package org.apache.harmony.xnet.provider.jsse;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class TrustManagerImpl implements X509TrustManager {
    private final X509Certificate[] acceptedIssuers;
    private final Exception err;
    private final CertificateFactory factory;
    private final KeyStore rootKeyStore;
    private final TrustedCertificateIndex trustedCertificateIndex;
    private final TrustedCertificateStore trustedCertificateStore;
    private final CertPathValidator validator;

    public TrustManagerImpl(KeyStore keyStore) {
        X509Certificate[] x509CertificateArr;
        TrustedCertificateStore trustedCertificateStore;
        CertificateFactory certificateFactory;
        CertPathValidator certPathValidator;
        X509Certificate[] x509CertificateArr2;
        TrustedCertificateIndex trustedCertificateIndex;
        Exception exc = null;
        try {
            CertPathValidator certPathValidator2 = CertPathValidator.getInstance("PKIX");
            try {
                CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X509");
                try {
                    if ("AndroidCAStore".equals(keyStore.getType())) {
                        try {
                            TrustedCertificateStore trustedCertificateStore2 = new TrustedCertificateStore();
                            try {
                                certPathValidator = certPathValidator2;
                                certificateFactory = certificateFactory2;
                                trustedCertificateStore = trustedCertificateStore2;
                                trustedCertificateIndex = new TrustedCertificateIndex();
                                x509CertificateArr2 = null;
                            } catch (Exception e) {
                                e = e;
                                certPathValidator = certPathValidator2;
                                certificateFactory = certificateFactory2;
                                trustedCertificateStore = trustedCertificateStore2;
                                x509CertificateArr = null;
                                Exception exc2 = e;
                                x509CertificateArr2 = x509CertificateArr;
                                trustedCertificateIndex = null;
                                exc = exc2;
                                this.rootKeyStore = keyStore;
                                this.trustedCertificateStore = trustedCertificateStore;
                                this.validator = certPathValidator;
                                this.factory = certificateFactory;
                                this.trustedCertificateIndex = trustedCertificateIndex;
                                this.acceptedIssuers = x509CertificateArr2;
                                this.err = exc;
                            }
                        } catch (Exception e2) {
                            e = e2;
                            x509CertificateArr = null;
                            certPathValidator = certPathValidator2;
                            certificateFactory = certificateFactory2;
                            trustedCertificateStore = null;
                        }
                    } else {
                        x509CertificateArr2 = acceptedIssuers(keyStore);
                        try {
                            trustedCertificateIndex = new TrustedCertificateIndex(trustAnchors(x509CertificateArr2));
                            keyStore = null;
                            certPathValidator = certPathValidator2;
                            certificateFactory = certificateFactory2;
                            trustedCertificateStore = null;
                        } catch (Exception e3) {
                            keyStore = null;
                            certPathValidator = certPathValidator2;
                            certificateFactory = certificateFactory2;
                            trustedCertificateStore = null;
                            x509CertificateArr = x509CertificateArr2;
                            e = e3;
                            Exception exc22 = e;
                            x509CertificateArr2 = x509CertificateArr;
                            trustedCertificateIndex = null;
                            exc = exc22;
                            this.rootKeyStore = keyStore;
                            this.trustedCertificateStore = trustedCertificateStore;
                            this.validator = certPathValidator;
                            this.factory = certificateFactory;
                            this.trustedCertificateIndex = trustedCertificateIndex;
                            this.acceptedIssuers = x509CertificateArr2;
                            this.err = exc;
                        }
                    }
                } catch (Exception e4) {
                    e = e4;
                    x509CertificateArr = null;
                    keyStore = null;
                    certPathValidator = certPathValidator2;
                    certificateFactory = certificateFactory2;
                    trustedCertificateStore = null;
                }
            } catch (Exception e5) {
                e = e5;
                x509CertificateArr = null;
                trustedCertificateStore = null;
                keyStore = null;
                certPathValidator = certPathValidator2;
                certificateFactory = null;
            }
        } catch (Exception e6) {
            e = e6;
            x509CertificateArr = null;
            trustedCertificateStore = null;
            keyStore = null;
            certificateFactory = null;
            certPathValidator = null;
        }
        this.rootKeyStore = keyStore;
        this.trustedCertificateStore = trustedCertificateStore;
        this.validator = certPathValidator;
        this.factory = certificateFactory;
        this.trustedCertificateIndex = trustedCertificateIndex;
        this.acceptedIssuers = x509CertificateArr2;
        this.err = exc;
    }

    private static X509Certificate[] acceptedIssuers(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException e) {
            return new X509Certificate[0];
        }
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.err != null) {
            throw new CertificateException(this.err);
        }
        HashSet hashSet = new HashSet();
        X509Certificate[] cleanupCertChainAndFindTrustAnchors = cleanupCertChainAndFindTrustAnchors(x509CertificateArr, hashSet);
        if (cleanupCertChainAndFindTrustAnchors.length == 0) {
            return;
        }
        CertPath generateCertPath = this.factory.generateCertPath(Arrays.asList(cleanupCertChainAndFindTrustAnchors));
        if (hashSet.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        try {
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            this.validator.validate(generateCertPath, pKIXParameters);
            for (int i = 1; i < cleanupCertChainAndFindTrustAnchors.length; i++) {
                this.trustedCertificateIndex.index(cleanupCertChainAndFindTrustAnchors[i]);
            }
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException(e);
        } catch (CertPathValidatorException e2) {
            throw new CertificateException(e2);
        }
    }

    private X509Certificate[] cleanupCertChainAndFindTrustAnchors(X509Certificate[] x509CertificateArr, Set set) {
        TrustAnchor findTrustAnchorByIssuerAndSignature;
        X509Certificate[] x509CertificateArr2;
        boolean z;
        int i = 0;
        X509Certificate[] x509CertificateArr3 = x509CertificateArr;
        while (true) {
            if (i >= x509CertificateArr3.length) {
                break;
            }
            TrustAnchor findTrustAnchorBySubjectAndPublicKey = findTrustAnchorBySubjectAndPublicKey(x509CertificateArr3[i]);
            if (findTrustAnchorBySubjectAndPublicKey == null) {
                int i2 = i + 1;
                while (true) {
                    if (i2 >= x509CertificateArr3.length) {
                        x509CertificateArr2 = x509CertificateArr3;
                        z = false;
                        break;
                    }
                    if (!x509CertificateArr3[i].getIssuerDN().equals(x509CertificateArr3[i2].getSubjectDN())) {
                        i2++;
                    } else if (i2 != i + 1) {
                        if (x509CertificateArr3 == x509CertificateArr) {
                            x509CertificateArr3 = (X509Certificate[]) x509CertificateArr.clone();
                        }
                        X509Certificate x509Certificate = x509CertificateArr3[i2];
                        x509CertificateArr3[i2] = x509CertificateArr3[i + 1];
                        x509CertificateArr3[i + 1] = x509Certificate;
                        x509CertificateArr2 = x509CertificateArr3;
                        z = true;
                    } else {
                        x509CertificateArr2 = x509CertificateArr3;
                        z = true;
                    }
                }
                if (!z) {
                    x509CertificateArr3 = x509CertificateArr2;
                    break;
                }
                i++;
                x509CertificateArr3 = x509CertificateArr2;
            } else {
                set.add(findTrustAnchorBySubjectAndPublicKey);
                i--;
                break;
            }
        }
        int i3 = i + 1;
        if (i3 != x509CertificateArr3.length) {
            x509CertificateArr3 = (X509Certificate[]) Arrays.copyOf(x509CertificateArr3, i3);
        }
        if (set.isEmpty() && (findTrustAnchorByIssuerAndSignature = findTrustAnchorByIssuerAndSignature(x509CertificateArr3[i3 - 1])) != null) {
            set.add(findTrustAnchorByIssuerAndSignature);
        }
        return x509CertificateArr3;
    }

    private TrustAnchor findTrustAnchorByIssuerAndSignature(X509Certificate x509Certificate) {
        X509Certificate findIssuer;
        TrustAnchor findByIssuerAndSignature = this.trustedCertificateIndex.findByIssuerAndSignature(x509Certificate);
        if (findByIssuerAndSignature != null) {
            return findByIssuerAndSignature;
        }
        if (this.trustedCertificateStore != null && (findIssuer = this.trustedCertificateStore.findIssuer(x509Certificate)) != null) {
            return this.trustedCertificateIndex.index(findIssuer);
        }
        return null;
    }

    private TrustAnchor findTrustAnchorBySubjectAndPublicKey(X509Certificate x509Certificate) {
        TrustAnchor findBySubjectAndPublicKey = this.trustedCertificateIndex.findBySubjectAndPublicKey(x509Certificate);
        if (findBySubjectAndPublicKey != null) {
            return findBySubjectAndPublicKey;
        }
        if (this.trustedCertificateStore != null && this.trustedCertificateStore.isTrustAnchor(x509Certificate)) {
            return this.trustedCertificateIndex.index(x509Certificate);
        }
        return null;
    }

    private static Set trustAnchors(X509Certificate[] x509CertificateArr) {
        HashSet hashSet = new HashSet(x509CertificateArr.length);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        return hashSet;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        return this.acceptedIssuers != null ? (X509Certificate[]) this.acceptedIssuers.clone() : acceptedIssuers(this.rootKeyStore);
    }

    public final void handleTrustStorageUpdate() {
        if (this.acceptedIssuers == null) {
            this.trustedCertificateIndex.reset();
        } else {
            this.trustedCertificateIndex.reset(trustAnchors(this.acceptedIssuers));
        }
    }
}
