package ns;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathChecker;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.security.auth.x500.X500Principal;
import x5.e1;

/* compiled from: TrustManagerImpl.java */
/* loaded from: classes9.dex */
public final class s0 extends X509ExtendedTrustManager {

    /* renamed from: h, reason: collision with root package name */
    public static final Logger f50565h = Logger.getLogger(s0.class.getName());

    /* renamed from: i, reason: collision with root package name */
    public static final b f50566i = new b();

    /* renamed from: a, reason: collision with root package name */
    public final CertPathValidator f50567a;

    /* renamed from: b, reason: collision with root package name */
    public final r0.a f50568b;

    /* renamed from: c, reason: collision with root package name */
    public final r0.a f50569c;

    /* renamed from: d, reason: collision with root package name */
    public final X509Certificate[] f50570d;

    /* renamed from: e, reason: collision with root package name */
    public final Exception f50571e;

    /* renamed from: f, reason: collision with root package name */
    public final CertificateFactory f50572f;

    /* renamed from: g, reason: collision with root package name */
    public final e1 f50573g;

    /* compiled from: TrustManagerImpl.java */
    /* loaded from: classes9.dex */
    public static class a extends PKIXCertPathChecker {

        /* renamed from: e, reason: collision with root package name */
        public static final Set<String> f50574e = Collections.unmodifiableSet(new HashSet(Arrays.asList("2.5.29.37")));

        /* renamed from: c, reason: collision with root package name */
        public final boolean f50575c;

        /* renamed from: d, reason: collision with root package name */
        public final X509Certificate f50576d;

        public a(boolean z10, X509Certificate x509Certificate) {
            this.f50575c = z10;
            this.f50576d = x509Certificate;
        }

        /* JADX WARN: Code restructure failed: missing block: B:25:0x0051, code lost:
        
            r5.remove("2.5.29.37");
         */
        /* JADX WARN: Code restructure failed: missing block: B:26:0x0056, code lost:
        
            return;
         */
        @Override // java.security.cert.PKIXCertPathChecker
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public final void check(java.security.cert.Certificate r4, java.util.Collection<java.lang.String> r5) throws java.security.cert.CertPathValidatorException {
            /*
                r3 = this;
                java.security.cert.X509Certificate r0 = r3.f50576d
                if (r4 == r0) goto L5
                return
            L5:
                java.util.List r4 = r0.getExtendedKeyUsage()     // Catch: java.security.cert.CertificateParsingException -> L5f
                if (r4 != 0) goto Lc
                return
            Lc:
                java.util.Iterator r4 = r4.iterator()
            L10:
                boolean r0 = r4.hasNext()
                if (r0 == 0) goto L4e
                java.lang.Object r0 = r4.next()
                java.lang.String r0 = (java.lang.String) r0
                java.lang.String r1 = "2.5.29.37.0"
                boolean r1 = r0.equals(r1)
                r2 = 1
                if (r1 == 0) goto L26
                goto L4f
            L26:
                boolean r1 = r3.f50575c
                if (r1 == 0) goto L33
                java.lang.String r1 = "1.3.6.1.5.5.7.3.2"
                boolean r0 = r0.equals(r1)
                if (r0 == 0) goto L10
                goto L4f
            L33:
                java.lang.String r1 = "1.3.6.1.5.5.7.3.1"
                boolean r1 = r0.equals(r1)
                if (r1 == 0) goto L3c
                goto L4f
            L3c:
                java.lang.String r1 = "2.16.840.1.113730.4.1"
                boolean r1 = r0.equals(r1)
                if (r1 == 0) goto L45
                goto L4f
            L45:
                java.lang.String r1 = "1.3.6.1.4.1.311.10.3.3"
                boolean r0 = r0.equals(r1)
                if (r0 == 0) goto L10
                goto L4f
            L4e:
                r2 = 0
            L4f:
                if (r2 == 0) goto L57
                java.lang.String r4 = "2.5.29.37"
                r5.remove(r4)
                return
            L57:
                java.security.cert.CertPathValidatorException r4 = new java.security.cert.CertPathValidatorException
                java.lang.String r5 = "End-entity certificate does not have a valid extendedKeyUsage."
                r4.<init>(r5)
                throw r4
            L5f:
                r4 = move-exception
                java.security.cert.CertPathValidatorException r5 = new java.security.cert.CertPathValidatorException
                r5.<init>(r4)
                throw r5
            */
            throw new UnsupportedOperationException("Method not decompiled: ns.s0.a.check(java.security.cert.Certificate, java.util.Collection):void");
        }

        @Override // java.security.cert.PKIXCertPathChecker
        public final Set<String> getSupportedExtensions() {
            return f50574e;
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final void init(boolean z10) throws CertPathValidatorException {
        }

        @Override // java.security.cert.PKIXCertPathChecker, java.security.cert.CertPathChecker
        public final boolean isForwardCheckingSupported() {
            return true;
        }
    }

    /* compiled from: TrustManagerImpl.java */
    /* loaded from: classes9.dex */
    public static class b implements Comparator<TrustAnchor> {

        /* renamed from: c, reason: collision with root package name */
        public static final f f50577c = new f();

        @Override // java.util.Comparator
        public final int compare(TrustAnchor trustAnchor, TrustAnchor trustAnchor2) {
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            X509Certificate trustedCert2 = trustAnchor2.getTrustedCert();
            f50577c.getClass();
            return f.a(trustedCert, trustedCert2);
        }
    }

    public s0(KeyStore keyStore) {
        Exception e10;
        X509Certificate[] x509CertificateArr;
        CertPathValidator certPathValidator;
        CertificateFactory certificateFactory;
        r0.a aVar = null;
        try {
            certPathValidator = CertPathValidator.getInstance("PKIX");
            try {
                certificateFactory = CertificateFactory.getInstance("X509");
                try {
                    if ("AndroidCAStore".equals(keyStore.getType())) {
                        int i10 = m0.f50542a;
                    }
                    x509CertificateArr = a(keyStore);
                    try {
                        HashSet hashSet = new HashSet(x509CertificateArr.length);
                        for (X509Certificate x509Certificate : x509CertificateArr) {
                            hashSet.add(new TrustAnchor(x509Certificate, null));
                        }
                        e10 = null;
                        aVar = new r0.a(hashSet);
                    } catch (Exception e11) {
                        e10 = e11;
                    }
                } catch (Exception e12) {
                    e10 = e12;
                    x509CertificateArr = null;
                }
            } catch (Exception e13) {
                e10 = e13;
                x509CertificateArr = null;
                certificateFactory = null;
            }
        } catch (Exception e14) {
            e10 = e14;
            x509CertificateArr = null;
            certPathValidator = null;
            certificateFactory = null;
        }
        int i11 = m0.f50542a;
        this.f50567a = certPathValidator;
        this.f50572f = certificateFactory;
        this.f50568b = aVar;
        this.f50569c = new r0.a(4);
        this.f50570d = x509CertificateArr;
        this.f50571e = e10;
        this.f50573g = new e1();
    }

    public static X509Certificate[] a(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException unused) {
            return new X509Certificate[0];
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:35:0x00c5  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x00d9  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final void b(java.util.ArrayList r17, byte[] r18, byte[] r19) throws java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 267
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ns.s0.b(java.util.ArrayList, byte[], byte[]):void");
    }

    public final List<X509Certificate> c(X509Certificate[] x509CertificateArr, String str, SSLSession sSLSession, SSLParameters sSLParameters, boolean z10) throws CertificateException {
        byte[] bArr;
        byte[] bArr2;
        String str2;
        TrustAnchor b10;
        String endpointIdentificationAlgorithm;
        boolean z11;
        List<byte[]> list;
        if (sSLSession != null) {
            String peerHost = sSLSession.getPeerHost();
            boolean z12 = sSLSession instanceof k;
            if (z12) {
                list = ((k) sSLSession).h();
            } else {
                try {
                    Method declaredMethod = sSLSession.getClass().getDeclaredMethod("getStatusResponses", new Class[0]);
                    declaredMethod.setAccessible(true);
                    Object invoke = declaredMethod.invoke(sSLSession, new Object[0]);
                    if (invoke instanceof List) {
                        list = (List) invoke;
                    }
                } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException unused) {
                } catch (InvocationTargetException e10) {
                    throw new RuntimeException(e10.getCause());
                }
                list = null;
            }
            byte[] bArr3 = (list == null || list.isEmpty()) ? null : list.get(0);
            if (z12) {
                bArr2 = ((k) sSLSession).e();
            } else {
                try {
                    Method declaredMethod2 = sSLSession.getClass().getDeclaredMethod("getPeerSignedCertificateTimestamp", new Class[0]);
                    declaredMethod2.setAccessible(true);
                    Object invoke2 = declaredMethod2.invoke(sSLSession, new Object[0]);
                    if (invoke2 instanceof byte[]) {
                        bArr2 = (byte[]) invoke2;
                    }
                } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException unused2) {
                } catch (InvocationTargetException e11) {
                    throw new RuntimeException(e11.getCause());
                }
                bArr2 = null;
            }
            str2 = peerHost;
            bArr = bArr3;
        } else {
            bArr = null;
            bArr2 = null;
            str2 = null;
        }
        if (sSLSession != null && sSLParameters != null) {
            endpointIdentificationAlgorithm = sSLParameters.getEndpointIdentificationAlgorithm();
            if ("HTTPS".equalsIgnoreCase(endpointIdentificationAlgorithm)) {
                int i10 = m0.f50542a;
                if (x509CertificateArr.length > 0) {
                    z11 = d0.b(str2, x509CertificateArr[0]);
                } else {
                    try {
                        z11 = d0.b(str2, (X509Certificate) sSLSession.getPeerCertificates()[0]);
                    } catch (SSLException unused3) {
                        z11 = false;
                    }
                }
                if (!z11) {
                    throw new CertificateException("No subjectAltNames on the certificate match");
                }
            }
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.f50571e != null) {
            throw new CertificateException(this.f50571e);
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X509Certificate x509Certificate = x509CertificateArr[0];
        r0.a aVar = this.f50568b;
        aVar.getClass();
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        synchronized (((Map) aVar.f54599a)) {
            List list2 = (List) ((Map) aVar.f54599a).get(subjectX500Principal);
            b10 = list2 == null ? null : r0.a.b(x509Certificate, list2);
        }
        TrustAnchor trustAnchor = b10 != null ? b10 : null;
        if (trustAnchor != null) {
            arrayList2.add(trustAnchor);
            hashSet.add(trustAnchor.getTrustedCert());
        } else {
            arrayList.add(x509Certificate);
        }
        hashSet.add(x509Certificate);
        return d(x509CertificateArr, bArr, bArr2, str2, z10, arrayList, arrayList2, hashSet);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        c(x509CertificateArr, str, null, null, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        SSLSession handshakeSession;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            handshakeSession = sSLSocket.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("Not in handshake; no session available");
            }
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = handshakeSession;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        c(x509CertificateArr, str, sSLSession, sSLParameters, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        SSLSession handshakeSession;
        handshakeSession = sSLEngine.getHandshakeSession();
        if (handshakeSession == null) {
            throw new CertificateException("Not in handshake; no session available");
        }
        c(x509CertificateArr, str, handshakeSession, sSLEngine.getSSLParameters(), true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        c(x509CertificateArr, str, null, null, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        SSLSession handshakeSession;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            handshakeSession = sSLSocket.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("Not in handshake; no session available");
            }
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = handshakeSession;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        c(x509CertificateArr, str, sSLSession, sSLParameters, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        SSLSession handshakeSession;
        handshakeSession = sSLEngine.getHandshakeSession();
        if (handshakeSession == null) {
            throw new CertificateException("Not in handshake; no session available");
        }
        c(x509CertificateArr, str, handshakeSession, sSLEngine.getSSLParameters(), false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r6v3, types: [java.util.List, java.util.ArrayList] */
    /* JADX WARN: Type inference failed for: r7v9, types: [java.util.List, java.util.ArrayList] */
    public final List d(X509Certificate[] x509CertificateArr, byte[] bArr, byte[] bArr2, String str, boolean z10, ArrayList arrayList, ArrayList arrayList2, HashSet hashSet) throws CertificateException {
        X509Certificate trustedCert = arrayList2.isEmpty() ? (X509Certificate) arrayList.get(arrayList.size() - 1) : ((TrustAnchor) arrayList2.get(arrayList2.size() - 1)).getTrustedCert();
        if (trustedCert.getIssuerDN().equals(trustedCert.getSubjectDN())) {
            return f(arrayList, arrayList2, str, z10, bArr, bArr2);
        }
        Set<TrustAnchor> a10 = this.f50568b.a(trustedCert);
        a10.isEmpty();
        if (a10.size() > 1) {
            ?? arrayList3 = new ArrayList(a10);
            Collections.sort(arrayList3, f50566i);
            a10 = arrayList3;
        }
        boolean z11 = false;
        CertificateException certificateException = null;
        for (TrustAnchor trustAnchor : a10) {
            X509Certificate trustedCert2 = trustAnchor.getTrustedCert();
            if (!hashSet.contains(trustedCert2)) {
                hashSet.add(trustedCert2);
                arrayList2.add(trustAnchor);
                try {
                    return d(x509CertificateArr, bArr, bArr2, str, z10, arrayList, arrayList2, hashSet);
                } catch (CertificateException e10) {
                    arrayList2.remove(arrayList2.size() - 1);
                    hashSet.remove(trustedCert2);
                    certificateException = e10;
                    z11 = true;
                }
            }
        }
        if (!arrayList2.isEmpty()) {
            if (z11) {
                throw certificateException;
            }
            return f(arrayList, arrayList2, str, z10, bArr, bArr2);
        }
        for (int i10 = 1; i10 < x509CertificateArr.length; i10++) {
            X509Certificate x509Certificate = x509CertificateArr[i10];
            if (!hashSet.contains(x509Certificate) && trustedCert.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                try {
                    x509Certificate.checkValidity();
                    g.a(x509Certificate);
                    hashSet.add(x509Certificate);
                    arrayList.add(x509Certificate);
                    try {
                        return d(x509CertificateArr, bArr, bArr2, str, z10, arrayList, arrayList2, hashSet);
                    } catch (CertificateException e11) {
                        hashSet.remove(x509Certificate);
                        arrayList.remove(arrayList.size() - 1);
                        certificateException = e11;
                    }
                } catch (CertificateException e12) {
                    certificateException = new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e12);
                }
            }
        }
        Set a11 = this.f50569c.a(trustedCert);
        if (a11.size() > 1) {
            ?? arrayList4 = new ArrayList(a11);
            Collections.sort(arrayList4, f50566i);
            a11 = arrayList4;
        }
        Iterator it = a11.iterator();
        while (it.hasNext()) {
            X509Certificate trustedCert3 = ((TrustAnchor) it.next()).getTrustedCert();
            if (!hashSet.contains(trustedCert3)) {
                hashSet.add(trustedCert3);
                arrayList.add(trustedCert3);
                try {
                    return d(x509CertificateArr, bArr, bArr2, str, z10, arrayList, arrayList2, hashSet);
                } catch (CertificateException e13) {
                    arrayList.remove(arrayList.size() - 1);
                    hashSet.remove(trustedCert3);
                    certificateException = e13;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, this.f50572f.generateCertPath(arrayList), -1));
    }

    public final void e(PKIXParameters pKIXParameters, X509Certificate x509Certificate, byte[] bArr) {
        PKIXRevocationChecker pKIXRevocationChecker;
        CertPathChecker revocationChecker;
        PKIXRevocationChecker.Option option;
        if (bArr == null) {
            return;
        }
        ArrayList arrayList = new ArrayList(pKIXParameters.getCertPathCheckers());
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                pKIXRevocationChecker = null;
                break;
            }
            PKIXCertPathChecker pKIXCertPathChecker = (PKIXCertPathChecker) it.next();
            if (pKIXCertPathChecker instanceof PKIXRevocationChecker) {
                pKIXRevocationChecker = (PKIXRevocationChecker) pKIXCertPathChecker;
                break;
            }
        }
        if (pKIXRevocationChecker == null) {
            try {
                revocationChecker = this.f50567a.getRevocationChecker();
                pKIXRevocationChecker = (PKIXRevocationChecker) revocationChecker;
                arrayList.add(pKIXRevocationChecker);
                option = PKIXRevocationChecker.Option.ONLY_END_ENTITY;
                pKIXRevocationChecker.setOptions(Collections.singleton(option));
            } catch (UnsupportedOperationException unused) {
                return;
            }
        }
        pKIXRevocationChecker.setOcspResponses(Collections.singletonMap(x509Certificate, bArr));
        pKIXParameters.setCertPathCheckers(arrayList);
    }

    public final ArrayList f(ArrayList arrayList, ArrayList arrayList2, String str, boolean z10, byte[] bArr, byte[] bArr2) throws CertificateException {
        try {
            CertPath generateCertPath = this.f50572f.generateCertPath(arrayList);
            if (arrayList2.isEmpty()) {
                throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
            }
            ArrayList arrayList3 = new ArrayList();
            arrayList3.addAll(arrayList);
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                arrayList3.add(((TrustAnchor) it.next()).getTrustedCert());
            }
            Iterator it2 = arrayList3.iterator();
            while (it2.hasNext()) {
            }
            if (!z10 && str != null && m0.d(str)) {
                b(arrayList3, bArr, bArr2);
                throw null;
            }
            if (arrayList.isEmpty()) {
                return arrayList3;
            }
            Iterator it3 = arrayList.iterator();
            while (it3.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) it3.next();
                try {
                    g.a(x509Certificate);
                } catch (CertificateException e10) {
                    throw new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e10);
                }
            }
            try {
                HashSet hashSet = new HashSet();
                hashSet.add(arrayList2.get(0));
                PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
                pKIXParameters.setRevocationEnabled(false);
                X509Certificate x509Certificate2 = (X509Certificate) arrayList.get(0);
                e(pKIXParameters, x509Certificate2, bArr);
                pKIXParameters.addCertPathChecker(new a(z10, x509Certificate2));
                this.f50567a.validate(generateCertPath, pKIXParameters);
                for (int i10 = 1; i10 < arrayList.size(); i10++) {
                    r0.a aVar = this.f50569c;
                    X509Certificate x509Certificate3 = (X509Certificate) arrayList.get(i10);
                    aVar.getClass();
                    aVar.c(new TrustAnchor(x509Certificate3, null));
                }
                return arrayList3;
            } catch (InvalidAlgorithmParameterException e11) {
                throw new CertificateException("Chain validation failed", e11);
            } catch (CertPathValidatorException e12) {
                throw new CertificateException("Chain validation failed", e12);
            }
        } catch (CertificateException e13) {
            f50565h.fine("Rejected candidate cert chain due to error: " + e13.getMessage());
            throw e13;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.f50570d;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : a(null);
    }
}
