package com.huawei.secure.android.common.ssl;

import android.content.Context;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class k implements X509TrustManager {

    /* renamed from: c, reason: collision with root package name */
    private static final String f19420c = "SX509TM";

    /* renamed from: d, reason: collision with root package name */
    public static final String f19421d = "hmsrootcas.bks";

    /* renamed from: e, reason: collision with root package name */
    private static final String f19422e = "";

    /* renamed from: f, reason: collision with root package name */
    private static final String f19423f = "X509";

    /* renamed from: g, reason: collision with root package name */
    private static final String f19424g = "bks";

    /* renamed from: h, reason: collision with root package name */
    private static final String f19425h = "AndroidCAStore";

    /* renamed from: a, reason: collision with root package name */
    public List<X509TrustManager> f19426a;

    /* renamed from: b, reason: collision with root package name */
    private X509Certificate[] f19427b;

    public k(Context context) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IllegalArgumentException {
        this(context, false);
    }

    public k(Context context, boolean z11) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IllegalArgumentException {
        this.f19426a = new ArrayList();
        if (context == null) {
            throw new IllegalArgumentException("context is null");
        }
        pa.c.b(context);
        if (z11) {
            a();
        }
        b(context);
        if (this.f19426a.isEmpty()) {
            throw new CertificateException("X509TrustManager is empty");
        }
    }

    public k(InputStream inputStream, String str) throws IllegalArgumentException {
        this.f19426a = new ArrayList();
        d(inputStream, str);
    }

    public k(InputStream inputStream, String str, boolean z11) throws IllegalArgumentException {
        this.f19426a = new ArrayList();
        if (z11) {
            a();
        }
        d(inputStream, str);
    }

    public k(String str) throws IllegalArgumentException, FileNotFoundException {
        this(str, false);
    }

    public k(String str, boolean z11) throws IllegalArgumentException, FileNotFoundException {
        FileInputStream fileInputStream;
        this.f19426a = new ArrayList();
        try {
            fileInputStream = new FileInputStream(str);
            try {
                d(fileInputStream, "");
                pa.g.g(fileInputStream);
                if (z11) {
                    a();
                }
            } catch (Throwable th2) {
                th = th2;
                pa.g.g(fileInputStream);
                throw th;
            }
        } catch (Throwable th3) {
            th = th3;
            fileInputStream = null;
        }
    }

    private void a() {
        pa.h.e(f19420c, "loadSystemCA");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            KeyStore keyStore = KeyStore.getInstance(f19425h);
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(f19423f);
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i11 = 0; i11 < trustManagers.length; i11++) {
                if (trustManagers[i11] instanceof X509TrustManager) {
                    this.f19426a.add((X509TrustManager) trustManagers[i11]);
                }
            }
        } catch (IOException | NegativeArraySizeException | OutOfMemoryError | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
            StringBuilder a12 = aegon.chrome.base.c.a("loadSystemCA: exception : ");
            a12.append(e12.getMessage());
            pa.h.d(f19420c, a12.toString());
        }
        na.b.a(currentTimeMillis, aegon.chrome.base.c.a("loadSystemCA: cost : "), " ms", f19420c);
    }

    private void b(Context context) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        boolean z11;
        pa.h.e(f19420c, "loadBksCA");
        long currentTimeMillis = System.currentTimeMillis();
        InputStream o11 = pa.a.o(context);
        if (o11 != null) {
            try {
                pa.h.e(f19420c, "get bks not from assets");
                c(o11);
            } catch (IOException | OutOfMemoryError | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
                StringBuilder a12 = aegon.chrome.base.c.a("loadBksCA: exception : ");
                a12.append(e12.getMessage());
                pa.h.d(f19420c, a12.toString());
                z11 = false;
            }
        }
        z11 = true;
        if (!z11 || o11 == null) {
            pa.h.e(f19420c, " get bks from assets ");
            c(context.getAssets().open("hmsrootcas.bks"));
        }
        na.b.a(currentTimeMillis, aegon.chrome.base.c.a("loadBksCA: cost : "), " ms", f19420c);
    }

    private void c(InputStream inputStream) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(f19423f);
            KeyStore keyStore = KeyStore.getInstance("bks");
            keyStore.load(inputStream, "".toCharArray());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i11 = 0; i11 < trustManagers.length; i11++) {
                if (trustManagers[i11] instanceof X509TrustManager) {
                    this.f19426a.add((X509TrustManager) trustManagers[i11]);
                }
            }
        } finally {
            pa.g.g(inputStream);
        }
    }

    private void d(InputStream inputStream, String str) {
        if (inputStream == null || str == null) {
            throw new IllegalArgumentException("inputstream or trustPwd is null");
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(f19423f);
                KeyStore keyStore = KeyStore.getInstance("bks");
                keyStore.load(inputStream, str.toCharArray());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i11 = 0; i11 < trustManagers.length; i11++) {
                    if (trustManagers[i11] instanceof X509TrustManager) {
                        this.f19426a.add((X509TrustManager) trustManagers[i11]);
                    }
                }
                pa.g.g(inputStream);
            } finally {
                pa.g.g(inputStream);
            }
        } catch (IOException | NegativeArraySizeException | OutOfMemoryError | KeyStoreException | NoSuchAlgorithmException | CertificateException e12) {
            pa.h.d(f19420c, "loadInputStream: exception : " + e12.getMessage());
        }
        na.b.a(currentTimeMillis, aegon.chrome.base.c.a("loadInputStream: cost : "), " ms", f19420c);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        pa.h.e(f19420c, "checkClientTrusted: ");
        Iterator<X509TrustManager> it2 = this.f19426a.iterator();
        while (it2.hasNext()) {
            try {
                it2.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e12) {
                StringBuilder a12 = aegon.chrome.base.c.a("checkServerTrusted CertificateException");
                a12.append(e12.getMessage());
                pa.h.d(f19420c, a12.toString());
            }
        }
        throw new CertificateException("checkServerTrusted CertificateException");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        g(x509CertificateArr);
        StringBuilder a12 = aegon.chrome.base.c.a("checkServerTrusted begin,size=");
        a12.append(x509CertificateArr.length);
        a12.append(",authType=");
        a12.append(str);
        pa.h.e(f19420c, a12.toString());
        long currentTimeMillis = System.currentTimeMillis();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            StringBuilder a13 = aegon.chrome.base.c.a("server ca chain: getSubjectDN is :");
            a13.append(x509Certificate.getSubjectDN());
            pa.h.b(f19420c, a13.toString());
            pa.h.b(f19420c, "IssuerDN :" + x509Certificate.getIssuerDN());
            pa.h.b(f19420c, "SerialNumber : " + x509Certificate.getSerialNumber());
        }
        int size = this.f19426a.size();
        for (int i11 = 0; i11 < size; i11++) {
            try {
                pa.h.e(f19420c, "check server i=" + i11);
                X509TrustManager x509TrustManager = this.f19426a.get(i11);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    pa.h.e(f19420c, "client root ca size=" + acceptedIssuers.length);
                    for (X509Certificate x509Certificate2 : acceptedIssuers) {
                        pa.h.b(f19420c, "client root ca getIssuerDN :" + x509Certificate2.getIssuerDN());
                    }
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                pa.h.e(f19420c, "checkServerTrusted end, " + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                return;
            } catch (CertificateException e12) {
                StringBuilder a14 = aegon.chrome.base.c.a("checkServerTrusted error :");
                a14.append(e12.getMessage());
                a14.append(" , time : ");
                a14.append(i11);
                pa.h.d(f19420c, a14.toString());
                if (i11 == size - 1) {
                    if (x509CertificateArr.length > 0) {
                        StringBuilder a15 = aegon.chrome.base.c.a("root ca issuer : ");
                        a15.append(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                        pa.h.d(f19420c, a15.toString());
                    }
                    throw e12;
                }
            }
        }
        na.b.a(currentTimeMillis, aegon.chrome.base.c.a("checkServerTrusted: cost : "), " ms", f19420c);
    }

    public X509Certificate[] e() {
        return this.f19427b;
    }

    public List<X509TrustManager> f() {
        return this.f19426a;
    }

    public void g(X509Certificate[] x509CertificateArr) {
        this.f19427b = x509CertificateArr;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it2 = this.f19426a.iterator();
            while (it2.hasNext()) {
                arrayList.addAll(Arrays.asList(it2.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e12) {
            StringBuilder a12 = aegon.chrome.base.c.a("getAcceptedIssuers exception : ");
            a12.append(e12.getMessage());
            pa.h.d(f19420c, a12.toString());
            return new X509Certificate[0];
        }
    }

    public void h(List<X509TrustManager> list) {
        this.f19426a = list;
    }
}
