package com.appmattus.certificatetransparency.chaincleaner;

import fr.AbstractC2183o;
import java.security.cert.X509Certificate;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import vr.AbstractC4488g;
import vr.AbstractC4493l;

/* loaded from: classes3.dex */
public final class BasicCertificateChainCleaner implements CertificateChainCleaner {
    public static final Companion Companion = new Companion(null);
    private static final int MAX_SIGNERS = 9;
    private final Map<X500Principal, List<X509Certificate>> subjectToCaCerts;

    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(AbstractC4488g abstractC4488g) {
            this();
        }
    }

    public BasicCertificateChainCleaner(X509TrustManager x509TrustManager) {
        AbstractC4493l.n(x509TrustManager, "trustManager");
        X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
        AbstractC4493l.m(acceptedIssuers, "getAcceptedIssuers(...)");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (X509Certificate x509Certificate : acceptedIssuers) {
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            Object obj = linkedHashMap.get(subjectX500Principal);
            if (obj == null) {
                obj = new ArrayList();
                linkedHashMap.put(subjectX500Principal, obj);
            }
            ((List) obj).add(x509Certificate);
        }
        this.subjectToCaCerts = linkedHashMap;
    }

    private final X509Certificate findTrustedCertByIssuerAndSignature(X509Certificate x509Certificate) {
        List<X509Certificate> list = this.subjectToCaCerts.get(x509Certificate.getIssuerX500Principal());
        Object obj = null;
        if (list == null) {
            return null;
        }
        Iterator<T> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            X509Certificate x509Certificate2 = (X509Certificate) next;
            AbstractC4493l.k(x509Certificate2);
            if (isSignedBy(x509Certificate, x509Certificate2)) {
                obj = next;
                break;
            }
        }
        return (X509Certificate) obj;
    }

    private final boolean isSignedBy(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        if (!AbstractC4493l.g(x509Certificate.getIssuerX500Principal(), x509Certificate2.getSubjectX500Principal())) {
            return false;
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    @Override // com.appmattus.certificatetransparency.chaincleaner.CertificateChainCleaner
    public List<X509Certificate> clean(List<? extends X509Certificate> list, String str) {
        Object obj;
        AbstractC4493l.n(list, "chain");
        AbstractC4493l.n(str, "hostname");
        if (list.isEmpty()) {
            throw new SSLPeerUnverifiedException("Certificate chain is empty");
        }
        ArrayDeque arrayDeque = new ArrayDeque(list);
        ArrayList arrayList = new ArrayList();
        Object removeFirst = arrayDeque.removeFirst();
        AbstractC4493l.m(removeFirst, "removeFirst(...)");
        arrayList.add(removeFirst);
        boolean z6 = false;
        for (int i2 = 0; i2 < 9; i2++) {
            X509Certificate x509Certificate = (X509Certificate) AbstractC2183o.W1(arrayList);
            X509Certificate findTrustedCertByIssuerAndSignature = findTrustedCertByIssuerAndSignature(x509Certificate);
            if (findTrustedCertByIssuerAndSignature != null) {
                if (arrayList.size() > 1 || !AbstractC4493l.g(x509Certificate, findTrustedCertByIssuerAndSignature)) {
                    arrayList.add(findTrustedCertByIssuerAndSignature);
                }
                if (isSignedBy(findTrustedCertByIssuerAndSignature, findTrustedCertByIssuerAndSignature)) {
                    return arrayList;
                }
                z6 = true;
            } else {
                Iterator it = arrayDeque.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        obj = null;
                        break;
                    }
                    obj = it.next();
                    X509Certificate x509Certificate2 = (X509Certificate) obj;
                    AbstractC4493l.k(x509Certificate2);
                    if (isSignedBy(x509Certificate, x509Certificate2)) {
                        break;
                    }
                }
                X509Certificate x509Certificate3 = (X509Certificate) obj;
                if (x509Certificate3 == null) {
                    if (!z6) {
                        throw new SSLPeerUnverifiedException("Failed to find a trusted cert that signed " + x509Certificate);
                    }
                    return arrayList;
                }
                arrayDeque.remove(x509Certificate3);
                arrayList.add(x509Certificate3);
            }
        }
        throw new SSLPeerUnverifiedException("Certificate chain too long: " + arrayList);
    }
}
