package o.b.a.h.n0;

import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.concurrent.atomic.AtomicLong;

/* compiled from: CertificateValidator.java */
/* loaded from: classes3.dex */
public class c {

    /* renamed from: g, reason: collision with root package name */
    private static final o.b.a.h.k0.e f22004g = o.b.a.h.k0.d.f(c.class);

    /* renamed from: h, reason: collision with root package name */
    private static AtomicLong f22005h = new AtomicLong();

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f22006a;

    /* renamed from: b, reason: collision with root package name */
    private Collection<? extends CRL> f22007b;

    /* renamed from: c, reason: collision with root package name */
    private int f22008c = -1;

    /* renamed from: d, reason: collision with root package name */
    private boolean f22009d = false;

    /* renamed from: e, reason: collision with root package name */
    private boolean f22010e = false;

    /* renamed from: f, reason: collision with root package name */
    private String f22011f;

    public c(KeyStore keyStore, Collection<? extends CRL> collection) {
        if (keyStore == null) {
            throw new InvalidParameterException("TrustStore must be specified for CertificateValidator.");
        }
        this.f22006a = keyStore;
        this.f22007b = collection;
    }

    public Collection<? extends CRL> a() {
        return this.f22007b;
    }

    public int b() {
        return this.f22008c;
    }

    public String c() {
        return this.f22011f;
    }

    public KeyStore d() {
        return this.f22006a;
    }

    public boolean e() {
        return this.f22009d;
    }

    public boolean f() {
        return this.f22010e;
    }

    public void g(boolean z) {
        this.f22009d = z;
    }

    public void h(boolean z) {
        this.f22010e = z;
    }

    public void i(int i2) {
        this.f22008c = i2;
    }

    public void j(String str) {
        this.f22011f = str;
    }

    public String k(KeyStore keyStore, String str) throws CertificateException {
        if (str == null) {
            return null;
        }
        try {
            m(keyStore, keyStore.getCertificate(str));
            return str;
        } catch (KeyStoreException e2) {
            f22004g.e(e2);
            throw new CertificateException("Unable to validate certificate for alias [" + str + "]: " + e2.getMessage(), e2);
        }
    }

    public void l(KeyStore keyStore) throws CertificateException {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                k(keyStore, aliases.nextElement());
            }
        } catch (KeyStoreException e2) {
            throw new CertificateException("Unable to retrieve aliases from keystore", e2);
        }
    }

    public void m(KeyStore keyStore, Certificate certificate) throws CertificateException {
        String str;
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return;
        }
        ((X509Certificate) certificate).checkValidity();
        try {
            if (keyStore == null) {
                throw new InvalidParameterException("Keystore cannot be null");
            }
            String certificateAlias = keyStore.getCertificateAlias((X509Certificate) certificate);
            if (certificateAlias == null) {
                certificateAlias = "JETTY" + String.format("%016X", Long.valueOf(f22005h.incrementAndGet()));
                keyStore.setCertificateEntry(certificateAlias, certificate);
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(certificateAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
            n(certificateChain);
        } catch (KeyStoreException e2) {
            f22004g.e(e2);
            StringBuilder sb = new StringBuilder();
            sb.append("Unable to validate certificate");
            if (0 == 0) {
                str = "";
            } else {
                str = " for alias [" + ((String) null) + "]";
            }
            sb.append(str);
            sb.append(": ");
            sb.append(e2.getMessage());
            throw new CertificateException(sb.toString(), e2);
        }
    }

    public void n(Certificate[] certificateArr) throws CertificateException {
        try {
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateArr) {
                if (certificate != null) {
                    if (!(certificate instanceof X509Certificate)) {
                        throw new IllegalStateException("Invalid certificate type in chain");
                    }
                    arrayList.add((X509Certificate) certificate);
                }
            }
            if (arrayList.isEmpty()) {
                throw new IllegalStateException("Invalid certificate chain");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) arrayList.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.f22006a, x509CertSelector);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList)));
            pKIXBuilderParameters.setMaxPathLength(this.f22008c);
            pKIXBuilderParameters.setRevocationEnabled(true);
            Collection<? extends CRL> collection = this.f22007b;
            if (collection != null && !collection.isEmpty()) {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(this.f22007b)));
            }
            if (this.f22010e) {
                Security.setProperty("ocsp.enable", "true");
            }
            if (this.f22009d) {
                System.setProperty("com.sun.security.enableCRLDP", "true");
            }
            CertPathValidator.getInstance("PKIX").validate(CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters).getCertPath(), pKIXBuilderParameters);
        } catch (GeneralSecurityException e2) {
            f22004g.e(e2);
            throw new CertificateException("Unable to validate certificate: " + e2.getMessage(), e2);
        }
    }
}
