package com.htc.android.mail.ssl;

import android.content.Context;
import android.util.Log;
import com.htc.android.mail.Mail;
import com.htc.android.mail.ll;
import com.htc.android.mail.server.Server;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CertificateChainValidator {
    private static final boolean DEBUG = Mail.MAIL_DEBUG;
    private static final String TAG = "CertificateChainValidator";
    private static CertificateChainValidator sInstance;
    private X509TrustManager mDefaultTrustManager;
    private long mLastModified;
    private X509TrustManager mOwnTrustManager;

    private CertificateChainValidator(Context context) {
        File file = null;
        if (context != null) {
            try {
                file = context.getFileStreamPath("keystore");
            } catch (Exception e) {
            }
        }
        init(context, file);
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str) throws SSLHandshakeException, IOException {
        if (sSLSocket != null) {
            sSLSocket.close();
        }
        throw new SSLHandshakeException(str);
    }

    private void closeSocketThrowException(SSLSocket sSLSocket, String str, String str2) throws SSLHandshakeException, IOException {
        closeSocketThrowException(sSLSocket, str != null ? str : str2);
    }

    public static CertificateChainValidator getInstance(Context context) {
        if (sInstance == null) {
            sInstance = new CertificateChainValidator(context);
        } else {
            synchronized (sInstance) {
                sInstance.reinit(context);
            }
        }
        return sInstance;
    }

    private void init(Context context, File file) {
        KeyStore keyStore = null;
        FileInputStream fileInputStream = null;
        if (file != null) {
            try {
                fileInputStream = new FileInputStream(file);
            } catch (Exception e) {
            }
        }
        String string = context != null ? context.getSharedPreferences("pwd", 0).getString("pwd", "") : "";
        if (fileInputStream != null) {
            try {
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(fileInputStream, string.toCharArray());
                fileInputStream.close();
            } catch (IOException e2) {
                Log.e(TAG, "IOException ", e2);
            } catch (KeyStoreException e3) {
                Log.e(TAG, "Key Store exception while initializing TrustManagerFactory ", e3);
            } catch (NoSuchAlgorithmException e4) {
                Log.e(TAG, "Unable to get X509 Trust Manager ", e4);
            } catch (CertificateException e5) {
                Log.e(TAG, "CertificateException ", e5);
            }
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null && trustManagers.length > 0) {
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        this.mDefaultTrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                    i++;
                }
            }
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers2 = trustManagerFactory.getTrustManagers();
            if (trustManagers2 == null || trustManagers2.length <= 0) {
                return;
            }
            for (TrustManager trustManager2 : trustManagers2) {
                if (trustManager2 instanceof X509TrustManager) {
                    this.mOwnTrustManager = (X509TrustManager) trustManager2;
                    return;
                }
            }
        } catch (Exception e6) {
        }
    }

    public MailSslError doHandshakeAndValidateServerCertificates(Server server, SSLSocket sSLSocket, String str) throws SSLHandshakeException, IOException {
        try {
            sSLSocket.setUseClientMode(true);
            sSLSocket.startHandshake();
        } catch (IOException e) {
            closeSocketThrowException(sSLSocket, e.getMessage(), "failed to perform SSL handshake");
        }
        X509Certificate[] x509CertificateArr = null;
        X509Certificate[] x509CertificateArr2 = new X509Certificate[1];
        if (DEBUG) {
            ll.i(TAG, "getPeerCertificates");
        }
        Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length <= 0) {
            if (DEBUG) {
                ll.i(TAG, "failed to retrieve peer certificates");
            }
            closeSocketThrowException(sSLSocket, "failed to retrieve peer certificates");
        } else {
            x509CertificateArr = new X509Certificate[peerCertificates.length];
            for (int i = 0; i < peerCertificates.length; i++) {
                x509CertificateArr[i] = (X509Certificate) peerCertificates[i];
                if (i == 0) {
                    x509CertificateArr2[0] = (X509Certificate) peerCertificates[i];
                }
            }
            if (server != null && x509CertificateArr[0] != null) {
                server.setX509Certificate(x509CertificateArr[0]);
            }
        }
        if (DEBUG) {
            ll.i(TAG, "get first certificate");
        }
        if (x509CertificateArr[0] == null) {
            if (DEBUG) {
                ll.i(TAG, "certificate for this site is null");
            }
            closeSocketThrowException(sSLSocket, "certificate for this site is null");
        } else if (DEBUG) {
            ll.i(TAG, "check domain");
        }
        try {
            synchronized (this.mDefaultTrustManager) {
                if (DEBUG) {
                    ll.i(TAG, "check ServerTrusted");
                }
                this.mDefaultTrustManager.checkServerTrusted(x509CertificateArr, "RSA");
            }
            return null;
        } catch (CertificateException e2) {
            Log.e(TAG, "failed to pre-validate the certificate chain, error: ", e2);
            try {
                synchronized (this.mOwnTrustManager) {
                    if (DEBUG) {
                        ll.i(TAG, "check ServerTrusted again");
                    }
                    this.mOwnTrustManager.checkServerTrusted(x509CertificateArr2, "RSA");
                    return null;
                }
            } catch (CertificateException e3) {
                Log.e(TAG, "failed to pre-validate the certificate chain, error: ", e3);
                sSLSocket.getSession().invalidate();
                MailSslError mailSslError = null;
                X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
                if (x509Certificate == null && DEBUG) {
                    ll.i(TAG, "root certificate is null");
                }
                X509Certificate[] x509CertificateArr3 = {x509Certificate};
                try {
                } catch (CertificateException e4) {
                    try {
                        synchronized (this.mOwnTrustManager) {
                            this.mOwnTrustManager.checkServerTrusted(x509CertificateArr3, "RSA");
                        }
                    } catch (CertificateExpiredException e5) {
                        if (e5.getMessage() == null) {
                        }
                        mailSslError = new MailSslError(1, x509Certificate);
                    } catch (CertificateNotYetValidException e6) {
                        if (e6.getMessage() == null) {
                        }
                        mailSslError = new MailSslError(0, x509Certificate);
                    } catch (CertificateException e7) {
                        if (e7.getMessage() == null) {
                        }
                        return new MailSslError(3, x509Certificate);
                    }
                }
                synchronized (this.mDefaultTrustManager) {
                    this.mDefaultTrustManager.checkServerTrusted(x509CertificateArr3, "RSA");
                    X509Certificate x509Certificate2 = x509CertificateArr[x509CertificateArr.length - 1];
                    for (int length = x509CertificateArr.length - 2; length >= 0; length--) {
                        X509Certificate x509Certificate3 = x509CertificateArr[length];
                        if (x509Certificate3 == null) {
                            if (DEBUG) {
                                ll.i(TAG, "null certificate in the chain");
                            }
                            closeSocketThrowException(sSLSocket, "null certificate in the chain");
                        }
                        if (!x509Certificate2.getSubjectDN().equals(x509Certificate3.getIssuerDN())) {
                            return new MailSslError(3, x509Certificate3);
                        }
                        try {
                            x509Certificate3.verify(x509Certificate2.getPublicKey());
                            try {
                                x509Certificate3.checkValidity();
                            } catch (CertificateExpiredException e8) {
                                if (e8.getMessage() == null) {
                                }
                                if (mailSslError == null || mailSslError.getPrimaryError() < 1) {
                                    mailSslError = new MailSslError(1, x509Certificate3);
                                }
                            } catch (CertificateNotYetValidException e9) {
                                if (e9.getMessage() == null) {
                                }
                                if (mailSslError == null || mailSslError.getPrimaryError() < 0) {
                                    mailSslError = new MailSslError(0, x509Certificate3);
                                }
                            }
                            x509Certificate2 = x509Certificate3;
                        } catch (GeneralSecurityException e10) {
                            if (e10.getMessage() == null) {
                            }
                            return new MailSslError(3, x509Certificate3);
                        }
                    }
                    if (mailSslError == null) {
                        if (DEBUG) {
                            ll.i(TAG, "failed to pre-validate the certificate chain due to a non-standard error");
                        }
                        closeSocketThrowException(sSLSocket, "failed to pre-validate the certificate chain due to a non-standard error");
                    }
                    return mailSslError;
                }
            }
        }
    }

    public void reinit(Context context) {
        if (context != null) {
            try {
                File fileStreamPath = context.getFileStreamPath("keystore");
                long lastModified = fileStreamPath.lastModified();
                if (this.mLastModified < lastModified) {
                    this.mLastModified = lastModified;
                    init(context, fileStreamPath);
                }
            } catch (Exception e) {
            }
        }
    }
}
