package defpackage;

import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
class o61 extends e41 {
    private static final Logger e = Logger.getLogger(o61.class.getName());
    private static final boolean f = l51.a("com.sun.net.ssl.checkRevocation", false);
    private final u31 a;
    private final Set<X509Certificate> b;
    private final PKIXParameters c;
    private final X509TrustManager d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public o61(u31 u31Var, PKIXParameters pKIXParameters) {
        this.a = u31Var;
        this.b = a(pKIXParameters.getTrustAnchors());
        if (pKIXParameters instanceof PKIXBuilderParameters) {
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) pKIXParameters.clone();
            this.c = pKIXBuilderParameters;
            pKIXBuilderParameters.setTargetCertConstraints(null);
        } else {
            PKIXBuilderParameters pKIXBuilderParameters2 = new PKIXBuilderParameters(pKIXParameters.getTrustAnchors(), (CertSelector) null);
            this.c = pKIXBuilderParameters2;
            pKIXBuilderParameters2.setAnyPolicyInhibited(pKIXParameters.isAnyPolicyInhibited());
            this.c.setCertPathCheckers(pKIXParameters.getCertPathCheckers());
            this.c.setCertStores(pKIXParameters.getCertStores());
            this.c.setDate(pKIXParameters.getDate());
            this.c.setExplicitPolicyRequired(pKIXParameters.isExplicitPolicyRequired());
            this.c.setInitialPolicies(pKIXParameters.getInitialPolicies());
            this.c.setPolicyMappingInhibited(pKIXParameters.isPolicyMappingInhibited());
            this.c.setPolicyQualifiersRejected(pKIXParameters.getPolicyQualifiersRejected());
            this.c.setRevocationEnabled(pKIXParameters.isRevocationEnabled());
            this.c.setSigProvider(pKIXParameters.getSigProvider());
        }
        this.d = x61.a((e41) this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public o61(u31 u31Var, Set<TrustAnchor> set) {
        this.a = u31Var;
        this.b = a(set);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(set, (CertSelector) null);
        this.c = pKIXBuilderParameters;
        pKIXBuilderParameters.setRevocationEnabled(f);
        this.d = x61.a((e41) this);
    }

    private CertStoreParameters a(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        arrayList.add(x509Certificate);
        for (int i = 1; i < x509CertificateArr.length; i++) {
            if (!this.b.contains(x509CertificateArr[i])) {
                arrayList.add(x509CertificateArr[i]);
            }
        }
        return new CollectionCertStoreParameters(arrayList);
    }

    private static X509Certificate a(TrustAnchor trustAnchor) {
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert != null) {
            return trustedCert;
        }
        throw new CertificateException("No certificate for TrustAnchor");
    }

    private static Set<X509Certificate> a(Set<TrustAnchor> set) {
        X509Certificate trustedCert;
        HashSet hashSet = new HashSet(set.size());
        for (TrustAnchor trustAnchor : set) {
            if (trustAnchor != null && (trustedCert = trustAnchor.getTrustedCert()) != null) {
                hashSet.add(trustedCert);
            }
        }
        return hashSet;
    }

    private static w31 a(SSLEngine sSLEngine) {
        w31 a = q61.a(sSLEngine);
        if (a != null) {
            return a;
        }
        throw new CertificateException("No handshake session for engine");
    }

    private static w31 a(SSLSocket sSLSocket) {
        w31 a = t61.a(sSLSocket);
        if (a != null) {
            return a;
        }
        throw new CertificateException("No handshake session for socket");
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0021, code lost:
    
        if ((r1 instanceof defpackage.x31) == false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0025, code lost:
    
        return (defpackage.x31) r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:19:0x002f, code lost:
    
        return new defpackage.x31(r1.a());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static defpackage.x31 a(defpackage.w31 r3) {
        /*
            java.util.List r3 = r3.b()
            r0 = 0
            if (r3 == 0) goto L30
            java.util.Iterator r3 = r3.iterator()
        Lb:
            boolean r1 = r3.hasNext()
            if (r1 == 0) goto L30
            java.lang.Object r1 = r3.next()
            z31 r1 = (defpackage.z31) r1
            if (r1 == 0) goto Lb
            int r2 = r1.b()
            if (r2 != 0) goto Lb
            boolean r3 = r1 instanceof defpackage.x31
            if (r3 == 0) goto L26
            x31 r1 = (defpackage.x31) r1
            return r1
        L26:
            x31 r3 = new x31     // Catch: java.lang.RuntimeException -> L30
            byte[] r1 = r1.a()     // Catch: java.lang.RuntimeException -> L30
            r3.<init>(r1)     // Catch: java.lang.RuntimeException -> L30
            return r3
        L30:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.o61.a(w31):x31");
    }

    private static void a(String str, X509Certificate x509Certificate, String str2) {
        boolean z;
        String b = h51.b(str);
        if (str2.equalsIgnoreCase("HTTPS")) {
            z = true;
        } else {
            if (!str2.equalsIgnoreCase("LDAP") && !str2.equalsIgnoreCase("LDAPS")) {
                throw new CertificateException("Unknown endpoint ID algorithm: " + str2);
            }
            z = false;
        }
        y41.a(b, x509Certificate, z);
    }

    private static void a(X509Certificate x509Certificate, String str, boolean z, w31 w31Var) {
        x31 a;
        String peerHost = w31Var.getPeerHost();
        if (z && (a = a(w31Var)) != null) {
            String c = a.c();
            if (!c.equalsIgnoreCase(peerHost)) {
                try {
                    a(c, x509Certificate, str);
                    return;
                } catch (CertificateException e2) {
                    e.log(Level.FINE, "Server's endpoint ID did not match the SNI host_name: " + c, (Throwable) e2);
                }
            }
        }
        a(peerHost, x509Certificate, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(X509Certificate[] x509CertificateArr, String str, Socket socket, boolean z) {
        if ((socket instanceof SSLSocket) && socket.isConnected()) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            a(x509CertificateArr, str, z, a(sSLSocket), b(sSLSocket));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void a(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, boolean z) {
        if (sSLEngine != null) {
            a(x509CertificateArr, str, z, a(sSLEngine), b(sSLEngine));
        }
    }

    private static void a(X509Certificate[] x509CertificateArr, String str, boolean z, w31 w31Var, c41 c41Var) {
        String d = c41Var.d();
        if (d == null || d.length() <= 0) {
            return;
        }
        a(x509CertificateArr[0], d, z, w31Var);
    }

    private static X509Certificate[] a(CertPath certPath, TrustAnchor trustAnchor) {
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size() + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        certificates.toArray(x509CertificateArr);
        x509CertificateArr[size - 1] = a(trustAnchor);
        return x509CertificateArr;
    }

    private X509Certificate[] a(X509Certificate[] x509CertificateArr, String str, boolean z) {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("'chain' must be a chain of at least one certificate");
        }
        if (str == null || str.length() < 1) {
            throw new IllegalArgumentException("'authType' must be a non-null, non-empty string");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (this.b.contains(x509Certificate)) {
            return new X509Certificate[]{x509Certificate};
        }
        try {
            Provider provider = this.a.f("X.509").getProvider();
            CertStore certStore = CertStore.getInstance("Collection", a(x509Certificate, x509CertificateArr), provider);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(x509Certificate);
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) this.c.clone();
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", provider).build(pKIXBuilderParameters);
            return a(pKIXCertPathBuilderResult.getCertPath(), pKIXCertPathBuilderResult.getTrustAnchor());
        } catch (GeneralSecurityException e2) {
            throw new CertificateException("unable to process certificates: " + e2.getMessage(), e2);
        }
    }

    private static c41 b(SSLEngine sSLEngine) {
        c41 b = q61.b(sSLEngine);
        if (b != null) {
            return b;
        }
        throw new CertificateException("No SSL parameters for engine");
    }

    private static c41 b(SSLSocket sSLSocket) {
        c41 b = t61.b(sSLSocket);
        if (b != null) {
            return b;
        }
        throw new CertificateException("No SSL parameters for socket");
    }

    private void b(X509Certificate[] x509CertificateArr, String str, Socket socket, boolean z) {
        a(a(x509CertificateArr, str, z), str, socket, z);
    }

    private void b(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, boolean z) {
        a(a(x509CertificateArr, str, z), str, sSLEngine, z);
    }

    @Override // defpackage.e41
    public void a(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        b(x509CertificateArr, str, socket, false);
    }

    @Override // defpackage.e41
    public void a(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        b(x509CertificateArr, str, sSLEngine, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager b() {
        return this.d;
    }

    @Override // defpackage.e41
    public void b(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        b(x509CertificateArr, str, socket, true);
    }

    @Override // defpackage.e41
    public void b(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        b(x509CertificateArr, str, sSLEngine, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, (Socket) null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, (Socket) null, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Set<X509Certificate> set = this.b;
        return (X509Certificate[]) set.toArray(new X509Certificate[set.size()]);
    }
}
