package sberid.sdk.auth.network.tsl;

import android.content.res.Resources;
import android.util.Log;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.collections.C6292p;
import kotlin.jvm.internal.C6305k;
import sberid.sdk.auth.g;

/* loaded from: classes6.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    public static final List<Integer> f57287a = C6292p.t(Integer.valueOf(g.sberca_ext_web), Integer.valueOf(g.sberca_root_ext), Integer.valueOf(g.sberca_test_ext), Integer.valueOf(g.sberca_test_root_ext), Integer.valueOf(g.rusca_sub_rsa2022), Integer.valueOf(g.rusca_root_rsa2022), Integer.valueOf(g.actalis_root_ca), Integer.valueOf(g.actalis_webclickstream), Integer.valueOf(g.id_sber_ru));

    public static final KeyStore a(Resources resources, boolean z) {
        TrustManager[] trustManagers;
        InputStream openRawResource;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            C6305k.f(certificateFactory, "CertificateFactory.getInstance(CERTIFICATE_FORMAT)");
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                InputStream inputStream = null;
                keyStore.load(null, null);
                Iterator<Integer> it = f57287a.iterator();
                while (it.hasNext()) {
                    int intValue = it.next().intValue();
                    try {
                        try {
                            openRawResource = resources.openRawResource(intValue);
                        } catch (Throwable th) {
                            th = th;
                        }
                    } catch (KeyStoreException e) {
                        e = e;
                    } catch (CertificateException e2) {
                        e = e2;
                    }
                    try {
                        keyStore.setCertificateEntry(resources.getResourceName(intValue), certificateFactory.generateCertificate(openRawResource));
                        if (openRawResource != null) {
                            try {
                                openRawResource.close();
                            } catch (IOException e3) {
                                Log.e("TrustManager", "IOException thrown while closing Closeable.", e3);
                            }
                        }
                    } catch (KeyStoreException e4) {
                        e = e4;
                        throw new Exception("KeyStore is inited already, aliases aren't repeated certainly", e);
                    } catch (CertificateException e5) {
                        e = e5;
                        throw new Exception("Certificate is certainly valid", e);
                    } catch (Throwable th2) {
                        th = th2;
                        inputStream = openRawResource;
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e6) {
                                Log.e("TrustManager", "IOException thrown while closing Closeable.", e6);
                            }
                        }
                        throw th;
                    }
                }
                if (!z) {
                    return keyStore;
                }
                try {
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init((KeyStore) null);
                    trustManagers = trustManagerFactory.getTrustManagers();
                    C6305k.d(trustManagers);
                } catch (KeyStoreException e7) {
                    Log.e("TrustManager", "Factory is always created", e7);
                } catch (NoSuchAlgorithmException e8) {
                    Log.e("TrustManager", "Default algorithm of TrustManagerFactory and TLS protocol are supported by every Android device", e8);
                }
                if (trustManagers.length == 1) {
                    TrustManager trustManager = trustManagers[0];
                    if (trustManager instanceof X509TrustManager) {
                        if (trustManager == null) {
                            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                        }
                        X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                        C6305k.f(acceptedIssuers, "(trustManagers[0] as X50…tManager).acceptedIssuers");
                        int length = acceptedIssuers.length;
                        for (int i = 0; i < length; i++) {
                            keyStore.setCertificateEntry("item_" + i, acceptedIssuers[i]);
                        }
                        return keyStore;
                    }
                }
                String arrays = Arrays.toString(trustManagers);
                C6305k.f(arrays, "java.util.Arrays.toString(this)");
                throw new IllegalStateException("Unexpected default trust managers: ".concat(arrays).toString());
            } catch (IOException e9) {
                throw new Exception("There must be no error with this KeyStore's format", e9);
            } catch (KeyStoreException e10) {
                throw new Exception("KeyStore with default type can be always created", e10);
            } catch (NoSuchAlgorithmException e11) {
                throw new Exception("KeyStore is empty now, there is no need for integrity checking algorithm", e11);
            } catch (CertificateException e12) {
                throw new Exception("There are no certificates in KeyStore, so no exception may be thrown", e12);
            }
        } catch (CertificateException e13) {
            throw new Exception("X.509 is supported everywhere", e13);
        }
    }

    public static final X509TrustManager b(Resources resources, boolean z) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(a(resources, z));
            TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
            if (trustManager != null) {
                return (X509TrustManager) trustManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        } catch (KeyStoreException e) {
            Log.e("TrustManager", "Factory is always created: ", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.e("TrustManager", "Default algorithm of TrustManagerFactory and TLS protocol are supported by every Android device:", e2);
            return null;
        } catch (Exception e3) {
            Log.e("TrustManager", "Create Trust Manager: ", e3);
            return null;
        }
    }
}
