package org.bouncycastle.est.jcajce;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.x509.j0;
import org.bouncycastle.asn1.x509.k0;
import org.bouncycastle.asn1.x509.x;

/* loaded from: classes2.dex */
public class f {

    /* loaded from: classes2.dex */
    static class a implements X509TrustManager {
        a() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* loaded from: classes2.dex */
    static class b implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Set f19475a;

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ CRL[] f19476b;

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ X509Certificate[] f19477c;

        b(Set set, CRL[] crlArr, X509Certificate[] x509CertificateArr) {
            this.f19475a = set;
            this.f19476b = crlArr;
            this.f19477c = x509CertificateArr;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(x509CertificateArr)), org.bouncycastle.jce.provider.b.f20690b);
                CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", org.bouncycastle.jce.provider.b.f20690b);
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509CertificateArr[0]);
                PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) this.f19475a, x509CertSelector);
                pKIXBuilderParameters.addCertStore(certStore);
                if (this.f19476b != null) {
                    pKIXBuilderParameters.setRevocationEnabled(true);
                    pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(this.f19476b))));
                } else {
                    pKIXBuilderParameters.setRevocationEnabled(false);
                }
                f.d(x509CertificateArr[0]);
            } catch (CertificateException e3) {
                throw e3;
            } catch (GeneralSecurityException e4) {
                throw new CertificateException("unable to process certificates: " + e4.getMessage(), e4);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            X509Certificate[] x509CertificateArr = this.f19477c;
            int length = x509CertificateArr.length;
            X509Certificate[] x509CertificateArr2 = new X509Certificate[length];
            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, length);
            return x509CertificateArr2;
        }
    }

    public static KeyManagerFactory a(String str, String str2, KeyStore keyStore, char[] cArr) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException {
        KeyManagerFactory keyManagerFactory;
        if (str == null && str2 == null) {
            str = KeyManagerFactory.getDefaultAlgorithm();
        } else if (str2 != null) {
            keyManagerFactory = KeyManagerFactory.getInstance(str, str2);
            keyManagerFactory.init(keyStore, cArr);
            return keyManagerFactory;
        }
        keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(keyStore, cArr);
        return keyManagerFactory;
    }

    public static X509TrustManager[] b(Set<TrustAnchor> set, CRL[] crlArr) {
        X509Certificate[] x509CertificateArr = new X509Certificate[set.size()];
        Iterator<TrustAnchor> it = set.iterator();
        int i2 = 0;
        while (it.hasNext()) {
            x509CertificateArr[i2] = it.next().getTrustedCert();
            i2++;
        }
        return new X509TrustManager[]{new b(set, crlArr, x509CertificateArr)};
    }

    public static X509TrustManager c() {
        return new a();
    }

    public static void d(X509Certificate x509Certificate) throws CertificateException {
        try {
            org.bouncycastle.cert.j jVar = new org.bouncycastle.cert.j(x509Certificate.getEncoded());
            k0 m2 = k0.m(jVar.d());
            if (m2 != null) {
                if (m2.q(4)) {
                    throw new CertificateException("Key usage must not contain keyCertSign");
                }
                if (!m2.q(128) && !m2.q(32)) {
                    throw new CertificateException("Key usage must be none, digitalSignature or keyEncipherment");
                }
            }
            x m3 = x.m(jVar.d());
            if (m3 != null && !m3.q(j0.f15736d) && !m3.q(j0.f15757y) && !m3.q(j0.f15758z)) {
                throw new CertificateException("Certificate extended key usage must include serverAuth, msSGC or nsSGC");
            }
        } catch (CertificateException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new CertificateException(e4.getMessage(), e4);
        }
    }
}
