package com.ingenico.pclservice;

import com.ingenico.pclutilities.PclLog;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.NoSuchElementException;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes3.dex */
class PCLTrustManager implements X509TrustManager {
    static final String TAG = "PCLSERVICELIB_2.21.02";
    private KeyStore trustStore;

    public PCLTrustManager(InputStream inputStream) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        this.trustStore = keyStore;
        keyStore.load(null);
        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(inputStream).iterator();
        while (it.hasNext()) {
            try {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                x509Certificate.checkValidity();
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                if (subjectX500Principal != null && issuerX500Principal != null) {
                    String name = subjectX500Principal.getName();
                    String name2 = issuerX500Principal.getName();
                    if (name != null && name2 != null && !name.isEmpty() && !name2.isEmpty()) {
                        String bigInteger = x509Certificate.getSerialNumber().toString();
                        PclLog.d(TAG, "Add to truststore: " + bigInteger, new Object[0]);
                        this.trustStore.setCertificateEntry(bigInteger, x509Certificate);
                    }
                }
            } catch (KeyStoreException | CertificateExpiredException | CertificateNotYetValidException e) {
                PclLog.w(TAG, e.getMessage(), new Object[0]);
            }
        }
        if (this.trustStore.size() == 0) {
            throw new CertificateException("No valid Root CA found");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertPath certPath;
        PKIXParameters pKIXParameters;
        CertPathValidator certPathValidator;
        PclLog.d(TAG, "checkClientTrusted", new Object[0]);
        CertPathValidator certPathValidator2 = null;
        try {
            certPathValidator = CertPathValidator.getInstance("PKIX");
            try {
                certPath = CertificateFactory.getInstance("X509").generateCertPath(Arrays.asList(x509CertificateArr));
                try {
                    pKIXParameters = new PKIXParameters(this.trustStore);
                } catch (InvalidAlgorithmParameterException e) {
                    e = e;
                    pKIXParameters = null;
                } catch (KeyStoreException e2) {
                    e = e2;
                    pKIXParameters = null;
                } catch (NoSuchAlgorithmException e3) {
                    e = e3;
                    pKIXParameters = null;
                }
            } catch (InvalidAlgorithmParameterException e4) {
                e = e4;
                certPath = null;
                pKIXParameters = null;
            } catch (KeyStoreException e5) {
                e = e5;
                certPath = null;
                pKIXParameters = null;
            } catch (NoSuchAlgorithmException e6) {
                e = e6;
                certPath = null;
                pKIXParameters = null;
            }
        } catch (InvalidAlgorithmParameterException e7) {
            e = e7;
            certPath = null;
            pKIXParameters = null;
        } catch (KeyStoreException e8) {
            e = e8;
            certPath = null;
            pKIXParameters = null;
        } catch (NoSuchAlgorithmException e9) {
            e = e9;
            certPath = null;
            pKIXParameters = null;
        }
        try {
            try {
                pKIXParameters.setRevocationEnabled(false);
            } catch (InvalidAlgorithmParameterException e10) {
                e = e10;
                certPathValidator2 = certPathValidator;
                PclLog.e(TAG, e);
                certPathValidator = certPathValidator2;
                certPathValidator.validate(certPath, pKIXParameters);
            } catch (KeyStoreException e11) {
                e = e11;
                certPathValidator2 = certPathValidator;
                PclLog.e(TAG, e);
                certPathValidator = certPathValidator2;
                certPathValidator.validate(certPath, pKIXParameters);
            } catch (NoSuchAlgorithmException e12) {
                e = e12;
                certPathValidator2 = certPathValidator;
                PclLog.e(TAG, e);
                certPathValidator = certPathValidator2;
                certPathValidator.validate(certPath, pKIXParameters);
            }
            certPathValidator.validate(certPath, pKIXParameters);
        } catch (InvalidAlgorithmParameterException e13) {
            PclLog.e(TAG, e13);
        } catch (CertPathValidatorException e14) {
            PclLog.e(TAG, e14);
            throw new CertificateException(e14);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        PclLog.d(TAG, "checkServerTrusted", new Object[0]);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate is null or empty");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Authtype is null or empty");
        }
        if (!str.equalsIgnoreCase("ECDHE_RSA") && !str.equalsIgnoreCase("ECDHE_ECDSA") && !str.equalsIgnoreCase("RSA") && !str.equalsIgnoreCase("ECDSA")) {
            throw new CertificateException("Certificate is not trust");
        }
        try {
            x509CertificateArr[0].checkValidity();
        } catch (Exception e) {
            PclLog.e(TAG, e);
            throw new CertificateException("Certificate is not valid or trusted");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        PclLog.d(TAG, "getAcceptedIssuers", new Object[0]);
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add((X509Certificate) this.trustStore.getCertificate(aliases.nextElement()));
            }
        } catch (KeyStoreException | NoSuchElementException e) {
            PclLog.d(TAG, e);
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }
}
