package m4;

import android.content.Context;
import android.util.AndroidRuntimeException;
import com.blackberry.email.provider.contract.HostAuth;
import com.blackberry.security.certexem.CertificateExemptionManager;
import com.blackberry.security.certexem.CertificateExemptionManagerConnectionStatus;
import com.blackberry.security.certexem.CertificateExemptionManagerException;
import com.blackberry.security.certexem.CertificateExemptionManagerFactory;
import com.blackberry.security.certexem.CertificateScope;
import com.blackberry.security.trustmgr.PeerIdentity;
import com.blackberry.security.trustmgr.PkixProfile;
import com.blackberry.security.trustmgr.ProfileType;
import com.blackberry.security.trustmgr.ValidationResult;
import com.blackberry.security.trustmgr.ValidatorEngineFactory;
import com.blackberry.security.trustmgr.jca.BBTrustManagerBuilder;
import com.blackberry.security.trustmgr.jca.BBTrustManagerHandler;
import com.blackberry.security.trustmgr.jca.BBTrustManagerUtil;
import com.blackberry.security.trustmgr.jca.CertificateValidationException;
import e2.q;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.X509TrustManager;

/* compiled from: ExtBBX509TrustManager.java */
/* loaded from: classes.dex */
public class i implements X509TrustManager {

    /* renamed from: i, reason: collision with root package name */
    private static ValidatorEngineFactory f18217i;

    /* renamed from: a, reason: collision with root package name */
    private Context f18218a;

    /* renamed from: b, reason: collision with root package name */
    private HostAuth f18219b;

    /* renamed from: c, reason: collision with root package name */
    private Executor f18220c = ValidatorEngineFactory.DEFAULT_SHORT_TASK_EXECUTOR;

    /* renamed from: d, reason: collision with root package name */
    private Executor f18221d = ValidatorEngineFactory.DEFAULT_LONG_TASK_EXECUTOR;

    /* renamed from: e, reason: collision with root package name */
    private Date f18222e = null;

    /* renamed from: f, reason: collision with root package name */
    private KeyStore f18223f = null;

    /* renamed from: g, reason: collision with root package name */
    private BBTrustManagerBuilder f18224g = null;

    /* renamed from: h, reason: collision with root package name */
    private X509TrustManager f18225h;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ExtBBX509TrustManager.java */
    /* loaded from: classes.dex */
    public class a implements BBTrustManagerHandler {
        a() {
        }

        @Override // com.blackberry.security.trustmgr.jca.BBTrustManagerHandler
        public boolean allow(ValidationResult validationResult) {
            return i.this.c(validationResult);
        }
    }

    public i(Context context, HostAuth hostAuth) {
        this.f18218a = context;
        this.f18219b = hostAuth;
        b();
    }

    private void b() {
        if (f18217i == null) {
            f18217i = ValidatorEngineFactory.getInstance(this.f18218a, this.f18220c, this.f18221d, new ProfileType[]{ProfileType.PKIX, ProfileType.BLACKLIST});
        }
        try {
            KeyStore defaultTrustStore = new PkixProfile().getDefaultTrustStore();
            this.f18223f = defaultTrustStore;
            q.d("ExtBBX509TrustManager", "trustStore: %s", defaultTrustStore.getProvider().getName());
            BBTrustManagerBuilder bBTrustManagerBuilder = new BBTrustManagerBuilder(this.f18223f);
            this.f18224g = bBTrustManagerBuilder;
            if (this.f18219b.f6274v0 != null) {
                bBTrustManagerBuilder.setServerIdentity(new PeerIdentity(PeerIdentity.Type.DNS, this.f18219b.f6274v0));
            }
            this.f18224g.setDate(this.f18222e);
            this.f18224g.setCertificateValidatorFactory(f18217i);
            this.f18224g.setTimeout(20L, TimeUnit.SECONDS);
            this.f18224g.setHandler(new a());
            this.f18225h = this.f18224g.buildX509TrustManager();
        } catch (CertificateException e10) {
            q.g("ExtBBX509TrustManager", e10, "Default truststore failed", new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean c(ValidationResult validationResult) {
        boolean z10;
        CertificateScope certificateScope = new CertificateScope(this.f18219b.o(), validationResult);
        if (this.f18219b.f6277y0 == 0) {
            return false;
        }
        try {
            CertificateExemptionManager service = CertificateExemptionManagerFactory.getService(this.f18218a);
            service.connect();
            if (service.getConnectionStatus() != CertificateExemptionManagerConnectionStatus.CONNECTED) {
                q.B("ExtBBX509TrustManager", "CertificateExemption Service connection failed", new Object[0]);
                return false;
            }
            try {
                z10 = service.exists(certificateScope, validationResult);
            } catch (CertificateExemptionManagerException e10) {
                q.C("ExtBBX509TrustManager", e10, "Checking exemption failed", new Object[0]);
                z10 = false;
            }
            service.disconnect();
            if (service.getConnectionStatus() != CertificateExemptionManagerConnectionStatus.DISCONNECTED) {
                q.B("ExtBBX509TrustManager", "CertificateExemption Service connection failed", new Object[0]);
            }
            if (z10) {
                q.d("ExtBBX509TrustManager", "Certificate Exemption exists for %s", this.f18219b.f6278z0);
            } else {
                q.d("ExtBBX509TrustManager", "Certificate Exemption doesn't exist for %s", this.f18219b.f6278z0);
            }
            return z10;
        } catch (AndroidRuntimeException e11) {
            q.C("ExtBBX509TrustManager", e11, "Exception instantiating CertExemption Service", new Object[0]);
            return false;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        q.d("ExtBBX509TrustManager", "checkClientTrusted Using ExtBBX509TrustManager", new Object[0]);
        try {
            this.f18225h.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateValidationException e10) {
            q.e("ExtBBX509TrustManager", e10, "checkClientTrusted Failed: %s ", e10.getValidationResult());
            throw e10;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        int a10;
        q.d("ExtBBX509TrustManager", "checkServerTrusted Using ExtBBX509TrustManager", new Object[0]);
        try {
            this.f18225h.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateValidationException e10) {
            ValidationResult validationResult = BBTrustManagerUtil.getValidationResult(e10);
            boolean z10 = true;
            if (validationResult != null) {
                q.f("ExtBBX509TrustManager", "checkServerTrusted Failed with %s", validationResult.getCommonWarnings().toString());
                f fVar = new f(validationResult.getCommonWarnings());
                if (validationResult.getPresentedPeerIdentity() == null) {
                    q.k("ExtBBX509TrustManager", "checkServerTrusted TrustManager return NULL peerIdentity", new Object[0]);
                } else {
                    q.d("ExtBBX509TrustManager", "checkServerTrusted Failed with %s", validationResult.getPresentedPeerIdentity().getEncoded());
                }
                if (this.f18219b != null && ((a10 = fVar.a()) == 1 || (a10 == 2 && this.f18219b.f6277y0 == 2))) {
                    z10 = false;
                }
            }
            if (z10) {
                q.d("ExtBBX509TrustManager", "Critical validation error", new Object[0]);
                throw e10;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        q.d("ExtBBX509TrustManager", "getAcceptedIssuers Using ExtBBX509TrustManager", new Object[0]);
        return this.f18225h.getAcceptedIssuers();
    }
}
