throw r1
        L35:
            r0 = move-exception
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            java.lang.String r2 = "X.509 TrustManagerFactory must be available"
            r1.<init>(r2, r0)
            goto L3f
        L3e:
            throw r1
        L3f:
            goto L3e
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.restream.vckit.SSLHandshake.createDefaultX509TrustManager():javax.net.ssl.X509TrustManager");
    }

    public static void verifyCertificateChain(byte[][] bArr, String str, String str2) throws CertificateException {
        if (bArr != null) {
            try {
                if (bArr.length != 0) {
                    X509Certificate[] createCertChain = createCertChain(bArr);
                    if (!Lazy.hostnameVerifier.verify(str2, createCertChain[0])) {
                        throw new CertificateException("No subjectAltNames on the certificate match");
                    }
                    Lazy.defaultTrustManagerExtensions.checkServerTrusted(createCertChain, str, str2);
                    return;
                }
            } catch (Exception e) {
                throw new CertificateException("Failed to verify server certificate chain.", e);
            }
        }
        throw new CertificateException("Peer sent no certificate");
    }
}
