package sq;

import android.content.Context;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class d implements X509TrustManager {

    /* renamed from: b, reason: collision with root package name */
    public static final String f39946b = d.class.getSimpleName();

    /* renamed from: a, reason: collision with root package name */
    public List<X509TrustManager> f39947a = new ArrayList();

    public d(Context context) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, IllegalArgumentException {
        if (context == null) {
            throw new IllegalArgumentException("context is null");
        }
        h.a.a(context);
        boolean z10 = false;
        String str = f39946b;
        uq.d.e(str, "loadBksCA");
        System.currentTimeMillis();
        InputStream j10 = uq.a.j(context);
        if (j10 != null) {
            try {
                uq.d.e(str, "get bks not from assets");
                a(j10);
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
                String str2 = f39946b;
                StringBuilder a10 = e.c.a("loadBksCA: exception : ");
                a10.append(e10.getMessage());
                uq.d.d(str2, a10.toString());
            }
        }
        z10 = true;
        if (!z10 || j10 == null) {
            uq.d.e(f39946b, " get bks from assets ");
            a(context.getAssets().open("hmsrootcas.bks"));
        }
        System.currentTimeMillis();
        if (this.f39947a.isEmpty()) {
            throw new CertificateException("X509TrustManager is empty");
        }
    }

    public d(InputStream inputStream, String str) throws IllegalArgumentException {
        if (inputStream == null) {
            throw new IllegalArgumentException("inputstream or trustPwd is null");
        }
        System.currentTimeMillis();
        try {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                KeyStore keyStore = KeyStore.getInstance("bks");
                keyStore.load(inputStream, str.toCharArray());
                trustManagerFactory.init(keyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                for (int i10 = 0; i10 < trustManagers.length; i10++) {
                    if (trustManagers[i10] instanceof X509TrustManager) {
                        this.f39947a.add((X509TrustManager) trustManagers[i10]);
                    }
                }
                uq.c.a(inputStream);
            } finally {
                uq.c.a(inputStream);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            uq.d.d(f39946b, "loadInputStream: exception : " + e10.getMessage());
        }
        System.currentTimeMillis();
    }

    public final void a(InputStream inputStream) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            KeyStore keyStore = KeyStore.getInstance("bks");
            keyStore.load(inputStream, "".toCharArray());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i10 = 0; i10 < trustManagers.length; i10++) {
                if (trustManagers[i10] instanceof X509TrustManager) {
                    this.f39947a.add((X509TrustManager) trustManagers[i10]);
                }
            }
        } finally {
            uq.c.a(inputStream);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        uq.d.e(f39946b, "checkClientTrusted: ");
        Iterator<X509TrustManager> it2 = this.f39947a.iterator();
        while (it2.hasNext()) {
            try {
                it2.next().checkServerTrusted(x509CertificateArr, str);
                return;
            } catch (CertificateException e10) {
                String str2 = f39946b;
                StringBuilder a10 = e.c.a("checkServerTrusted CertificateException");
                a10.append(e10.getMessage());
                uq.d.d(str2, a10.toString());
            }
        }
        throw new CertificateException("checkServerTrusted CertificateException");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String str2 = f39946b;
        StringBuilder a10 = e.c.a("checkServerTrusted begin ,server ca chain size is : ");
        a10.append(x509CertificateArr.length);
        a10.append(" ,auth type is : ");
        a10.append(str);
        uq.d.e(str2, a10.toString());
        System.currentTimeMillis();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            Objects.toString(x509Certificate.getSubjectDN());
            Objects.toString(x509Certificate.getIssuerDN());
            Objects.toString(x509Certificate.getSerialNumber());
        }
        int size = this.f39947a.size();
        for (int i10 = 0; i10 < size; i10++) {
            try {
                String str3 = f39946b;
                uq.d.e(str3, "check server i : " + i10);
                X509TrustManager x509TrustManager = this.f39947a.get(i10);
                X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
                if (acceptedIssuers != null) {
                    uq.d.e(str3, "client root ca size is : " + acceptedIssuers.length);
                    for (int i11 = 0; i11 < acceptedIssuers.length; i11++) {
                        Objects.toString(acceptedIssuers[i11].getIssuerDN());
                    }
                }
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                uq.d.e(f39946b, "checkServerTrusted succeed ,root ca issuer is : " + x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                return;
            } catch (CertificateException e10) {
                String str4 = f39946b;
                StringBuilder a11 = e.c.a("checkServerTrusted error :");
                a11.append(e10.getMessage());
                a11.append(" , time : ");
                a11.append(i10);
                uq.d.d(str4, a11.toString());
                if (i10 == size - 1) {
                    if (x509CertificateArr.length > 0) {
                        StringBuilder a12 = e.c.a("root ca issuer : ");
                        a12.append(x509CertificateArr[x509CertificateArr.length - 1].getIssuerDN());
                        uq.d.d(str4, a12.toString());
                    }
                    throw e10;
                }
            }
        }
        System.currentTimeMillis();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Iterator<X509TrustManager> it2 = this.f39947a.iterator();
            while (it2.hasNext()) {
                arrayList.addAll(Arrays.asList(it2.next().getAcceptedIssuers()));
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (Exception e10) {
            String str = f39946b;
            StringBuilder a10 = e.c.a("getAcceptedIssuers exception : ");
            a10.append(e10.getMessage());
            uq.d.d(str, a10.toString());
            return new X509Certificate[0];
        }
    }
}
