package com.tunnelbear.android.api;

import android.content.Context;
import com.tunnelbear.android.g.j;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import okhttp3.internal.tls.CertificateChainCleaner;

/* compiled from: TunnelBearTrustManager.java */
/* loaded from: classes.dex */
public class i implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private X509TrustManager f3508a;

    /* renamed from: b, reason: collision with root package name */
    private CertificateChainCleaner f3509b = CertificateChainCleaner.get(this);

    /* renamed from: c, reason: collision with root package name */
    private Context f3510c;

    /* renamed from: d, reason: collision with root package name */
    private String f3511d;

    /* renamed from: e, reason: collision with root package name */
    private X509Certificate f3512e;

    public i(X509TrustManager x509TrustManager, Context context) {
        this.f3508a = x509TrustManager;
        this.f3510c = context.getApplicationContext();
    }

    public void a(String str) {
        this.f3511d = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.f3508a.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            List<Certificate> clean = this.f3509b.clean(Arrays.asList(x509CertificateArr), this.f3511d);
            if (this.f3512e == null) {
                try {
                    try {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                        InputStream open = this.f3510c.getAssets().open("TunnelBearCertificate.crt");
                        this.f3512e = (X509Certificate) certificateFactory.generateCertificate(open);
                        open.close();
                    } catch (CertificateException e2) {
                        j.b("TunnelBearTrustManager", "Unable to load TB certificate " + e2.getMessage());
                    }
                } catch (FileNotFoundException e3) {
                    j.b("TunnelBearTrustManager", "Server certificate file missing " + e3.getMessage());
                } catch (IOException unused) {
                    j.b("TunnelBearTrustManager", "Generic IO Exception when loading the certificate.");
                }
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) this.f3512e.getPublicKey();
            if (clean != null && clean.size() > 0) {
                Iterator<Certificate> it = clean.iterator();
                while (it.hasNext()) {
                    RSAPublicKey rSAPublicKey2 = (RSAPublicKey) ((X509Certificate) it.next()).getPublicKey();
                    if (rSAPublicKey.getAlgorithm().equals(rSAPublicKey2.getAlgorithm()) && rSAPublicKey.getPublicExponent().equals(rSAPublicKey2.getPublicExponent()) && rSAPublicKey.getModulus().equals(rSAPublicKey2.getModulus()) && rSAPublicKey2.getEncoded() != null && Arrays.equals(rSAPublicKey.getEncoded(), rSAPublicKey2.getEncoded())) {
                        this.f3508a.checkServerTrusted(x509CertificateArr, str);
                        return;
                    }
                }
            }
        } catch (Exception e4) {
            StringBuilder a2 = b.a.a.a.a.a("Error while checking server certificate: ");
            a2.append(e4.getMessage());
            j.b("TunnelBearTrustManager", a2.toString());
        }
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.f3508a.getAcceptedIssuers();
    }
}
