package H4;

import G5.C1888k;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public final class i extends I4.b {

    /* renamed from: j, reason: collision with root package name */
    private static final b f7182j = new Object();

    /* renamed from: a, reason: collision with root package name */
    private final KeyStore f7183a;
    private H4.a b;

    /* renamed from: c, reason: collision with root package name */
    private final k f7184c;

    /* renamed from: d, reason: collision with root package name */
    private final CertPathValidator f7185d;

    /* renamed from: e, reason: collision with root package name */
    private final j f7186e;

    /* renamed from: f, reason: collision with root package name */
    private final j f7187f;

    /* renamed from: g, reason: collision with root package name */
    private final X509Certificate[] f7188g;

    /* renamed from: h, reason: collision with root package name */
    private final Exception f7189h;

    /* renamed from: i, reason: collision with root package name */
    private final CertificateFactory f7190i;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a extends PKIXCertPathChecker {

        /* renamed from: d, reason: collision with root package name */
        private static final Set<String> f7191d = Collections.unmodifiableSet(new HashSet(Arrays.asList("2.5.29.37")));
        private final boolean b;

        /* renamed from: c, reason: collision with root package name */
        private final X509Certificate f7192c;

        a(boolean z10, X509Certificate x509Certificate) {
            this.b = z10;
            this.f7192c = x509Certificate;
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
            X509Certificate x509Certificate = this.f7192c;
            if (certificate != x509Certificate) {
                return;
            }
            try {
                List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                if (extendedKeyUsage == null) {
                    return;
                }
                for (String str : extendedKeyUsage) {
                    if (!str.equals("2.5.29.37.0")) {
                        if (this.b) {
                            if (str.equals("1.3.6.1.5.5.7.3.2")) {
                            }
                        } else if (!str.equals("1.3.6.1.5.5.7.3.1") && !str.equals("2.16.840.1.113730.4.1") && !str.equals("1.3.6.1.4.1.311.10.3.3")) {
                        }
                    }
                    collection.remove("2.5.29.37");
                    return;
                }
                throw new CertPathValidatorException("End-entity certificate does not have a valid extendedKeyUsage.");
            } catch (CertificateParsingException e10) {
                throw new CertPathValidatorException(e10);
            }
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final Set<String> getSupportedExtensions() {
            return f7191d;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final void init(boolean z10) throws CertPathValidatorException {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final boolean isForwardCheckingSupported() {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class b implements Comparator<TrustAnchor> {
        private static final H4.b b = new H4.b();

        @Override // java.util.Comparator
        public final int compare(TrustAnchor trustAnchor, TrustAnchor trustAnchor2) {
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            X509Certificate trustedCert2 = trustAnchor2.getTrustedCert();
            b.getClass();
            return H4.b.a(trustedCert, trustedCert2);
        }
    }

    public i(KeyStore keyStore) {
        this(keyStore, null);
    }

    public i(KeyStore keyStore, H4.a aVar) {
        this(keyStore, aVar, null);
    }

    public i(KeyStore keyStore, H4.a aVar, k kVar) {
        this(keyStore, aVar, kVar, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:16:0x008e  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0091 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r10v10, types: [java.security.cert.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r12v17 */
    /* JADX WARN: Type inference failed for: r12v18 */
    /* JADX WARN: Type inference failed for: r12v3, types: [java.security.cert.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r6v0, types: [java.security.cert.X509Certificate] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public i(java.security.KeyStore r10, H4.a r11, H4.k r12, java.lang.Object r13) {
        /*
            Method dump skipped, instructions count: 183
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: H4.i.<init>(java.security.KeyStore, H4.a, H4.k, java.lang.Object):void");
    }

    private static X509Certificate[] b(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException unused) {
            return new X509Certificate[0];
        }
    }

    private List<X509Certificate> d(X509Certificate[] x509CertificateArr, String str, String str2, boolean z10) throws CertificateException {
        X509Certificate b10;
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        Exception exc = this.f7189h;
        if (exc != null) {
            throw new CertificateException(exc);
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X509Certificate x509Certificate = x509CertificateArr[0];
        TrustAnchor b11 = this.f7186e.b(x509Certificate);
        if (b11 == null) {
            b11 = null;
            k kVar = this.f7184c;
            if (kVar != null && (b10 = kVar.b(x509Certificate)) != null) {
                b11 = new TrustAnchor(b10, null);
            }
        }
        if (b11 != null) {
            arrayList2.add(b11);
            hashSet.add(b11.getTrustedCert());
        } else {
            arrayList.add(x509Certificate);
        }
        hashSet.add(x509Certificate);
        return e(x509CertificateArr, str2, z10, arrayList, arrayList2, hashSet);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v1, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r10v11, types: [java.util.HashSet] */
    /* JADX WARN: Type inference failed for: r10v2, types: [java.util.Collection, java.util.Set] */
    /* JADX WARN: Type inference failed for: r9v3, types: [java.util.List, java.util.ArrayList] */
    private List e(X509Certificate[] x509CertificateArr, String str, boolean z10, ArrayList arrayList, ArrayList arrayList2, HashSet hashSet) throws CertificateException {
        k kVar;
        X509Certificate trustedCert = arrayList2.isEmpty() ? (X509Certificate) C1888k.c(arrayList, 1) : ((TrustAnchor) C1888k.c(arrayList2, 1)).getTrustedCert();
        if (trustedCert.getIssuerDN().equals(trustedCert.getSubjectDN())) {
            return f(arrayList, z10, str, arrayList2);
        }
        j jVar = this.f7186e;
        ?? a3 = jVar.a(trustedCert);
        if (a3.isEmpty() && (kVar = this.f7184c) != null) {
            Set<X509Certificate> a10 = kVar.a(trustedCert);
            if (!a10.isEmpty()) {
                a3 = new HashSet(a10.size());
                Iterator<X509Certificate> it = a10.iterator();
                while (it.hasNext()) {
                    TrustAnchor trustAnchor = new TrustAnchor(it.next(), null);
                    jVar.d(trustAnchor);
                    a3.add(trustAnchor);
                }
            }
        }
        int size = a3.size();
        b bVar = f7182j;
        ArrayList<TrustAnchor> arrayList3 = a3;
        if (size > 1) {
            ArrayList arrayList4 = new ArrayList((Collection) a3);
            Collections.sort(arrayList4, bVar);
            arrayList3 = arrayList4;
        }
        boolean z11 = false;
        CertificateException certificateException = null;
        for (TrustAnchor trustAnchor2 : arrayList3) {
            X509Certificate trustedCert2 = trustAnchor2.getTrustedCert();
            if (!hashSet.contains(trustedCert2)) {
                hashSet.add(trustedCert2);
                arrayList2.add(trustAnchor2);
                try {
                    return e(x509CertificateArr, str, z10, arrayList, arrayList2, hashSet);
                } catch (CertificateException e10) {
                    arrayList2.remove(arrayList2.size() - 1);
                    hashSet.remove(trustedCert2);
                    certificateException = e10;
                    z11 = true;
                }
            }
        }
        if (!arrayList2.isEmpty()) {
            if (z11) {
                throw certificateException;
            }
            return f(arrayList, z10, str, arrayList2);
        }
        for (int i10 = 1; i10 < x509CertificateArr.length; i10++) {
            X509Certificate x509Certificate = x509CertificateArr[i10];
            if (!hashSet.contains(x509Certificate) && trustedCert.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                try {
                    x509Certificate.checkValidity();
                    c.a(x509Certificate);
                    hashSet.add(x509Certificate);
                    arrayList.add(x509Certificate);
                    try {
                        return e(x509CertificateArr, str, z10, arrayList, arrayList2, hashSet);
                    } catch (CertificateException e11) {
                        hashSet.remove(x509Certificate);
                        arrayList.remove(arrayList.size() - 1);
                        certificateException = e11;
                    }
                } catch (CertificateException e12) {
                    certificateException = new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e12);
                }
            }
        }
        Set<TrustAnchor> a11 = this.f7187f.a(trustedCert);
        if (a11.size() > 1) {
            ?? arrayList5 = new ArrayList(a11);
            Collections.sort(arrayList5, bVar);
            a11 = arrayList5;
        }
        Iterator<TrustAnchor> it2 = a11.iterator();
        while (it2.hasNext()) {
            X509Certificate trustedCert3 = it2.next().getTrustedCert();
            if (!hashSet.contains(trustedCert3)) {
                hashSet.add(trustedCert3);
                arrayList.add(trustedCert3);
                try {
                    return e(x509CertificateArr, str, z10, arrayList, arrayList2, hashSet);
                } catch (CertificateException e13) {
                    arrayList.remove(arrayList.size() - 1);
                    hashSet.remove(trustedCert3);
                    certificateException = e13;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, this.f7190i.generateCertPath(arrayList), -1));
    }

    private ArrayList f(ArrayList arrayList, boolean z10, String str, ArrayList arrayList2) throws CertificateException {
        CertPath generateCertPath = this.f7190i.generateCertPath(arrayList);
        if (arrayList2.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.addAll(arrayList);
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            arrayList3.add(((TrustAnchor) it.next()).getTrustedCert());
        }
        if (str != null) {
            try {
                if (!this.b.c(str, arrayList3)) {
                    throw new CertificateException("Pinning failure", new CertPathValidatorException("Certificate path is not properly pinned.", null, generateCertPath, -1));
                }
            } catch (h e10) {
                throw new CertificateException("Failed to check pinning", e10);
            }
        }
        if (arrayList.isEmpty()) {
            return arrayList3;
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            X509Certificate x509Certificate = (X509Certificate) it2.next();
            try {
                c.a(x509Certificate);
            } catch (CertificateException e11) {
                throw new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e11);
            }
        }
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(arrayList2.get(0));
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.addCertPathChecker(new a(z10, (X509Certificate) arrayList.get(0)));
            this.f7185d.validate(generateCertPath, pKIXParameters);
            for (int i10 = 1; i10 < arrayList.size(); i10++) {
                X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(i10);
                j jVar = this.f7187f;
                jVar.getClass();
                jVar.d(new TrustAnchor(x509Certificate2, null));
            }
            return arrayList3;
        } catch (InvalidAlgorithmParameterException e12) {
            throw new CertificateException("Chain validation failed", e12);
        } catch (CertPathValidatorException e13) {
            throw new CertificateException("Chain validation failed", e13);
        }
    }

    public final List c(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        return d(x509CertificateArr, str, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        d(x509CertificateArr, str, null, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        d(x509CertificateArr, str, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.f7188g;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : b(this.f7183a);
    }
}
