package com.huawei.secure.android.common.ssl;

import android.content.Context;
import java.io.Closeable;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class f implements X509TrustManager {
    private static final String b = "f";

    /* renamed from: a, reason: collision with root package name */
    protected List<X509TrustManager> f6448a;
    private X509Certificate[] c;

    public f(Context context) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IllegalArgumentException {
        this(context, false);
    }

    public f(Context context, boolean z) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IllegalArgumentException {
        this.f6448a = new ArrayList();
        if (context == null) {
            throw new IllegalArgumentException("context is null");
        }
        com.huawei.secure.android.common.ssl.b.c.a(context);
        if (z) {
            a();
        }
        a(context);
        if (this.f6448a.isEmpty()) {
            throw new CertificateException("X509TrustManager is empty");
        }
    }

    public f(InputStream inputStream, String str) throws IllegalArgumentException {
        this.f6448a = new ArrayList();
        a(inputStream, str);
    }

    public f(InputStream inputStream, String str, boolean z) throws IllegalArgumentException {
        this.f6448a = new ArrayList();
        if (z) {
            a();
        }
        a(inputStream, str);
    }

    public f(String str) throws IllegalArgumentException, FileNotFoundException {
        this(str, false);
    }

    public f(String str, boolean z) throws IllegalArgumentException, FileNotFoundException {
        FileInputStream fileInputStream;
        this.f6448a = new ArrayList();
        try {
            fileInputStream = new FileInputStream(str);
            try {
                a(fileInputStream, "");
                com.huawei.secure.android.common.ssl.b.e.a((InputStream) fileInputStream);
                if (z) {
                    a();
                }
            } catch (Throwable th) {
                th = th;
                com.huawei.secure.android.common.ssl.b.e.a((InputStream) fileInputStream);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = null;
        }
    }

    private void a() {
        com.huawei.secure.android.common.ssl.b.f.a(b);
        long currentTimeMillis = System.currentTimeMillis();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    this.f6448a.add((X509TrustManager) trustManagers[i]);
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            String str = b;
            new StringBuilder("loadSystemCA: exception : ").append(e.getMessage());
            com.huawei.secure.android.common.ssl.b.f.a(str);
        }
        StringBuilder sb = new StringBuilder("loadSystemCA: cost : ");
        sb.append(System.currentTimeMillis() - currentTimeMillis);
        sb.append(" ms");
    }

    private void a(Context context) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        boolean z;
        String str = b;
        com.huawei.secure.android.common.ssl.b.f.a(str);
        long currentTimeMillis = System.currentTimeMillis();
        InputStream b2 = com.huawei.secure.android.common.ssl.b.a.b(context);
        if (b2 != null) {
            try {
                com.huawei.secure.android.common.ssl.b.f.a(str);
                a(b2);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                String str2 = b;
                new StringBuilder("loadBksCA: exception : ").append(e.getMessage());
                com.huawei.secure.android.common.ssl.b.f.a(str2);
                z = false;
            }
        }
        z = true;
        if (!z || b2 == null) {
            com.huawei.secure.android.common.ssl.b.f.a(b);
            a(context.getAssets().open("hmsrootcas.bks"));
        }
        StringBuilder sb = new StringBuilder("loadBksCA: cost : ");
        sb.append(System.currentTimeMillis() - currentTimeMillis);
        sb.append(" ms");
    }

    private void a(InputStream inputStream) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            KeyStore keyStore = KeyStore.getInstance("bks");
            keyStore.load(inputStream, "".toCharArray());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                if (trustManagers[i] instanceof X509TrustManager) {
                    this.f6448a.add((X509TrustManager) trustManagers[i]);
                }
            }
            com.huawei.secure.android.common.ssl.b.e.a((Closeable) inputStream);
        } catch (Throwable th) {
            com.huawei.secure.android.common.ssl.b.e.a(inputStream);
            throw th;
        }
    }

    private void a(InputStream inputStream, String str) {
        if (inputStream == null || str == null) {
            throw new IllegalArgumentException("inputstream or trustPwd is null");
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                KeyStore keyStore = KeyStore.getInstance("bks");
                keyStore.load(inputStream, str.toCharArray());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i = 0; i < trustManagers.length; i++) {
                    if (trustManagers[i] instanceof X509TrustManager) {
                        this.f6448a.add((X509TrustManager) trustManagers[i]);
                    }
                }
                com.huawei.secure.android.common.ssl.b.e.a((Closeable) inputStream);
            } catch (Throwable th) {
                com.huawei.secure.android.common.ssl.b.e.a(inputStream);
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            String str2 = b;
            new StringBuilder("loadInputStream: exception : ").append(e.getMessage());
            com.huawei.secure.android.common.ssl.b.f.a(str2);
            com.huawei.secure.android.common.ssl.b.e.a((Closeable) inputStream);
        }
        StringBuilder sb = new StringBuilder("loadInputStream: cost : ");
        sb.append(System.currentTimeMillis() - currentTimeMillis);
        sb.append(" ms");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        com.huawei.secure.android.common.ssl.b.f.a(b);
        Iterator<X509TrustManager> it = this.f6448a.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e) {
                String str2 = b;
                new StringBuilder("checkServerTrusted CertificateException").append(e.getMessage());
                com.huawei.secure.android.common.ssl.b.f.a(str2);
            }
        }
        throw new CertificateException("checkServerTrusted CertificateException");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.c = x509CertificateArr;
        String str2 = b;
        StringBuilder sb = new StringBuilder("checkServerTrusted begin ,server ca chain size is : ");
        sb.append(x509CertificateArr.length);
        sb.append(" ,auth type is : ");
        sb.append(str);
        com.huawei.secure.android.common.ssl.b.f.a(str2);
        long currentTimeMillis = System.currentTimeMillis();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            new StringBuilder("server ca chain: getSubjectDN is :").append(x509Certificate.getSubjectDN());
            new StringBuilder("IssuerDN :").append(x509Certificate.getIssuerDN());
            new StringBuilder("SerialNumber : ").append(x509Certificate.getSerialNumber());
        }
        int size = this.f6448a.size();
        for (int i = 0; i < size; i++) {
            try {
                String str3 = b;
                "check server i : ".concat(String.valueOf(i));
                com.huawei.secure.android.common.ssl.b.f.a(str3);
                X509TrustManager x509TrustManager = this.f6448a.get(i);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    new StringBuilder("client root ca size is : ").append(acceptedIssuers.length);
                    com.huawei.secure.android.common.ssl.b.f.a(str3);
                    for (X509Certificate x509Certificate2 : acceptedIssuers) {
                        new StringBuilder("client root ca getIssuerDN :").append(x509Certificate2.getIssuerDN());
                    }
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                String str4 = b;
                new StringBuilder("checkServerTrusted succeed ,root ca issuer is : ").append(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                com.huawei.secure.android.common.ssl.b.f.a(str4);
                return;
            } catch (CertificateException e) {
                String str5 = b;
                StringBuilder sb2 = new StringBuilder("checkServerTrusted error :");
                sb2.append(e.getMessage());
                sb2.append(" , time : ");
                sb2.append(i);
                com.huawei.secure.android.common.ssl.b.f.a(str5);
                if (i == size - 1) {
                    if (x509CertificateArr != null && x509CertificateArr.length > 0) {
                        new StringBuilder("root ca issuer : ").append(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                        com.huawei.secure.android.common.ssl.b.f.a(str5);
                    }
                    throw e;
                }
            }
        }
        StringBuilder sb3 = new StringBuilder("checkServerTrusted: cost : ");
        sb3.append(System.currentTimeMillis() - currentTimeMillis);
        sb3.append(" ms");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.f6448a.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e) {
            String str = b;
            new StringBuilder("getAcceptedIssuers exception : ").append(e.getMessage());
            com.huawei.secure.android.common.ssl.b.f.a(str);
            return new X509Certificate[0];
        }
    }
}
