package org.bouncycastle.jsse.provider;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPathParameters;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import org.bouncycastle.jcajce.util.JcaJceHelper;

/* loaded from: classes2.dex */
public class ProvTrustManagerFactorySpi extends TrustManagerFactorySpi {
    public static final Logger LOG = Logger.getLogger(ProvTrustManagerFactorySpi.class.getName());
    public final JcaJceHelper helper;
    public ProvX509TrustManager x509TrustManager;

    public ProvTrustManagerFactorySpi(JcaJceHelper jcaJceHelper) {
        this.helper = jcaJceHelper;
    }

    public static void collectTrustAnchor(Set<TrustAnchor> set, Certificate certificate) {
        if (certificate instanceof X509Certificate) {
            set.add(new TrustAnchor((X509Certificate) certificate, null));
        }
    }

    public static KeyStore createTrustStore(String str) throws NoSuchProviderException, KeyStoreException {
        String trustStoreType = getTrustStoreType(str);
        String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStoreProvider");
        return (systemProperty == null || systemProperty.length() < 1) ? KeyStore.getInstance(trustStoreType) : KeyStore.getInstance(trustStoreType, systemProperty);
    }

    /* JADX WARN: Code restructure failed: missing block: B:24:0x0037, code lost:
    
        if (new java.io.File(r6).exists() != false) goto L5;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0088, code lost:
    
        if (new java.io.File(r6).exists() != false) goto L19;
     */
    /* JADX WARN: Removed duplicated region for block: B:12:0x00b9 A[DONT_GENERATE] */
    /* JADX WARN: Removed duplicated region for block: B:16:0x00ad A[Catch: all -> 0x00bd, TryCatch #0 {all -> 0x00bd, blocks: (B:9:0x008b, B:10:0x00b4, B:16:0x00ad), top: B:7:0x0026 }] */
    /* JADX WARN: Removed duplicated region for block: B:21:0x002a  */
    /* JADX WARN: Removed duplicated region for block: B:6:0x0022  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x008b A[Catch: all -> 0x00bd, TRY_ENTER, TryCatch #0 {all -> 0x00bd, blocks: (B:9:0x008b, B:10:0x00b4, B:16:0x00ad), top: B:7:0x0026 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.KeyStore getDefaultTrustStore() throws java.lang.Exception {
        /*
            java.lang.String r8 = java.security.KeyStore.getDefaultType()
            java.lang.String r0 = "javax.net.ssl.trustStore"
            java.lang.String r6 = org.bouncycastle.jsse.provider.PropertyUtils.getSystemProperty(r0)
            java.lang.String r0 = "NONE"
            boolean r0 = r0.equals(r6)
            java.lang.String r7 = "jks"
            r5 = 0
            if (r0 == 0) goto L2c
        L15:
            r6 = r5
        L16:
            java.security.KeyStore r4 = createTrustStore(r8)
            java.lang.String r0 = "javax.net.ssl.trustStorePassword"
            java.lang.String r0 = org.bouncycastle.jsse.provider.PropertyUtils.getSystemProperty(r0)
            if (r0 == 0) goto L2a
            char[] r3 = r0.toCharArray()
        L26:
            if (r6 != 0) goto L8b
            goto Lad
        L2a:
            r3 = r5
            goto L26
        L2c:
            if (r6 == 0) goto L3a
            java.io.File r0 = new java.io.File
            r0.<init>(r6)
            boolean r0 = r0.exists()
            if (r0 == 0) goto L15
            goto L16
        L3a:
            java.lang.String r0 = "java.home"
            java.lang.String r4 = org.bouncycastle.jsse.provider.PropertyUtils.getSystemProperty(r0)
            if (r4 == 0) goto L15
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r2.<init>()
            r2.append(r4)
            java.lang.String r1 = java.io.File.separator
            java.lang.String r0 = "/lib/security/jssecacerts"
            java.lang.String r3 = "/"
            java.lang.String r0 = r0.replace(r3, r1)
            r2.append(r0)
            java.lang.String r6 = r2.toString()
            java.io.File r0 = new java.io.File
            r0.<init>(r6)
            boolean r0 = r0.exists()
            if (r0 == 0) goto L68
        L66:
            r8 = r7
            goto L16
        L68:
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r2.<init>()
            r2.append(r4)
            java.lang.String r1 = java.io.File.separator
            java.lang.String r0 = "/lib/security/cacerts"
            java.lang.String r0 = r0.replace(r3, r1)
            r2.append(r0)
            java.lang.String r6 = r2.toString()
            java.io.File r0 = new java.io.File
            r0.<init>(r6)
            boolean r0 = r0.exists()
            if (r0 == 0) goto L15
            goto L66
        L8b:
            java.util.logging.Logger r2 = org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi.LOG     // Catch: java.lang.Throwable -> Lbd
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lbd
            r1.<init>()     // Catch: java.lang.Throwable -> Lbd
            java.lang.String r0 = "Initializing with trust store at path: "
            r1.append(r0)     // Catch: java.lang.Throwable -> Lbd
            r1.append(r6)     // Catch: java.lang.Throwable -> Lbd
            java.lang.String r0 = r1.toString()     // Catch: java.lang.Throwable -> Lbd
            r2.info(r0)     // Catch: java.lang.Throwable -> Lbd
            java.io.BufferedInputStream r1 = new java.io.BufferedInputStream     // Catch: java.lang.Throwable -> Lbd
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> Lbd
            r0.<init>(r6)     // Catch: java.lang.Throwable -> Lbd
            r1.<init>(r0)     // Catch: java.lang.Throwable -> Lbd
            r5 = r1
            goto Lb4
        Lad:
            java.util.logging.Logger r1 = org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi.LOG     // Catch: java.lang.Throwable -> Lbd
            java.lang.String r0 = "Initializing empty trust store"
            r1.info(r0)     // Catch: java.lang.Throwable -> Lbd
        Lb4:
            r4.load(r5, r3)     // Catch: java.lang.Throwable -> Lbd
            if (r5 == 0) goto Lbc
            r5.close()
        Lbc:
            return r4
        Lbd:
            r0 = move-exception
            if (r5 == 0) goto Lc3
            r5.close()
        Lc3:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi.getDefaultTrustStore():java.security.KeyStore");
    }

    public static Set<TrustAnchor> getTrustAnchors(KeyStore keyStore) throws KeyStoreException {
        Certificate certificate;
        Certificate[] certificateChain;
        if (keyStore == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                certificate = keyStore.getCertificate(nextElement);
            } else if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0) {
                certificate = certificateChain[0];
            }
            collectTrustAnchor(hashSet, certificate);
        }
        return hashSet;
    }

    public static String getTrustStoreType(String str) {
        String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStoreType");
        return systemProperty == null ? str : systemProperty;
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public TrustManager[] engineGetTrustManagers() {
        ProvX509TrustManager provX509TrustManager = this.x509TrustManager;
        if (provX509TrustManager != null) {
            return new TrustManager[]{provX509TrustManager.getExportX509TrustManager()};
        }
        throw new IllegalStateException("TrustManagerFactory not initialized");
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public void engineInit(KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            try {
                keyStore = getDefaultTrustStore();
            } catch (Error e) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e);
                throw e;
            } catch (SecurityException e2) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e2);
            } catch (RuntimeException e3) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e3);
                throw e3;
            } catch (Exception e4) {
                LOG.log(Level.WARNING, "Skipped default trust store", (Throwable) e4);
                throw new KeyStoreException("Failed to load default trust store", e4);
            }
        }
        try {
            this.x509TrustManager = new ProvX509TrustManager(this.helper, getTrustAnchors(keyStore));
        } catch (InvalidAlgorithmParameterException e5) {
            throw new KeyStoreException("Failed to create trust manager", e5);
        }
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public void engineInit(ManagerFactoryParameters managerFactoryParameters) throws InvalidAlgorithmParameterException {
        if (managerFactoryParameters instanceof CertPathTrustManagerParameters) {
            CertPathParameters parameters = ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
            if (!(parameters instanceof PKIXParameters)) {
                throw new InvalidAlgorithmParameterException("parameters must inherit from PKIXParameters");
            }
            this.x509TrustManager = new ProvX509TrustManager(this.helper, (PKIXParameters) parameters);
            return;
        }
        if (managerFactoryParameters == null) {
            throw new InvalidAlgorithmParameterException("spec cannot be null");
        }
        throw new InvalidAlgorithmParameterException("unknown spec: " + managerFactoryParameters.getClass().getName());
    }
}
