package io.agora.utils.crypto;

import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes2.dex */
public class CryptoTrustManager implements X509TrustManager {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private List<X509Certificate> certs_ = new ArrayList();
    private String host_name_;
    private X509HostnameVerifier host_verifier_;
    private X509TrustManager system_x509_tm_;
    private Map<String, String> user_cas_;
    private List<X509Certificate> user_root_certs_;

    public void AddUserRootCerts(String[] strArr) {
        CryptoCertStore cryptoCertStore = new CryptoCertStore();
        for (String str : strArr) {
            CryptoCertification ImportCertFromPemString = cryptoCertStore.ImportCertFromPemString(str);
            if (ImportCertFromPemString != null) {
                this.user_root_certs_.add(ImportCertFromPemString.Get());
            }
        }
    }

    public void AppendPemCert(String str) {
        CryptoCertification ImportCertFromPemString = new CryptoCertStore().ImportCertFromPemString(str);
        if (ImportCertFromPemString == null) {
            return;
        }
        this.certs_.add(ImportCertFromPemString.Get());
    }

    public boolean Evaluate() {
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[this.certs_.size()];
            this.certs_.toArray(x509CertificateArr);
            if (this.system_x509_tm_ == null) {
                return false;
            }
            this.system_x509_tm_.checkServerTrusted(x509CertificateArr, "RSA");
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean Initialize() {
        KeyStore keyStore;
        try {
            if (this.host_name_ != null) {
                this.host_verifier_ = new BrowserCompatHostnameVerifier();
            }
            if (this.user_cas_ == null || this.user_cas_.isEmpty()) {
                keyStore = null;
            } else {
                keyStore = KeyStore.getInstance("AndroidKeyStore");
                keyStore.load(null);
                CryptoCertStore cryptoCertStore = new CryptoCertStore();
                for (Map.Entry<String, String> entry : this.user_cas_.entrySet()) {
                    CryptoCertification ImportCertFromPemString = cryptoCertStore.ImportCertFromPemString(entry.getValue());
                    if (ImportCertFromPemString != null) {
                        keyStore.setCertificateEntry(entry.getKey(), ImportCertFromPemString.Get());
                    }
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.system_x509_tm_ = (X509TrustManager) trustManager;
                    return true;
                }
            }
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    public void SetHostName(String str) {
        this.host_name_ = str;
    }

    public void SetUserCAs(Map<String, String> map) {
        this.user_cas_ = map;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr.length == 0) {
            return;
        }
        if (this.host_verifier_ != null) {
            try {
                this.host_verifier_.verify(this.host_name_, x509CertificateArr[0]);
            } catch (Exception unused) {
                throw new CertificateException();
            }
        }
        X509TrustManager x509TrustManager = this.system_x509_tm_;
        if (x509TrustManager == null) {
            throw new CertificateException();
        }
        x509TrustManager.checkServerTrusted(x509CertificateArr, "RSA");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
