package com.huawei.secure.android.common.ssl;

import android.content.Context;
import androidx.collection.g;
import com.huawei.secure.android.common.ssl.util.d;
import com.huawei.secure.android.common.ssl.util.e;
import com.huawei.secure.android.common.ssl.util.h;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes10.dex */
public class SecureX509TrustManager implements X509TrustManager {
    public static final String d = "hmsrootcas.bks";

    /* renamed from: a, reason: collision with root package name */
    protected List<X509TrustManager> f12836a;

    /* renamed from: b, reason: collision with root package name */
    private X509Certificate[] f12837b;

    public SecureX509TrustManager(Context context) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IllegalArgumentException {
        this(context, false);
    }

    /* JADX WARN: Code restructure failed: missing block: B:8:0x004d, code lost:
    
        if (r2 == null) goto L22;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public SecureX509TrustManager(android.content.Context r6, boolean r7) throws java.io.IOException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.lang.IllegalArgumentException {
        /*
            r5 = this;
            r5.<init>()
            java.util.ArrayList r0 = new java.util.ArrayList
            r0.<init>()
            r5.f12836a = r0
            if (r6 == 0) goto L7e
            com.huawei.secure.android.common.ssl.util.ContextUtil.setContext(r6)
            if (r7 == 0) goto L14
            r5.a()
        L14:
            java.lang.String r7 = "SX509TM"
            java.lang.String r0 = "loadBksCA"
            com.huawei.secure.android.common.ssl.util.e.c(r7, r0)
            long r0 = java.lang.System.currentTimeMillis()
            java.io.InputStream r2 = com.huawei.secure.android.common.ssl.util.BksUtil.getFilesBksIS(r6)
            if (r2 == 0) goto L4d
            java.lang.String r3 = "get bks not from assets"
            com.huawei.secure.android.common.ssl.util.e.c(r7, r3)     // Catch: java.io.IOException -> L2e java.security.cert.CertificateException -> L30 java.security.KeyStoreException -> L32 java.security.NoSuchAlgorithmException -> L34 java.lang.OutOfMemoryError -> L36
            r5.b(r2)     // Catch: java.io.IOException -> L2e java.security.cert.CertificateException -> L30 java.security.KeyStoreException -> L32 java.security.NoSuchAlgorithmException -> L34 java.lang.OutOfMemoryError -> L36
            goto L4d
        L2e:
            r2 = move-exception
            goto L37
        L30:
            r2 = move-exception
            goto L37
        L32:
            r2 = move-exception
            goto L37
        L34:
            r2 = move-exception
            goto L37
        L36:
            r2 = move-exception
        L37:
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            java.lang.String r4 = "loadBksCA: exception : "
            r3.<init>(r4)
            java.lang.String r2 = r2.getMessage()
            r3.append(r2)
            java.lang.String r2 = r3.toString()
            com.huawei.secure.android.common.ssl.util.e.b(r7, r2)
            goto L4f
        L4d:
            if (r2 != 0) goto L61
        L4f:
            java.lang.String r2 = " get bks from assets "
            com.huawei.secure.android.common.ssl.util.e.c(r7, r2)
            android.content.res.AssetManager r6 = r6.getAssets()
            java.lang.String r2 = "hmsrootcas.bks"
            java.io.InputStream r6 = r6.open(r2)
            r5.b(r6)
        L61:
            java.lang.StringBuilder r6 = new java.lang.StringBuilder
            java.lang.String r2 = "loadBksCA: cost : "
            r6.<init>(r2)
            java.lang.String r2 = " ms"
            androidx.collection.g.e(r0, r2, r7, r6)
            java.util.List<javax.net.ssl.X509TrustManager> r6 = r5.f12836a
            boolean r6 = r6.isEmpty()
            if (r6 != 0) goto L76
            return
        L76:
            java.security.cert.CertificateException r6 = new java.security.cert.CertificateException
            java.lang.String r7 = "X509TrustManager is empty"
            r6.<init>(r7)
            throw r6
        L7e:
            java.lang.IllegalArgumentException r6 = new java.lang.IllegalArgumentException
            java.lang.String r7 = "context is null"
            r6.<init>(r7)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.huawei.secure.android.common.ssl.SecureX509TrustManager.<init>(android.content.Context, boolean):void");
    }

    public SecureX509TrustManager(InputStream inputStream, String str) throws IllegalArgumentException {
        this.f12836a = new ArrayList();
        c(inputStream, str);
    }

    public SecureX509TrustManager(InputStream inputStream, String str, boolean z) throws IllegalArgumentException {
        this.f12836a = new ArrayList();
        if (z) {
            a();
        }
        c(inputStream, str);
    }

    public SecureX509TrustManager(String str) throws IllegalArgumentException, FileNotFoundException {
        this(str, false);
    }

    public SecureX509TrustManager(String str, boolean z) throws IllegalArgumentException, FileNotFoundException {
        FileInputStream fileInputStream;
        this.f12836a = new ArrayList();
        try {
            fileInputStream = new FileInputStream(str);
            try {
                c(fileInputStream, "");
                d.a((InputStream) fileInputStream);
                if (z) {
                    a();
                }
            } catch (Throwable th) {
                th = th;
                d.a((InputStream) fileInputStream);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = null;
        }
    }

    private void a() {
        e.c("SX509TM", "loadSystemCA");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    this.f12836a.add((X509TrustManager) trustManager);
                }
            }
        } catch (IOException | NegativeArraySizeException | OutOfMemoryError | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            e.b("SX509TM", "loadSystemCA: exception : " + e.getMessage());
        }
        g.e(currentTimeMillis, " ms", "SX509TM", new StringBuilder("loadSystemCA: cost : "));
    }

    private void b(InputStream inputStream) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            KeyStore keyStore = KeyStore.getInstance(h.e);
            keyStore.load(inputStream, "".toCharArray());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.f12836a.add((X509TrustManager) trustManager);
                }
            }
        } finally {
            d.a(inputStream);
        }
    }

    private void c(InputStream inputStream, String str) {
        if (inputStream == null || str == null) {
            throw new IllegalArgumentException("inputstream or trustPwd is null");
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                KeyStore keyStore = KeyStore.getInstance(h.e);
                keyStore.load(inputStream, str.toCharArray());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        this.f12836a.add((X509TrustManager) trustManager);
                    }
                }
                d.a(inputStream);
            } finally {
                d.a(inputStream);
            }
        } catch (IOException | NegativeArraySizeException | OutOfMemoryError | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            e.b("SX509TM", "loadInputStream: exception : " + e.getMessage());
        }
        g.e(currentTimeMillis, " ms", "SX509TM", new StringBuilder("loadInputStream: cost : "));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        e.c("SX509TM", "checkClientTrusted: ");
        Iterator<X509TrustManager> it = this.f12836a.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e) {
                e.b("SX509TM", "checkServerTrusted CertificateException" + e.getMessage());
            }
        }
        throw new CertificateException("checkServerTrusted CertificateException");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        setChain(x509CertificateArr);
        e.c("SX509TM", "checkServerTrusted begin,size=" + x509CertificateArr.length + ",authType=" + str);
        long currentTimeMillis = System.currentTimeMillis();
        int length = x509CertificateArr.length;
        for (int i = 0; i < length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            e.a("SX509TM", "server ca chain: getSubjectDN is :" + x509Certificate.getSubjectDN());
            e.a("SX509TM", "IssuerDN :" + x509Certificate.getIssuerDN());
            e.a("SX509TM", "SerialNumber : " + x509Certificate.getSerialNumber());
        }
        int size = this.f12836a.size();
        for (int i7 = 0; i7 < size; i7++) {
            try {
                e.c("SX509TM", "check server i=" + i7);
                X509TrustManager x509TrustManager = this.f12836a.get(i7);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    e.c("SX509TM", "client root ca size=" + acceptedIssuers.length);
                    for (int i9 = 0; i9 < acceptedIssuers.length; i9++) {
                        e.a("SX509TM", "client root ca getIssuerDN :" + acceptedIssuers[i9].getIssuerDN());
                    }
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                e.c("SX509TM", "checkServerTrusted end, " + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                return;
            } catch (CertificateException e) {
                e.b("SX509TM", "checkServerTrusted error :" + e.getMessage() + " , time : " + i7);
                if (i7 == size - 1) {
                    if (x509CertificateArr.length > 0) {
                        e.b("SX509TM", "root ca issuer : " + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                    }
                    throw e;
                }
            }
        }
        g.e(currentTimeMillis, " ms", "SX509TM", new StringBuilder("checkServerTrusted: cost : "));
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.f12836a.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e) {
            e.b("SX509TM", "getAcceptedIssuers exception : " + e.getMessage());
            return new X509Certificate[0];
        }
    }

    public X509Certificate[] getChain() {
        return this.f12837b;
    }

    public List<X509TrustManager> getX509TrustManagers() {
        return this.f12836a;
    }

    public void setChain(X509Certificate[] x509CertificateArr) {
        this.f12837b = x509CertificateArr;
    }

    public void setX509TrustManagers(List<X509TrustManager> list) {
        this.f12836a = list;
    }
}
