package com.citrix.cck.jsse.provider;

import com.citrix.cck.CCK;
import com.citrix.cck.Debug;
import com.citrix.cck.jsse.ssl.X509ExtendedTrustManager;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: classes3.dex */
public class CitrixTrustManager extends X509ExtendedTrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final Set<X509Certificate> f2630a;
    private final PKIXParameters b;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CitrixTrustManager(PKIXParameters pKIXParameters) {
        this.f2630a = a(pKIXParameters.getTrustAnchors());
        if (pKIXParameters instanceof PKIXBuilderParameters) {
            this.b = pKIXParameters;
            return;
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(pKIXParameters.getTrustAnchors(), pKIXParameters.getTargetCertConstraints());
        this.b = pKIXBuilderParameters;
        pKIXBuilderParameters.setCertStores(pKIXParameters.getCertStores());
        pKIXBuilderParameters.setRevocationEnabled(pKIXParameters.isRevocationEnabled());
        pKIXBuilderParameters.setCertPathCheckers(pKIXParameters.getCertPathCheckers());
        pKIXBuilderParameters.setDate(pKIXParameters.getDate());
        pKIXBuilderParameters.setAnyPolicyInhibited(pKIXParameters.isAnyPolicyInhibited());
        pKIXBuilderParameters.setPolicyMappingInhibited(pKIXParameters.isPolicyMappingInhibited());
        pKIXBuilderParameters.setExplicitPolicyRequired(pKIXParameters.isExplicitPolicyRequired());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CitrixTrustManager(Set<TrustAnchor> set) {
        this.f2630a = a(set);
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(set, new X509CertSelector());
        this.b = pKIXBuilderParameters;
        pKIXBuilderParameters.setRevocationEnabled(false);
    }

    private static Set<X509Certificate> a(Set<TrustAnchor> set) {
        X509Certificate trustedCert;
        if (set == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet(set.size());
        for (TrustAnchor trustAnchor : set) {
            if (trustAnchor != null && (trustedCert = trustAnchor.getTrustedCert()) != null) {
                hashSet.add(trustedCert);
            }
        }
        return hashSet;
    }

    private void a(X509Certificate[] x509CertificateArr, String str, Socket socket, boolean z) {
        a(x509CertificateArr, str, z);
    }

    private void a(X509Certificate[] x509CertificateArr, String str, boolean z) {
        if (CCK.isDebugEnabled()) {
            Object[] objArr = new Object[3];
            objArr[0] = Integer.valueOf(x509CertificateArr != null ? x509CertificateArr.length : 0);
            objArr[1] = str;
            objArr[2] = z ? "Yes" : "No";
            Debug.logd("validatePath(chain:%d, authType:%s, isServer:%s)", objArr);
            for (int i = 0; i < x509CertificateArr.length; i++) {
                Debug.logd("\t\tChain Cert #%d [%s]", Integer.valueOf(i), x509CertificateArr[i].getSubjectX500Principal().getName());
            }
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("'chain' must be a chain of at least one certificate");
        }
        if (str == null || str.length() < 1) {
            throw new IllegalArgumentException("'authType' must be a non-null, non-empty string");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (this.f2630a.contains(x509Certificate)) {
            if (CCK.isDebugEnabled()) {
                Debug.logd("Certificate [" + x509Certificate.getSubjectX500Principal().getName() + "] is trusted by CitrixTrustManager");
                return;
            }
            return;
        }
        try {
            CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Arrays.asList(x509CertificateArr)));
            CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
            X509CertSelector x509CertSelector = (X509CertSelector) this.b.getTargetCertConstraints().clone();
            x509CertSelector.setCertificate(x509Certificate);
            PKIXBuilderParameters pKIXBuilderParameters = (PKIXBuilderParameters) this.b.clone();
            pKIXBuilderParameters.addCertStore(certStore);
            pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
            if (CCK.isDebugEnabled()) {
                Debug.logd("Certificate chain for [" + x509Certificate.getSubjectX500Principal().getName() + "] is liked by CitrixTrustManager");
            }
        } catch (GeneralSecurityException e) {
            Debug.loge("Following chain didn't validate:");
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                Debug.loge("Cert #%d [%s]", Integer.valueOf(i2), x509CertificateArr[i2].getSubjectX500Principal().getName());
            }
            Debug.loge("Exception: " + e);
            throw new CertificateException("Invalid chain: " + e.getMessage(), e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        a(x509CertificateArr, str, null, false);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) {
        if (CCK.isDebugEnabled()) {
            Object[] objArr = new Object[3];
            objArr[0] = Integer.valueOf(x509CertificateArr != null ? x509CertificateArr.length : 0);
            objArr[1] = str;
            objArr[2] = str2;
            Debug.logd("CitrixTrustManager checkServerTrusted 1 chain:%d, authType:%s, host:%s", objArr);
            for (int i = 0; i < x509CertificateArr.length; i++) {
                Debug.logd("\t\tCert #%d [%s]", Integer.valueOf(i), x509CertificateArr[i].getSubjectX500Principal().getName());
            }
        }
        a(x509CertificateArr, str, null, true);
        return Arrays.asList(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        if (CCK.isDebugEnabled()) {
            Object[] objArr = new Object[2];
            objArr[0] = Integer.valueOf(x509CertificateArr != null ? x509CertificateArr.length : 0);
            objArr[1] = str;
            Debug.logd("CitrixTrustManager checkServerTrusted 3 chain:%d, authType:%s", objArr);
        }
        a(x509CertificateArr, str, null, true);
    }

    @Override // com.citrix.cck.jsse.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        if (CCK.isDebugEnabled()) {
            Object[] objArr = new Object[3];
            objArr[0] = Integer.valueOf(x509CertificateArr != null ? x509CertificateArr.length : 0);
            objArr[1] = str;
            objArr[2] = socket.getClass().getSimpleName();
            Debug.logd("CitrixTrustManager checkServerTrusted 2 chain:%d, authType:%s, socket:%s", objArr);
        }
        a(x509CertificateArr, str, socket, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Set<X509Certificate> set = this.f2630a;
        return (X509Certificate[]) set.toArray(new X509Certificate[set.size()]);
    }
}
