package com.tencent.luggage.wxa.oj;

import com.tencent.luggage.wxa.oh.c;
import com.tencent.luggage.wxa.platformtools.r;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import kotlin.Lazy;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.ae;
import kotlin.collections.l;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Lambda;
import kotlin.jvm.internal.al;
import kotlin.jvm.internal.w;

/* compiled from: CS */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000:\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0002\n\u0002\u0010\u0011\n\u0002\b\t\u0018\u0000 \u00182\u00020\u0001:\u0001\u0018B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J(\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\b\u0010\f\u001a\u0004\u0018\u00010\rH\u0002J/\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0007\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u000b\u0018\u00010\u00102\b\u0010\f\u001a\u0004\u0018\u00010\r¢\u0006\u0002\u0010\u0011J \u0010\u0012\u001a\u0004\u0018\u00010\u000b2\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\u0006\u0010\u0014\u001a\u00020\u000bH\u0002J\u0012\u0010\u0015\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\u0016\u001a\u00020\rH\u0002J(\u0010\u0017\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\b2\f\u0010\t\u001a\b\u0012\u0004\u0012\u00020\u000b0\n2\b\u0010\f\u001a\u0004\u0018\u00010\rH\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0019"}, d2 = {"Lcom/tencent/mm/plugin/appbrand/network/workaround/verify/CertVerifyProcess;", "", "certNetFetcher", "Lcom/tencent/mm/plugin/appbrand/network/workaround/fetch/ICertNetFetcher;", "(Lcom/tencent/mm/plugin/appbrand/network/workaround/fetch/ICertNetFetcher;)V", "attemptVerifyAfterAIAFetch", "", "trustManager", "Ljavax/net/ssl/X509TrustManager;", "chain", "", "Ljava/security/cert/X509Certificate;", "authType", "", "doVerify", "", "", "(Ljavax/net/ssl/X509TrustManager;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "findLastCertWithUnknownIssuer", "certs", "startCert", "performAIAFetch", "caIssuerUri", "tryVerifyWithAIAFetching", "Companion", "luggage-commons_release"}, k = 1, mv = {1, 1, 16})
/* loaded from: classes9.dex */
public final class c {

    /* renamed from: a, reason: collision with root package name */
    public static final a f27669a = new a(null);

    /* renamed from: c, reason: collision with root package name */
    private static final boolean f27670c = com.tencent.luggage.wxa.oi.a.a();

    /* renamed from: d, reason: collision with root package name */
    private static final Lazy f27671d = ae.a((Function0) b.f27673a);

    /* renamed from: b, reason: collision with root package name */
    private final com.tencent.luggage.wxa.oh.c f27672b;

    /* compiled from: CS */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000(\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u001d\u0010\n\u001a\u0004\u0018\u00010\u000b8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u000e\u0010\u000f\u001a\u0004\b\f\u0010\r¨\u0006\u0010"}, d2 = {"Lcom/tencent/mm/plugin/appbrand/network/workaround/verify/CertVerifyProcess$Companion;", "", "()V", "CERTIFICATE_TYPE_X509", "", "DEBUG_CERT_VERIFY_PROCESS", "", "MAX_AIA_FETCH_NUM", "", "TAG", "certificateFactory", "Ljava/security/cert/CertificateFactory;", "getCertificateFactory", "()Ljava/security/cert/CertificateFactory;", "certificateFactory$delegate", "Lkotlin/Lazy;", "luggage-commons_release"}, k = 1, mv = {1, 1, 16})
    /* loaded from: classes9.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(w wVar) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final CertificateFactory a() {
            Lazy lazy = c.f27671d;
            a aVar = c.f27669a;
            return (CertificateFactory) lazy.getValue();
        }
    }

    /* compiled from: CS */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\b\n\u0000\n\u0002\u0018\u0002\n\u0000\u0010\u0000\u001a\u0004\u0018\u00010\u0001H\n¢\u0006\u0002\b\u0002"}, d2 = {"<anonymous>", "Ljava/security/cert/CertificateFactory;", "invoke"}, k = 3, mv = {1, 1, 16})
    /* loaded from: classes9.dex */
    static final class b extends Lambda implements Function0<CertificateFactory> {

        /* renamed from: a, reason: collision with root package name */
        public static final b f27673a = new b();

        b() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final CertificateFactory invoke() {
            try {
                return CertificateFactory.getInstance("X.509");
            } catch (Exception e2) {
                r.a("MicroMsg.Verify.CertVerifyProcess", e2, "initialize certificateFactory fail", new Object[0]);
                return null;
            }
        }
    }

    public c(com.tencent.luggage.wxa.oh.c cVar) {
        al.f(cVar, "certNetFetcher");
        this.f27672b = cVar;
    }

    private final X509Certificate a(String str) {
        if (f27670c) {
            r.e("MicroMsg.Verify.CertVerifyProcess", "performAIAFetch, caIssuerUri: " + str);
        }
        CertificateFactory a2 = f27669a.a();
        if (a2 == null) {
            if (f27670c) {
                r.e("MicroMsg.Verify.CertVerifyProcess", "performAIAFetch, certificateFactory is null");
            }
            return null;
        }
        try {
            try {
                Certificate generateCertificate = a2.generateCertificate(new ByteArrayInputStream(c.b.a(this.f27672b, str, 0, 0, 6, null).a()));
                if (generateCertificate != null) {
                    return (X509Certificate) generateCertificate;
                }
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            } catch (Exception e2) {
                r.a("MicroMsg.Verify.CertVerifyProcess", e2, "performAIAFetch, generate certificate fail", new Object[0]);
                return null;
            }
        } catch (Exception e3) {
            r.c("MicroMsg.Verify.CertVerifyProcess", "performAIAFetch, fetch fail since " + e3);
            return null;
        }
    }

    private final X509Certificate a(List<X509Certificate> list, X509Certificate x509Certificate) {
        HashSet hashSet = new HashSet();
        while (true) {
            hashSet.add(x509Certificate);
            X509Certificate x509Certificate2 = (X509Certificate) null;
            Iterator<X509Certificate> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                X509Certificate next = it.next();
                X500Principal subjectX500Principal = next.getSubjectX500Principal();
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                if (f27670c) {
                    r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, certSubject: " + subjectX500Principal + ", lastCertIssuer: " + issuerX500Principal);
                }
                if (al.a(subjectX500Principal, issuerX500Principal)) {
                    if (f27670c) {
                        r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, certSubject is the same as lastCertIssuer");
                    }
                    x509Certificate2 = next;
                }
            }
            if (x509Certificate2 == null) {
                return x509Certificate;
            }
            X500Principal subjectX500Principal2 = x509Certificate2.getSubjectX500Principal();
            X500Principal issuerX500Principal2 = x509Certificate2.getIssuerX500Principal();
            if (f27670c) {
                r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, lastIssuerCertSubject: " + subjectX500Principal2 + ", lastIssuerCertIssuer: " + issuerX500Principal2);
            }
            if (al.a(subjectX500Principal2, issuerX500Principal2)) {
                if (f27670c) {
                    r.e("MicroMsg.Verify.CertVerifyProcess", "findLastCertWithUnknownIssuer, lastIssuerCertSubject is the same as lastIssuerCertIssuer");
                }
                return null;
            }
            if (hashSet.contains(x509Certificate2)) {
                return null;
            }
            x509Certificate = x509Certificate2;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:44:0x0092, code lost:
    
        return false;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final boolean a(javax.net.ssl.X509TrustManager r8, java.util.List<java.security.cert.X509Certificate> r9, java.lang.String r10) {
        /*
            r7 = this;
            boolean r0 = com.tencent.luggage.wxa.oj.c.f27670c
            java.lang.String r1 = "MicroMsg.Verify.CertVerifyProcess"
            if (r0 == 0) goto Lc
            java.lang.String r0 = "tryVerifyWithAIAFetching"
            com.tencent.luggage.wxa.platformtools.r.e(r1, r0)
        Lc:
            boolean r0 = r9.isEmpty()
            r2 = 0
            if (r0 == 0) goto L1a
            java.lang.String r8 = "tryVerifyWithAIAFetching, chain is empty"
            com.tencent.luggage.wxa.platformtools.r.d(r1, r8)
            return r2
        L1a:
            java.lang.Object r0 = r9.get(r2)
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0
            java.security.cert.X509Certificate r0 = r7.a(r9, r0)
            if (r0 != 0) goto L2d
            java.lang.String r8 = "tryVerifyWithAIAFetching, lastCertWithUnknownIssuer is null"
            com.tencent.luggage.wxa.platformtools.r.d(r1, r8)
            return r2
        L2d:
            r3 = 0
        L2e:
            com.tencent.luggage.wxa.oj.a r4 = com.tencent.luggage.wxa.oj.b.a(r0)
            if (r4 != 0) goto L3b
            java.lang.String r8 = "tryVerifyWithAIAFetching, aiaInfo is null"
            com.tencent.luggage.wxa.platformtools.r.d(r1, r8)
            return r2
        L3b:
            java.util.List r5 = r4.a()
            boolean r5 = r5.isEmpty()
            if (r5 == 0) goto L4c
            java.lang.String r8 = "tryVerifyWithAIAFetching, caIssuersUris is empty"
            com.tencent.luggage.wxa.platformtools.r.d(r1, r8)
            return r2
        L4c:
            java.util.List r4 = r4.a()
            java.util.Iterator r4 = r4.iterator()
        L54:
            boolean r5 = r4.hasNext()
            if (r5 == 0) goto L83
            java.lang.Object r5 = r4.next()
            java.lang.String r5 = (java.lang.String) r5
            int r3 = r3 + 1
            r6 = 5
            if (r6 >= r3) goto L6c
            java.lang.String r8 = "tryVerifyWithAIAFetching, reach max fetch num"
            com.tencent.luggage.wxa.platformtools.r.d(r1, r8)
            return r2
        L6c:
            java.security.cert.X509Certificate r5 = r7.a(r5)
            if (r5 == 0) goto L54
            r9.add(r5)
            boolean r5 = r7.b(r8, r9, r10)
            if (r5 == 0) goto L54
            java.lang.String r8 = "tryVerifyWithAIAFetching, verify success"
            com.tencent.luggage.wxa.platformtools.r.d(r1, r8)
            r8 = 1
            return r8
        L83:
            java.security.cert.X509Certificate r4 = r7.a(r9, r0)
            if (r4 == 0) goto L92
            boolean r0 = kotlin.jvm.internal.al.a(r4, r0)
            if (r0 == 0) goto L90
            goto L92
        L90:
            r0 = r4
            goto L2e
        L92:
            return r2
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tencent.luggage.wxa.oj.c.a(javax.net.ssl.X509TrustManager, java.util.List, java.lang.String):boolean");
    }

    private final boolean b(X509TrustManager x509TrustManager, List<X509Certificate> list, String str) {
        try {
            Object[] array = list.toArray(new X509Certificate[0]);
            if (array == null) {
                throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            x509TrustManager.checkServerTrusted((X509Certificate[]) array, str);
            return true;
        } catch (Exception e2) {
            if (!f27670c) {
                return false;
            }
            r.e("MicroMsg.Verify.CertVerifyProcess", "attemptVerifyAfterAIAFetch, verify fail since " + e2);
            return false;
        }
    }

    public final void a(X509TrustManager x509TrustManager, X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        al.f(x509TrustManager, "trustManager");
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e2) {
            if (f27670c) {
                r.e("MicroMsg.Verify.CertVerifyProcess", "doVerify, verify fail since " + e2);
            }
            if (x509CertificateArr == null) {
                throw e2;
            }
            boolean z = false;
            try {
                z = a(x509TrustManager, l.v(x509CertificateArr), str);
            } catch (Exception e3) {
                if (f27670c) {
                    r.a("MicroMsg.Verify.CertVerifyProcess", e3, "tryVerifyWithAIAFetching, verify fail", new Object[0]);
                }
            }
            if (!z) {
                throw e2;
            }
        }
    }
}
