package defpackage;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.security.auth.x500.X500Principal;

/* compiled from: PG */
/* loaded from: classes.dex */
public final class rpn extends X509ExtendedTrustManager {
    private static final Logger a = Logger.getLogger(rpn.class.getName());
    private static final rpp b = new rpp((byte) 0);
    private final CertPathValidator c;
    private final rpq d;
    private final rpq e;
    private final X509Certificate[] f;
    private final Exception g;
    private final CertificateFactory h;
    private rpw i;

    public rpn(KeyStore keyStore) {
        Exception e;
        X509Certificate[] x509CertificateArr;
        CertPathValidator certPathValidator;
        CertificateFactory certificateFactory;
        rpq rpqVar = null;
        try {
            certPathValidator = CertPathValidator.getInstance("PKIX");
            try {
                certificateFactory = CertificateFactory.getInstance("X509");
                try {
                    if ("AndroidCAStore".equals(keyStore.getType())) {
                        rpa.f();
                    }
                    x509CertificateArr = a(keyStore);
                    try {
                        HashSet hashSet = new HashSet(x509CertificateArr.length);
                        for (X509Certificate x509Certificate : x509CertificateArr) {
                            hashSet.add(new TrustAnchor(x509Certificate, null));
                        }
                        e = null;
                        rpqVar = new rpq(hashSet);
                    } catch (Exception e2) {
                        e = e2;
                    }
                } catch (Exception e3) {
                    e = e3;
                    x509CertificateArr = null;
                }
            } catch (Exception e4) {
                e = e4;
                x509CertificateArr = null;
                certificateFactory = null;
            }
        } catch (Exception e5) {
            e = e5;
            x509CertificateArr = null;
            certPathValidator = null;
            certificateFactory = null;
        }
        rpa.h();
        rpa.i();
        rpa.j();
        this.c = certPathValidator;
        this.h = certificateFactory;
        this.d = rpqVar;
        this.e = new rpq();
        this.f = x509CertificateArr;
        this.g = e;
        this.i = new rpw();
    }

    private static Collection<TrustAnchor> a(Set<TrustAnchor> set) {
        if (set.size() <= 1) {
            return set;
        }
        ArrayList arrayList = new ArrayList(set);
        Collections.sort(arrayList, b);
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:68:0x0100 A[Catch: CertificateException -> 0x01c0, TRY_LEAVE, TryCatch #6 {CertificateException -> 0x01c0, blocks: (B:18:0x014a, B:20:0x0150, B:22:0x0153, B:52:0x0053, B:54:0x0059, B:55:0x0066, B:60:0x007d, B:62:0x0081, B:65:0x00ef, B:66:0x00f3, B:68:0x0100, B:69:0x0117, B:72:0x012d, B:73:0x0134, B:75:0x0105, B:78:0x0113, B:81:0x00a0, B:83:0x00cc, B:85:0x00d1, B:88:0x00df, B:90:0x0135, B:91:0x013c), top: B:51:0x0053, inners: #3, #5 }] */
    /* JADX WARN: Removed duplicated region for block: B:71:0x012c  */
    /* JADX WARN: Removed duplicated region for block: B:72:0x012d A[Catch: CertificateException -> 0x01c0, TryCatch #6 {CertificateException -> 0x01c0, blocks: (B:18:0x014a, B:20:0x0150, B:22:0x0153, B:52:0x0053, B:54:0x0059, B:55:0x0066, B:60:0x007d, B:62:0x0081, B:65:0x00ef, B:66:0x00f3, B:68:0x0100, B:69:0x0117, B:72:0x012d, B:73:0x0134, B:75:0x0105, B:78:0x0113, B:81:0x00a0, B:83:0x00cc, B:85:0x00d1, B:88:0x00df, B:90:0x0135, B:91:0x013c), top: B:51:0x0053, inners: #3, #5 }] */
    /* JADX WARN: Removed duplicated region for block: B:74:0x0105 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r1v10 */
    /* JADX WARN: Type inference failed for: r1v11, types: [boolean, int] */
    /* JADX WARN: Type inference failed for: r1v16 */
    /* JADX WARN: Type inference failed for: r1v2 */
    /* JADX WARN: Type inference failed for: r1v20 */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final java.util.List<java.security.cert.X509Certificate> a(java.util.List<java.security.cert.X509Certificate> r24, java.util.List<java.security.cert.TrustAnchor> r25, java.lang.String r26, boolean r27, byte[] r28, byte[] r29) {
        /*
            Method dump skipped, instructions count: 508
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.rpn.a(java.util.List, java.util.List, java.lang.String, boolean, byte[], byte[]):java.util.List");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private final List<X509Certificate> a(X509Certificate[] x509CertificateArr, String str, SSLSession sSLSession, SSLParameters sSLParameters, boolean z) {
        String str2;
        byte[] bArr;
        byte[] bArr2;
        TrustAnchor trustAnchor;
        PublicKey publicKey;
        String endpointIdentificationAlgorithm;
        List<byte[]> list;
        byte[] bArr3;
        if (sSLSession != null) {
            str2 = sSLSession.getPeerHost();
            boolean z2 = sSLSession instanceof rnt;
            if (z2) {
                list = ((rnt) sSLSession).a();
            } else {
                try {
                    Method declaredMethod = sSLSession.getClass().getDeclaredMethod("getStatusResponses", new Class[0]);
                    declaredMethod.setAccessible(true);
                    Object invoke = declaredMethod.invoke(sSLSession, new Object[0]);
                    list = invoke instanceof List ? (List) invoke : null;
                } catch (IllegalAccessException e) {
                    list = null;
                } catch (IllegalArgumentException e2) {
                    list = null;
                } catch (NoSuchMethodException e3) {
                    list = null;
                } catch (SecurityException e4) {
                    list = null;
                } catch (InvocationTargetException e5) {
                    throw new RuntimeException(e5.getCause());
                }
            }
            bArr2 = (list == null || list.isEmpty()) ? null : list.get(0);
            if (z2) {
                bArr3 = ((rnt) sSLSession).b();
            } else {
                try {
                    Method declaredMethod2 = sSLSession.getClass().getDeclaredMethod("getPeerSignedCertificateTimestamp", new Class[0]);
                    declaredMethod2.setAccessible(true);
                    Object invoke2 = declaredMethod2.invoke(sSLSession, new Object[0]);
                    bArr3 = invoke2 instanceof byte[] ? (byte[]) invoke2 : null;
                } catch (IllegalAccessException e6) {
                    bArr3 = null;
                } catch (IllegalArgumentException e7) {
                    bArr3 = null;
                } catch (NoSuchMethodException e8) {
                    bArr3 = null;
                } catch (SecurityException e9) {
                    bArr3 = null;
                } catch (InvocationTargetException e10) {
                    throw new RuntimeException(e10.getCause());
                }
            }
            bArr = bArr3;
        } else {
            str2 = null;
            bArr = null;
            bArr2 = null;
        }
        if (sSLSession != null && sSLParameters != null && (endpointIdentificationAlgorithm = sSLParameters.getEndpointIdentificationAlgorithm()) != null && "HTTPS".equals(endpointIdentificationAlgorithm.toUpperCase(Locale.US)) && !HttpsURLConnection.getDefaultHostnameVerifier().verify(str2, sSLSession)) {
            throw new CertificateException("No subjectAltNames on the certificate match");
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        Exception exc = this.g;
        if (exc != null) {
            throw new CertificateException(exc);
        }
        HashSet hashSet = new HashSet();
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        ArrayList<TrustAnchor> arrayList2 = new ArrayList<>();
        X509Certificate x509Certificate = x509CertificateArr[0];
        rpq rpqVar = this.d;
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        synchronized (rpqVar.a) {
            List<TrustAnchor> list2 = rpqVar.a.get(subjectX500Principal);
            if (list2 == null) {
                trustAnchor = null;
            } else {
                PublicKey publicKey2 = x509Certificate.getPublicKey();
                for (TrustAnchor trustAnchor2 : list2) {
                    try {
                        X509Certificate trustedCert = trustAnchor2.getTrustedCert();
                        publicKey = trustedCert != null ? trustedCert.getPublicKey() : trustAnchor2.getCAPublicKey();
                    } catch (Exception e11) {
                    }
                    if (!publicKey.equals(publicKey2)) {
                        if ("X.509".equals(publicKey.getFormat()) && "X.509".equals(publicKey2.getFormat())) {
                            byte[] encoded = publicKey.getEncoded();
                            byte[] encoded2 = publicKey2.getEncoded();
                            if (encoded2 != null && encoded != null && Arrays.equals(encoded, encoded2)) {
                            }
                        }
                    }
                    trustAnchor = trustAnchor2;
                }
                trustAnchor = null;
            }
        }
        if (trustAnchor == null) {
            trustAnchor = null;
        }
        if (trustAnchor != null) {
            arrayList2.add(trustAnchor);
            hashSet.add(trustAnchor.getTrustedCert());
        } else {
            arrayList.add(x509Certificate);
        }
        hashSet.add(x509Certificate);
        return a(x509CertificateArr, bArr2, bArr, str2, z, arrayList, arrayList2, hashSet);
    }

    private final List<X509Certificate> a(X509Certificate[] x509CertificateArr, byte[] bArr, byte[] bArr2, String str, boolean z, ArrayList<X509Certificate> arrayList, ArrayList<TrustAnchor> arrayList2, Set<X509Certificate> set) {
        X509Certificate trustedCert = arrayList2.isEmpty() ? arrayList.get(arrayList.size() - 1) : arrayList2.get(arrayList2.size() - 1).getTrustedCert();
        if (trustedCert.getIssuerDN().equals(trustedCert.getSubjectDN())) {
            return a(arrayList, arrayList2, str, z, bArr, bArr2);
        }
        Set<TrustAnchor> a2 = this.d.a(trustedCert);
        a2.isEmpty();
        boolean z2 = false;
        CertificateException certificateException = null;
        for (TrustAnchor trustAnchor : a(a2)) {
            X509Certificate trustedCert2 = trustAnchor.getTrustedCert();
            if (!set.contains(trustedCert2)) {
                set.add(trustedCert2);
                arrayList2.add(trustAnchor);
                try {
                    return a(x509CertificateArr, bArr, bArr2, str, z, arrayList, arrayList2, set);
                } catch (CertificateException e) {
                    arrayList2.remove(arrayList2.size() - 1);
                    set.remove(trustedCert2);
                    certificateException = e;
                    z2 = true;
                }
            }
        }
        if (!arrayList2.isEmpty()) {
            if (z2) {
                throw certificateException;
            }
            return a(arrayList, arrayList2, str, z, bArr, bArr2);
        }
        for (int i = 1; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            if (!set.contains(x509Certificate) && trustedCert.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                try {
                    x509Certificate.checkValidity();
                    rnd.a(x509Certificate);
                    set.add(x509Certificate);
                    arrayList.add(x509Certificate);
                    try {
                        return a(x509CertificateArr, bArr, bArr2, str, z, arrayList, arrayList2, set);
                    } catch (CertificateException e2) {
                        set.remove(x509Certificate);
                        arrayList.remove(arrayList.size() - 1);
                        certificateException = e2;
                    }
                } catch (CertificateException e3) {
                    String valueOf = String.valueOf(x509Certificate.getSubjectX500Principal());
                    StringBuilder sb = new StringBuilder(String.valueOf(valueOf).length() + 26);
                    sb.append("Unacceptable certificate: ");
                    sb.append(valueOf);
                    certificateException = new CertificateException(sb.toString(), e3);
                }
            }
        }
        Iterator<TrustAnchor> it = a(this.e.a(trustedCert)).iterator();
        while (it.hasNext()) {
            X509Certificate trustedCert3 = it.next().getTrustedCert();
            if (!set.contains(trustedCert3)) {
                set.add(trustedCert3);
                arrayList.add(trustedCert3);
                try {
                    return a(x509CertificateArr, bArr, bArr2, str, z, arrayList, arrayList2, set);
                } catch (CertificateException e4) {
                    arrayList.remove(arrayList.size() - 1);
                    set.remove(trustedCert3);
                    certificateException = e4;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, this.h.generateCertPath(arrayList), -1));
    }

    private static SSLSession a(SSLSocket sSLSocket) {
        SSLSession handshakeSession = sSLSocket.getHandshakeSession();
        if (handshakeSession != null) {
            return handshakeSession;
        }
        throw new CertificateException("Not in handshake; no session available");
    }

    private final void a(PKIXParameters pKIXParameters, X509Certificate x509Certificate, byte[] bArr) {
        PKIXRevocationChecker pKIXRevocationChecker;
        if (bArr != null) {
            List<PKIXCertPathChecker> arrayList = new ArrayList<>(pKIXParameters.getCertPathCheckers());
            int size = arrayList.size();
            int i = 0;
            while (true) {
                if (i >= size) {
                    pKIXRevocationChecker = null;
                    break;
                }
                PKIXCertPathChecker pKIXCertPathChecker = arrayList.get(i);
                i++;
                if (pKIXCertPathChecker instanceof PKIXRevocationChecker) {
                    pKIXRevocationChecker = (PKIXRevocationChecker) pKIXCertPathChecker;
                    break;
                }
            }
            if (pKIXRevocationChecker == null) {
                try {
                    pKIXRevocationChecker = (PKIXRevocationChecker) this.c.getRevocationChecker();
                    arrayList.add(pKIXRevocationChecker);
                    pKIXRevocationChecker.setOptions(Collections.singleton(PKIXRevocationChecker.Option.ONLY_END_ENTITY));
                } catch (UnsupportedOperationException e) {
                    return;
                }
            }
            pKIXRevocationChecker.setOcspResponses(Collections.singletonMap(x509Certificate, bArr));
            pKIXParameters.setCertPathCheckers(arrayList);
        }
    }

    private static X509Certificate[] a(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException e) {
            return new X509Certificate[0];
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(x509CertificateArr, str, null, null, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession a2 = a(sSLSocket);
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = a2;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        a(x509CertificateArr, str, sSLSession, sSLParameters, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        SSLSession handshakeSession = sSLEngine.getHandshakeSession();
        if (handshakeSession == null) {
            throw new CertificateException("Not in handshake; no session available");
        }
        a(x509CertificateArr, str, handshakeSession, sSLEngine.getSSLParameters(), true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(x509CertificateArr, str, null, null, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            SSLSession a2 = a(sSLSocket);
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = a2;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        a(x509CertificateArr, str, sSLSession, sSLParameters, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        SSLSession handshakeSession = sSLEngine.getHandshakeSession();
        if (handshakeSession == null) {
            throw new CertificateException("Not in handshake; no session available");
        }
        a(x509CertificateArr, str, handshakeSession, sSLEngine.getSSLParameters(), false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.f;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : a((KeyStore) null);
    }
}
