package com.ca.mas.core.c.a;

import com.ca.mas.core.cert.PublicKeyHash;
import com.ca.mas.foundation.ad;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class b implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final Collection<X509TrustManager> f3017a;

    /* renamed from: b, reason: collision with root package name */
    private final Collection<X509TrustManager> f3018b;
    private final ad c;

    public b(ad adVar) {
        this.f3017a = adVar.b() ? a() : null;
        this.f3018b = a(adVar.c());
        this.c = adVar;
    }

    private static Collection<X509TrustManager> a() {
        Collection<X509TrustManager> a2 = a((KeyStore) null);
        if (a2.isEmpty()) {
            throw new RuntimeException("Cannot trust public PKI -- no default X509TrustManager found");
        }
        return a2;
    }

    private static Collection<X509TrustManager> a(KeyStore keyStore) {
        ArrayList arrayList = new ArrayList();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    arrayList.add((X509TrustManager) trustManager);
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new RuntimeException("Unable to obtain platform X.509 trust managers: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("No default TrustManagerFactory implementation available: " + e2.getMessage(), e2);
        }
    }

    private static Collection<X509TrustManager> a(Collection<Certificate> collection) {
        return a(b(collection));
    }

    private void a(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Iterator<X509TrustManager> it2 = this.f3018b.iterator();
        while (it2.hasNext()) {
            it2.next().checkServerTrusted(x509CertificateArr, str);
        }
    }

    private static KeyStore b(Collection<Certificate> collection) {
        int i;
        if (collection == null) {
            return null;
        }
        int i2 = 1;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            for (Certificate certificate : collection) {
                if (certificate instanceof X509Certificate) {
                    int i3 = i2 + 1;
                    keyStore.setCertificateEntry("cert" + i2, certificate);
                    i = i3;
                } else {
                    i = i2;
                }
                i2 = i;
            }
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException("Unable to create trust store of default KeyStore type: " + e.getMessage(), e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("This trust manager is only for clients");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z;
        List<Certificate> c = this.c.c();
        List<String> d = this.c.d();
        if (this.c.b()) {
            Iterator<X509TrustManager> it2 = this.f3017a.iterator();
            while (it2.hasNext()) {
                it2.next().checkServerTrusted(x509CertificateArr, str);
            }
        }
        if (c != null && !c.isEmpty()) {
            a(x509CertificateArr, str);
        }
        if (d != null) {
            if (!d.isEmpty()) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    PublicKey publicKey = x509Certificate.getPublicKey();
                    if (publicKey != null && d.contains(PublicKeyHash.a(publicKey).a())) {
                        z = true;
                        break;
                    }
                }
            }
            z = false;
            if (!z) {
                throw new CertificateException("Server certificate chain did not contain any of the pinned public keys.");
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
