package com.android.emailcommon.network.utility;

import android.content.ContentUris;
import android.content.ContentValues;
import android.database.Cursor;
import com.android.email.EmailApplication;
import com.android.email.utils.LogUtils;
import com.android.emailcommon.provider.HostAuth;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CertificateTrustManager.kt */
@Metadata
/* loaded from: classes.dex */
public final class CertificateTrustManager implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    @NotNull
    private final HostAuth f12698a;

    /* renamed from: b, reason: collision with root package name */
    @Nullable
    private PublicKey f12699b;

    /* renamed from: c, reason: collision with root package name */
    @Nullable
    private X509TrustManager f12700c;

    public CertificateTrustManager(@NotNull HostAuth hostAuth) {
        Intrinsics.f(hostAuth, "hostAuth");
        this.f12698a = hostAuth;
        Cursor query = EmailApplication.p.b().getContentResolver().query(HostAuth.V, new String[]{"serverCert"}, "_id=?", new String[]{String.valueOf(hostAuth.f12719g)}, null);
        if (query != null) {
            try {
                if (query.moveToNext()) {
                    hostAuth.Q = query.getBlob(0);
                }
                Unit unit = Unit.f18255a;
                CloseableKt.a(query, null);
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    CloseableKt.a(query, th);
                    throw th2;
                }
            }
        }
    }

    private final void a(X509Certificate[] x509CertificateArr, String str) {
        if (this.f12700c == null) {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            Intrinsics.e(trustManagers, "trustManagers");
            if (!(trustManagers.length == 0)) {
                TrustManager trustManager = trustManagers[0];
                Intrinsics.d(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                this.f12700c = (X509TrustManager) trustManager;
            }
        }
        X509TrustManager x509TrustManager = this.f12700c;
        if (x509TrustManager != null) {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) {
        Intrinsics.f(chain, "chain");
        Intrinsics.f(authType, "authType");
        throw new CertificateException("We don't check client certificates");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@NotNull X509Certificate[] chain, @NotNull String authType) {
        Intrinsics.f(chain, "chain");
        Intrinsics.f(authType, "authType");
        if (chain.length == 0) {
            throw new CertificateException("No certificates?");
        }
        X509Certificate x509Certificate = chain[0];
        byte[] bArr = this.f12698a.Q;
        if (bArr != null) {
            Intrinsics.e(bArr, "hostAuth.mServerCert");
            if (!(bArr.length == 0)) {
                if (this.f12699b == null) {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.f12698a.Q);
                    this.f12699b = CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream).getPublicKey();
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e2) {
                        LogUtils.w("SSLUtil", "IOException while close ByteArrayInputStream " + e2.getMessage() + '.', new Object[0]);
                    }
                }
                if (Intrinsics.a(this.f12699b, x509Certificate.getPublicKey())) {
                    return;
                }
                LogUtils.w("SSLUtil", "Server PublicKey has changed, attempt to verify certificate chain.", new Object[0]);
                try {
                    a(chain, authType);
                    LogUtils.w("SSLUtil", "Certificate verify successfully!", new Object[0]);
                    return;
                } catch (Exception e3) {
                    LogUtils.e("SSLUtil", e3, "checkServerTrusted exception: " + e3.getMessage(), new Object[0]);
                    throw new CertificateException("PublicKey has changed since initial connection!");
                }
            }
        }
        byte[] encoded = x509Certificate.getEncoded();
        this.f12698a.Q = encoded;
        ContentValues contentValues = new ContentValues();
        contentValues.put("serverCert", encoded);
        EmailApplication.p.b().getContentResolver().update(ContentUris.withAppendedId(HostAuth.V, this.f12698a.f12719g), contentValues, null, null);
    }

    @Override // javax.net.ssl.X509TrustManager
    @Nullable
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
