package com.fsck.k9.mail.ssl;

import com.fsck.k9.logging.Timber;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.hc.client5.http.ssl.DefaultHostnameVerifier;

/* loaded from: classes3.dex */
public class TrustManagerFactory {
    private final Map cachedTrustManagers = new HashMap();
    private X509TrustManager defaultTrustManager;
    private LocalKeyStore keyStore;

    /* loaded from: classes3.dex */
    private class SecureX509TrustManager implements X509TrustManager {
        private final DefaultHostnameVerifier hostnameVerifier;
        private final String mHost;
        private final int mPort;

        private SecureX509TrustManager(String str, int i) {
            this.hostnameVerifier = new DefaultHostnameVerifier();
            this.mHost = str;
            this.mPort = i;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            TrustManagerFactory.this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        /* JADX WARN: Removed duplicated region for block: B:11:0x0031 A[RETURN] */
        /* JADX WARN: Removed duplicated region for block: B:12:0x0032  */
        @Override // javax.net.ssl.X509TrustManager
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void checkServerTrusted(java.security.cert.X509Certificate[] r6, java.lang.String r7) {
            /*
                r5 = this;
                r0 = 0
                r0 = r6[r0]
                com.fsck.k9.mail.ssl.TrustManagerFactory r1 = com.fsck.k9.mail.ssl.TrustManagerFactory.this     // Catch: javax.net.ssl.SSLException -> L14 java.security.cert.CertificateException -> L16
                javax.net.ssl.X509TrustManager r1 = com.fsck.k9.mail.ssl.TrustManagerFactory.m3395$$Nest$fgetdefaultTrustManager(r1)     // Catch: javax.net.ssl.SSLException -> L14 java.security.cert.CertificateException -> L16
                r1.checkServerTrusted(r6, r7)     // Catch: javax.net.ssl.SSLException -> L14 java.security.cert.CertificateException -> L16
                org.apache.hc.client5.http.ssl.DefaultHostnameVerifier r7 = r5.hostnameVerifier     // Catch: javax.net.ssl.SSLException -> L14 java.security.cert.CertificateException -> L16
                java.lang.String r1 = r5.mHost     // Catch: javax.net.ssl.SSLException -> L14 java.security.cert.CertificateException -> L16
                r7.verify(r1, r0)     // Catch: javax.net.ssl.SSLException -> L14 java.security.cert.CertificateException -> L16
                return
            L14:
                r7 = move-exception
                goto L18
            L16:
                r7 = move-exception
                goto L1d
            L18:
                java.lang.String r1 = r7.getMessage()
                goto L21
            L1d:
                java.lang.String r1 = r7.getMessage()
            L21:
                com.fsck.k9.mail.ssl.TrustManagerFactory r2 = com.fsck.k9.mail.ssl.TrustManagerFactory.this
                com.fsck.k9.mail.ssl.LocalKeyStore r2 = com.fsck.k9.mail.ssl.TrustManagerFactory.m3396$$Nest$fgetkeyStore(r2)
                java.lang.String r3 = r5.mHost
                int r4 = r5.mPort
                boolean r0 = r2.isValidCertificate(r0, r3, r4)
                if (r0 == 0) goto L32
                return
            L32:
                com.fsck.k9.mail.CertificateChainException r0 = new com.fsck.k9.mail.CertificateChainException
                r0.<init>(r1, r6, r7)
                throw r0
            */
            throw new UnsupportedOperationException("Method not decompiled: com.fsck.k9.mail.ssl.TrustManagerFactory.SecureX509TrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return TrustManagerFactory.this.defaultTrustManager.getAcceptedIssuers();
        }
    }

    private TrustManagerFactory(LocalKeyStore localKeyStore) {
        this.keyStore = localKeyStore;
    }

    public static TrustManagerFactory createInstance(LocalKeyStore localKeyStore) {
        TrustManagerFactory trustManagerFactory = new TrustManagerFactory(localKeyStore);
        try {
            trustManagerFactory.initialize();
            return trustManagerFactory;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            Timber.e(e, "Failed to initialize X509 Trust Manager!", new Object[0]);
            throw new IllegalStateException(e);
        }
    }

    private void initialize() {
        javax.net.ssl.TrustManagerFactory trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers != null) {
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    this.defaultTrustManager = (X509TrustManager) trustManager;
                    return;
                }
            }
        }
    }

    public X509TrustManager getTrustManagerForDomain(String str, int i) {
        String str2 = str + ":" + i;
        if (this.cachedTrustManagers.containsKey(str2)) {
            return (SecureX509TrustManager) this.cachedTrustManagers.get(str2);
        }
        SecureX509TrustManager secureX509TrustManager = new SecureX509TrustManager(str, i);
        this.cachedTrustManagers.put(str2, secureX509TrustManager);
        return secureX509TrustManager;
    }
}
