package com.commonsware.cwac.netsecurity.conscrypt;

import android.util.Log;
import androidx.compose.compiler.plugins.kotlin.lower.d;
import com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

/* loaded from: classes10.dex */
public final class TrustManagerImpl extends X509ExtendedTrustManager {
    private static final b j = new Object();

    /* renamed from: a, reason: collision with root package name */
    private final KeyStore f1416a;
    private CertPinManager b;
    private final TrustedCertificateStore c;
    private final CertPathValidator d;
    private final TrustedCertificateIndex e;
    private final TrustedCertificateIndex f;
    private final X509Certificate[] g;
    private final Exception h;
    private final CertificateFactory i;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes10.dex */
    public static class a extends PKIXCertPathChecker {
        private static final Set<String> d = Collections.unmodifiableSet(new HashSet(Arrays.asList("2.5.29.37")));
        private final boolean b;
        private final X509Certificate c;

        a(boolean z3, X509Certificate x509Certificate) {
            this.b = z3;
            this.c = x509Certificate;
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final void check(Certificate certificate, Collection<String> collection) throws CertPathValidatorException {
            X509Certificate x509Certificate = this.c;
            if (certificate != x509Certificate) {
                return;
            }
            try {
                List<String> extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
                if (extendedKeyUsage == null) {
                    return;
                }
                for (String str : extendedKeyUsage) {
                    if (!str.equals("2.5.29.37.0")) {
                        if (this.b) {
                            if (str.equals("1.3.6.1.5.5.7.3.2")) {
                            }
                        } else if (!str.equals("1.3.6.1.5.5.7.3.1") && !str.equals("2.16.840.1.113730.4.1") && !str.equals("1.3.6.1.4.1.311.10.3.3")) {
                        }
                    }
                    collection.remove("2.5.29.37");
                    return;
                }
                throw new CertPathValidatorException("End-entity certificate does not have a valid extendedKeyUsage.");
            } catch (CertificateParsingException e) {
                throw new CertPathValidatorException(e);
            }
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final Set<String> getSupportedExtensions() {
            return d;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final void init(boolean z3) throws CertPathValidatorException {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final boolean isForwardCheckingSupported() {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes10.dex */
    public static class b implements Comparator<TrustAnchor> {
        private static final CertificatePriorityComparator b = new CertificatePriorityComparator();

        @Override // java.util.Comparator
        public final int compare(TrustAnchor trustAnchor, TrustAnchor trustAnchor2) {
            return b.compare(trustAnchor.getTrustedCert(), trustAnchor2.getTrustedCert());
        }
    }

    public TrustManagerImpl(KeyStore keyStore) {
        this(keyStore, null);
    }

    public TrustManagerImpl(KeyStore keyStore, CertPinManager certPinManager) {
        this(keyStore, certPinManager, null);
    }

    public TrustManagerImpl(KeyStore keyStore, CertPinManager certPinManager, TrustedCertificateStore trustedCertificateStore) {
        this(keyStore, certPinManager, trustedCertificateStore, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:16:0x008e  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0091 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r10v10, types: [java.security.cert.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r12v17 */
    /* JADX WARN: Type inference failed for: r12v18 */
    /* JADX WARN: Type inference failed for: r12v3, types: [java.security.cert.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r6v0, types: [java.security.cert.X509Certificate] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public TrustManagerImpl(java.security.KeyStore r10, com.commonsware.cwac.netsecurity.conscrypt.CertPinManager r11, com.commonsware.cwac.netsecurity.conscrypt.TrustedCertificateStore r12, java.lang.Object r13) {
        /*
            Method dump skipped, instructions count: 183
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.commonsware.cwac.netsecurity.conscrypt.TrustManagerImpl.<init>(java.security.KeyStore, com.commonsware.cwac.netsecurity.conscrypt.CertPinManager, com.commonsware.cwac.netsecurity.conscrypt.TrustedCertificateStore, java.lang.Object):void");
    }

    private static X509Certificate[] a(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException unused) {
            return new X509Certificate[0];
        }
    }

    private List<X509Certificate> b(X509Certificate[] x509CertificateArr, String str, String str2, boolean z3) throws CertificateException {
        X509Certificate trustAnchor;
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        Exception exc = this.h;
        if (exc != null) {
            throw new CertificateException(exc);
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X509Certificate x509Certificate = x509CertificateArr[0];
        TrustAnchor findBySubjectAndPublicKey = this.e.findBySubjectAndPublicKey(x509Certificate);
        if (findBySubjectAndPublicKey == null) {
            findBySubjectAndPublicKey = null;
            TrustedCertificateStore trustedCertificateStore = this.c;
            if (trustedCertificateStore != null && (trustAnchor = trustedCertificateStore.getTrustAnchor(x509Certificate)) != null) {
                findBySubjectAndPublicKey = new TrustAnchor(trustAnchor, null);
            }
        }
        if (findBySubjectAndPublicKey != null) {
            arrayList2.add(findBySubjectAndPublicKey);
            hashSet.add(findBySubjectAndPublicKey.getTrustedCert());
        } else {
            arrayList.add(x509Certificate);
        }
        hashSet.add(x509Certificate);
        return d(x509CertificateArr, str2, z3, arrayList, arrayList2, hashSet);
    }

    private List<X509Certificate> c(X509Certificate[] x509CertificateArr, String str, SSLSession sSLSession, SSLParameters sSLParameters, boolean z3) throws CertificateException {
        String peerHost = sSLSession != null ? sSLSession.getPeerHost() : null;
        if (sSLSession != null && sSLParameters != null) {
            try {
                Method method = sSLParameters.getClass().getMethod("getEndpointIdentificationAlgorithm", new Class[0]);
                if (method != null) {
                }
            } catch (Exception e) {
                Log.d("TrustManagerImpl", "Exception getting endpoint identification algorithm", e);
            }
        }
        return b(x509CertificateArr, str, peerHost, z3);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r10v1, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r10v11, types: [java.util.HashSet] */
    /* JADX WARN: Type inference failed for: r10v2, types: [java.util.Collection, java.util.Set] */
    /* JADX WARN: Type inference failed for: r9v3, types: [java.util.List, java.util.ArrayList] */
    private List d(X509Certificate[] x509CertificateArr, String str, boolean z3, ArrayList arrayList, ArrayList arrayList2, HashSet hashSet) throws CertificateException {
        TrustedCertificateStore trustedCertificateStore;
        X509Certificate trustedCert = arrayList2.isEmpty() ? (X509Certificate) d.c(arrayList, 1) : ((TrustAnchor) d.c(arrayList2, 1)).getTrustedCert();
        if (trustedCert.getIssuerDN().equals(trustedCert.getSubjectDN())) {
            return f(arrayList, z3, str, arrayList2);
        }
        TrustedCertificateIndex trustedCertificateIndex = this.e;
        ?? findAllByIssuerAndSignature = trustedCertificateIndex.findAllByIssuerAndSignature(trustedCert);
        if (findAllByIssuerAndSignature.isEmpty() && (trustedCertificateStore = this.c) != null) {
            Set<X509Certificate> findAllIssuers = trustedCertificateStore.findAllIssuers(trustedCert);
            if (!findAllIssuers.isEmpty()) {
                findAllByIssuerAndSignature = new HashSet(findAllIssuers.size());
                Iterator<X509Certificate> it = findAllIssuers.iterator();
                while (it.hasNext()) {
                    findAllByIssuerAndSignature.add(trustedCertificateIndex.index(it.next()));
                }
            }
        }
        int size = findAllByIssuerAndSignature.size();
        b bVar = j;
        ArrayList<TrustAnchor> arrayList3 = findAllByIssuerAndSignature;
        if (size > 1) {
            ArrayList arrayList4 = new ArrayList((Collection) findAllByIssuerAndSignature);
            Collections.sort(arrayList4, bVar);
            arrayList3 = arrayList4;
        }
        boolean z4 = false;
        CertificateException certificateException = null;
        for (TrustAnchor trustAnchor : arrayList3) {
            X509Certificate trustedCert2 = trustAnchor.getTrustedCert();
            if (!hashSet.contains(trustedCert2)) {
                hashSet.add(trustedCert2);
                arrayList2.add(trustAnchor);
                try {
                    return d(x509CertificateArr, str, z3, arrayList, arrayList2, hashSet);
                } catch (CertificateException e) {
                    arrayList2.remove(arrayList2.size() - 1);
                    hashSet.remove(trustedCert2);
                    certificateException = e;
                    z4 = true;
                }
            }
        }
        if (!arrayList2.isEmpty()) {
            if (z4) {
                throw certificateException;
            }
            return f(arrayList, z3, str, arrayList2);
        }
        for (int i = 1; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            if (!hashSet.contains(x509Certificate) && trustedCert.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                try {
                    x509Certificate.checkValidity();
                    ChainStrengthAnalyzer.checkCert(x509Certificate);
                    hashSet.add(x509Certificate);
                    arrayList.add(x509Certificate);
                    try {
                        return d(x509CertificateArr, str, z3, arrayList, arrayList2, hashSet);
                    } catch (CertificateException e3) {
                        hashSet.remove(x509Certificate);
                        arrayList.remove(arrayList.size() - 1);
                        certificateException = e3;
                    }
                } catch (CertificateException e4) {
                    certificateException = new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e4);
                }
            }
        }
        Set<TrustAnchor> findAllByIssuerAndSignature2 = this.f.findAllByIssuerAndSignature(trustedCert);
        if (findAllByIssuerAndSignature2.size() > 1) {
            ?? arrayList5 = new ArrayList(findAllByIssuerAndSignature2);
            Collections.sort(arrayList5, bVar);
            findAllByIssuerAndSignature2 = arrayList5;
        }
        Iterator<TrustAnchor> it2 = findAllByIssuerAndSignature2.iterator();
        while (it2.hasNext()) {
            X509Certificate trustedCert3 = it2.next().getTrustedCert();
            if (!hashSet.contains(trustedCert3)) {
                hashSet.add(trustedCert3);
                arrayList.add(trustedCert3);
                try {
                    return d(x509CertificateArr, str, z3, arrayList, arrayList2, hashSet);
                } catch (CertificateException e5) {
                    arrayList.remove(arrayList.size() - 1);
                    hashSet.remove(trustedCert3);
                    certificateException = e5;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, this.i.generateCertPath(arrayList), -1));
    }

    private static SSLSession e(SSLSocket sSLSocket) throws CertificateException {
        SSLSession sSLSession = null;
        try {
            Method method = sSLSocket.getClass().getMethod("getHandshakeSession", new Class[0]);
            if (method != null) {
                sSLSession = (SSLSession) method.invoke(sSLSocket, new Object[0]);
            }
        } catch (Exception e) {
            Log.d("TrustManagerImpl", "Exception getting handshake session", e);
        }
        if (sSLSession != null) {
            return sSLSession;
        }
        throw new CertificateException("Not in handshake; no session available");
    }

    private ArrayList f(ArrayList arrayList, boolean z3, String str, ArrayList arrayList2) throws CertificateException {
        CertPath generateCertPath = this.i.generateCertPath(arrayList);
        if (arrayList2.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.addAll(arrayList);
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            arrayList3.add(((TrustAnchor) it.next()).getTrustedCert());
        }
        if (str != null) {
            try {
                if (!this.b.isChainValid(str, arrayList3)) {
                    throw new CertificateException("Pinning failure", new CertPathValidatorException("Certificate path is not properly pinned.", null, generateCertPath, -1));
                }
            } catch (com.commonsware.cwac.netsecurity.conscrypt.a e) {
                throw new CertificateException("Failed to check pinning", e);
            }
        }
        if (arrayList.isEmpty()) {
            return arrayList3;
        }
        ChainStrengthAnalyzer.check(arrayList);
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(arrayList2.get(0));
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            pKIXParameters.addCertPathChecker(new a(z3, (X509Certificate) arrayList.get(0)));
            this.d.validate(generateCertPath, pKIXParameters);
            for (int i = 1; i < arrayList.size(); i++) {
                this.f.index((X509Certificate) arrayList.get(i));
            }
            return arrayList3;
        } catch (InvalidAlgorithmParameterException e3) {
            throw new CertificateException("Chain validation failed", e3);
        } catch (CertPathValidatorException e4) {
            throw new CertificateException("Chain validation failed", e4);
        }
    }

    public List<X509Certificate> checkClientTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        return b(x509CertificateArr, str, str2, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        c(x509CertificateArr, str, null, null, true);
    }

    @Override // com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession e = e(sSLSocket);
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = e;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        c(x509CertificateArr, str, sSLSession, sSLParameters, true);
    }

    @Override // com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        SSLSession sSLSession = null;
        try {
            Method method = sSLEngine.getClass().getMethod("getHandshakeSession", new Class[0]);
            if (method != null) {
                sSLSession = (SSLSession) method.invoke(sSLEngine, new Object[0]);
            }
        } catch (Exception e) {
            Log.d("TrustManagerImpl", "Exception getting handshake session", e);
        }
        SSLSession sSLSession2 = sSLSession;
        if (sSLSession2 == null) {
            throw new CertificateException("Not in handshake; no session available");
        }
        c(x509CertificateArr, str, sSLSession2, sSLEngine.getSSLParameters(), true);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        return b(x509CertificateArr, str, str2, false);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLSession sSLSession) throws CertificateException {
        return c(x509CertificateArr, str, sSLSession, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        c(x509CertificateArr, str, null, null, false);
    }

    @Override // com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        getTrustedChainForServer(x509CertificateArr, str, socket);
    }

    @Override // com.commonsware.cwac.netsecurity.luni.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        getTrustedChainForServer(x509CertificateArr, str, sSLEngine);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.g;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : a(this.f1416a);
    }

    public List<X509Certificate> getTrustedChainForServer(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession e = e(sSLSocket);
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = e;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        return c(x509CertificateArr, str, sSLSession, sSLParameters, false);
    }

    public List<X509Certificate> getTrustedChainForServer(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        SSLSession sSLSession = null;
        try {
            Method method = sSLEngine.getClass().getMethod("getHandshakeSession", new Class[0]);
            if (method != null) {
                sSLSession = (SSLSession) method.invoke(sSLEngine, new Object[0]);
            }
        } catch (Exception e) {
            Log.d("TrustManagerImpl", "Exception getting handshake session", e);
        }
        SSLSession sSLSession2 = sSLSession;
        if (sSLSession2 != null) {
            return c(x509CertificateArr, str, sSLSession2, sSLEngine.getSSLParameters(), false);
        }
        throw new CertificateException("Not in handshake; no session available");
    }

    public void handleTrustStorageUpdate() {
        TrustedCertificateIndex trustedCertificateIndex = this.e;
        X509Certificate[] x509CertificateArr = this.g;
        if (x509CertificateArr == null) {
            trustedCertificateIndex.reset();
            return;
        }
        HashSet hashSet = new HashSet(x509CertificateArr.length);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        trustedCertificateIndex.reset(hashSet);
    }
}
