package org.jmrtd;

import Bj.E;
import Oj.h;
import Oj.m;
import com.commencis.appconnect.sdk.AppConnectInternal;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import java.io.InputStream;
import java.net.URI;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.jmrtd.cert.KeyStoreCertStoreParameters;
import org.jmrtd.cert.PKDCertStoreParameters;
import org.jmrtd.cert.PKDMasterListCertStoreParameters;
import org.spongycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes4.dex */
public final class MRTDTrustStore {
    public static final Companion Companion = new Companion(null);

    /* renamed from: d, reason: collision with root package name */
    public static final Provider f33782d;
    public static final Logger e;
    public static final MRTDTrustStore$Companion$SELF_SIGNED_X509_CERT_SELECTOR$1 f;

    /* renamed from: a, reason: collision with root package name */
    public Set<TrustAnchor> f33783a;

    /* renamed from: b, reason: collision with root package name */
    public List<CertStore> f33784b;

    /* renamed from: c, reason: collision with root package name */
    public List<KeyStore> f33785c;

    /* loaded from: classes4.dex */
    public static final class Companion {
        public Companion() {
        }

        public /* synthetic */ Companion(h hVar) {
            this();
        }

        public static final Set access$getAsAnchors(Companion companion, Collection collection) {
            companion.getClass();
            HashSet hashSet = new HashSet(collection.size());
            Iterator it = collection.iterator();
            while (it.hasNext()) {
                Certificate certificate = (Certificate) it.next();
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
            return hashSet;
        }
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [org.jmrtd.MRTDTrustStore$Companion$SELF_SIGNED_X509_CERT_SELECTOR$1] */
    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        f33782d = JMRTDSecurityProvider.Companion.getInstance();
        e = Logger.getLogger("org.jmrtd");
        f = new X509CertSelector() { // from class: org.jmrtd.MRTDTrustStore$Companion$SELF_SIGNED_X509_CERT_SELECTOR$1
            @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
            public Object clone() {
                return this;
            }

            @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
            public boolean match(Certificate certificate) {
                m.f(certificate, "cert");
                if (!(certificate instanceof X509Certificate)) {
                    return false;
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                return (issuerX500Principal == null && subjectX500Principal == null) || m.a(subjectX500Principal, issuerX500Principal);
            }
        };
    }

    public MRTDTrustStore() {
        this(null, null, null, 7, null);
    }

    public MRTDTrustStore(Set<TrustAnchor> set) {
        this(set, null, null, 6, null);
    }

    public MRTDTrustStore(Set<TrustAnchor> set, List<CertStore> list) {
        this(set, list, null, 4, null);
    }

    public MRTDTrustStore(Set<TrustAnchor> set, List<CertStore> list, List<KeyStore> list2) {
        this.f33783a = set;
        this.f33784b = list;
        this.f33785c = list2;
    }

    public /* synthetic */ MRTDTrustStore(Set set, List list, List list2, int i10, h hVar) {
        this((i10 & 1) != 0 ? new HashSet() : set, (i10 & 2) != 0 ? new ArrayList() : list, (i10 & 4) != 0 ? new ArrayList() : list2);
    }

    public static KeyStore d(URI uri) {
        String[] strArr = {"JKS", "BKS", "PKCS12"};
        for (int i10 = 0; i10 < 3; i10++) {
            try {
                KeyStore keyStore = KeyStore.getInstance(strArr[i10]);
                InputStream inputStream = ((URLConnection) FirebasePerfUrlConnection.instrument(AppConnectInternal.openConnection(uri.toURL()))).getInputStream();
                char[] charArray = "".toCharArray();
                m.e(charArray, "toCharArray(...)");
                keyStore.load(inputStream, charArray);
                inputStream.close();
                return keyStore;
            } catch (Exception unused) {
            }
        }
        throw new IllegalArgumentException("Not a supported keystore");
    }

    public final void a(URI uri) {
        KeyStore d10 = d(uri);
        CertStore certStore = CertStore.getInstance(d10.getType(), new KeyStoreCertStoreParameters(d10));
        m.e(certStore, "certStore");
        addCSCAStore(certStore);
        Collection<? extends Certificate> certificates = certStore.getCertificates(f);
        Companion companion = Companion;
        m.e(certificates, "rootCerts");
        addCSCAAnchors(Companion.access$getAsAnchors(companion, certificates));
    }

    public final void addAsCSCACertStore(CertStore certStore) {
        m.f(certStore, "certStore");
        addCSCAStore(certStore);
        Collection<? extends Certificate> certificates = certStore.getCertificates(f);
        Companion companion = Companion;
        m.e(certificates, "rootCerts");
        addCSCAAnchors(Companion.access$getAsAnchors(companion, certificates));
    }

    public final void addCSCAAnchor(TrustAnchor trustAnchor) {
        m.f(trustAnchor, "trustAnchor");
        Set<TrustAnchor> set = this.f33783a;
        m.c(set);
        set.add(trustAnchor);
    }

    public final void addCSCAAnchors(Collection<? extends TrustAnchor> collection) {
        m.f(collection, "trustAnchors");
        Set<TrustAnchor> set = this.f33783a;
        m.c(set);
        set.addAll(collection);
    }

    public final void addCSCAStore(URI uri) {
        if (uri == null) {
            e.severe("uri == null");
            return;
        }
        String scheme = uri.getScheme();
        if (scheme == null) {
            e.severe("scheme == null, location = " + uri);
            return;
        }
        try {
            if (scheme.equalsIgnoreCase("ldap")) {
                b(uri);
            } else {
                try {
                    a(uri);
                } catch (Exception e10) {
                    try {
                        c(uri);
                    } catch (Exception e11) {
                        e.warning("Failed to open " + uri.toASCIIString() + " both as a keystore and as a DER certificate file");
                        e10.printStackTrace();
                        e11.printStackTrace();
                    }
                }
            }
        } catch (GeneralSecurityException e12) {
            e12.printStackTrace();
        }
    }

    public final void addCSCAStore(CertStore certStore) {
        m.f(certStore, "certStore");
        List<CertStore> list = this.f33784b;
        m.c(list);
        list.add(certStore);
    }

    public final void addCSCAStores(List<URI> list) {
        if (list == null) {
            e.severe("uris == null");
            return;
        }
        Iterator<URI> it = list.iterator();
        while (it.hasNext()) {
            addCSCAStore(it.next());
        }
    }

    public final void addCVCAStore(URI uri) {
        m.f(uri, "uri");
        try {
            addCVCAStore(d(uri));
        } catch (Exception e10) {
            e.warning("Exception in addCVCAStore: " + e10.getMessage());
        }
    }

    public final void addCVCAStore(KeyStore keyStore) {
        m.f(keyStore, "keyStore");
        List<KeyStore> list = this.f33785c;
        m.c(list);
        list.add(keyStore);
    }

    public final void addCVCAStores(List<URI> list) {
        m.f(list, "uris");
        Iterator<URI> it = list.iterator();
        while (it.hasNext()) {
            addCVCAStore(it.next());
        }
    }

    public final void b(URI uri) {
        String host = uri.getHost();
        int port = uri.getPort();
        m.e(host, "server");
        PKDCertStoreParameters pKDCertStoreParameters = port < 0 ? new PKDCertStoreParameters(host, 0, null, 6, null) : new PKDCertStoreParameters(host, port, null, 4, null);
        PKDMasterListCertStoreParameters pKDMasterListCertStoreParameters = port < 0 ? new PKDMasterListCertStoreParameters(host, null, 2, null) : new PKDMasterListCertStoreParameters(host, port, null, 4, null);
        CertStore certStore = CertStore.getInstance("PKD", pKDCertStoreParameters);
        if (certStore != null) {
            addCSCAStore(certStore);
        }
        CertStore certStore2 = CertStore.getInstance("PKD", pKDMasterListCertStoreParameters);
        if (certStore2 != null) {
            addCSCAStore(certStore2);
        }
        m.c(certStore2);
        Collection<? extends Certificate> certificates = certStore2.getCertificates(f);
        Companion companion = Companion;
        m.e(certificates, "rootCerts");
        addCSCAAnchors(Companion.access$getAsAnchors(companion, certificates));
    }

    public final void c(URI uri) {
        InputStream inputStream = ((URLConnection) FirebasePerfUrlConnection.instrument(AppConnectInternal.openConnection(uri.toURL()))).getInputStream();
        Certificate generateCertificate = CertificateFactory.getInstance("X.509", f33782d).generateCertificate(inputStream);
        m.d(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        inputStream.close();
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(E.D((X509Certificate) generateCertificate)));
        List<CertStore> list = this.f33784b;
        m.c(list);
        m.e(certStore, "cscaStore");
        list.add(certStore);
        Collection<? extends Certificate> certificates = certStore.getCertificates(f);
        Companion companion = Companion;
        m.e(certificates, "rootCerts");
        addCSCAAnchors(Companion.access$getAsAnchors(companion, certificates));
    }

    public final void clear() {
        this.f33783a = new HashSet();
        this.f33784b = new ArrayList();
        this.f33785c = new ArrayList();
    }

    public final Set<TrustAnchor> getCSCAAnchors() {
        return this.f33783a;
    }

    public final List<CertStore> getCSCAStores() {
        return this.f33784b;
    }

    public final List<KeyStore> getCVCAStores() {
        return this.f33785c;
    }

    public final Set<TrustAnchor> getCscaAnchors() {
        return this.f33783a;
    }

    public final List<CertStore> getCscaStores() {
        return this.f33784b;
    }

    public final List<KeyStore> getCvcaStores() {
        return this.f33785c;
    }

    public final void removeCSCAAnchor(TrustAnchor trustAnchor) {
        m.f(trustAnchor, "trustAnchor");
        Set<TrustAnchor> set = this.f33783a;
        m.c(set);
        set.remove(trustAnchor);
    }

    public final void removeCSCAStore(CertStore certStore) {
        m.f(certStore, "certStore");
        List<CertStore> list = this.f33784b;
        m.c(list);
        list.remove(certStore);
    }

    public final void removeCVCAStore(KeyStore keyStore) {
        m.f(keyStore, "keyStore");
        List<KeyStore> list = this.f33785c;
        m.c(list);
        list.remove(keyStore);
    }

    public final void setCscaAnchors(Set<TrustAnchor> set) {
        this.f33783a = set;
    }

    public final void setCscaStores(List<CertStore> list) {
        this.f33784b = list;
    }

    public final void setCvcaStores(List<KeyStore> list) {
        this.f33785c = list;
    }
}
