package com.symantec.ncpv2.jwsverifier;

import com.symantec.mobilesecurity.o.vbm;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Security;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.o;
import org.jetbrains.annotations.NotNull;
import org.spongycastle.jce.provider.BouncyCastleProvider;

@Metadata(d1 = {"\u0000.\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\"\u0010\u000f\u001a\u00020\u00102\f\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\n0\u00122\f\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\n0\tR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0017\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\t8F¢\u0006\u0006\u001a\u0004\b\u000b\u0010\fR\u0016\u0010\r\u001a\n \u000e*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0014"}, d2 = {"Lcom/symantec/ncpv2/jwsverifier/LocalKeyStore;", "", "()V", "ANDROID_CERT_STORE", "", "DigisignPrincipalGlobalRoot", "DigisignPrincipalIDRoot", "VerisignPrincipalName", "rootCerts", "", "Ljava/security/cert/X509Certificate;", "getRootCerts", "()Ljava/util/Set;", "tag", "kotlin.jvm.PlatformType", "verifyCertsChaining", "Ljava/security/cert/PKIXCertPathBuilderResult;", "ourCerts", "Ljava/util/ArrayList;", "trustedRootCerts", BuildConfig.LIBRARY_PACKAGE_NAME}, k = 1, mv = {1, 8, 0}, xi = 48)
/* loaded from: classes6.dex */
public final class LocalKeyStore {

    @NotNull
    private static final String ANDROID_CERT_STORE = "AndroidCAStore";

    @NotNull
    private static final String DigisignPrincipalGlobalRoot = "CN=DigiCert Global Root CA";

    @NotNull
    private static final String DigisignPrincipalIDRoot = "CN=DigiCert Assured ID Root";

    @NotNull
    private static final String VerisignPrincipalName = "CN=VeriSign Class 3 Public Primary Certification Authority";

    @NotNull
    public static final LocalKeyStore INSTANCE = new LocalKeyStore();
    private static final String tag = LocalKeyStore.class.getSimpleName();

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private LocalKeyStore() {
    }

    @NotNull
    public final Set<X509Certificate> getRootCerts() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException {
        X509Certificate x509Certificate;
        boolean N;
        boolean N2;
        boolean N3;
        HashSet hashSet = new HashSet();
        KeyStore keyStore = KeyStore.getInstance(ANDROID_CERT_STORE);
        Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(ANDROID_CERT_STORE)");
        keyStore.load(null, null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            try {
                String nextElement = aliases.nextElement();
                Intrinsics.h(nextElement, "null cannot be cast to non-null type kotlin.String");
                Certificate certificate = keyStore.getCertificate(nextElement);
                Intrinsics.h(certificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                x509Certificate = (X509Certificate) certificate;
                String name = x509Certificate.getSubjectDN().getName();
                Intrinsics.checkNotNullExpressionValue(name, "cert.subjectDN.name");
                N = o.N(name, VerisignPrincipalName, 0, false, 4, null);
            } catch (Exception e) {
                vbm.e(tag, e.getMessage());
            }
            if (!N) {
                String name2 = x509Certificate.getSubjectDN().getName();
                Intrinsics.checkNotNullExpressionValue(name2, "cert.subjectDN.name");
                N2 = o.N(name2, DigisignPrincipalIDRoot, 0, false, 4, null);
                if (!N2) {
                    String name3 = x509Certificate.getSubjectDN().getName();
                    Intrinsics.checkNotNullExpressionValue(name3, "cert.subjectDN.name");
                    N3 = o.N(name3, DigisignPrincipalGlobalRoot, 0, false, 4, null);
                    if (N3) {
                    }
                }
            }
            hashSet.add(x509Certificate);
        }
        return hashSet;
    }

    @NotNull
    public final PKIXCertPathBuilderResult verifyCertsChaining(@NotNull ArrayList<X509Certificate> ourCerts, @NotNull Set<? extends X509Certificate> trustedRootCerts) throws GeneralSecurityException {
        Intrinsics.checkNotNullParameter(ourCerts, "ourCerts");
        Intrinsics.checkNotNullParameter(trustedRootCerts, "trustedRootCerts");
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(ourCerts.get(0));
        HashSet hashSet = new HashSet();
        Iterator<? extends X509Certificate> it = trustedRootCerts.iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor(it.next(), null));
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.setDate(ourCerts.get(0).getNotAfter());
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(ourCerts), "BC"));
        CertPathBuilderResult build = CertPathBuilder.getInstance("PKIX", "BC").build(pKIXBuilderParameters);
        Intrinsics.h(build, "null cannot be cast to non-null type java.security.cert.PKIXCertPathBuilderResult");
        return (PKIXCertPathBuilderResult) build;
    }
}
