package com.huawei.library.rainbowsdk.http;

import android.content.Context;
import android.util.Log;
import com.huawei.secure.android.common.ssl.HiCloudX509TrustManager;
import com.huawei.util.context.GlobalContext;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class HsmTrustManager implements X509TrustManager {
    private static final String TAG = "RainbowSDK_HsmTrustManager";
    private X509TrustManager tm;

    public HsmTrustManager() {
        this.tm = null;
        Context context = GlobalContext.getContext();
        if (context == null || context.getAssets() == null) {
            return;
        }
        try {
            this.tm = new HiCloudX509TrustManager(context.getAssets().open("hmsrootcas.bks"), "");
        } catch (IOException e) {
            Log.e(TAG, "Exception: open bks fail.");
        } catch (IllegalArgumentException e2) {
            Log.e(TAG, "Exception: input stream or trustPwd is null.");
        } catch (KeyStoreException e3) {
            Log.e(TAG, "Exception: keystore exception.");
        } catch (NoSuchAlgorithmException e4) {
            Log.e(TAG, "Exception: no such algorithm.");
        } catch (CertificateException e5) {
            Log.e(TAG, "Exception: trustManager is empty.");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.tm == null) {
            return;
        }
        this.tm.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (this.tm == null) {
            return;
        }
        try {
            this.tm.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            Log.e(TAG, "Exception: " + e.getMessage());
            for (Throwable th = e; th != null; th = th.getCause()) {
                if ((th instanceof CertificateExpiredException) || (th instanceof CertificateNotYetValidException)) {
                    return;
                }
            }
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        if (this.tm == null) {
            return null;
        }
        return this.tm.getAcceptedIssuers();
    }
}
