package com.apusic.security.ssl;

import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:com/apusic/security/ssl/X509TrustManagerImpl.class */
final class X509TrustManagerImpl implements X509TrustManager {
    private X509Certificate[] trustedCerts;

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509TrustManagerImpl(KeyStore keyStore) throws KeyStoreException {
        java.security.cert.Certificate[] certificateChain;
        HashSet hashSet = new HashSet();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                java.security.cert.Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    hashSet.add(certificate);
                }
            } else if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0 && (certificateChain[0] instanceof X509Certificate)) {
                hashSet.add(certificateChain[0]);
            }
        }
        this.trustedCerts = new X509Certificate[hashSet.size()];
        hashSet.toArray(this.trustedCerts);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        verifyCertChain(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        verifyCertChain(x509CertificateArr);
    }

    private void verifyCertChain(X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            X509Certificate x509Certificate = x509CertificateArr[0];
            for (int i = 1; i < x509CertificateArr.length; i++) {
                x509Certificate.checkValidity();
                X509Certificate x509Certificate2 = x509CertificateArr[i];
                if (!x509Certificate.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                    throw new CertificateException("not trusted certificate");
                }
                x509Certificate.verify(x509Certificate2.getPublicKey());
                x509Certificate = x509Certificate2;
            }
            for (int i2 = 0; i2 < this.trustedCerts.length; i2++) {
                X509Certificate x509Certificate3 = this.trustedCerts[i2];
                Principal subjectDN = x509Certificate3.getSubjectDN();
                if (x509Certificate.getIssuerDN().equals(subjectDN)) {
                    x509Certificate.verify(x509Certificate3.getPublicKey());
                    return;
                } else {
                    if (x509Certificate.getSubjectDN().equals(subjectDN) && Arrays.equals(x509Certificate.getEncoded(), x509Certificate3.getEncoded())) {
                        return;
                    }
                }
            }
            throw new CertificateException("not trusted certificate");
        } catch (InvalidKeyException e) {
            throw new CertificateException("not trusted certificate " + e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateException("not trusted certificate " + e2);
        } catch (NoSuchProviderException e3) {
            throw new CertificateException("not trusted certificate " + e3);
        } catch (SignatureException e4) {
            throw new CertificateException("not trusted certificate " + e4);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return (X509Certificate[]) this.trustedCerts.clone();
    }
}
