package com.barclubstats2.mobiledl.truststore;

import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import org.bouncycastle.asn1.x500.X500Name;

/* loaded from: classes4.dex */
public class SimpleIssuerTrustStore implements IssuerTrustStore {
    private static final int DIGITAL_SIGNATURE = 0;
    private static final int KEY_CERT_SIGN = 5;
    private Map<X500Name, X509Certificate> trustedCertMap;

    public SimpleIssuerTrustStore(KeyStore keyStore) {
        this.trustedCertMap = new HashMap();
        try {
            HashMap hashMap = new HashMap();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    Certificate certificate = keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        hashMap.put(new X500Name(x509Certificate.getSubjectX500Principal().getName()), x509Certificate);
                    }
                }
            }
            this.trustedCertMap = hashMap;
        } catch (Exception e) {
            throw new RuntimeException("Error retrieving trusted certificates from trust store", e);
        }
    }

    public SimpleIssuerTrustStore(List<X509Certificate> list) {
        this.trustedCertMap = new HashMap();
        for (X509Certificate x509Certificate : list) {
            this.trustedCertMap.put(new X500Name(x509Certificate.getSubjectX500Principal().getName()), x509Certificate);
        }
    }

    private static boolean validateKeyUsageOfCA(boolean[] zArr) {
        return !zArr[5];
    }

    @Override // com.barclubstats2.mobiledl.truststore.IssuerTrustStore
    public List<X509Certificate> createCertificationTrustPath(List<X509Certificate> list) {
        LinkedList linkedList = new LinkedList();
        ListIterator<X509Certificate> listIterator = list.listIterator();
        X509Certificate x509Certificate = null;
        while (true) {
            if (!listIterator.hasNext()) {
                break;
            }
            X509Certificate next = listIterator.next();
            linkedList.add(next);
            x509Certificate = this.trustedCertMap.get(new X500Name(next.getIssuerX500Principal().getName()));
            if (x509Certificate != null) {
                linkedList.add(x509Certificate);
                break;
            }
        }
        if (x509Certificate != null) {
            return linkedList;
        }
        return null;
    }

    @Override // com.barclubstats2.mobiledl.truststore.IssuerTrustStore
    public boolean validateCertificationTrustPath(List<X509Certificate> list) {
        if (list != null && !list.isEmpty()) {
            Iterator<X509Certificate> it2 = list.iterator();
            X509Certificate next = it2.next();
            if (!next.getKeyUsage()[0]) {
                return false;
            }
            try {
                next.checkValidity();
                while (it2.hasNext()) {
                    X509Certificate next2 = it2.next();
                    validateKeyUsageOfCA(next2.getKeyUsage());
                    if (!new X500Name(next.getIssuerX500Principal().getName()).equals(new X500Name(next2.getSubjectX500Principal().getName()))) {
                        return false;
                    }
                    try {
                        next.verify(next2.getPublicKey());
                        next = next2;
                    } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                        return false;
                    }
                }
                return true;
            } catch (CertificateException unused2) {
            }
        }
        return false;
    }
}
