package com.blackberry.security.trustmgr;

import android.util.Log;
import com.blackberry.security.trustmgr.PeerIdentity;
import com.blackberry.security.trustmgr.jca.BBTrustManagerUtil;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes2.dex */
public class PkixProfile implements Profile {
    private static final String ANDROID_CA_STORE = "AndroidCAStore";
    private static final String LOG_TAG = "certmgr:trustmgr:" + PkixProfile.class.getSimpleName();
    private Date mDate;
    private KeyStore mIntermediateStore;
    private PeerIdentity mPeerName;
    private KeyStore mTrustStore;
    private CertificateUsageType mUsageType = CertificateUsageType.ANY;
    private final Set<Certificate> mCerts = new HashSet();

    private PeerIdentity createPeerIdentity(X509Certificate x509Certificate) {
        PeerIdentity peerIdentity;
        PeerIdentity peerIdentity2 = null;
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return null;
            }
            Iterator<List<?>> it = subjectAlternativeNames.iterator();
            do {
                try {
                    peerIdentity = peerIdentity2;
                    if (!it.hasNext()) {
                        return peerIdentity;
                    }
                    List<?> next = it.next();
                    if (next != null && next.size() >= 2) {
                        Integer num = (Integer) next.get(0);
                        Object obj = next.get(1);
                        if (num != null && obj != null && (obj instanceof String)) {
                            switch (num.intValue()) {
                                case 0:
                                case 1:
                                    peerIdentity2 = new PeerIdentity(PeerIdentity.Type.EMAIL_ADDRESS, (String) obj);
                                    break;
                                case 2:
                                case 6:
                                    peerIdentity2 = new PeerIdentity(PeerIdentity.Type.DNS, (String) obj);
                                    break;
                            }
                        }
                    }
                    peerIdentity2 = peerIdentity;
                } catch (CertificateParsingException e) {
                    e = e;
                    peerIdentity2 = peerIdentity;
                    Log.e(LOG_TAG, "[createPeerIdentity] Failed to parse input certificate " + e.getMessage());
                    return peerIdentity2;
                }
            } while (peerIdentity2 == null);
            return peerIdentity2;
        } catch (CertificateParsingException e2) {
            e = e2;
        }
    }

    public void addIntermediateCertificates(Set<Certificate> set) {
        this.mCerts.addAll(set);
    }

    public CertificateUsageType getCertificateUsageType() {
        return this.mUsageType;
    }

    public KeyStore getDefaultTrustStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_CA_STORE);
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new CertificateException("Failed to initialize trust store: AndroidCAStore", e);
        }
    }

    public Set<Certificate> getIntermediateCertificates() {
        return this.mCerts;
    }

    public KeyStore getIntermediateStore() {
        return this.mIntermediateStore;
    }

    public PeerIdentity getPeerIdentity() {
        return this.mPeerName;
    }

    public Date getReferenceDate() {
        return this.mDate;
    }

    public KeyStore getTrustStore() {
        return this.mTrustStore;
    }

    @Override // com.blackberry.security.trustmgr.Profile
    public Class<? extends Profile> getType() {
        return PkixProfile.class;
    }

    public Certificate processCertificateChain(Set<Certificate> set) {
        if (set == null || set.isEmpty()) {
            throw new IllegalArgumentException("Input parameter cannot be null");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[set.size()];
        HashSet hashSet = new HashSet();
        int i = 0;
        for (Certificate certificate : set) {
            if (!(certificate instanceof X509Certificate)) {
                throw new CertificateException("Unsupported certificate type: " + certificate.getType());
            }
            x509CertificateArr[i] = (X509Certificate) certificate;
            hashSet.add(certificate);
            i++;
        }
        X509Certificate[] orderCertificateChain = BBTrustManagerUtil.orderCertificateChain(x509CertificateArr);
        setPeerIdentity(createPeerIdentity(orderCertificateChain[0]));
        hashSet.remove(createPeerIdentity(orderCertificateChain[0]));
        addIntermediateCertificates(hashSet);
        return orderCertificateChain[0];
    }

    public void setCertificateUsageType(CertificateUsageType certificateUsageType) {
        if (certificateUsageType == null) {
            certificateUsageType = CertificateUsageType.ANY;
        }
        this.mUsageType = certificateUsageType;
    }

    public void setIntermediateStore(KeyStore keyStore) {
        this.mIntermediateStore = keyStore;
    }

    public void setPeerIdentity(PeerIdentity peerIdentity) {
        this.mPeerName = peerIdentity;
    }

    public void setReferenceDate(Date date) {
        this.mDate = date;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.mTrustStore = keyStore;
    }
}
