package com.whty.wicity.core.net.http.ssl;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class IndexedPKIXParameters extends PKIXParameters {
    final Map<X500Principal, List<TrustAnchor>> byCA;
    final Map<X500Principal, TrustAnchor> bySubject;
    final Map<Bytes, TrustAnchor> encodings;

    /* loaded from: classes.dex */
    static class Bytes {
        final byte[] bytes;
        final int hash;

        Bytes(byte[] bArr) {
            this.bytes = bArr;
            this.hash = Arrays.hashCode(bArr);
        }

        public boolean equals(Object obj) {
            return Arrays.equals(this.bytes, ((Bytes) obj).bytes);
        }

        public int hashCode() {
            return this.hash;
        }
    }

    public IndexedPKIXParameters(Set<TrustAnchor> set) throws KeyStoreException, InvalidAlgorithmParameterException, CertificateEncodingException {
        super(set);
        this.encodings = new HashMap();
        this.bySubject = new HashMap();
        this.byCA = new HashMap();
        for (TrustAnchor trustAnchor : set) {
            X509Certificate trustedCert = trustAnchor.getTrustedCert();
            this.encodings.put(new Bytes(trustedCert.getEncoded()), trustAnchor);
            X500Principal subjectX500Principal = trustedCert.getSubjectX500Principal();
            if (this.bySubject.put(subjectX500Principal, trustAnchor) != null) {
                throw new KeyStoreException("Two certs have the same subject: " + subjectX500Principal);
            }
            X500Principal ca = trustAnchor.getCA();
            List<TrustAnchor> list = this.byCA.get(ca);
            if (list == null) {
                list = new ArrayList<>();
                this.byCA.put(ca, list);
            }
            list.add(trustAnchor);
        }
    }

    public TrustAnchor findTrustAnchor(X509Certificate x509Certificate) throws CertPathValidatorException {
        Exception exc = null;
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        List<TrustAnchor> list = this.byCA.get(issuerX500Principal);
        if (list != null) {
            for (TrustAnchor trustAnchor : list) {
                try {
                    x509Certificate.verify(trustAnchor.getCAPublicKey());
                    return trustAnchor;
                } catch (Exception e) {
                    exc = e;
                }
            }
        }
        TrustAnchor trustAnchor2 = this.bySubject.get(issuerX500Principal);
        if (trustAnchor2 != null) {
            try {
                x509Certificate.verify(trustAnchor2.getTrustedCert().getPublicKey());
                return trustAnchor2;
            } catch (Exception e2) {
                exc = e2;
            }
        }
        try {
            TrustAnchor trustAnchor3 = this.encodings.get(new Bytes(x509Certificate.getEncoded()));
            if (trustAnchor3 != null) {
                return trustAnchor3;
            }
        } catch (Exception e3) {
            Logger.getLogger(IndexedPKIXParameters.class.getName()).log(Level.WARNING, "Error encoding cert.", (Throwable) e3);
        }
        if (exc != null) {
            throw new CertPathValidatorException("TrustAnchor found but certificate verification failed.", exc);
        }
        return null;
    }

    public boolean isDirectlyTrusted(X509Certificate x509Certificate) {
        try {
            return this.encodings.containsKey(new Bytes(x509Certificate.getEncoded()));
        } catch (Exception e) {
            Logger.getLogger(IndexedPKIXParameters.class.getName()).log(Level.WARNING, "Error encoding cert.", (Throwable) e);
            return false;
        }
    }
}
