package org.spongycastle.jsse.provider;

import b.b.b.a.a;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.CertPathParameters;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class ProvTrustManagerFactorySpi extends TrustManagerFactorySpi {
    public static final String CACERTS_PATH;
    public static final String JSSECACERTS_PATH;
    public static final boolean hasExtendedTrustManager;
    public final Provider pkixProvider;
    public X509TrustManager trustManager;

    static {
        Class cls;
        try {
            cls = JsseUtils.loadClass(ProvTrustManagerFactorySpi.class, "javax.net.ssl.X509ExtendedTrustManager");
        } catch (Exception unused) {
            cls = null;
        }
        hasExtendedTrustManager = cls != null;
        String systemProperty = PropertyUtils.getSystemProperty("java.home");
        StringBuilder b0 = a.b0(systemProperty);
        b0.append("/lib/security/cacerts".replace('/', File.separatorChar));
        CACERTS_PATH = b0.toString();
        StringBuilder b02 = a.b0(systemProperty);
        b02.append("/lib/security/jssecacerts".replace('/', File.separatorChar));
        JSSECACERTS_PATH = b02.toString();
    }

    public ProvTrustManagerFactorySpi(Provider provider) {
        this.pkixProvider = provider;
    }

    private KeyStore createTrustStore() {
        String trustStoreType = getTrustStoreType();
        String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStoreProvider");
        return (systemProperty == null || systemProperty.length() < 1) ? KeyStore.getInstance(trustStoreType) : KeyStore.getInstance(trustStoreType, systemProperty);
    }

    private Set<TrustAnchor> getTrustAnchors(KeyStore keyStore) {
        HashSet hashSet = new HashSet(keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
        }
        return hashSet;
    }

    private String getTrustStoreType() {
        String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStoreType");
        return systemProperty == null ? KeyStore.getDefaultType() : systemProperty;
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public TrustManager[] engineGetTrustManagers() {
        return new TrustManager[]{this.trustManager};
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public void engineInit(KeyStore keyStore) {
        char[] cArr;
        if (keyStore == null) {
            try {
                keyStore = createTrustStore();
                String systemProperty = PropertyUtils.getSystemProperty("javax.net.ssl.trustStore");
                if (systemProperty != null) {
                    if (new File(systemProperty).exists()) {
                        String systemProperty2 = PropertyUtils.getSystemProperty("javax.net.ssl.trustStorePassword");
                        if (systemProperty2 != null) {
                            cArr = systemProperty2.toCharArray();
                        }
                        cArr = null;
                    }
                    systemProperty = null;
                    cArr = null;
                } else {
                    String str = JSSECACERTS_PATH;
                    if (!new File(str).exists()) {
                        str = CACERTS_PATH;
                        if (new File(str).exists()) {
                        }
                        systemProperty = null;
                        cArr = null;
                    }
                    systemProperty = str;
                    cArr = null;
                }
                if (systemProperty == null) {
                    keyStore.load(null, null);
                } else {
                    BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(systemProperty));
                    keyStore.load(bufferedInputStream, cArr);
                    bufferedInputStream.close();
                }
            } catch (Exception e2) {
                throw new KeyStoreException("initialization failed", e2);
            }
        }
        Set<TrustAnchor> trustAnchors = getTrustAnchors(keyStore);
        if (hasExtendedTrustManager) {
            this.trustManager = new ProvX509ExtendedTrustManager(new ProvX509TrustManager(this.pkixProvider, trustAnchors));
        } else {
            this.trustManager = new ProvX509TrustManager(this.pkixProvider, trustAnchors);
        }
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    public void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        if (!(managerFactoryParameters instanceof CertPathTrustManagerParameters)) {
            if (managerFactoryParameters == null) {
                throw new InvalidAlgorithmParameterException("spec cannot be null");
            }
            StringBuilder b0 = a.b0("unknown spec: ");
            b0.append(managerFactoryParameters.getClass().getName());
            throw new InvalidAlgorithmParameterException(b0.toString());
        }
        try {
            CertPathParameters parameters = ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
            if (!(parameters instanceof PKIXParameters)) {
                throw new InvalidAlgorithmParameterException("parameters must inherit from PKIXParameters");
            }
            PKIXParameters pKIXParameters = (PKIXParameters) parameters;
            if (hasExtendedTrustManager) {
                this.trustManager = new ProvX509ExtendedTrustManager(new ProvX509TrustManager(this.pkixProvider, pKIXParameters));
            } else {
                this.trustManager = new ProvX509TrustManager(this.pkixProvider, pKIXParameters);
            }
        } catch (GeneralSecurityException e2) {
            throw new InvalidAlgorithmParameterException(a.L(e2, a.b0("unable to process parameters: ")), e2);
        }
    }
}
