package ru.sberbank.sdakit.paylibnetwork.impl.ssl;

import android.net.http.X509TrustManagerExtensions;
import androidx.annotation.Keep;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import ko.X509TrustPair;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.s;
import kotlin.jvm.internal.u;
import pl.c;
import xe.m;
import xe.w;
import xe.z;

/* compiled from: CompositeX509TrustManagerApi24.kt */
@Metadata(bv = {}, d1 = {"\u0000X\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010 \n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0001\u0018\u00002\u00020\u0001B%\u0012\f\u0010\u001e\u001a\b\u0012\u0004\u0012\u00020\t0\u0016\u0012\u0006\u0010 \u001a\u00020\u001f\u0012\u0006\u0010\"\u001a\u00020!¢\u0006\u0004\b#\u0010$J\u0016\u0010\u0005\u001a\u0004\u0018\u00010\u00042\n\b\u0002\u0010\u0003\u001a\u0004\u0018\u00010\u0002H\u0002J/\u0010\u000e\u001a\u00020\r2\u000e\u0010\b\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00070\u00062\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u000bH\u0016¢\u0006\u0004\b\u000e\u0010\u000fJ1\u0010\u000e\u001a\u00020\r2\u000e\u0010\b\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00070\u00062\b\u0010\n\u001a\u0004\u0018\u00010\t2\u0006\u0010\u0011\u001a\u00020\u0010H\u0016¢\u0006\u0004\b\u000e\u0010\u0012J/\u0010\u0013\u001a\u00020\r2\u000e\u0010\b\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00070\u00062\u0006\u0010\n\u001a\u00020\t2\u0006\u0010\f\u001a\u00020\u000bH\u0016¢\u0006\u0004\b\u0013\u0010\u000fJ1\u0010\u0013\u001a\u00020\r2\u000e\u0010\b\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00070\u00062\b\u0010\n\u001a\u0004\u0018\u00010\t2\u0006\u0010\u0011\u001a\u00020\u0010H\u0016¢\u0006\u0004\b\u0013\u0010\u0012J+\u0010\u000e\u001a\u00020\r2\u0010\u0010\b\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0007\u0018\u00010\u00062\b\u0010\n\u001a\u0004\u0018\u00010\tH\u0016¢\u0006\u0004\b\u000e\u0010\u0014J+\u0010\u0013\u001a\u00020\r2\u0010\u0010\b\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0007\u0018\u00010\u00062\b\u0010\n\u001a\u0004\u0018\u00010\tH\u0016¢\u0006\u0004\b\u0013\u0010\u0014J;\u0010\u0013\u001a\b\u0012\u0004\u0012\u00020\u00070\u00162\u0010\u0010\b\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u0007\u0018\u00010\u00062\b\u0010\n\u001a\u0004\u0018\u00010\t2\b\u0010\u0015\u001a\u0004\u0018\u00010\tH\u0007¢\u0006\u0004\b\u0013\u0010\u0017J\u0015\u0010\u0018\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006H\u0016¢\u0006\u0004\b\u0018\u0010\u0019R\u001a\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\u001a0\u00168\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u001b\u0010\u001c¨\u0006%"}, d2 = {"Lru/sberbank/sdakit/paylibnetwork/impl/ssl/CompositeX509TrustManagerApi24;", "Ljavax/net/ssl/X509ExtendedTrustManager;", "Ljava/security/KeyStore;", "keystore", "Ljavax/net/ssl/X509TrustManager;", "a", "", "Ljava/security/cert/X509Certificate;", "chain", "", "authType", "Ljava/net/Socket;", "conn", "", "checkClientTrusted", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/net/Socket;)V", "Ljavax/net/ssl/SSLEngine;", "ssl", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljavax/net/ssl/SSLEngine;)V", "checkServerTrusted", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "host", "", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/lang/String;)Ljava/util/List;", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "Lko/a;", "b", "Ljava/util/List;", "pairs", "selfSignedCertificates", "", "withDefaultRoots", "Lpl/d;", "loggerFactory", "<init>", "(Ljava/util/List;ZLpl/d;)V", "ru-sberdevices-assistant_paylib_network"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes2.dex */
public final class CompositeX509TrustManagerApi24 extends X509ExtendedTrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final pl.c f38387a;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    private final List<X509TrustPair> pairs;

    /* compiled from: CompositeX509TrustManagerApi24.kt */
    @Metadata(bv = {}, d1 = {"\u0000\b\n\u0002\u0010\u000e\n\u0002\b\u0002\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0001\u0010\u0002"}, d2 = {"", "a", "()Ljava/lang/String;"}, k = 3, mv = {1, 6, 0})
    /* loaded from: classes2.dex */
    static final class a extends u implements Function0<String> {

        /* renamed from: a, reason: collision with root package name */
        public static final a f38389a = new a();

        a() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "init";
        }
    }

    /* compiled from: CompositeX509TrustManagerApi24.kt */
    @Metadata(bv = {}, d1 = {"\u0000\b\n\u0002\u0010\u000e\n\u0002\b\u0002\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0001\u0010\u0002"}, d2 = {"", "a", "()Ljava/lang/String;"}, k = 3, mv = {1, 6, 0})
    /* loaded from: classes2.dex */
    static final class b extends u implements Function0<String> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Exception f38390a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        b(Exception exc) {
            super(0);
            this.f38390a = exc;
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return s.p("X509TrustManagerExtensions init error ", this.f38390a);
        }
    }

    /* compiled from: CompositeX509TrustManagerApi24.kt */
    @Metadata(bv = {}, d1 = {"\u0000\b\n\u0002\u0010\u000e\n\u0002\b\u0002\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0001\u0010\u0002"}, d2 = {"", "a", "()Ljava/lang/String;"}, k = 3, mv = {1, 6, 0})
    /* loaded from: classes2.dex */
    static final class c extends u implements Function0<String> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Exception f38391a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        c(Exception exc) {
            super(0);
            this.f38391a = exc;
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return s.p("X509TrustManagerExtensions init error ", this.f38391a);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: CompositeX509TrustManagerApi24.kt */
    @Metadata(bv = {}, d1 = {"\u0000\b\n\u0002\u0010\u000e\n\u0002\b\u0002\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0001\u0010\u0002"}, d2 = {"", "a", "()Ljava/lang/String;"}, k = 3, mv = {1, 6, 0})
    /* loaded from: classes2.dex */
    public static final class d extends u implements Function0<String> {

        /* renamed from: a, reason: collision with root package name */
        public static final d f38392a = new d();

        d() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "getTrustManager NoSuchAlgorithmException";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: CompositeX509TrustManagerApi24.kt */
    @Metadata(bv = {}, d1 = {"\u0000\b\n\u0002\u0010\u000e\n\u0002\b\u0002\u0010\u0001\u001a\u00020\u0000H\n¢\u0006\u0004\b\u0001\u0010\u0002"}, d2 = {"", "a", "()Ljava/lang/String;"}, k = 3, mv = {1, 6, 0})
    /* loaded from: classes2.dex */
    public static final class e extends u implements Function0<String> {

        /* renamed from: a, reason: collision with root package name */
        public static final e f38393a = new e();

        e() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "getTrustManager KeyStoreException";
        }
    }

    public CompositeX509TrustManagerApi24(List<String> selfSignedCertificates, boolean z10, pl.d loggerFactory) {
        int u10;
        X509TrustManager b10;
        s.g(selfSignedCertificates, "selfSignedCertificates");
        s.g(loggerFactory, "loggerFactory");
        pl.c cVar = loggerFactory.get("CompositeX509TrustManagerApi24");
        this.f38387a = cVar;
        c.a.a(cVar, null, a.f38389a, 1, null);
        ArrayList arrayList = new ArrayList();
        if (z10 && (b10 = b(this, null, 1, null)) != null) {
            try {
                arrayList.add(new X509TrustPair(b10, new X509TrustManagerExtensions(b10)));
            } catch (Exception e10) {
                c.a.b(this.f38387a, null, new b(e10), 1, null);
                Unit unit = Unit.f29900a;
            }
        }
        if (!selfSignedCertificates.isEmpty()) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            s.f(certificateFactory, "getInstance(\"X.509\")");
            u10 = xe.s.u(selfSignedCertificates, 10);
            ArrayList arrayList2 = new ArrayList(u10);
            Iterator<T> it = selfSignedCertificates.iterator();
            while (it.hasNext()) {
                byte[] bytes = ((String) it.next()).getBytes(ai.a.f567b);
                s.f(bytes, "this as java.lang.String).getBytes(charset)");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                    ff.b.a(byteArrayInputStream, null);
                    arrayList2.add(generateCertificate);
                } finally {
                }
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            Iterator it2 = arrayList2.iterator();
            int i10 = 0;
            while (it2.hasNext()) {
                keyStore.setCertificateEntry(s.p("ca", Integer.valueOf(i10)), (Certificate) it2.next());
                i10++;
            }
            X509TrustManager a10 = a(keyStore);
            if (a10 != null) {
                try {
                    arrayList.add(new X509TrustPair(a10, new X509TrustManagerExtensions(a10)));
                } catch (Exception e11) {
                    c.a.b(this.f38387a, null, new c(e11), 1, null);
                    Unit unit2 = Unit.f29900a;
                }
            }
        }
        this.pairs = arrayList;
    }

    private final X509TrustManager a(KeyStore keystore) {
        Object Y;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keystore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            s.f(trustManagers, "factory.trustManagers");
            ArrayList arrayList = new ArrayList();
            int i10 = 0;
            int length = trustManagers.length;
            while (i10 < length) {
                TrustManager trustManager = trustManagers[i10];
                i10++;
                if (trustManager instanceof X509TrustManager) {
                    arrayList.add(trustManager);
                }
            }
            Y = z.Y(arrayList);
            return (X509TrustManager) Y;
        } catch (KeyStoreException e10) {
            this.f38387a.c(e10, e.f38393a);
            return null;
        } catch (NoSuchAlgorithmException e11) {
            this.f38387a.c(e11, d.f38392a);
            return null;
        }
    }

    static /* synthetic */ X509TrustManager b(CompositeX509TrustManagerApi24 compositeX509TrustManagerApi24, KeyStore keyStore, int i10, Object obj) {
        if ((i10 & 1) != 0) {
            keyStore = null;
        }
        return compositeX509TrustManagerApi24.a(keyStore);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        Iterator<X509TrustPair> it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                it.next().getTrustManager().checkClientTrusted(chain, authType);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType, Socket conn) {
        s.g(chain, "chain");
        s.g(authType, "authType");
        s.g(conn, "conn");
        checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine ssl) {
        s.g(chain, "chain");
        s.g(ssl, "ssl");
        checkClientTrusted(chain, authType);
    }

    @Keep
    public final List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) {
        Iterator<X509TrustPair> it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                List<X509Certificate> checkServerTrusted = it.next().getTrustExtensions().checkServerTrusted(chain, authType, host);
                s.f(checkServerTrusted, "pair.trustExtensions.che…ed(chain, authType, host)");
                return checkServerTrusted;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        Iterator<X509TrustPair> it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                it.next().getTrustManager().checkServerTrusted(chain, authType);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType, Socket conn) {
        s.g(chain, "chain");
        s.g(authType, "authType");
        s.g(conn, "conn");
        String hostName = conn.getInetAddress().getHostName();
        Iterator<X509TrustPair> it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                it.next().getTrustExtensions().checkServerTrusted(chain, authType, hostName);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine ssl) {
        s.g(chain, "chain");
        s.g(ssl, "ssl");
        String peerHost = ssl.getSession().getPeerHost();
        Iterator<X509TrustPair> it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                it.next().getTrustExtensions().checkServerTrusted(chain, authType, peerHost);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException("None of the TrustManagers trust this certificate chain");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        List h02;
        List<X509TrustPair> list = this.pairs;
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate[] acceptedIssuers = ((X509TrustPair) it.next()).getTrustManager().getAcceptedIssuers();
            s.f(acceptedIssuers, "it.trustManager.acceptedIssuers");
            h02 = m.h0(acceptedIssuers);
            w.z(arrayList, h02);
        }
        Object[] array = arrayList.toArray(new X509Certificate[0]);
        Objects.requireNonNull(array, "null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
        return (X509Certificate[]) array;
    }
}
