package w1;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.X509TrustManager;
import v1.AbstractC0773t;
import v1.AbstractC0777v;
import v1.AbstractC0782y;
import v1.C0737a0;
import v1.C0767p0;

/* loaded from: classes.dex */
public final class D implements X509TrustManager {
    private static void a(X509Certificate x509Certificate) {
        x509Certificate.checkValidity();
        x509Certificate.verify(x509Certificate.getPublicKey());
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs.contains(C0790c.h0())) {
            E.n(criticalExtensionOIDs.size() == 1, "unknown critical extensions");
            r4 = true;
        } else {
            E.n(criticalExtensionOIDs.isEmpty(), "unknown critical extensions");
        }
        E.n((r4 || !x509Certificate.getNonCriticalExtensionOIDs().contains(C0790c.h0())) ? r4 : true, "libp2p Public Key Extension is missing");
    }

    private static void b(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(C0790c.h0());
        Objects.requireNonNull(extensionValue);
        C0767p0 c0767p0 = (C0767p0) AbstractC0782y.n(AbstractC0777v.k(((AbstractC0773t) AbstractC0777v.k(extensionValue)).p()));
        s.j0(((C0737a0) c0767p0.p(0)).p()).q0(E.b("libp2p-tls-handshake:".getBytes(), x509Certificate.getPublicKey().getEncoded()), ((C0737a0) c0767p0.p(1)).p());
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr.length != 1) {
            throw new CertificateException("only one certificate allowed");
        }
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                a(x509Certificate);
                b(x509Certificate);
            }
        } catch (Throwable th) {
            E.r(th);
            throw new CertificateException(th);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr.length != 1) {
            throw new CertificateException("only one certificate allowed");
        }
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                a(x509Certificate);
                b(x509Certificate);
            }
        } catch (Throwable th) {
            E.r(th);
            throw new CertificateException(th);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return E.f11221b;
    }
}
