package sogou.webkit.net;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import org.apache.harmony.xnet.provider.jsse.CertPinManager;
import org.apache.harmony.xnet.provider.jsse.TrustedCertificateIndex;
import org.apache.harmony.xnet.provider.jsse.TrustedCertificateStore;

/* loaded from: classes.dex */
public final class c implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final KeyStore f2869a;
    private CertPinManager b;
    private final TrustedCertificateStore c;
    private final CertPathValidator d;
    private final TrustedCertificateIndex e;
    private final X509Certificate[] f;
    private final Exception g;
    private final CertificateFactory h;

    private TrustAnchor a(X509Certificate x509Certificate) {
        TrustAnchor findBySubjectAndPublicKey = this.e.findBySubjectAndPublicKey(x509Certificate);
        if (findBySubjectAndPublicKey != null) {
            return findBySubjectAndPublicKey;
        }
        if (this.c != null && this.c.isTrustAnchor(x509Certificate)) {
            return this.e.index(x509Certificate);
        }
        return null;
    }

    private static X509Certificate[] a(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException e) {
            return new X509Certificate[0];
        }
    }

    private X509Certificate[] a(X509Certificate[] x509CertificateArr, Set<TrustAnchor> set) {
        X509Certificate[] x509CertificateArr2;
        TrustAnchor b;
        boolean z;
        int i = 0;
        int i2 = 0;
        X509Certificate[] x509CertificateArr3 = x509CertificateArr;
        while (true) {
            if (i2 >= x509CertificateArr3.length) {
                x509CertificateArr2 = x509CertificateArr3;
                break;
            }
            int i3 = i2 + 1;
            while (true) {
                if (i3 >= x509CertificateArr3.length) {
                    x509CertificateArr2 = x509CertificateArr3;
                    z = false;
                    break;
                }
                if (!x509CertificateArr3[i2].getIssuerDN().equals(x509CertificateArr3[i3].getSubjectDN())) {
                    i3++;
                } else if (i3 != i2 + 1) {
                    if (x509CertificateArr3 == x509CertificateArr) {
                        x509CertificateArr3 = (X509Certificate[]) x509CertificateArr.clone();
                    }
                    X509Certificate x509Certificate = x509CertificateArr3[i3];
                    x509CertificateArr3[i3] = x509CertificateArr3[i2 + 1];
                    x509CertificateArr3[i2 + 1] = x509Certificate;
                    x509CertificateArr2 = x509CertificateArr3;
                    z = true;
                } else {
                    x509CertificateArr2 = x509CertificateArr3;
                    z = true;
                }
            }
            if (!z) {
                break;
            }
            i2++;
            x509CertificateArr3 = x509CertificateArr2;
        }
        while (true) {
            if (i >= x509CertificateArr2.length) {
                break;
            }
            TrustAnchor a2 = a(x509CertificateArr2[i]);
            if (a2 != null) {
                set.add(a2);
                break;
            }
            i++;
        }
        if (i != x509CertificateArr2.length) {
            x509CertificateArr2 = (X509Certificate[]) Arrays.copyOf(x509CertificateArr2, i);
        }
        if (set.isEmpty() && (b = b(x509CertificateArr2[i - 1])) != null) {
            set.add(b);
        }
        return x509CertificateArr2;
    }

    private TrustAnchor b(X509Certificate x509Certificate) {
        X509Certificate findIssuer;
        TrustAnchor findByIssuerAndSignature = this.e.findByIssuerAndSignature(x509Certificate);
        if (findByIssuerAndSignature != null) {
            return findByIssuerAndSignature;
        }
        if (this.c != null && (findIssuer = this.c.findIssuer(x509Certificate)) != null) {
            return this.e.index(findIssuer);
        }
        return null;
    }

    private List<X509Certificate> b(X509Certificate[] x509CertificateArr, String str, String str2) {
        X509Certificate trustedCert;
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.g != null) {
            throw new CertificateException(this.g);
        }
        HashSet hashSet = new HashSet();
        X509Certificate[] a2 = a(x509CertificateArr, hashSet);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(Arrays.asList(a2));
        Iterator<TrustAnchor> it = hashSet.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getTrustedCert());
        }
        X509Certificate x509Certificate = (X509Certificate) arrayList.get(arrayList.size() - 1);
        while (true) {
            TrustAnchor findByIssuerAndSignature = this.e.findByIssuerAndSignature(x509Certificate);
            if (findByIssuerAndSignature != null && (trustedCert = findByIssuerAndSignature.getTrustedCert()) != x509Certificate) {
                arrayList.add(trustedCert);
                x509Certificate = trustedCert;
            }
        }
        CertPath generateCertPath = this.h.generateCertPath(Arrays.asList(a2));
        if (str2 != null) {
            try {
                if (this.b.chainIsNotPinned(str2, arrayList)) {
                    throw new CertificateException(new CertPathValidatorException("Certificate path is not properly pinned.", null, generateCertPath, -1));
                }
            } catch (Exception e) {
                throw new CertificateException(e);
            }
        }
        if (a2.length == 0) {
            return arrayList;
        }
        if (hashSet.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            this.d.validate(generateCertPath, pKIXParameters);
            for (int i = 1; i < a2.length; i++) {
                this.e.index(a2[i]);
            }
            return arrayList;
        } catch (InvalidAlgorithmParameterException e2) {
            throw new CertificateException(e2);
        } catch (CertPathValidatorException e3) {
            throw new CertificateException(e3);
        }
    }

    public List<X509Certificate> a(X509Certificate[] x509CertificateArr, String str, String str2) {
        return b(x509CertificateArr, str, str2);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.f != null ? (X509Certificate[]) this.f.clone() : a(this.f2869a);
    }
}
