package com.blackberry.email.ssl;

import android.content.Context;
import android.util.AndroidRuntimeException;
import com.blackberry.common.utils.o;
import com.blackberry.email.provider.contract.HostAuth;
import com.blackberry.security.certexem.CertificateExemptionManager;
import com.blackberry.security.certexem.CertificateExemptionManagerConnectionStatus;
import com.blackberry.security.certexem.CertificateExemptionManagerException;
import com.blackberry.security.certexem.CertificateExemptionManagerFactory;
import com.blackberry.security.certexem.CertificateScope;
import com.blackberry.security.trustmgr.PeerIdentity;
import com.blackberry.security.trustmgr.PkixProfile;
import com.blackberry.security.trustmgr.ProfileType;
import com.blackberry.security.trustmgr.ValidationResult;
import com.blackberry.security.trustmgr.ValidatorEngineFactory;
import com.blackberry.security.trustmgr.jca.BBTrustManagerBuilder;
import com.blackberry.security.trustmgr.jca.BBTrustManagerHandler;
import com.blackberry.security.trustmgr.jca.BBTrustManagerUtil;
import com.blackberry.security.trustmgr.jca.CertificateValidationException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.X509TrustManager;

/* compiled from: ExtBBX509TrustManager.java */
/* loaded from: classes.dex */
public class i implements X509TrustManager {
    private static ValidatorEngineFactory bzb;
    private HostAuth aXW;
    private Context byX;
    private Executor byY = ValidatorEngineFactory.DEFAULT_SHORT_TASK_EXECUTOR;
    private Executor byZ = ValidatorEngineFactory.DEFAULT_LONG_TASK_EXECUTOR;
    private Date bza = null;
    private KeyStore bzc;
    private BBTrustManagerBuilder bzd;
    private X509TrustManager bze;

    public i(Context context, HostAuth hostAuth) {
        this.bzc = null;
        this.bzd = null;
        this.byX = context;
        this.aXW = hostAuth;
        if (bzb == null) {
            bzb = ValidatorEngineFactory.getInstance(this.byX, this.byY, this.byZ, new ProfileType[]{ProfileType.PKIX, ProfileType.BLACKLIST});
        }
        try {
            this.bzc = new PkixProfile().getDefaultTrustStore();
            o.b("ExtBBX509TrustManager", "trustStore: %s", this.bzc.getProvider().getName());
            this.bzd = new BBTrustManagerBuilder(this.bzc);
            if (this.aXW.auk != null) {
                this.bzd.setServerIdentity(new PeerIdentity(PeerIdentity.Type.DNS, this.aXW.auk));
            }
            this.bzd.setDate(this.bza);
            this.bzd.setCertificateValidatorFactory(bzb);
            this.bzd.setTimeout(20L, TimeUnit.SECONDS);
            this.bzd.setHandler(new BBTrustManagerHandler() { // from class: com.blackberry.email.ssl.i.1
                @Override // com.blackberry.security.trustmgr.jca.BBTrustManagerHandler
                public boolean allow(ValidationResult validationResult) {
                    return i.this.a(validationResult);
                }
            });
            this.bze = this.bzd.buildX509TrustManager();
        } catch (CertificateException e) {
            o.e("ExtBBX509TrustManager", e, "Default truststore failed", new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean a(ValidationResult validationResult) {
        boolean z;
        CertificateScope certificateScope = new CertificateScope(this.aXW.FG(), validationResult);
        if (this.aXW.bup == 0) {
            return false;
        }
        try {
            CertificateExemptionManager service = CertificateExemptionManagerFactory.getService(this.byX);
            service.connect();
            if (service.getConnectionStatus() != CertificateExemptionManagerConnectionStatus.CONNECTED) {
                o.d("ExtBBX509TrustManager", "CertificateExemption Service connection failed", new Object[0]);
                return false;
            }
            try {
                z = service.exists(certificateScope, validationResult);
            } catch (CertificateExemptionManagerException e) {
                o.d("ExtBBX509TrustManager", e, "Checking exemption failed", new Object[0]);
                z = false;
            }
            service.disconnect();
            if (service.getConnectionStatus() != CertificateExemptionManagerConnectionStatus.DISCONNECTED) {
                o.d("ExtBBX509TrustManager", "CertificateExemption Service connection failed", new Object[0]);
            }
            if (z) {
                o.b("ExtBBX509TrustManager", "Certificate Exemption exists for %s", this.aXW.bad);
            } else {
                o.b("ExtBBX509TrustManager", "Certificate Exemption doesn't exist for %s", this.aXW.bad);
            }
            return z;
        } catch (AndroidRuntimeException e2) {
            o.d("ExtBBX509TrustManager", e2, "Exception instantiating CertExemption Service", new Object[0]);
            return false;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        o.b("ExtBBX509TrustManager", "checkClientTrusted Using ExtBBX509TrustManager", new Object[0]);
        try {
            this.bze.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateValidationException e) {
            o.b("ExtBBX509TrustManager", e, "checkClientTrusted Failed: %s ", e.getValidationResult());
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        o.b("ExtBBX509TrustManager", "checkServerTrusted Using ExtBBX509TrustManager", new Object[0]);
        try {
            this.bze.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateValidationException e) {
            ValidationResult validationResult = BBTrustManagerUtil.getValidationResult(e);
            boolean z = true;
            if (validationResult != null) {
                o.e("ExtBBX509TrustManager", "checkServerTrusted Failed with %s", validationResult.getCommonWarnings().toString());
                f fVar = new f(validationResult.getCommonWarnings());
                if (validationResult.getPresentedPeerIdentity() == null) {
                    o.c("ExtBBX509TrustManager", "checkServerTrusted TrustManager return NULL peerIdentity", new Object[0]);
                } else {
                    o.b("ExtBBX509TrustManager", "checkServerTrusted Failed with %s", validationResult.getPresentedPeerIdentity().getEncoded());
                }
                if (this.aXW != null) {
                    switch (fVar.GL()) {
                        case 1:
                            z = false;
                            break;
                        case 2:
                            if (this.aXW.bup == 2) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    fVar.a(this.byX, false, this.aXW.bup);
                } else {
                    fVar.a(this.byX, false, -1);
                }
            }
            if (z) {
                o.b("ExtBBX509TrustManager", "Critical validation error", new Object[0]);
                throw e;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        o.b("ExtBBX509TrustManager", "getAcceptedIssuers Using ExtBBX509TrustManager", new Object[0]);
        return this.bze.getAcceptedIssuers();
    }
}
