package kj;

import com.safelogic.cryptocomply.asn1.x509.KeyPurposeId;
import com.safelogic.cryptocomply.jcajce.util.JcaJceHelper;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public final class q1 extends ij.g {

    /* renamed from: e, reason: collision with root package name */
    public static final Logger f11367e = Logger.getLogger(q1.class.getName());

    /* renamed from: f, reason: collision with root package name */
    public static final boolean f11368f = l0.a("com.sun.net.ssl.checkRevocation", false);

    /* renamed from: g, reason: collision with root package name */
    public static final Map f11369g;

    /* renamed from: a, reason: collision with root package name */
    public final JcaJceHelper f11370a;

    /* renamed from: b, reason: collision with root package name */
    public final HashSet f11371b;

    /* renamed from: c, reason: collision with root package name */
    public final PKIXBuilderParameters f11372c;

    /* renamed from: d, reason: collision with root package name */
    public final X509TrustManager f11373d;

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("DHE_DSS", 0);
        hashMap.put("DHE_RSA", 0);
        hashMap.put("ECDHE_ECDSA", 0);
        hashMap.put("ECDHE_RSA", 0);
        hashMap.put("UNKNOWN", 0);
        hashMap.put("RSA", 2);
        hashMap.put("DH_DSS", 4);
        hashMap.put("DH_RSA", 4);
        hashMap.put("ECDH_ECDSA", 4);
        hashMap.put("ECDH_RSA", 4);
        f11369g = Collections.unmodifiableMap(hashMap);
    }

    public q1(JcaJceHelper jcaJceHelper, PKIXParameters pKIXParameters) {
        this.f11370a = jcaJceHelper;
        HashSet k10 = k(pKIXParameters.getTrustAnchors());
        this.f11371b = k10;
        if (k10.isEmpty()) {
            this.f11372c = null;
        } else if (pKIXParameters instanceof PKIXBuilderParameters) {
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) pKIXParameters.clone();
            this.f11372c = pKIXBuilderParameters;
            pKIXBuilderParameters.setTargetCertConstraints(null);
        } else {
            PKIXBuilderParameters pKIXBuilderParameters2 = new PKIXBuilderParameters(pKIXParameters.getTrustAnchors(), (CertSelector) null);
            this.f11372c = pKIXBuilderParameters2;
            pKIXBuilderParameters2.setAnyPolicyInhibited(pKIXParameters.isAnyPolicyInhibited());
            pKIXBuilderParameters2.setCertPathCheckers(pKIXParameters.getCertPathCheckers());
            pKIXBuilderParameters2.setCertStores(pKIXParameters.getCertStores());
            pKIXBuilderParameters2.setDate(pKIXParameters.getDate());
            pKIXBuilderParameters2.setExplicitPolicyRequired(pKIXParameters.isExplicitPolicyRequired());
            pKIXBuilderParameters2.setInitialPolicies(pKIXParameters.getInitialPolicies());
            pKIXBuilderParameters2.setPolicyMappingInhibited(pKIXParameters.isPolicyMappingInhibited());
            pKIXBuilderParameters2.setPolicyQualifiersRejected(pKIXParameters.getPolicyQualifiersRejected());
            pKIXBuilderParameters2.setRevocationEnabled(pKIXParameters.isRevocationEnabled());
            pKIXBuilderParameters2.setSigProvider(pKIXParameters.getSigProvider());
        }
        this.f11373d = z1.a(this);
    }

    public q1(JcaJceHelper jcaJceHelper, Set set) {
        this.f11370a = jcaJceHelper;
        HashSet k10 = k(set);
        this.f11371b = k10;
        if (k10.isEmpty()) {
            this.f11372c = null;
        } else {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) set, (CertSelector) null);
            this.f11372c = pKIXBuilderParameters;
            pKIXBuilderParameters.setRevocationEnabled(f11368f);
        }
        this.f11373d = z1.a(this);
    }

    public static void f(String str, X509Certificate x509Certificate, String str2) {
        int length;
        boolean z10 = c0.f11238a;
        if (str != null && (length = str.length() - 1) > 0 && str.charAt(0) == '[' && str.charAt(length) == ']') {
            str = str.substring(1, length);
        }
        if (str2.equalsIgnoreCase("HTTPS")) {
            v.a(str, true, x509Certificate);
        } else {
            if (!str2.equalsIgnoreCase("LDAP") && !str2.equalsIgnoreCase("LDAPS")) {
                throw new CertificateException("Unknown endpoint ID algorithm: ".concat(str2));
            }
            v.a(str, false, x509Certificate);
        }
    }

    public static void g(X509Certificate[] x509CertificateArr, kb.b0 b0Var, boolean z10) {
        String str;
        ij.c j10;
        if (b0Var == null || (str = (String) ((q9.m) b0Var.f10836b).f16289g) == null || str.length() <= 0) {
            return;
        }
        ij.b bVar = (ij.b) b0Var.f10837c;
        if (bVar == null) {
            throw new CertificateException("No handshake session");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        String peerHost = bVar.getPeerHost();
        if (z10 && (j10 = c0.j(bVar.c())) != null) {
            String str2 = j10.f8956c;
            if (!str2.equalsIgnoreCase(peerHost)) {
                try {
                    f(str2, x509Certificate, str);
                    return;
                } catch (CertificateException e10) {
                    f11367e.log(Level.FINE, "Server's endpoint ID did not match the SNI host_name: ".concat(str2), (Throwable) e10);
                }
            }
        }
        f(peerHost, x509Certificate, str);
    }

    public static KeyPurposeId i(boolean z10) {
        return z10 ? KeyPurposeId.id_kp_serverAuth : KeyPurposeId.id_kp_clientAuth;
    }

    public static int j(String str, boolean z10) {
        if (!z10) {
            return 0;
        }
        Integer num = (Integer) f11369g.get(str);
        if (num != null) {
            return num.intValue();
        }
        throw new CertificateException(v.g.q("Unsupported server authType: ", str));
    }

    public static HashSet k(Set set) {
        X509Certificate trustedCert;
        HashSet hashSet = new HashSet(set.size());
        Iterator it = set.iterator();
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor != null && (trustedCert = trustAnchor.getTrustedCert()) != null) {
                hashSet.add(trustedCert);
            }
        }
        return hashSet;
    }

    @Override // ij.g
    public final void a(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        h(x509CertificateArr, str, kb.b0.e(socket), false);
    }

    @Override // ij.g
    public final void b(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        h(x509CertificateArr, str, kb.b0.g(sSLEngine), false);
    }

    @Override // ij.g
    public final void c(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        h(x509CertificateArr, str, kb.b0.e(socket), true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        h(x509CertificateArr, str, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        h(x509CertificateArr, str, null, true);
    }

    @Override // ij.g
    public final void d(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        h(x509CertificateArr, str, kb.b0.g(sSLEngine), true);
    }

    public final X509Certificate[] e(X509Certificate[] x509CertificateArr, n0 n0Var) {
        CertStore certStore;
        CertPathBuilder certPathBuilder;
        X509Certificate x509Certificate = x509CertificateArr[0];
        HashSet hashSet = this.f11371b;
        if (hashSet.contains(x509Certificate)) {
            return new X509Certificate[]{x509Certificate};
        }
        JcaJceHelper jcaJceHelper = this.f11370a;
        Provider provider = jcaJceHelper.createCertificateFactory("X.509").getProvider();
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        arrayList.add(x509Certificate);
        for (int i10 = 1; i10 < x509CertificateArr.length; i10++) {
            if (!hashSet.contains(x509CertificateArr[i10])) {
                arrayList.add(x509CertificateArr[i10]);
            }
        }
        CollectionCertStoreParameters collectionCertStoreParameters = new CollectionCertStoreParameters(Collections.unmodifiableCollection(arrayList));
        try {
            certStore = CertStore.getInstance("Collection", collectionCertStoreParameters, provider);
        } catch (GeneralSecurityException unused) {
            certStore = CertStore.getInstance("Collection", collectionCertStoreParameters);
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) this.f11372c.clone();
        pKIXBuilderParameters.addCertPathChecker(new m0(jcaJceHelper, n0Var));
        pKIXBuilderParameters.addCertStore(certStore);
        pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
        try {
            certPathBuilder = CertPathBuilder.getInstance("PKIX", provider);
        } catch (NoSuchAlgorithmException unused2) {
            certPathBuilder = CertPathBuilder.getInstance("PKIX");
        }
        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
        CertPath certPath = pKIXCertPathBuilderResult.getCertPath();
        TrustAnchor trustAnchor = pKIXCertPathBuilderResult.getTrustAnchor();
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size();
        X509Certificate[] x509CertificateArr2 = new X509Certificate[size + 1];
        certificates.toArray(x509CertificateArr2);
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert == null) {
            throw new CertificateException("No certificate for TrustAnchor");
        }
        x509CertificateArr2[size] = trustedCert;
        return x509CertificateArr2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        HashSet hashSet = this.f11371b;
        return (X509Certificate[]) hashSet.toArray(new X509Certificate[hashSet.size()]);
    }

    public final void h(X509Certificate[] x509CertificateArr, String str, kb.b0 b0Var, boolean z10) {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("'chain' must be a chain of at least one certificate");
        }
        if (str == null || str.length() < 1) {
            throw new IllegalArgumentException("'authType' must be a non-null, non-empty string");
        }
        if (this.f11372c == null) {
            throw new CertificateException("Unable to build a CertPath: no PKIXBuilderParameters available");
        }
        try {
            n0 h10 = kb.b0.h(b0Var, false);
            X509Certificate[] e10 = e(x509CertificateArr, h10);
            KeyPurposeId i10 = i(z10);
            int j10 = j(str, z10);
            JcaJceHelper jcaJceHelper = this.f11370a;
            Map map = m0.f11331d;
            X509Certificate x509Certificate = e10[e10.length - 1];
            if (e10.length > 1) {
                m0.c(jcaJceHelper, h10, e10[e10.length - 2], x509Certificate);
            }
            m0.b(h10, e10[0], i10, j10);
            g(e10, b0Var, z10);
        } catch (GeneralSecurityException e11) {
            throw new CertificateException("Unable to construct a valid chain", e11);
        }
    }
}
