package org.apache.harmony.xnet.provider.jsse;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class TrustManagerImpl implements X509TrustManager {
    private final X509Certificate[] acceptedIssuers;
    private final Exception err;
    private final CertificateFactory factory;
    private final KeyStore rootKeyStore;
    private final TrustedCertificateIndex trustedCertificateIndex;
    private final TrustedCertificateStore trustedCertificateStore;
    private final CertPathValidator validator;

    /* JADX WARN: Multi-variable type inference failed */
    public TrustManagerImpl(KeyStore keyStore) {
        TrustedCertificateStore trustedCertificateStore;
        CertPathValidator certPathValidator;
        CertificateFactory certificateFactory;
        Exception exc;
        TrustedCertificateStore trustedCertificateStore2;
        X509Certificate[] x509CertificateArr;
        CertPathValidator certPathValidator2;
        CertificateFactory certificateFactory2;
        TrustedCertificateIndex trustedCertificateIndex;
        Object obj;
        TrustedCertificateIndex trustedCertificateIndex2 = null;
        try {
            certPathValidator2 = CertPathValidator.getInstance("PKIX");
            try {
                certificateFactory2 = CertificateFactory.getInstance("X509");
                try {
                    if ("AndroidCAStore".equals(keyStore.getType())) {
                        try {
                            TrustedCertificateStore trustedCertificateStore3 = new TrustedCertificateStore();
                            try {
                                trustedCertificateIndex = new TrustedCertificateIndex();
                                trustedCertificateStore2 = trustedCertificateStore3;
                                obj = null;
                            } catch (Exception e) {
                                exc = e;
                                trustedCertificateStore2 = trustedCertificateStore3;
                                certificateFactory = certificateFactory2;
                                certPathValidator = certPathValidator2;
                                trustedCertificateStore = null;
                                CertificateFactory certificateFactory3 = certificateFactory;
                                x509CertificateArr = trustedCertificateStore;
                                certPathValidator2 = certPathValidator;
                                certificateFactory2 = certificateFactory3;
                                this.rootKeyStore = keyStore;
                                this.trustedCertificateStore = trustedCertificateStore2;
                                this.validator = certPathValidator2;
                                this.factory = certificateFactory2;
                                this.trustedCertificateIndex = trustedCertificateIndex2;
                                this.acceptedIssuers = x509CertificateArr;
                                this.err = exc;
                            }
                        } catch (Exception e2) {
                            certificateFactory = certificateFactory2;
                            exc = e2;
                            trustedCertificateStore2 = null;
                            certPathValidator = certPathValidator2;
                            trustedCertificateStore = trustedCertificateStore2;
                            CertificateFactory certificateFactory32 = certificateFactory;
                            x509CertificateArr = trustedCertificateStore;
                            certPathValidator2 = certPathValidator;
                            certificateFactory2 = certificateFactory32;
                            this.rootKeyStore = keyStore;
                            this.trustedCertificateStore = trustedCertificateStore2;
                            this.validator = certPathValidator2;
                            this.factory = certificateFactory2;
                            this.trustedCertificateIndex = trustedCertificateIndex2;
                            this.acceptedIssuers = x509CertificateArr;
                            this.err = exc;
                        }
                    } else {
                        X509Certificate[] acceptedIssuers = acceptedIssuers(keyStore);
                        try {
                            TrustedCertificateIndex trustedCertificateIndex3 = new TrustedCertificateIndex(trustAnchors(acceptedIssuers));
                            obj = acceptedIssuers;
                            keyStore = null;
                            trustedCertificateIndex = trustedCertificateIndex3;
                            trustedCertificateStore2 = null;
                        } catch (Exception e3) {
                            certificateFactory = certificateFactory2;
                            exc = e3;
                            trustedCertificateStore2 = null;
                            certPathValidator = certPathValidator2;
                            trustedCertificateStore = acceptedIssuers;
                            keyStore = null;
                            CertificateFactory certificateFactory322 = certificateFactory;
                            x509CertificateArr = trustedCertificateStore;
                            certPathValidator2 = certPathValidator;
                            certificateFactory2 = certificateFactory322;
                            this.rootKeyStore = keyStore;
                            this.trustedCertificateStore = trustedCertificateStore2;
                            this.validator = certPathValidator2;
                            this.factory = certificateFactory2;
                            this.trustedCertificateIndex = trustedCertificateIndex2;
                            this.acceptedIssuers = x509CertificateArr;
                            this.err = exc;
                        }
                    }
                    TrustedCertificateIndex trustedCertificateIndex4 = trustedCertificateIndex;
                    exc = null;
                    trustedCertificateIndex2 = trustedCertificateIndex4;
                    x509CertificateArr = obj;
                } catch (Exception e4) {
                    keyStore = null;
                    certificateFactory = certificateFactory2;
                    exc = e4;
                    trustedCertificateStore2 = null;
                }
            } catch (Exception e5) {
                keyStore = null;
                certificateFactory = null;
                certPathValidator = certPathValidator2;
                exc = e5;
                trustedCertificateStore = null;
                trustedCertificateStore2 = null;
            }
        } catch (Exception e6) {
            keyStore = null;
            trustedCertificateStore = null;
            certPathValidator = null;
            certificateFactory = null;
            exc = e6;
            trustedCertificateStore2 = null;
        }
        this.rootKeyStore = keyStore;
        this.trustedCertificateStore = trustedCertificateStore2;
        this.validator = certPathValidator2;
        this.factory = certificateFactory2;
        this.trustedCertificateIndex = trustedCertificateIndex2;
        this.acceptedIssuers = x509CertificateArr;
        this.err = exc;
    }

    private static X509Certificate[] acceptedIssuers(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException unused) {
            return new X509Certificate[0];
        }
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.err != null) {
            throw new CertificateException(this.err);
        }
        HashSet hashSet = new HashSet();
        X509Certificate[] cleanupCertChainAndFindTrustAnchors = cleanupCertChainAndFindTrustAnchors(x509CertificateArr, hashSet);
        if (cleanupCertChainAndFindTrustAnchors.length == 0) {
            return;
        }
        CertPath generateCertPath = this.factory.generateCertPath(Arrays.asList(cleanupCertChainAndFindTrustAnchors));
        if (hashSet.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            this.validator.validate(generateCertPath, pKIXParameters);
            for (int i = 1; i < cleanupCertChainAndFindTrustAnchors.length; i++) {
                this.trustedCertificateIndex.index(cleanupCertChainAndFindTrustAnchors[i]);
            }
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException(e);
        } catch (CertPathValidatorException e2) {
            throw new CertificateException(e2);
        }
    }

    private X509Certificate[] cleanupCertChainAndFindTrustAnchors(X509Certificate[] x509CertificateArr, Set<TrustAnchor> set) {
        TrustAnchor findTrustAnchorByIssuerAndSignature;
        boolean z;
        X509Certificate[] x509CertificateArr2 = x509CertificateArr;
        int i = 0;
        while (true) {
            if (i >= x509CertificateArr2.length) {
                break;
            }
            TrustAnchor findTrustAnchorBySubjectAndPublicKey = findTrustAnchorBySubjectAndPublicKey(x509CertificateArr2[i]);
            if (findTrustAnchorBySubjectAndPublicKey != null) {
                set.add(findTrustAnchorBySubjectAndPublicKey);
                i--;
                break;
            }
            int i2 = i + 1;
            int i3 = i2;
            while (true) {
                if (i3 >= x509CertificateArr2.length) {
                    z = false;
                    break;
                }
                if (x509CertificateArr2[i].getIssuerDN().equals(x509CertificateArr2[i3].getSubjectDN())) {
                    if (i3 != i2) {
                        if (x509CertificateArr2 == x509CertificateArr) {
                            x509CertificateArr2 = (X509Certificate[]) x509CertificateArr.clone();
                        }
                        X509Certificate x509Certificate = x509CertificateArr2[i3];
                        x509CertificateArr2[i3] = x509CertificateArr2[i2];
                        x509CertificateArr2[i2] = x509Certificate;
                    }
                    z = true;
                } else {
                    i3++;
                }
            }
            if (!z) {
                break;
            }
            i = i2;
        }
        int i4 = i + 1;
        if (i4 != x509CertificateArr2.length) {
            x509CertificateArr2 = (X509Certificate[]) Arrays.copyOf(x509CertificateArr2, i4);
        }
        if (set.isEmpty() && (findTrustAnchorByIssuerAndSignature = findTrustAnchorByIssuerAndSignature(x509CertificateArr2[i4 - 1])) != null) {
            set.add(findTrustAnchorByIssuerAndSignature);
        }
        return x509CertificateArr2;
    }

    private TrustAnchor findTrustAnchorByIssuerAndSignature(X509Certificate x509Certificate) {
        X509Certificate findIssuer;
        TrustAnchor findByIssuerAndSignature = this.trustedCertificateIndex.findByIssuerAndSignature(x509Certificate);
        if (findByIssuerAndSignature != null) {
            return findByIssuerAndSignature;
        }
        TrustedCertificateStore trustedCertificateStore = this.trustedCertificateStore;
        if (trustedCertificateStore == null || (findIssuer = trustedCertificateStore.findIssuer(x509Certificate)) == null) {
            return null;
        }
        return this.trustedCertificateIndex.index(findIssuer);
    }

    private TrustAnchor findTrustAnchorBySubjectAndPublicKey(X509Certificate x509Certificate) {
        TrustAnchor findBySubjectAndPublicKey = this.trustedCertificateIndex.findBySubjectAndPublicKey(x509Certificate);
        if (findBySubjectAndPublicKey != null) {
            return findBySubjectAndPublicKey;
        }
        TrustedCertificateStore trustedCertificateStore = this.trustedCertificateStore;
        if (trustedCertificateStore != null && trustedCertificateStore.isTrustAnchor(x509Certificate)) {
            return this.trustedCertificateIndex.index(x509Certificate);
        }
        return null;
    }

    private static Set<TrustAnchor> trustAnchors(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet(x509CertificateArr.length);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        return hashSet;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.acceptedIssuers;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : acceptedIssuers(this.rootKeyStore);
    }

    public void handleTrustStorageUpdate() {
        X509Certificate[] x509CertificateArr = this.acceptedIssuers;
        if (x509CertificateArr == null) {
            this.trustedCertificateIndex.reset();
        } else {
            this.trustedCertificateIndex.reset(trustAnchors(x509CertificateArr));
        }
    }
}
