package com.huawei.secure.android.common.ssl;

import android.content.Context;
import android.net.http.SslError;
import android.util.Log;
import android.webkit.SslErrorHandler;
import com.huawei.secure.android.common.ssl.WebViewSSLCheckThread;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class WebViewSSLCheck {
    private static final String TAG = "WebViewSSLCheck";

    /* renamed from: a, reason: collision with root package name */
    private static final String f4182a = "X509";
    private static final String b = "bks";
    private static final String k = "hmsincas.bks";
    private static final String l = "";

    private static X509Certificate[] a(X509TrustManager x509TrustManager) {
        return x509TrustManager == null ? new X509Certificate[0] : x509TrustManager.getAcceptedIssuers();
    }

    public static void checkServerCertificateNew(SslErrorHandler sslErrorHandler, SslError sslError, Context context) {
        checkServerCertificateNew(sslErrorHandler, sslError, null, context, null);
    }

    public static void checkServerCertificateNew(SslErrorHandler sslErrorHandler, SslError sslError, String str, Context context, WebViewSSLCheckThread.Callback callback) {
        X509Certificate a2 = b.a(sslError.getCertificate());
        Iterator<X509TrustManager> it = f(context).iterator();
        while (it.hasNext()) {
            for (X509Certificate x509Certificate : a(it.next())) {
                if (b.a(x509Certificate, a2)) {
                    Log.e(TAG, "checkServerCertificateNew: proceed");
                    if (callback != null) {
                        callback.onProceed(context, str);
                        return;
                    } else {
                        sslErrorHandler.proceed();
                        return;
                    }
                }
            }
        }
        Log.e(TAG, "checkServerCertificateNew: cancel");
        if (callback != null) {
            callback.onCancel(context, str);
        } else {
            sslErrorHandler.cancel();
        }
    }

    public static boolean checkServerCertificateNew(String str, SslError sslError) {
        return checkServerCertificateNew(b.a(str), sslError);
    }

    public static boolean checkServerCertificateNew(X509Certificate x509Certificate, SslError sslError) {
        return b.a(x509Certificate, b.a(sslError.getCertificate()));
    }

    private static List<X509TrustManager> f(Context context) {
        ArrayList arrayList = new ArrayList();
        InputStream inputStream = null;
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(f4182a);
                KeyStore keyStore = KeyStore.getInstance(b);
                inputStream = context.getAssets().open(k);
                inputStream.reset();
                keyStore.load(inputStream, "".toCharArray());
                trustManagerFactory.init(keyStore);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        arrayList.add((X509TrustManager) trustManager);
                    }
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                Log.e(TAG, "loadBksCA: exception : " + e.getMessage());
            }
            return arrayList;
        } finally {
            d.a(inputStream);
        }
    }
}
