package com.pspdfkit.signatures;

import a0.i;
import b40.Unit;
import c40.x;
import com.pspdfkit.exceptions.InvalidPSPDFKitLicenseException;
import com.pspdfkit.internal.Modules;
import com.pspdfkit.internal.jni.NativeKeyStore;
import com.pspdfkit.internal.jni.NativeLicenseFeatures;
import com.pspdfkit.internal.signatures.SignatureUtilsKt;
import com.pspdfkit.internal.utilities.ApplicationContextProvider;
import com.pspdfkit.utils.PdfLog;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import kotlin.jvm.internal.l;

/* compiled from: TrustedKeyStore.kt */
/* loaded from: classes3.dex */
public final class TrustedKeyStore {
    public static final int $stable;
    private static final String ADOBE_CA_KEYSTORE_PASSWORD = "pspdfadobeca";
    private static final String ANDROID_KEYSTORE_NAME = "AndroidCAStore";
    public static final TrustedKeyStore INSTANCE;
    private static final String LOG_TAG = "PSPDF.KeyStore";
    private static final AtomicBoolean isDirty;
    private static NativeKeyStore nativeKeyStore;
    private static List<X509Certificate> trustedCertificates;

    static {
        TrustedKeyStore trustedKeyStore = new TrustedKeyStore();
        INSTANCE = trustedKeyStore;
        trustedCertificates = new ArrayList();
        isDirty = new AtomicBoolean(true);
        trustedKeyStore.restoreDefaults();
        $stable = 8;
    }

    private TrustedKeyStore() {
    }

    private final void loadAdobeTrustedCertificates() {
        try {
            InputStream open = ApplicationContextProvider.INSTANCE.getApplicationContext().getAssets().open("pspdfkit/AdobeCA.p12", 2);
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                char[] charArray = ADOBE_CA_KEYSTORE_PASSWORD.toCharArray();
                l.g(charArray, "toCharArray(...)");
                keyStore.load(open, charArray);
                INSTANCE.loadKeystoreCertificates(keyStore);
                Unit unit = Unit.f5062a;
                i.j(open, null);
            } finally {
            }
        } catch (Exception e11) {
            PdfLog.w(LOG_TAG, e11, "Couldn't load AdobeCA certificate store, make sure your APK still contains assets/pspdfkit/AdobeCA.p12 file!", new Object[0]);
        }
    }

    private final void loadKeystoreCertificates(KeyStore keyStore) {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                PdfLog.d(LOG_TAG, "Certificate alias: %s", nextElement);
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (l.c("X.509", certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    PdfLog.d(LOG_TAG, "X.509 CA certificate, subject: %s issuer: %s version: %d", x509Certificate.getSubjectDN().toString(), x509Certificate.getIssuerDN().toString(), Integer.valueOf(x509Certificate.getVersion()));
                    trustedCertificates.add(x509Certificate);
                } else {
                    PdfLog.w(LOG_TAG, "Can't load certificate type '%s' for certificate %s.", certificate.getType(), certificate.toString());
                }
            }
        }
    }

    private final void loadOsTrustedCertificates() {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_NAME);
            keyStore.load(null, null);
            loadKeystoreCertificates(keyStore);
        } catch (Exception e11) {
            PdfLog.e(LOG_TAG, e11, "Failed to load operating system CA keystore.", new Object[0]);
        }
    }

    public static final NativeKeyStore toNativeKeystore() {
        NativeKeyStore nativeKeyStore2;
        synchronized (INSTANCE) {
            if (nativeKeyStore == null) {
                nativeKeyStore = NativeKeyStore.create();
            }
            nativeKeyStore2 = nativeKeyStore;
            if (nativeKeyStore2 == null) {
                throw new IllegalStateException("NativeKeyStore is null!");
            }
            if (isDirty.get()) {
                for (X509Certificate x509Certificate : trustedCertificates) {
                    try {
                        nativeKeyStore2.addCertificate(SignatureUtilsKt.certificateToNativeCertificate(x509Certificate, true));
                    } catch (CertificateEncodingException e11) {
                        PdfLog.d(LOG_TAG, e11, "Couldn't encode certificate: %s", x509Certificate.toString());
                    }
                }
                isDirty.set(false);
            }
        }
        return nativeKeyStore2;
    }

    public final void addTrustedCertificates(List<? extends X509Certificate> certificates) {
        l.h(certificates, "certificates");
        if (!Modules.getFeatures().hasLicenseFeature(NativeLicenseFeatures.DIGITAL_SIGNATURES)) {
            throw new InvalidPSPDFKitLicenseException("Digital signatures are not enabled in your license.");
        }
        trustedCertificates.addAll(certificates);
        List<X509Certificate> list = trustedCertificates;
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        for (Object obj : list) {
            if (hashSet.add(((X509Certificate) obj).getSerialNumber())) {
                arrayList.add(obj);
            }
        }
        trustedCertificates = x.f0(arrayList);
        isDirty.set(true);
    }

    public final void clearTrustedCertificates() {
        trustedCertificates.clear();
        nativeKeyStore = null;
        isDirty.set(true);
    }

    public final List<X509Certificate> getTrustedCertificates() {
        return trustedCertificates;
    }

    public final void restoreDefaults() {
        if (!Modules.getFeatures().hasLicenseFeature(NativeLicenseFeatures.DIGITAL_SIGNATURES)) {
            throw new InvalidPSPDFKitLicenseException("Digital signatures are not enabled in your license.");
        }
        trustedCertificates.clear();
        loadOsTrustedCertificates();
        loadAdobeTrustedCertificates();
        List<X509Certificate> list = trustedCertificates;
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        for (Object obj : list) {
            if (hashSet.add(((X509Certificate) obj).getSerialNumber())) {
                arrayList.add(obj);
            }
        }
        trustedCertificates = x.f0(arrayList);
        isDirty.set(true);
    }
}
