package com.citrix.cck.jsse.provider;

import com.citrix.cck.Debug;
import com.citrix.cck.jsse.ssl.CitrixSSLSocketFactory;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPathParameters;
import java.security.cert.Certificate;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;

/* loaded from: classes5.dex */
public class CitrixTrustManagerFactorySpi extends TrustManagerFactorySpi {

    /* renamed from: a, reason: collision with root package name */
    protected CitrixTrustManager f2631a;

    private static KeyStore a() {
        return CitrixSSLSocketFactory.getSystemCAStore();
    }

    private static Set<TrustAnchor> a(KeyStore keyStore) {
        Certificate[] certificateChain;
        if (keyStore == null) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet(keyStore.size());
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            } else if (keyStore.isKeyEntry(nextElement) && (certificateChain = keyStore.getCertificateChain(nextElement)) != null && certificateChain.length > 0 && (certificateChain[0] instanceof X509Certificate)) {
                hashSet.add(new TrustAnchor((X509Certificate) certificateChain[0], null));
            }
        }
        return hashSet;
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected TrustManager[] engineGetTrustManagers() {
        Debug.logd("engineGetTrustManagers");
        CitrixTrustManager citrixTrustManager = this.f2631a;
        if (citrixTrustManager != null) {
            return new TrustManager[]{citrixTrustManager};
        }
        Debug.loge("engineGetTrustManagers: cannot obtain trust manager list");
        throw new IllegalStateException("TrustManagerFactory not initialized");
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(KeyStore keyStore) {
        Object[] objArr = new Object[1];
        objArr[0] = keyStore == null ? "null" : keyStore.size() + " certs";
        Debug.logd("CitrixTrustManagerFactorySpi::engineInit1 ENTER (ks: %s)", objArr);
        if (keyStore == null || keyStore.size() == 0) {
            Debug.logd("getting default truststore");
            try {
                keyStore = a();
            } catch (Error e) {
                e = e;
                Debug.loge("Skipped default trust store", e);
                throw e;
            } catch (SecurityException e2) {
                Debug.logw("Skipped default trust store", e2);
            } catch (RuntimeException e3) {
                e = e3;
                Debug.loge("Skipped default trust store", e);
                throw e;
            } catch (Exception e4) {
                Debug.loge("Skipped default trust store", e4);
                throw new KeyStoreException("Failed to load default trust store", e4);
            }
        }
        Set<TrustAnchor> a2 = a(keyStore);
        Debug.logd("CitrixTrustManagerFactorySpi: %d anchors detected", Integer.valueOf(a2.size()));
        try {
            this.f2631a = new CitrixTrustManager(a2);
            Debug.logd("CitrixTrustManagerFactorySpi::engineInit1 EXIT");
        } catch (InvalidAlgorithmParameterException e5) {
            throw new KeyStoreException("Failed to create trust manager", e5);
        }
    }

    @Override // javax.net.ssl.TrustManagerFactorySpi
    protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        Debug.logd("CitrixTrustManagerFactorySpi::engineInit2 ENTER");
        if (!(managerFactoryParameters instanceof CertPathTrustManagerParameters)) {
            if (managerFactoryParameters != null) {
                throw new InvalidAlgorithmParameterException("unknown spec: " + managerFactoryParameters.getClass().getName());
            }
            throw new InvalidAlgorithmParameterException("spec cannot be null");
        }
        try {
            CertPathParameters parameters = ((CertPathTrustManagerParameters) managerFactoryParameters).getParameters();
            if (!(parameters instanceof PKIXParameters)) {
                throw new InvalidAlgorithmParameterException("parameters must inherit from PKIXParameters");
            }
            this.f2631a = new CitrixTrustManager((PKIXParameters) parameters);
            Debug.logd("CitrixTrustManagerFactorySpi::engineInit2 EXIT");
        } catch (GeneralSecurityException e) {
            throw new InvalidAlgorithmParameterException("unable to process parameters: " + e.getMessage(), e);
        }
    }
}
