package com.morphoss.acal.service.connector;

import android.util.Log;
import com.morphoss.acal.AcalApplication;
import com.morphoss.acal.Constants;
import com.morphoss.acal.PrefNames;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class EasyX509TrustManager implements X509TrustManager {
    static final String TAG = "aCal EasyX509TrustManager";
    private X509TrustManager standardTrustManager;

    public EasyX509TrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        this.standardTrustManager = null;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found");
        }
        this.standardTrustManager = (X509TrustManager) trustManagers[0];
    }

    private boolean checkLocallyApprovedCertificates(X509Certificate[] x509CertificateArr) {
        String[] split = AcalApplication.getPreferenceString(PrefNames.approvedCertificates, "").split(",");
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String obj = Base64Coder.encode(x509Certificate.getSignature()).toString();
            for (String str : split) {
                if (obj.equals(str)) {
                    return true;
                }
            }
        }
        return false;
    }

    private void logCertificateException(String str, Exception exc, X509Certificate[] x509CertificateArr) {
        Log.w(TAG, str + ": " + exc.getMessage());
        for (int i = 0; i < x509CertificateArr.length; i++) {
            Log.w(TAG, "Certificate for: " + x509CertificateArr[i].getSubjectDN());
            Log.w(TAG, "      issued by: " + x509CertificateArr[i].getIssuerDN());
            Log.w(TAG, "     valid from: " + x509CertificateArr[i].getNotBefore() + ", to: " + x509CertificateArr[0].getNotAfter());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.standardTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new CertificateException("Certificate is null!!!");
        }
        try {
            this.standardTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateExpiredException e) {
            logCertificateException("CertificateExpiredException", e, x509CertificateArr);
        } catch (CertificateNotYetValidException e2) {
            logCertificateException("CertificateNotYetValidException", e2, x509CertificateArr);
        } catch (CertificateException e3) {
            if (Constants.LOG_DEBUG) {
                Log.println(4, TAG, e3.getClass().getSimpleName() + " checking certificate.");
                logCertificateException(e3.getClass().getSimpleName(), e3, x509CertificateArr);
                Log.println(3, TAG, "Checking validity as if it were a self-signed certificate...");
            }
            if (checkLocallyApprovedCertificates(x509CertificateArr)) {
                return;
            }
            for (int i = 0; i < x509CertificateArr.length; i++) {
                try {
                    x509CertificateArr[i].checkValidity();
                } catch (CertificateExpiredException e4) {
                    logCertificateException("CertificateExpiredException", e4, x509CertificateArr);
                } catch (CertificateNotYetValidException e5) {
                    logCertificateException("CertificateNotYetValidException", e5, x509CertificateArr);
                } catch (Exception e6) {
                    String[] split = AcalApplication.getPreferenceString(PrefNames.unapprovedCertificates, "").split(",");
                    String obj = x509CertificateArr[i].getEncoded().toString();
                    int i2 = 0;
                    while (i2 < split.length && !split[i2].equals(obj)) {
                        i2++;
                    }
                    if (i2 == split.length) {
                        AcalApplication.setPreferenceString(PrefNames.unapprovedCertificates, AcalApplication.getPreferenceString(PrefNames.unapprovedCertificates, "") + "," + obj);
                    }
                }
            }
            if (AcalApplication.getPreferenceBoolean(PrefNames.allowSelfSignedCerts, true)) {
                if (Constants.LOG_DEBUG) {
                    Log.println(4, TAG, "Allowing self-signed certificate.");
                    return;
                }
                return;
            }
            throw e3;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }
}
