package at.bitfire.cert4android;

import android.annotation.SuppressLint;
import android.content.Context;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.coroutines.flow.StateFlow;

/* compiled from: CustomCertManager.kt */
@SuppressLint({"CustomX509TrustManager"})
/* loaded from: classes.dex */
public final class CustomCertManager implements X509TrustManager {
    public static final int $stable = 8;
    private StateFlow<Boolean> appInForeground;
    private final CustomCertStore certStore;
    private final boolean trustSystemCerts;

    /* compiled from: CustomCertManager.kt */
    /* loaded from: classes.dex */
    public final class HostnameVerifier implements javax.net.ssl.HostnameVerifier {
        private final javax.net.ssl.HostnameVerifier defaultHostnameVerifier;

        public HostnameVerifier(javax.net.ssl.HostnameVerifier hostnameVerifier) {
            this.defaultHostnameVerifier = hostnameVerifier;
        }

        public /* synthetic */ HostnameVerifier(CustomCertManager customCertManager, javax.net.ssl.HostnameVerifier hostnameVerifier, int i2, DefaultConstructorMarker defaultConstructorMarker) {
            this((i2 & 1) != 0 ? null : hostnameVerifier);
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String hostname, SSLSession session) {
            Intrinsics.checkNotNullParameter(hostname, "hostname");
            Intrinsics.checkNotNullParameter(session, "session");
            javax.net.ssl.HostnameVerifier hostnameVerifier = this.defaultHostnameVerifier;
            if (hostnameVerifier != null && hostnameVerifier.verify(hostname, session)) {
                return true;
            }
            Cert4Android.INSTANCE.getLog().warning("Host name \"" + hostname + "\" not verified, checking whether certificate is explicitly trusted");
            Certificate[] peerCertificates = session.getPeerCertificates();
            Intrinsics.checkNotNullExpressionValue(peerCertificates, "getPeerCertificates(...)");
            Certificate certificate = peerCertificates.length == 0 ? null : peerCertificates[0];
            X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
            if (x509Certificate != null) {
                CustomCertManager customCertManager = CustomCertManager.this;
                if (customCertManager.getCertStore().isTrusted(new X509Certificate[]{x509Certificate}, "RSA", false, customCertManager.getAppInForeground())) {
                    return true;
                }
            }
            return false;
        }
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public CustomCertManager(Context context, StateFlow<Boolean> stateFlow) {
        this(context, false, stateFlow, 2, null);
        Intrinsics.checkNotNullParameter(context, "context");
    }

    public CustomCertManager(Context context, boolean z, StateFlow<Boolean> stateFlow) {
        Intrinsics.checkNotNullParameter(context, "context");
        this.trustSystemCerts = z;
        this.appInForeground = stateFlow;
        this.certStore = CustomCertStore.Companion.getInstance(context);
    }

    public /* synthetic */ CustomCertManager(Context context, boolean z, StateFlow stateFlow, int i2, DefaultConstructorMarker defaultConstructorMarker) {
        this(context, (i2 & 2) != 0 ? true : z, stateFlow);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("cert4android doesn't validate client certificates");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        if (!this.certStore.isTrusted(chain, authType, this.trustSystemCerts, this.appInForeground)) {
            throw new CertificateException("Certificate chain not trusted");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public final StateFlow<Boolean> getAppInForeground() {
        return this.appInForeground;
    }

    public final CustomCertStore getCertStore() {
        return this.certStore;
    }

    public final boolean getTrustSystemCerts() {
        return this.trustSystemCerts;
    }

    public final void setAppInForeground(StateFlow<Boolean> stateFlow) {
        this.appInForeground = stateFlow;
    }
}
