package jp.co.netvision.net;

import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
final class NetvX509TrustManager implements X509TrustManager {
    private CertPathValidator validator = null;
    private CertificateFactory factory = null;
    private HashSet trusted = null;
    private PKIXParameters params = null;
    private Exception err = null;

    public NetvX509TrustManager(InputStream inputStream) {
        reload(inputStream);
        test();
    }

    public static X509Certificate readPem(InputStream inputStream) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
            CertPath generateCertPath = certificateFactory != null ? certificateFactory.generateCertPath(inputStream, "PEM") : null;
            if (generateCertPath == null) {
                throw new CertificateException("no Certificate list");
            }
            List<? extends Certificate> certificates = generateCertPath.getCertificates();
            if (certificates.size() <= 0) {
                throw new CertificateException("Certificate list is empty");
            }
            if (certificates.size() > 1) {
                throw new CertificateException("Intermediate certificate is not allowed");
            }
            if (!(certificates.get(0) instanceof X509Certificate)) {
                throw new CertificateException("Certificate is not X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) certificates.get(0);
            x509Certificate.checkValidity();
            return x509Certificate;
        } finally {
            inputStream.close();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        throw new CertificateException("Client not trusted");
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new CertificateException("Empty chain");
        }
        if (str == null || str.length() == 0) {
            throw new CertificateException("Empty auth type");
        }
        if (this.err != null) {
            throw new CertificateException(this.err);
        }
        if (this.validator == null) {
            throw new CertificateException("no validator");
        }
        try {
            this.validator.validate(this.factory.generateCertPath(Arrays.asList(x509CertificateArr)), this.params);
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException(e);
        } catch (CertPathValidatorException e2) {
            throw new CertificateException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        if (this.params == null) {
            return new X509Certificate[0];
        }
        Set<TrustAnchor> trustAnchors = this.params.getTrustAnchors();
        X509Certificate[] x509CertificateArr = new X509Certificate[trustAnchors.size()];
        Iterator<TrustAnchor> it = trustAnchors.iterator();
        int i = 0;
        while (it.hasNext()) {
            x509CertificateArr[i] = it.next().getTrustedCert();
            i++;
        }
        return x509CertificateArr;
    }

    public final void reload(InputStream inputStream) {
        this.err = null;
        try {
            this.validator = CertPathValidator.getInstance("PKIX");
            this.factory = CertificateFactory.getInstance("X509");
            this.trusted = new HashSet();
            if (inputStream == null) {
                return;
            }
            try {
                this.trusted.add(new TrustAnchor(readPem(inputStream), null));
            } catch (Exception e) {
            }
            try {
                this.params = new PKIXParameters(this.trusted);
                this.params.setRevocationEnabled(false);
            } catch (InvalidAlgorithmParameterException e2) {
                this.err = e2;
            }
        } catch (NoSuchAlgorithmException e3) {
            this.err = e3;
        } catch (CertificateException e4) {
            this.err = e4;
        }
    }

    public final void test() {
        Security.getProviders();
    }
}
