package com.huawei.agconnect.credential.obs;

import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class au implements X509TrustManager {

    /* renamed from: b, reason: collision with root package name */
    private static final String f17934b = "au";

    /* renamed from: a, reason: collision with root package name */
    public List<X509TrustManager> f17935a;

    /* renamed from: c, reason: collision with root package name */
    private X509Certificate[] f17936c;

    public au(Context context) {
        this(context, false);
    }

    public au(Context context, boolean z8) {
        this.f17935a = new ArrayList();
        if (context == null) {
            throw new IllegalArgumentException(com.anythink.expressad.foundation.f.b.b.f10111a);
        }
        ax.a(context);
        if (z8) {
            a();
        }
        a(context);
        if (this.f17935a.isEmpty()) {
            throw new CertificateException("X509TrustManager is empty");
        }
    }

    public au(InputStream inputStream, String str) {
        this.f17935a = new ArrayList();
        a(inputStream, str);
    }

    private void a() {
        ba.b(f17934b, "loadSystemCA");
        long currentTimeMillis = System.currentTimeMillis();
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i8 = 0; i8 < trustManagers.length; i8++) {
                if (trustManagers[i8] instanceof X509TrustManager) {
                    this.f17935a.add((X509TrustManager) trustManagers[i8]);
                }
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e8) {
            String str = f17934b;
            StringBuilder b5 = androidx.activity.c.b("loadSystemCA: exception : ");
            b5.append(e8.getMessage());
            ba.d(str, b5.toString());
        }
        String str2 = f17934b;
        StringBuilder b9 = androidx.activity.c.b("loadSystemCA: cost : ");
        b9.append(System.currentTimeMillis() - currentTimeMillis);
        b9.append(" ms");
        ba.a(str2, b9.toString());
    }

    private void a(Context context) {
        boolean z8;
        String str = f17934b;
        ba.b(str, "loadBksCA");
        long currentTimeMillis = System.currentTimeMillis();
        InputStream b5 = av.b(context);
        if (b5 != null) {
            try {
                ba.b(str, "get bks not from assets");
                a(b5);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e8) {
                String str2 = f17934b;
                StringBuilder b9 = androidx.activity.c.b("loadBksCA: exception : ");
                b9.append(e8.getMessage());
                ba.d(str2, b9.toString());
                z8 = false;
            }
        }
        z8 = true;
        if (!z8 || b5 == null) {
            ba.b(f17934b, " get bks from assets ");
            a(context.getAssets().open("hmsrootcas.bks"));
        }
        String str3 = f17934b;
        StringBuilder b10 = androidx.activity.c.b("loadBksCA: cost : ");
        b10.append(System.currentTimeMillis() - currentTimeMillis);
        b10.append(" ms");
        ba.a(str3, b10.toString());
    }

    private void a(InputStream inputStream) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            KeyStore keyStore = KeyStore.getInstance("bks");
            keyStore.load(inputStream, "".toCharArray());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i8 = 0; i8 < trustManagers.length; i8++) {
                if (trustManagers[i8] instanceof X509TrustManager) {
                    this.f17935a.add((X509TrustManager) trustManagers[i8]);
                }
            }
        } finally {
            az.a(inputStream);
        }
    }

    private void a(InputStream inputStream, String str) {
        if (inputStream == null || str == null) {
            throw new IllegalArgumentException("inputstream or trustPwd is null");
        }
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                KeyStore keyStore = KeyStore.getInstance("bks");
                keyStore.load(inputStream, str.toCharArray());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i8 = 0; i8 < trustManagers.length; i8++) {
                    if (trustManagers[i8] instanceof X509TrustManager) {
                        this.f17935a.add((X509TrustManager) trustManagers[i8]);
                    }
                }
            } catch (Throwable th) {
                az.a(inputStream);
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e8) {
            ba.d(f17934b, "loadInputStream: exception : " + e8.getMessage());
        }
        az.a(inputStream);
        String str2 = f17934b;
        StringBuilder b5 = androidx.activity.c.b("loadInputStream: cost : ");
        b5.append(System.currentTimeMillis() - currentTimeMillis);
        b5.append(" ms");
        ba.a(str2, b5.toString());
    }

    public void a(X509Certificate[] x509CertificateArr) {
        this.f17936c = x509CertificateArr;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        ba.b(f17934b, "checkClientTrusted: ");
        Iterator<X509TrustManager> it = this.f17935a.iterator();
        while (it.hasNext()) {
            try {
                it.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e8) {
                String str2 = f17934b;
                StringBuilder b5 = androidx.activity.c.b("checkServerTrusted CertificateException");
                b5.append(e8.getMessage());
                ba.d(str2, b5.toString());
            }
        }
        throw new CertificateException("checkServerTrusted CertificateException");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(x509CertificateArr);
        String str2 = f17934b;
        StringBuilder b5 = androidx.activity.c.b("checkServerTrusted begin ,server ca chain size is : ");
        b5.append(x509CertificateArr.length);
        b5.append(" ,auth type is : ");
        b5.append(str);
        ba.b(str2, b5.toString());
        long currentTimeMillis = System.currentTimeMillis();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            String str3 = f17934b;
            StringBuilder b9 = androidx.activity.c.b("server ca chain: getSubjectDN is :");
            b9.append(x509Certificate.getSubjectDN());
            ba.a(str3, b9.toString());
            ba.a(str3, "IssuerDN :" + x509Certificate.getIssuerDN());
            ba.a(str3, "SerialNumber : " + x509Certificate.getSerialNumber());
        }
        int size = this.f17935a.size();
        for (int i8 = 0; i8 < size; i8++) {
            try {
                String str4 = f17934b;
                ba.b(str4, "check server i : " + i8);
                X509TrustManager x509TrustManager = this.f17935a.get(i8);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    ba.b(str4, "client root ca size is : " + acceptedIssuers.length);
                    for (X509Certificate x509Certificate2 : acceptedIssuers) {
                        ba.a(f17934b, "client root ca getIssuerDN :" + x509Certificate2.getIssuerDN());
                    }
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                ba.b(f17934b, "checkServerTrusted succeed ,root ca issuer is : " + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                return;
            } catch (CertificateException e8) {
                String str5 = f17934b;
                StringBuilder b10 = androidx.activity.c.b("checkServerTrusted error :");
                b10.append(e8.getMessage());
                b10.append(" , time : ");
                b10.append(i8);
                ba.d(str5, b10.toString());
                if (i8 == size - 1) {
                    if (x509CertificateArr.length > 0) {
                        StringBuilder b11 = androidx.activity.c.b("root ca issuer : ");
                        b11.append(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                        ba.d(str5, b11.toString());
                    }
                    throw e8;
                }
            }
        }
        String str6 = f17934b;
        StringBuilder b12 = androidx.activity.c.b("checkServerTrusted: cost : ");
        b12.append(System.currentTimeMillis() - currentTimeMillis);
        b12.append(" ms");
        ba.a(str6, b12.toString());
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it = this.f17935a.iterator();
            while (it.hasNext()) {
                arrayList.addAll(Arrays.asList(it.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e8) {
            String str = f17934b;
            StringBuilder b5 = androidx.activity.c.b("getAcceptedIssuers exception : ");
            b5.append(e8.getMessage());
            ba.d(str, b5.toString());
            return new X509Certificate[0];
        }
    }
}
