package com.sdkit.paylib.paylibnetwork.impl.ssl;

import android.net.http.X509TrustManagerExtensions;
import com.sdkit.paylib.payliblogging.api.logging.PaylibLogger;
import com.sdkit.paylib.payliblogging.api.logging.PaylibLoggerFactory;
import java.io.ByteArrayInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.C;
import kotlin.Metadata;
import kotlin.collections.C6289m;
import kotlin.collections.C6292p;
import kotlin.collections.t;
import kotlin.collections.w;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.C6305k;
import kotlin.jvm.internal.m;

@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010 \n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0001\u0018\u00002\u00020\u0001B%\u0012\f\u0010\u0004\u001a\b\u0012\u0004\u0012\u00020\u00030\u0002\u0012\u0006\u0010\u0006\u001a\u00020\u0005\u0012\u0006\u0010\b\u001a\u00020\u0007¢\u0006\u0004\b\t\u0010\nJ/\u0010\u0012\u001a\u00020\u00112\u000e\u0010\r\u001a\n\u0012\u0006\b\u0001\u0012\u00020\f0\u000b2\u0006\u0010\u000e\u001a\u00020\u00032\u0006\u0010\u0010\u001a\u00020\u000fH\u0016¢\u0006\u0004\b\u0012\u0010\u0013J1\u0010\u0012\u001a\u00020\u00112\u000e\u0010\r\u001a\n\u0012\u0006\b\u0001\u0012\u00020\f0\u000b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u00032\u0006\u0010\u0015\u001a\u00020\u0014H\u0016¢\u0006\u0004\b\u0012\u0010\u0016J/\u0010\u0017\u001a\u00020\u00112\u000e\u0010\r\u001a\n\u0012\u0006\b\u0001\u0012\u00020\f0\u000b2\u0006\u0010\u000e\u001a\u00020\u00032\u0006\u0010\u0010\u001a\u00020\u000fH\u0016¢\u0006\u0004\b\u0017\u0010\u0013J1\u0010\u0017\u001a\u00020\u00112\u000e\u0010\r\u001a\n\u0012\u0006\b\u0001\u0012\u00020\f0\u000b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u00032\u0006\u0010\u0015\u001a\u00020\u0014H\u0016¢\u0006\u0004\b\u0017\u0010\u0016J+\u0010\u0012\u001a\u00020\u00112\u0010\u0010\r\u001a\f\u0012\u0006\b\u0001\u0012\u00020\f\u0018\u00010\u000b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u0003H\u0016¢\u0006\u0004\b\u0012\u0010\u0018J+\u0010\u0017\u001a\u00020\u00112\u0010\u0010\r\u001a\f\u0012\u0006\b\u0001\u0012\u00020\f\u0018\u00010\u000b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u0003H\u0016¢\u0006\u0004\b\u0017\u0010\u0018J;\u0010\u0017\u001a\b\u0012\u0004\u0012\u00020\f0\u00022\u0010\u0010\r\u001a\f\u0012\u0006\b\u0001\u0012\u00020\f\u0018\u00010\u000b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u00032\b\u0010\u0019\u001a\u0004\u0018\u00010\u0003H\u0007¢\u0006\u0004\b\u0017\u0010\u001aJ\u0015\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\f0\u000bH\u0016¢\u0006\u0004\b\u001b\u0010\u001cJ\u001d\u0010 \u001a\u0004\u0018\u00010\u001f2\n\b\u0002\u0010\u001e\u001a\u0004\u0018\u00010\u001dH\u0002¢\u0006\u0004\b \u0010!R\u0014\u0010$\u001a\u00020\"8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b \u0010#R\u001a\u0010(\u001a\b\u0012\u0004\u0012\u00020%0\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b&\u0010'¨\u0006)"}, d2 = {"Lcom/sdkit/paylib/paylibnetwork/impl/ssl/CompositeX509TrustManagerApi24;", "Ljavax/net/ssl/X509ExtendedTrustManager;", "", "", "selfSignedCertificates", "", "withDefaultRoots", "Lcom/sdkit/paylib/payliblogging/api/logging/PaylibLoggerFactory;", "loggerFactory", "<init>", "(Ljava/util/List;ZLcom/sdkit/paylib/payliblogging/api/logging/PaylibLoggerFactory;)V", "", "Ljava/security/cert/X509Certificate;", "chain", "authType", "Ljava/net/Socket;", "conn", "Lkotlin/C;", "checkClientTrusted", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/net/Socket;)V", "Ljavax/net/ssl/SSLEngine;", "ssl", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljavax/net/ssl/SSLEngine;)V", "checkServerTrusted", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "host", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/lang/String;)Ljava/util/List;", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "Ljava/security/KeyStore;", "keystore", "Ljavax/net/ssl/X509TrustManager;", "a", "(Ljava/security/KeyStore;)Ljavax/net/ssl/X509TrustManager;", "Lcom/sdkit/paylib/payliblogging/api/logging/PaylibLogger;", "Lcom/sdkit/paylib/payliblogging/api/logging/PaylibLogger;", "logger", "Lcom/sdkit/paylib/paylibnetwork/impl/ssl/a;", "b", "Ljava/util/List;", "pairs", "com-sdkit-assistant_paylib_network"}, k = 1, mv = {1, 8, 0})
/* loaded from: classes3.dex */
public final class CompositeX509TrustManagerApi24 extends X509ExtendedTrustManager {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    public final PaylibLogger logger;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    public final List pairs;

    /* loaded from: classes3.dex */
    public static final class a extends m implements Function0 {

        /* renamed from: a, reason: collision with root package name */
        public static final a f18194a = new a();

        public a() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "init";
        }
    }

    /* loaded from: classes3.dex */
    public static final class b extends m implements Function0 {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ Exception f18195a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public b(Exception exc) {
            super(0);
            this.f18195a = exc;
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "X509TrustManagerExtensions init error " + this.f18195a;
        }
    }

    /* loaded from: classes3.dex */
    public static final class c extends m implements Function0 {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ Exception f18196a;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public c(Exception exc) {
            super(0);
            this.f18196a = exc;
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "X509TrustManagerExtensions init error " + this.f18196a;
        }
    }

    /* loaded from: classes3.dex */
    public static final class d extends m implements Function0 {

        /* renamed from: a, reason: collision with root package name */
        public static final d f18197a = new d();

        public d() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "getTrustManager NoSuchAlgorithmException";
        }
    }

    /* loaded from: classes3.dex */
    public static final class e extends m implements Function0 {

        /* renamed from: a, reason: collision with root package name */
        public static final e f18198a = new e();

        public e() {
            super(0);
        }

        @Override // kotlin.jvm.functions.Function0
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public final String invoke() {
            return "getTrustManager KeyStoreException";
        }
    }

    public CompositeX509TrustManagerApi24(List selfSignedCertificates, boolean z, PaylibLoggerFactory loggerFactory) {
        X509TrustManager a2;
        C6305k.g(selfSignedCertificates, "selfSignedCertificates");
        C6305k.g(loggerFactory, "loggerFactory");
        PaylibLogger paylibLogger = loggerFactory.get("CompositeX509TrustManagerApi24");
        this.logger = paylibLogger;
        PaylibLogger.DefaultImpls.d$default(paylibLogger, null, a.f18194a, 1, null);
        ArrayList arrayList = new ArrayList();
        if (z && (a2 = a(this, null, 1, null)) != null) {
            try {
                arrayList.add(new com.sdkit.paylib.paylibnetwork.impl.ssl.a(a2, new X509TrustManagerExtensions(a2)));
            } catch (Exception e2) {
                PaylibLogger.DefaultImpls.e$default(this.logger, null, new b(e2), 1, null);
                C c2 = C.f33661a;
            }
        }
        if (!selfSignedCertificates.isEmpty()) {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            C6305k.f(certificateFactory, "getInstance(\"X.509\")");
            ArrayList arrayList2 = new ArrayList(C6292p.p(selfSignedCertificates, 10));
            Iterator it = selfSignedCertificates.iterator();
            while (it.hasNext()) {
                byte[] bytes = ((String) it.next()).getBytes(kotlin.text.a.f35434b);
                C6305k.f(bytes, "this as java.lang.String).getBytes(charset)");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
                try {
                    Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                    io.ktor.util.logging.a.b(byteArrayInputStream, null);
                    arrayList2.add(generateCertificate);
                } finally {
                }
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            Iterator it2 = arrayList2.iterator();
            int i = 0;
            while (it2.hasNext()) {
                keyStore.setCertificateEntry("ca" + i, (Certificate) it2.next());
                i++;
            }
            X509TrustManager a3 = a(keyStore);
            if (a3 != null) {
                try {
                    arrayList.add(new com.sdkit.paylib.paylibnetwork.impl.ssl.a(a3, new X509TrustManagerExtensions(a3)));
                } catch (Exception e3) {
                    PaylibLogger.DefaultImpls.e$default(this.logger, null, new c(e3), 1, null);
                    C c3 = C.f33661a;
                }
            }
        }
        this.pairs = arrayList;
    }

    public static /* synthetic */ X509TrustManager a(CompositeX509TrustManagerApi24 compositeX509TrustManagerApi24, KeyStore keyStore, int i, Object obj) {
        if ((i & 1) != 0) {
            keyStore = null;
        }
        return compositeX509TrustManagerApi24.a(keyStore);
    }

    public final X509TrustManager a(KeyStore keystore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keystore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            C6305k.f(trustManagers, "factory.trustManagers");
            ArrayList arrayList = new ArrayList();
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    arrayList.add(trustManager);
                }
            }
            return (X509TrustManager) w.Z(arrayList);
        } catch (KeyStoreException e2) {
            this.logger.e(e2, e.f18198a);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            this.logger.e(e3, d.f18197a);
            return null;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        Iterator it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                ((com.sdkit.paylib.paylibnetwork.impl.ssl.a) it.next()).b().checkClientTrusted(chain, authType);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException(androidx.constraintlayout.motion.widget.e.b("None of the TrustManagers trust this certificate chain: ", com.sdkit.paylib.paylibnetwork.impl.utils.c.f18203a.a(null, chain)));
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType, Socket conn) {
        C6305k.g(chain, "chain");
        C6305k.g(authType, "authType");
        C6305k.g(conn, "conn");
        checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine ssl) {
        C6305k.g(chain, "chain");
        C6305k.g(ssl, "ssl");
        checkClientTrusted(chain, authType);
    }

    public final List<X509Certificate> checkServerTrusted(X509Certificate[] chain, String authType, String host) {
        Iterator it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                List<X509Certificate> checkServerTrusted = ((com.sdkit.paylib.paylibnetwork.impl.ssl.a) it.next()).a().checkServerTrusted(chain, authType, host);
                C6305k.f(checkServerTrusted, "pair.trustExtensions.che…ed(chain, authType, host)");
                return checkServerTrusted;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException(androidx.constraintlayout.motion.widget.e.b("None of the TrustManagers trust this certificate chain: ", com.sdkit.paylib.paylibnetwork.impl.utils.c.f18203a.a(host, chain)));
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        Iterator it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                ((com.sdkit.paylib.paylibnetwork.impl.ssl.a) it.next()).b().checkServerTrusted(chain, authType);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException(androidx.constraintlayout.motion.widget.e.b("None of the TrustManagers trust this certificate chain: ", com.sdkit.paylib.paylibnetwork.impl.utils.c.f18203a.a(null, chain)));
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType, Socket conn) {
        C6305k.g(chain, "chain");
        C6305k.g(authType, "authType");
        C6305k.g(conn, "conn");
        String hostName = conn.getInetAddress().getHostName();
        Iterator it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                ((com.sdkit.paylib.paylibnetwork.impl.ssl.a) it.next()).a().checkServerTrusted(chain, authType, hostName);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException(androidx.constraintlayout.motion.widget.e.b("None of the TrustManagers trust this certificate chain: ", com.sdkit.paylib.paylibnetwork.impl.utils.c.f18203a.a(hostName, chain)));
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine ssl) {
        C6305k.g(chain, "chain");
        C6305k.g(ssl, "ssl");
        String peerHost = ssl.getSession().getPeerHost();
        Iterator it = this.pairs.iterator();
        while (it.hasNext()) {
            try {
                ((com.sdkit.paylib.paylibnetwork.impl.ssl.a) it.next()).a().checkServerTrusted(chain, authType, peerHost);
                return;
            } catch (CertificateException unused) {
            }
        }
        throw new CertificateException(androidx.constraintlayout.motion.widget.e.b("None of the TrustManagers trust this certificate chain: ", com.sdkit.paylib.paylibnetwork.impl.utils.c.f18203a.a(peerHost, chain)));
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        List list = this.pairs;
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            X509Certificate[] acceptedIssuers = ((com.sdkit.paylib.paylibnetwork.impl.ssl.a) it.next()).b().getAcceptedIssuers();
            C6305k.f(acceptedIssuers, "it.trustManager.acceptedIssuers");
            t.D(C6289m.s0(acceptedIssuers), arrayList);
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }
}
