package org.bouncycastle.jsse.provider;

import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreParameters;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
class n2 extends ud.j {

    /* renamed from: e, reason: collision with root package name */
    private static final Logger f14703e = Logger.getLogger(n2.class.getName());

    /* renamed from: f, reason: collision with root package name */
    private static final boolean f14704f = j1.a("com.sun.net.ssl.checkRevocation", false);

    /* renamed from: g, reason: collision with root package name */
    private static final Map f14705g = l();

    /* renamed from: a, reason: collision with root package name */
    private final sd.b f14706a;

    /* renamed from: b, reason: collision with root package name */
    private final Set f14707b;

    /* renamed from: c, reason: collision with root package name */
    private final PKIXBuilderParameters f14708c;

    /* renamed from: d, reason: collision with root package name */
    private final X509TrustManager f14709d;

    /* JADX INFO: Access modifiers changed from: package-private */
    public n2(sd.b bVar, PKIXParameters pKIXParameters) {
        this.f14706a = bVar;
        Set r10 = r(pKIXParameters.getTrustAnchors());
        this.f14707b = r10;
        if (r10.isEmpty()) {
            this.f14708c = null;
        } else if (pKIXParameters instanceof PKIXBuilderParameters) {
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) pKIXParameters.clone();
            this.f14708c = pKIXBuilderParameters;
            pKIXBuilderParameters.setTargetCertConstraints(null);
        } else {
            PKIXBuilderParameters pKIXBuilderParameters2 = new PKIXBuilderParameters(pKIXParameters.getTrustAnchors(), (CertSelector) null);
            this.f14708c = pKIXBuilderParameters2;
            pKIXBuilderParameters2.setAnyPolicyInhibited(pKIXParameters.isAnyPolicyInhibited());
            pKIXBuilderParameters2.setCertPathCheckers(pKIXParameters.getCertPathCheckers());
            pKIXBuilderParameters2.setCertStores(pKIXParameters.getCertStores());
            pKIXBuilderParameters2.setDate(pKIXParameters.getDate());
            pKIXBuilderParameters2.setExplicitPolicyRequired(pKIXParameters.isExplicitPolicyRequired());
            pKIXBuilderParameters2.setInitialPolicies(pKIXParameters.getInitialPolicies());
            pKIXBuilderParameters2.setPolicyMappingInhibited(pKIXParameters.isPolicyMappingInhibited());
            pKIXBuilderParameters2.setPolicyQualifiersRejected(pKIXParameters.getPolicyQualifiersRejected());
            pKIXBuilderParameters2.setRevocationEnabled(pKIXParameters.isRevocationEnabled());
            pKIXBuilderParameters2.setSigProvider(pKIXParameters.getSigProvider());
        }
        this.f14709d = x2.a(this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public n2(sd.b bVar, Set set) {
        this.f14706a = bVar;
        Set r10 = r(set);
        this.f14707b = r10;
        if (r10.isEmpty()) {
            this.f14708c = null;
        } else {
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) set, (CertSelector) null);
            this.f14708c = pKIXBuilderParameters;
            pKIXBuilderParameters.setRevocationEnabled(f14704f);
        }
        this.f14709d = x2.a(this);
    }

    private static void f(CertPathBuilder certPathBuilder, PKIXBuilderParameters pKIXBuilderParameters, X509Certificate[] x509CertificateArr, List list) {
        HashMap hashMap = new HashMap();
        int min = Math.min(x509CertificateArr.length, list.size());
        for (int i10 = 0; i10 < min; i10++) {
            byte[] bArr = (byte[]) list.get(i10);
            if (bArr != null && bArr.length > 0) {
                X509Certificate x509Certificate = x509CertificateArr[i10];
                if (!hashMap.containsKey(x509Certificate)) {
                    hashMap.put(x509Certificate, bArr);
                }
            }
        }
        if (hashMap.isEmpty()) {
            return;
        }
        try {
            i1.a(certPathBuilder, pKIXBuilderParameters, hashMap);
        } catch (RuntimeException e10) {
            f14703e.log(Level.FINE, "Failed to add status responses for revocation checking", (Throwable) e10);
        }
    }

    private X509Certificate[] g(X509Certificate[] x509CertificateArr, vd.a aVar, List list) {
        CertStore certStore;
        CertPathBuilder certPathBuilder;
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (this.f14707b.contains(x509Certificate)) {
            return new X509Certificate[]{x509Certificate};
        }
        Provider provider = this.f14706a.c("X.509").getProvider();
        CertStoreParameters m10 = m(x509Certificate, x509CertificateArr);
        try {
            certStore = CertStore.getInstance("Collection", m10, provider);
        } catch (GeneralSecurityException unused) {
            certStore = CertStore.getInstance("Collection", m10);
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        try {
            certPathBuilder = CertPathBuilder.getInstance("PKIX", provider);
        } catch (NoSuchAlgorithmException unused2) {
            certPathBuilder = CertPathBuilder.getInstance("PKIX");
        }
        PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) this.f14708c.clone();
        pKIXBuilderParameters.addCertPathChecker(new k1(this.f14706a, aVar));
        pKIXBuilderParameters.addCertStore(certStore);
        pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
        if (!list.isEmpty()) {
            f(certPathBuilder, pKIXBuilderParameters, x509CertificateArr, list);
        }
        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) certPathBuilder.build(pKIXBuilderParameters);
        return s(pKIXCertPathBuilderResult.getCertPath(), pKIXCertPathBuilderResult.getTrustAnchor());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void h(String str, X509Certificate x509Certificate, String str2) {
        boolean z10;
        String E = z.E(str);
        if (str2.equalsIgnoreCase("HTTPS")) {
            z10 = true;
        } else {
            if (!str2.equalsIgnoreCase("LDAP") && !str2.equalsIgnoreCase("LDAPS")) {
                throw new CertificateException("Unknown endpoint ID algorithm: " + str2);
            }
            z10 = false;
        }
        p.a(E, x509Certificate, z10);
    }

    private static void i(X509Certificate x509Certificate, String str, boolean z10, ud.b bVar) {
        ud.c t10;
        String peerHost = bVar.getPeerHost();
        if (z10 && (t10 = z.t(bVar.d())) != null) {
            String c10 = t10.c();
            if (!c10.equalsIgnoreCase(peerHost)) {
                try {
                    h(c10, x509Certificate, str);
                    return;
                } catch (CertificateException e10) {
                    f14703e.log(Level.FINE, "Server's endpoint ID did not match the SNI host_name: " + c10, (Throwable) e10);
                }
            }
        }
        h(peerHost, x509Certificate, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void j(X509Certificate[] x509CertificateArr, String str, v2 v2Var, boolean z10) {
        String f10;
        if (v2Var == null || (f10 = v2Var.f().f()) == null || f10.length() <= 0) {
            return;
        }
        ud.b e10 = v2Var.e();
        if (e10 == null) {
            throw new CertificateException("No handshake session");
        }
        i(x509CertificateArr[0], f10, z10, e10);
    }

    private void k(X509Certificate[] x509CertificateArr, String str, v2 v2Var, boolean z10) {
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("'chain' must be a chain of at least one certificate");
        }
        if (str == null || str.length() < 1) {
            throw new IllegalArgumentException("'authType' must be a non-null, non-empty string");
        }
        if (this.f14708c == null) {
            throw new CertificateException("Unable to build a CertPath: no PKIXBuilderParameters available");
        }
        j(t(x509CertificateArr, str, v2Var, z10), str, v2Var, z10);
    }

    private static Map l() {
        HashMap hashMap = new HashMap();
        hashMap.put("DHE_DSS", 0);
        hashMap.put("DHE_RSA", 0);
        hashMap.put("ECDHE_ECDSA", 0);
        hashMap.put("ECDHE_RSA", 0);
        hashMap.put("UNKNOWN", 0);
        hashMap.put("RSA", 2);
        hashMap.put("DH_DSS", 4);
        hashMap.put("DH_RSA", 4);
        hashMap.put("ECDH_ECDSA", 4);
        hashMap.put("ECDH_RSA", 4);
        return Collections.unmodifiableMap(hashMap);
    }

    private CertStoreParameters m(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) {
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        arrayList.add(x509Certificate);
        for (int i10 = 1; i10 < x509CertificateArr.length; i10++) {
            if (!this.f14707b.contains(x509CertificateArr[i10])) {
                arrayList.add(x509CertificateArr[i10]);
            }
        }
        return new CollectionCertStoreParameters(Collections.unmodifiableCollection(arrayList));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static fd.f o(boolean z10) {
        return z10 ? fd.f.f9544g : fd.f.f9545h;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int p(boolean z10, String str) {
        if (!z10) {
            return 0;
        }
        Integer num = (Integer) f14705g.get(str);
        if (num != null) {
            return num.intValue();
        }
        throw new CertificateException("Unsupported server authType: " + str);
    }

    private static X509Certificate q(TrustAnchor trustAnchor) {
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (trustedCert != null) {
            return trustedCert;
        }
        throw new CertificateException("No certificate for TrustAnchor");
    }

    private static Set r(Set set) {
        X509Certificate trustedCert;
        HashSet hashSet = new HashSet(set.size());
        Iterator it = set.iterator();
        while (it.hasNext()) {
            TrustAnchor trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor != null && (trustedCert = trustAnchor.getTrustedCert()) != null) {
                hashSet.add(trustedCert);
            }
        }
        return hashSet;
    }

    private static X509Certificate[] s(CertPath certPath, TrustAnchor trustAnchor) {
        List<? extends Certificate> certificates = certPath.getCertificates();
        int size = certificates.size() + 1;
        X509Certificate[] x509CertificateArr = new X509Certificate[size];
        certificates.toArray(x509CertificateArr);
        x509CertificateArr[size - 1] = q(trustAnchor);
        return x509CertificateArr;
    }

    private X509Certificate[] t(X509Certificate[] x509CertificateArr, String str, v2 v2Var, boolean z10) {
        try {
            vd.a c10 = v2.c(v2Var, false);
            X509Certificate[] g10 = g(x509CertificateArr, c10, v2.g(v2Var, z10));
            k1.b(this.f14706a, c10, g10, o(z10), p(z10, str));
            return g10;
        } catch (GeneralSecurityException e10) {
            throw new CertificateException("Unable to construct a valid chain", e10);
        }
    }

    @Override // ud.j
    public void b(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        k(x509CertificateArr, str, v2.a(socket), false);
    }

    @Override // ud.j
    public void c(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        k(x509CertificateArr, str, v2.b(sSLEngine), false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        k(x509CertificateArr, str, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        k(x509CertificateArr, str, null, true);
    }

    @Override // ud.j
    public void d(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        k(x509CertificateArr, str, v2.a(socket), true);
    }

    @Override // ud.j
    public void e(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        k(x509CertificateArr, str, v2.b(sSLEngine), true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Set set = this.f14707b;
        return (X509Certificate[]) set.toArray(new X509Certificate[set.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManager n() {
        return this.f14709d;
    }
}
