package com.ingenico.pclservice;

import android.util.Log;
import com.ingenico.pclutilities.PclLog;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.NoSuchElementException;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
class g implements X509TrustManager {

    /* renamed from: b, reason: collision with root package name */
    static final String f13442b = "PCLSERVICELIB_2.18.00";

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f13443a;

    public g(InputStream inputStream) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, NoSuchProviderException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        this.f13443a = keyStore;
        keyStore.load(null);
        Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(inputStream).iterator();
        while (it.hasNext()) {
            try {
                X509Certificate x509Certificate = (X509Certificate) it.next();
                x509Certificate.checkValidity();
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
                if (subjectX500Principal != null && issuerX500Principal != null) {
                    String name = subjectX500Principal.getName();
                    String name2 = issuerX500Principal.getName();
                    if (name != null && name2 != null && !name.isEmpty() && !name2.isEmpty()) {
                        String bigInteger = x509Certificate.getSerialNumber().toString();
                        PclLog.d(f13442b, "Add to truststore: " + bigInteger, new Object[0]);
                        this.f13443a.setCertificateEntry(bigInteger, x509Certificate);
                    }
                }
            } catch (KeyStoreException | CertificateExpiredException | CertificateNotYetValidException e2) {
                PclLog.w(f13442b, e2.getMessage(), new Object[0]);
            }
        }
        if (this.f13443a.size() == 0) {
            throw new CertificateException("No valid Root CA found");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r7v10 */
    /* JADX WARN: Type inference failed for: r7v11 */
    /* JADX WARN: Type inference failed for: r7v12 */
    /* JADX WARN: Type inference failed for: r7v21, types: [java.security.cert.CertPath] */
    /* JADX WARN: Type inference failed for: r7v5 */
    /* JADX WARN: Type inference failed for: r7v7 */
    /* JADX WARN: Type inference failed for: r7v9 */
    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        CertPathValidator certPathValidator;
        PKIXParameters pKIXParameters;
        NoSuchAlgorithmException e2;
        ?? r7;
        KeyStoreException e3;
        InvalidAlgorithmParameterException e4;
        CertPath certPath;
        CertPathValidator certPathValidator2;
        PclLog.d(f13442b, "checkClientTrusted", new Object[0]);
        try {
            certPathValidator = CertPathValidator.getInstance("PKIX");
        } catch (InvalidAlgorithmParameterException e5) {
            e = e5;
            certPathValidator = null;
            pKIXParameters = null;
        } catch (KeyStoreException e6) {
            e = e6;
            certPathValidator = null;
            pKIXParameters = null;
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            certPathValidator = null;
            pKIXParameters = null;
        }
        try {
            try {
                r7 = CertificateFactory.getInstance("X509").generateCertPath(Arrays.asList(x509CertificateArr));
                try {
                    pKIXParameters = new PKIXParameters(this.f13443a);
                } catch (InvalidAlgorithmParameterException e8) {
                    pKIXParameters = null;
                    e4 = e8;
                } catch (KeyStoreException e9) {
                    pKIXParameters = null;
                    e3 = e9;
                } catch (NoSuchAlgorithmException e10) {
                    pKIXParameters = null;
                    e2 = e10;
                }
                try {
                    pKIXParameters.setRevocationEnabled(false);
                    certPathValidator2 = certPathValidator;
                    certPath = r7;
                } catch (InvalidAlgorithmParameterException e11) {
                    e4 = e11;
                    PclLog.e(f13442b, Log.getStackTraceString(e4), new Object[0]);
                    certPathValidator2 = certPathValidator;
                    certPath = r7;
                    certPathValidator2.validate(certPath, pKIXParameters);
                } catch (KeyStoreException e12) {
                    e3 = e12;
                    PclLog.e(f13442b, Log.getStackTraceString(e3), new Object[0]);
                    certPathValidator2 = certPathValidator;
                    certPath = r7;
                    certPathValidator2.validate(certPath, pKIXParameters);
                } catch (NoSuchAlgorithmException e13) {
                    e2 = e13;
                    PclLog.e(f13442b, Log.getStackTraceString(e2), new Object[0]);
                    certPathValidator2 = certPathValidator;
                    certPath = r7;
                    certPathValidator2.validate(certPath, pKIXParameters);
                }
            } catch (InvalidAlgorithmParameterException e14) {
                e = e14;
                pKIXParameters = null;
                certPathValidator = certPathValidator;
                e4 = e;
                r7 = pKIXParameters;
                PclLog.e(f13442b, Log.getStackTraceString(e4), new Object[0]);
                certPathValidator2 = certPathValidator;
                certPath = r7;
                certPathValidator2.validate(certPath, pKIXParameters);
            } catch (KeyStoreException e15) {
                e = e15;
                pKIXParameters = null;
                certPathValidator = certPathValidator;
                e3 = e;
                r7 = pKIXParameters;
                PclLog.e(f13442b, Log.getStackTraceString(e3), new Object[0]);
                certPathValidator2 = certPathValidator;
                certPath = r7;
                certPathValidator2.validate(certPath, pKIXParameters);
            } catch (NoSuchAlgorithmException e16) {
                e = e16;
                pKIXParameters = null;
                certPathValidator = certPathValidator;
                e2 = e;
                r7 = pKIXParameters;
                PclLog.e(f13442b, Log.getStackTraceString(e2), new Object[0]);
                certPathValidator2 = certPathValidator;
                certPath = r7;
                certPathValidator2.validate(certPath, pKIXParameters);
            }
            certPathValidator2.validate(certPath, pKIXParameters);
        } catch (InvalidAlgorithmParameterException e17) {
            PclLog.e(f13442b, Log.getStackTraceString(e17), new Object[0]);
        } catch (CertPathValidatorException e18) {
            PclLog.e(f13442b, Log.getStackTraceString(e18), new Object[0]);
            throw new CertificateException(e18);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        PclLog.d(f13442b, "checkServerTrusted", new Object[0]);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate is null or empty");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Authtype is null or empty");
        }
        if (!str.equalsIgnoreCase("ECDHE_RSA") && !str.equalsIgnoreCase("ECDHE_ECDSA") && !str.equalsIgnoreCase("RSA") && !str.equalsIgnoreCase("ECDSA")) {
            throw new CertificateException("Certificate is not trust");
        }
        try {
            x509CertificateArr[0].checkValidity();
        } catch (Exception e2) {
            PclLog.e(f13442b, Log.getStackTraceString(e2), new Object[0]);
            throw new CertificateException("Certificate is not valid or trusted");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        PclLog.d(f13442b, "getAcceptedIssuers", new Object[0]);
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = this.f13443a.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add((X509Certificate) this.f13443a.getCertificate(aliases.nextElement()));
            }
        } catch (KeyStoreException | NoSuchElementException e2) {
            PclLog.d(f13442b, Log.getStackTraceString(e2), new Object[0]);
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }
}
