package org.spongycastle.jsse.provider;

import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Provider;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.jcajce.provider.asymmetric.DSA$Mappings$$ExternalSyntheticOutline0;

/* loaded from: classes7.dex */
class ProvX509TrustManager implements X509TrustManager {
    private final PKIXParameters baseParameters;
    private final Provider pkixProvider;
    private final Set trustAnchors;

    public ProvX509TrustManager(Provider provider, PKIXParameters pKIXParameters) throws InvalidAlgorithmParameterException {
        this.pkixProvider = provider;
        this.trustAnchors = pKIXParameters.getTrustAnchors();
        if (pKIXParameters instanceof PKIXBuilderParameters) {
            this.baseParameters = pKIXParameters;
            return;
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(pKIXParameters.getTrustAnchors(), pKIXParameters.getTargetCertConstraints());
        this.baseParameters = pKIXBuilderParameters;
        pKIXBuilderParameters.setCertStores(pKIXParameters.getCertStores());
        pKIXBuilderParameters.setRevocationEnabled(pKIXParameters.isRevocationEnabled());
        pKIXBuilderParameters.setCertPathCheckers(pKIXParameters.getCertPathCheckers());
        pKIXBuilderParameters.setDate(pKIXParameters.getDate());
        pKIXBuilderParameters.setAnyPolicyInhibited(pKIXParameters.isAnyPolicyInhibited());
        pKIXBuilderParameters.setPolicyMappingInhibited(pKIXParameters.isPolicyMappingInhibited());
        pKIXBuilderParameters.setExplicitPolicyRequired(pKIXParameters.isExplicitPolicyRequired());
    }

    public ProvX509TrustManager(Provider provider, Set set) throws InvalidAlgorithmParameterException {
        this.pkixProvider = provider;
        this.trustAnchors = set;
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters((Set<TrustAnchor>) set, new X509CertSelector());
        this.baseParameters = pKIXBuilderParameters;
        pKIXBuilderParameters.setRevocationEnabled(false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        validatePath(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        validatePath(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            X509Certificate[] x509CertificateArr = new X509Certificate[this.trustAnchors.size()];
            Iterator it = this.trustAnchors.iterator();
            int i = 0;
            while (it.hasNext()) {
                int i2 = i + 1;
                x509CertificateArr[i] = ((TrustAnchor) it.next()).getTrustedCert();
                i = i2;
            }
            return x509CertificateArr;
        } catch (Exception unused) {
            return new X509Certificate[0];
        }
    }

    public void validatePath(X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(x509CertificateArr)), this.pkixProvider);
            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", this.pkixProvider);
            X509CertSelector x509CertSelector = (X509CertSelector) this.baseParameters.getTargetCertConstraints().clone();
            x509CertSelector.setCertificate(x509CertificateArr[0]);
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) this.baseParameters.clone();
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
        } catch (GeneralSecurityException e) {
            throw new CertificateException(DSA$Mappings$$ExternalSyntheticOutline0.m(e, new StringBuilder("unable to process certificates: ")), e);
        }
    }
}
