package defpackage;

import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class kv0 implements X509TrustManager {
    public static final String a = kv0.class.getSimpleName();
    public List<X509TrustManager> b = new ArrayList();

    public kv0(Context context) {
        boolean z;
        x50.h4(context);
        String str = a;
        x50.W(str, "loadBksCA");
        InputStream h = ov0.h(context);
        if (h != null) {
            try {
                x50.W(str, " get bks not from assets");
                b(h);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                String str2 = a;
                StringBuilder q = ni.q("loadBksCA: exception : ");
                q.append(e.getMessage());
                x50.R0(str2, q.toString());
                z = false;
            }
        }
        z = true;
        if (!z || h == null) {
            x50.W(a, " get bks from assets ");
            b(context.getAssets().open("rootcas.bks"));
        }
        if (this.b.isEmpty()) {
            throw new CertificateException("X509TrustManager is empty");
        }
    }

    public kv0(InputStream inputStream, String str) {
        c(inputStream, str);
    }

    public kv0(InputStream inputStream, String str, boolean z) {
        c(inputStream, str);
        if (z) {
            a();
        }
    }

    public final void a() {
        x50.W(a, "loadSystemCA");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (byte b = 0; b < trustManagers.length; b = (byte) (b + 1)) {
                if (trustManagers[b] instanceof X509TrustManager) {
                    this.b.add((X509TrustManager) trustManagers[b]);
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            String str = a;
            StringBuilder q = ni.q("loadSystemCA: exception : ");
            q.append(e.getMessage());
            x50.R0(str, q.toString());
        }
    }

    public final void b(InputStream inputStream) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            KeyStore keyStore = KeyStore.getInstance("bks");
            keyStore.load(inputStream, "".toCharArray());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (byte b = 0; b < trustManagers.length; b = (byte) (b + 1)) {
                if (trustManagers[b] instanceof X509TrustManager) {
                    this.b.add((X509TrustManager) trustManagers[b]);
                }
            }
        } finally {
            x50.T(inputStream);
        }
    }

    public final void c(InputStream inputStream, String str) {
        if (inputStream != null) {
            try {
                if (str != null) {
                    try {
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                        KeyStore keyStore = KeyStore.getInstance("bks");
                        keyStore.load(inputStream, str.toCharArray());
                        trustManagerFactory.init(keyStore);
                        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                        for (byte b = 0; b < trustManagers.length; b = (byte) (b + 1)) {
                            if (trustManagers[b] instanceof X509TrustManager) {
                                this.b.add((X509TrustManager) trustManagers[b]);
                            }
                        }
                    } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                        x50.R0(a, "loadInputStream: exception : " + e.getMessage());
                    }
                    return;
                }
            } finally {
                x50.T(inputStream);
            }
        }
        throw new IllegalArgumentException("inputstream or trustPwd is null");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        x50.W(a, "checkClientTrusted: ");
        Iterator<X509TrustManager> it = this.b.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e) {
                String str2 = a;
                StringBuilder q = ni.q("checkServerTrusted CertificateException");
                q.append(e.getMessage());
                x50.R0(str2, q.toString());
            }
        }
        throw new CertificateException("checkServerTrusted CertificateException");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        String str2 = a;
        StringBuilder q = ni.q("checkServerTrusted begin ,server ca chain size is : ");
        q.append(x509CertificateArr.length);
        q.append(" ,auth type is : ");
        q.append(str);
        x50.W(str2, q.toString());
        for (X509Certificate x509Certificate : x509CertificateArr) {
            StringBuilder q2 = ni.q("server ca chain: getSubjectDN is :");
            q2.append(x509Certificate.getSubjectDN());
            q2.append(" , getIssuerDN :");
            q2.append(x509Certificate.getIssuerDN());
            q2.toString();
            String str3 = "server ca chain is :" + x509Certificate;
        }
        int size = this.b.size();
        for (byte b = 0; b < size; b = (byte) (b + 1)) {
            try {
                String str4 = a;
                x50.W(str4, "check server i : " + ((int) b));
                X509TrustManager x509TrustManager = this.b.get(b);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    x50.W(str4, "client root ca size is : " + acceptedIssuers.length);
                    for (byte b2 = (byte) 0; b2 < acceptedIssuers.length; b2 = (byte) (b2 + 1)) {
                        String str5 = "client root ca getIssuerDN :" + acceptedIssuers[b2].getIssuerDN();
                    }
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                x50.W(a, "checkServerTrusted succeed ,root ca issuer is : " + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                return;
            } catch (CertificateException e) {
                String str6 = a;
                StringBuilder q3 = ni.q("checkServerTrusted error :");
                q3.append(e.getMessage());
                q3.append(" , time : ");
                q3.append((int) b);
                x50.R0(str6, q3.toString());
                if (b == size - 1) {
                    if (x509CertificateArr.length > 0) {
                        StringBuilder q4 = ni.q("root ca issuer : ");
                        q4.append(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                        x50.R0(str6, q4.toString());
                    }
                    throw e;
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.b.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e) {
            String str = a;
            StringBuilder q = ni.q("getAcceptedIssuers exception : ");
            q.append(e.getMessage());
            x50.R0(str, q.toString());
            return new X509Certificate[0];
        }
    }
}
