package com.tunnelbear.android.api;

import android.content.Context;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.tls.CertificateChainCleaner;
import s3.t;

/* compiled from: TunnelBearTrustManager.java */
/* loaded from: classes.dex */
public final class j implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f6833a;

    /* renamed from: b, reason: collision with root package name */
    private final CertificateChainCleaner f6834b = CertificateChainCleaner.Companion.get(this);

    /* renamed from: c, reason: collision with root package name */
    private final Context f6835c;

    /* renamed from: d, reason: collision with root package name */
    private String f6836d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate f6837e;

    public j(X509TrustManager x509TrustManager, Context context) {
        this.f6833a = x509TrustManager;
        this.f6835c = context.getApplicationContext();
    }

    public final void a(String str) {
        this.f6836d = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.f6833a.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            List<Certificate> clean = this.f6834b.clean(Arrays.asList(x509CertificateArr), this.f6836d);
            if (this.f6837e == null) {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    InputStream open = this.f6835c.getAssets().open("TunnelBearCertificate.crt");
                    this.f6837e = (X509Certificate) certificateFactory.generateCertificate(open);
                    open.close();
                } catch (FileNotFoundException e10) {
                    t.h("TunnelBearTrustManager", "Server certificate file missing " + e10.getMessage());
                } catch (IOException unused) {
                    t.h("TunnelBearTrustManager", "Generic IO Exception when loading the certificate.");
                } catch (CertificateException e11) {
                    t.h("TunnelBearTrustManager", "Unable to load TB certificate " + e11.getMessage());
                }
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) this.f6837e.getPublicKey();
            if (clean != null && clean.size() > 0) {
                Iterator<Certificate> it = clean.iterator();
                while (it.hasNext()) {
                    RSAPublicKey rSAPublicKey2 = (RSAPublicKey) ((X509Certificate) it.next()).getPublicKey();
                    if (rSAPublicKey.getAlgorithm().equals(rSAPublicKey2.getAlgorithm()) && rSAPublicKey.getPublicExponent().equals(rSAPublicKey2.getPublicExponent()) && rSAPublicKey.getModulus().equals(rSAPublicKey2.getModulus()) && rSAPublicKey2.getEncoded() != null && Arrays.equals(rSAPublicKey.getEncoded(), rSAPublicKey2.getEncoded())) {
                        this.f6833a.checkServerTrusted(x509CertificateArr, str);
                        return;
                    }
                }
            }
        } catch (Exception e12) {
            StringBuilder d10 = a1.i.d("Error while checking server certificate: ");
            d10.append(e12.getMessage());
            t.h("TunnelBearTrustManager", d10.toString());
        }
        StringBuilder d11 = a1.i.d("DBIZ-526: TunnelBearTrustManager will throw a CertificateException. mHostname = ");
        d11.append(this.f6836d);
        d11.append(" and authType = ");
        d11.append(str);
        t.h("TunnelBearTrustManager", d11.toString());
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return this.f6833a.getAcceptedIssuers();
    }
}
