package com.commonsware.cwac.netsecurity.conscrypt;

import android.util.Log;
import com.commonsware.cwac.netsecurity.config.CertificatesEntryRef;
import com.commonsware.cwac.netsecurity.config.NetworkSecurityConfig;
import com.commonsware.cwac.netsecurity.config.TrustedCertificateStoreAdapter;
import com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager;
import java.lang.reflect.Method;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

/* loaded from: classes.dex */
public final class TrustManagerImpl extends X509ExtendedTrustManager {

    /* renamed from: j, reason: collision with root package name */
    public static final TrustAnchorComparator f2113j = new TrustAnchorComparator(0);

    /* renamed from: a, reason: collision with root package name */
    public final KeyStore f2114a;
    public final CertPinManager b;

    /* renamed from: c, reason: collision with root package name */
    public final TrustedCertificateStore f2115c;
    public final CertPathValidator d;

    /* renamed from: e, reason: collision with root package name */
    public final TrustedCertificateIndex f2116e;
    public final TrustedCertificateIndex f;
    public final X509Certificate[] g;
    public final Exception h;
    public final CertificateFactory i;

    /* loaded from: classes.dex */
    public static class ExtendedKeyUsagePKIXCertPathChecker extends PKIXCertPathChecker {
        public static final Set i = Collections.unmodifiableSet(new HashSet(Arrays.asList("2.5.29.37")));
        public final boolean g;
        public final X509Certificate h;

        public ExtendedKeyUsagePKIXCertPathChecker(boolean z2, X509Certificate x509Certificate) {
            this.g = z2;
            this.h = x509Certificate;
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final void check(Certificate certificate, Collection collection) {
            X509Certificate x509Certificate = this.h;
            if (certificate != x509Certificate) {
                return;
            }
            try {
                List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                if (extendedKeyUsage == null) {
                    return;
                }
                for (String str : extendedKeyUsage) {
                    if (!str.equals("2.5.29.37.0")) {
                        if (this.g) {
                            if (str.equals("1.3.6.1.5.5.7.3.2")) {
                            }
                        } else if (!str.equals("1.3.6.1.5.5.7.3.1") && !str.equals("2.16.840.1.113730.4.1") && !str.equals("1.3.6.1.4.1.311.10.3.3")) {
                        }
                    }
                    collection.remove("2.5.29.37");
                    return;
                }
                throw new CertPathValidatorException("End-entity certificate does not have a valid extendedKeyUsage.");
            } catch (CertificateParsingException e3) {
                throw new CertPathValidatorException(e3);
            }
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final Set getSupportedExtensions() {
            return i;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final void init(boolean z2) {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final boolean isForwardCheckingSupported() {
            return true;
        }
    }

    /* loaded from: classes.dex */
    public static class TrustAnchorComparator implements Comparator<TrustAnchor> {

        /* renamed from: a, reason: collision with root package name */
        public static final CertificatePriorityComparator f2117a = new CertificatePriorityComparator();

        private TrustAnchorComparator() {
        }

        public /* synthetic */ TrustAnchorComparator(int i) {
            this();
        }

        @Override // java.util.Comparator
        public final int compare(TrustAnchor trustAnchor, TrustAnchor trustAnchor2) {
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            X509Certificate trustedCert2 = trustAnchor2.getTrustedCert();
            f2117a.getClass();
            return CertificatePriorityComparator.a(trustedCert, trustedCert2);
        }
    }

    public TrustManagerImpl(KeyStore keyStore, TrustedCertificateStoreAdapter trustedCertificateStoreAdapter) {
        X509Certificate[] x509CertificateArr;
        TrustedCertificateStoreAdapter trustedCertificateStoreAdapter2;
        CertPathValidator certPathValidator;
        Exception exc;
        CertificateFactory certificateFactory;
        X509Certificate[] x509CertificateArr2;
        CertPathValidator certPathValidator2;
        CertificateFactory certificateFactory2;
        TrustedCertificateIndex trustedCertificateIndex;
        X509Certificate[] a2;
        TrustedCertificateIndex trustedCertificateIndex2 = null;
        try {
            certPathValidator2 = CertPathValidator.getInstance("PKIX");
            try {
                certificateFactory2 = CertificateFactory.getInstance("X509");
                try {
                    if ("AndroidCAStore".equals(keyStore.getType())) {
                        try {
                            trustedCertificateIndex = new TrustedCertificateIndex();
                            x509CertificateArr2 = null;
                        } catch (Exception e3) {
                            exc = e3;
                            certificateFactory = certificateFactory2;
                            certPathValidator = certPathValidator2;
                            trustedCertificateStoreAdapter2 = trustedCertificateStoreAdapter;
                            x509CertificateArr = null;
                            CertificateFactory certificateFactory3 = certificateFactory;
                            x509CertificateArr2 = x509CertificateArr;
                            trustedCertificateStoreAdapter = trustedCertificateStoreAdapter2;
                            certPathValidator2 = certPathValidator;
                            certificateFactory2 = certificateFactory3;
                            this.b = new CertPinManager();
                            this.f2114a = keyStore;
                            this.f2115c = trustedCertificateStoreAdapter;
                            this.d = certPathValidator2;
                            this.i = certificateFactory2;
                            this.f2116e = trustedCertificateIndex2;
                            this.f = new TrustedCertificateIndex();
                            this.g = x509CertificateArr2;
                            this.h = exc;
                        }
                    } else {
                        try {
                            a2 = a(keyStore);
                        } catch (Exception e4) {
                            keyStore = null;
                            exc = e4;
                            certificateFactory = certificateFactory2;
                            certPathValidator = certPathValidator2;
                            trustedCertificateStoreAdapter2 = trustedCertificateStoreAdapter;
                            x509CertificateArr = null;
                        }
                        try {
                            HashSet hashSet = new HashSet(a2.length);
                            for (X509Certificate x509Certificate : a2) {
                                hashSet.add(new TrustAnchor(x509Certificate, null));
                            }
                            trustedCertificateIndex = new TrustedCertificateIndex(hashSet);
                            x509CertificateArr2 = a2;
                            keyStore = null;
                        } catch (Exception e5) {
                            exc = e5;
                            certificateFactory = certificateFactory2;
                            certPathValidator = certPathValidator2;
                            trustedCertificateStoreAdapter2 = trustedCertificateStoreAdapter;
                            x509CertificateArr = a2;
                            keyStore = null;
                            CertificateFactory certificateFactory32 = certificateFactory;
                            x509CertificateArr2 = x509CertificateArr;
                            trustedCertificateStoreAdapter = trustedCertificateStoreAdapter2;
                            certPathValidator2 = certPathValidator;
                            certificateFactory2 = certificateFactory32;
                            this.b = new CertPinManager();
                            this.f2114a = keyStore;
                            this.f2115c = trustedCertificateStoreAdapter;
                            this.d = certPathValidator2;
                            this.i = certificateFactory2;
                            this.f2116e = trustedCertificateIndex2;
                            this.f = new TrustedCertificateIndex();
                            this.g = x509CertificateArr2;
                            this.h = exc;
                        }
                    }
                    TrustedCertificateIndex trustedCertificateIndex3 = trustedCertificateIndex;
                    exc = null;
                    trustedCertificateIndex2 = trustedCertificateIndex3;
                } catch (Exception e6) {
                    keyStore = null;
                    x509CertificateArr = null;
                    exc = e6;
                    certificateFactory = certificateFactory2;
                    certPathValidator = certPathValidator2;
                    trustedCertificateStoreAdapter2 = null;
                }
            } catch (Exception e7) {
                keyStore = null;
                x509CertificateArr = null;
                certPathValidator = certPathValidator2;
                exc = e7;
                trustedCertificateStoreAdapter2 = null;
                certificateFactory = null;
            }
        } catch (Exception e8) {
            keyStore = null;
            x509CertificateArr = null;
            trustedCertificateStoreAdapter2 = null;
            certPathValidator = null;
            exc = e8;
            certificateFactory = null;
        }
        try {
            this.b = new CertPinManager();
            this.f2114a = keyStore;
            this.f2115c = trustedCertificateStoreAdapter;
            this.d = certPathValidator2;
            this.i = certificateFactory2;
            this.f2116e = trustedCertificateIndex2;
            this.f = new TrustedCertificateIndex();
            this.g = x509CertificateArr2;
            this.h = exc;
        } catch (PinManagerException e9) {
            throw new SecurityException("Could not initialize CertPinManager", e9);
        }
    }

    public static X509Certificate[] a(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException unused) {
            return new X509Certificate[0];
        }
    }

    public static SSLSession e(SSLSocket sSLSocket) {
        SSLSession sSLSession = null;
        try {
            Method method = sSLSocket.getClass().getMethod("getHandshakeSession", null);
            if (method != null) {
                sSLSession = (SSLSession) method.invoke(sSLSocket, null);
            }
        } catch (Exception e3) {
            Log.d("TrustManagerImpl", "Exception getting handshake session", e3);
        }
        if (sSLSession != null) {
            return sSLSession;
        }
        throw new CertificateException("Not in handshake; no session available");
    }

    public final List b(X509Certificate[] x509CertificateArr, String str, String str2, boolean z2) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        Exception exc = this.h;
        if (exc != null) {
            throw new CertificateException(exc);
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X509Certificate x509Certificate = x509CertificateArr[0];
        TrustAnchor b = this.f2116e.b(x509Certificate);
        if (b == null) {
            b = null;
            TrustedCertificateStore trustedCertificateStore = this.f2115c;
            if (trustedCertificateStore != null) {
                com.commonsware.cwac.netsecurity.config.TrustAnchor a2 = ((TrustedCertificateStoreAdapter) trustedCertificateStore).f2099a.a(x509Certificate);
                X509Certificate x509Certificate2 = a2 == null ? null : a2.f2098a;
                if (x509Certificate2 != null) {
                    b = new TrustAnchor(x509Certificate2, null);
                }
            }
        }
        if (b != null) {
            arrayList2.add(b);
            hashSet.add(b.getTrustedCert());
        } else {
            arrayList.add(x509Certificate);
        }
        hashSet.add(x509Certificate);
        return d(x509CertificateArr, str2, z2, arrayList, arrayList2, hashSet);
    }

    public final List c(X509Certificate[] x509CertificateArr, String str, SSLSession sSLSession, SSLParameters sSLParameters, boolean z2) {
        String peerHost = sSLSession != null ? sSLSession.getPeerHost() : null;
        if (sSLSession != null && sSLParameters != null) {
            try {
                Method method = sSLParameters.getClass().getMethod("getEndpointIdentificationAlgorithm", null);
                if (method != null) {
                }
            } catch (Exception e3) {
                Log.d("TrustManagerImpl", "Exception getting endpoint identification algorithm", e3);
            }
        }
        return b(x509CertificateArr, str, peerHost, z2);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, null, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, null, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v1, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r10v11, types: [java.util.HashSet] */
    /* JADX WARN: Type inference failed for: r10v2, types: [java.util.Collection, java.util.Set] */
    /* JADX WARN: Type inference failed for: r9v3, types: [java.util.List, java.util.ArrayList] */
    public final List d(X509Certificate[] x509CertificateArr, String str, boolean z2, ArrayList arrayList, ArrayList arrayList2, HashSet hashSet) {
        TrustedCertificateStore trustedCertificateStore;
        X509Certificate trustedCert = arrayList2.isEmpty() ? (X509Certificate) arrayList.get(arrayList.size() - 1) : ((TrustAnchor) arrayList2.get(arrayList2.size() - 1)).getTrustedCert();
        if (trustedCert.getIssuerDN().equals(trustedCert.getSubjectDN())) {
            return f(arrayList, arrayList2, str, z2);
        }
        TrustedCertificateIndex trustedCertificateIndex = this.f2116e;
        ?? a2 = trustedCertificateIndex.a(trustedCert);
        if (a2.isEmpty() && (trustedCertificateStore = this.f2115c) != null) {
            NetworkSecurityConfig networkSecurityConfig = ((TrustedCertificateStoreAdapter) trustedCertificateStore).f2099a;
            networkSecurityConfig.getClass();
            HashSet hashSet2 = new HashSet();
            Iterator it = networkSecurityConfig.b.iterator();
            while (it.hasNext()) {
                hashSet2.addAll(((CertificatesEntryRef) it.next()).f2071a.c(trustedCert));
            }
            if (!hashSet2.isEmpty()) {
                a2 = new HashSet(hashSet2.size());
                Iterator it2 = hashSet2.iterator();
                while (it2.hasNext()) {
                    TrustAnchor trustAnchor = new TrustAnchor((X509Certificate) it2.next(), null);
                    trustedCertificateIndex.d(trustAnchor);
                    a2.add(trustAnchor);
                }
            }
        }
        int size = a2.size();
        TrustAnchorComparator trustAnchorComparator = f2113j;
        ArrayList<TrustAnchor> arrayList3 = a2;
        if (size > 1) {
            ArrayList arrayList4 = new ArrayList((Collection) a2);
            Collections.sort(arrayList4, trustAnchorComparator);
            arrayList3 = arrayList4;
        }
        boolean z3 = false;
        CertificateException certificateException = null;
        for (TrustAnchor trustAnchor2 : arrayList3) {
            X509Certificate trustedCert2 = trustAnchor2.getTrustedCert();
            if (!hashSet.contains(trustedCert2)) {
                hashSet.add(trustedCert2);
                arrayList2.add(trustAnchor2);
                try {
                    return d(x509CertificateArr, str, z2, arrayList, arrayList2, hashSet);
                } catch (CertificateException e3) {
                    arrayList2.remove(arrayList2.size() - 1);
                    hashSet.remove(trustedCert2);
                    certificateException = e3;
                    z3 = true;
                }
            }
        }
        if (!arrayList2.isEmpty()) {
            if (z3) {
                throw certificateException;
            }
            return f(arrayList, arrayList2, str, z2);
        }
        for (int i = 1; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            if (!hashSet.contains(x509Certificate) && trustedCert.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                try {
                    x509Certificate.checkValidity();
                    ChainStrengthAnalyzer.a(x509Certificate);
                    hashSet.add(x509Certificate);
                    arrayList.add(x509Certificate);
                    try {
                        return d(x509CertificateArr, str, z2, arrayList, arrayList2, hashSet);
                    } catch (CertificateException e4) {
                        hashSet.remove(x509Certificate);
                        arrayList.remove(arrayList.size() - 1);
                        certificateException = e4;
                    }
                } catch (CertificateException e5) {
                    certificateException = new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e5);
                }
            }
        }
        Set a3 = this.f.a(trustedCert);
        if (a3.size() > 1) {
            ?? arrayList5 = new ArrayList(a3);
            Collections.sort(arrayList5, trustAnchorComparator);
            a3 = arrayList5;
        }
        Iterator it3 = a3.iterator();
        while (it3.hasNext()) {
            X509Certificate trustedCert3 = ((TrustAnchor) it3.next()).getTrustedCert();
            if (!hashSet.contains(trustedCert3)) {
                hashSet.add(trustedCert3);
                arrayList.add(trustedCert3);
                try {
                    return d(x509CertificateArr, str, z2, arrayList, arrayList2, hashSet);
                } catch (CertificateException e6) {
                    arrayList.remove(arrayList.size() - 1);
                    hashSet.remove(trustedCert3);
                    certificateException = e6;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, this.i.generateCertPath(arrayList), -1));
    }

    public final ArrayList f(ArrayList arrayList, ArrayList arrayList2, String str, boolean z2) {
        CertPath generateCertPath = this.i.generateCertPath(arrayList);
        if (arrayList2.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.addAll(arrayList);
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            arrayList3.add(((TrustAnchor) it.next()).getTrustedCert());
        }
        if (str != null) {
            try {
                if (!this.b.c(str, arrayList3)) {
                    throw new CertificateException("Pinning failure", new CertPathValidatorException("Certificate path is not properly pinned.", null, generateCertPath, -1));
                }
            } catch (PinManagerException e3) {
                throw new CertificateException("Failed to check pinning", e3);
            }
        }
        if (arrayList.isEmpty()) {
            return arrayList3;
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it2.next();
            try {
                ChainStrengthAnalyzer.a(x509Certificate);
            } catch (CertificateException e4) {
                throw new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e4);
            }
        }
        try {
            HashSet hashSet = new HashSet();
            hashSet.add((TrustAnchor) arrayList2.get(0));
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.addCertPathChecker(new ExtendedKeyUsagePKIXCertPathChecker(z2, (X509Certificate) arrayList.get(0)));
            this.d.validate(generateCertPath, pKIXParameters);
            for (int i = 1; i < arrayList.size(); i++) {
                X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i);
                TrustedCertificateIndex trustedCertificateIndex = this.f;
                trustedCertificateIndex.getClass();
                trustedCertificateIndex.d(new TrustAnchor(x509Certificate2, null));
            }
            return arrayList3;
        } catch (InvalidAlgorithmParameterException e5) {
            throw new CertificateException("Chain validation failed", e5);
        } catch (CertPathValidatorException e6) {
            throw new CertificateException("Chain validation failed", e6);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.g;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : a(this.f2114a);
    }
}
