package com.alibaba.akita.net.io;

import android.content.res.AssetManager;
import com.alibaba.akita.AkitaApplication;
import defpackage.jy;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class AEX509TrustManager implements X509TrustManager {
    private static final String TAG = "AEX509TrustManager";
    public static final String aeDomain = ".aliexpress.com";
    public static final String aeOceanDomain = "api.aliexpress.com";
    public static final String aliDomain = ".alibaba.com";
    public static final String oceanDomain = "gw.api.alibaba.com";
    Certificate alibabaCert;
    Certificate aliexpressCert;
    Certificate alipayCert;

    public AEX509TrustManager() throws Exception {
        InputStream inputStream = null;
        this.alibabaCert = null;
        this.alipayCert = null;
        this.aliexpressCert = null;
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        try {
            try {
                AssetManager assets = AkitaApplication.a().getAssets();
                this.alibabaCert = certificateFactory.generateCertificate(assets.open("verisign3.cer"));
                this.alipayCert = certificateFactory.generateCertificate(assets.open("ipay.cer"));
                inputStream = assets.open("aliexpress.cer");
                this.aliexpressCert = certificateFactory.generateCertificate(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
            } catch (Exception e) {
                jy.a("error loading ver3", e);
                if (inputStream != null) {
                    inputStream.close();
                }
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        jy.b("https", "checkClientTrusted");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String message;
        boolean z;
        boolean z2;
        jy.a("https", "https verify begin");
        String str2 = "";
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String name = x509CertificateArr[0].getSubjectX500Principal().getName();
            if (name == null) {
                return;
            }
            if (!name.contains(aliDomain) && !name.contains(aeDomain)) {
                return;
            }
            x509Certificate.checkValidity();
            try {
                x509Certificate.verify(this.aliexpressCert.getPublicKey());
                message = str2;
                z = false;
            } catch (InvalidKeyException e) {
                jy.a(TAG, e);
                message = e.getMessage();
                z = true;
            } catch (NoSuchAlgorithmException e2) {
                jy.a(TAG, e2);
                message = e2.getMessage();
                z = true;
            } catch (NoSuchProviderException e3) {
                jy.a(TAG, e3);
                message = e3.getMessage();
                z = true;
            } catch (SignatureException e4) {
                jy.a(TAG, e4);
                message = e4.getMessage();
                z = true;
            }
            if (z) {
                try {
                    x509Certificate.verify(this.alibabaCert.getPublicKey());
                    z = false;
                } catch (InvalidKeyException e5) {
                    jy.a(TAG, e5);
                    message = e5.getMessage();
                    z = true;
                } catch (NoSuchAlgorithmException e6) {
                    jy.a(TAG, e6);
                    message = e6.getMessage();
                    z = true;
                } catch (NoSuchProviderException e7) {
                    jy.a(TAG, e7);
                    message = e7.getMessage();
                    z = true;
                } catch (SignatureException e8) {
                    jy.a(TAG, e8);
                    message = e8.getMessage();
                    z = true;
                }
            }
            if (z) {
                try {
                    x509Certificate.verify(this.alipayCert.getPublicKey());
                    str2 = message;
                    z2 = false;
                } catch (InvalidKeyException e9) {
                    jy.a(TAG, e9);
                    str2 = e9.getMessage();
                    z2 = true;
                } catch (NoSuchAlgorithmException e10) {
                    jy.a(TAG, e10);
                    str2 = e10.getMessage();
                    z2 = true;
                } catch (NoSuchProviderException e11) {
                    jy.a(TAG, e11);
                    str2 = e11.getMessage();
                    z2 = true;
                } catch (SignatureException e12) {
                    jy.a(TAG, e12);
                    str2 = e12.getMessage();
                    z2 = true;
                }
            } else {
                boolean z3 = z;
                str2 = message;
                z2 = z3;
            }
            if (!z2) {
                jy.a("https", "https verify success!");
                return;
            }
        }
        jy.a("https", "https verify failed:" + str2);
        throw new CertificateException(str2);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
