package by.avest.crypto.conscrypt.android;

import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

@Deprecated
/* loaded from: classes.dex */
public class DefKeyStoreTrustManager implements X509TrustManager {
    private static final String ALGORITHM_VALIDATOR = "PKIX";
    private static final String TYPE_CERTIFICATE = "X509";
    private Exception err;
    private CertificateFactory factory;
    private PKIXParameters params;
    private CertPathValidator validator;

    public DefKeyStoreTrustManager(KeyStore keyStore) {
        this.err = null;
        try {
            this.validator = CertPathValidator.getInstance(ALGORITHM_VALIDATOR);
            this.factory = CertificateFactory.getInstance(TYPE_CERTIFICATE);
            PKIXParameters pKIXParameters = new PKIXParameters(initTrustedAnchors(keyStore));
            this.params = pKIXParameters;
            pKIXParameters.setRevocationEnabled(false);
        } catch (Exception e) {
            this.err = e;
        }
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.err != null) {
            throw new CertificateException(this.err);
        }
        try {
            this.validator.validate(this.factory.generateCertPath(Arrays.asList(x509CertificateArr)), this.params);
        } catch (InvalidAlgorithmParameterException | CertPathValidatorException e) {
            throw new CertificateException(e);
        }
    }

    private Set<TrustAnchor> initTrustedAnchors(KeyStore keyStore) throws KeyStoreException {
        HashSet hashSet = new HashSet();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
            if (x509Certificate != null) {
                hashSet.add(new TrustAnchor(x509Certificate, null));
            }
        }
        return hashSet;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        PKIXParameters pKIXParameters = this.params;
        if (pKIXParameters == null || pKIXParameters.getTrustAnchors() == null) {
            return new X509Certificate[0];
        }
        Set<TrustAnchor> trustAnchors = this.params.getTrustAnchors();
        ArrayList arrayList = new ArrayList(trustAnchors.size());
        Iterator<TrustAnchor> it = trustAnchors.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getTrustedCert());
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }
}
