package com.avaya.clientservices.provider.certificate.internal;

import a1.d;
import android.content.Context;
import android.os.Build;
import com.avaya.clientservices.base.App;
import com.avaya.clientservices.client.Log;
import com.avaya.clientservices.client.PlatformUtils;
import com.avaya.clientservices.provider.certificate.internal.SecretKeyParameters;
import com.dewa.application.others.otp_verification.DRIZ.lMazGKOdaKLP;
import h6.a;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import z.l;

/* loaded from: classes.dex */
class AndroidCertificateProvider {
    private static final String AVAYA_PRIVATE_KEY_STORE = "AvayaTrust";
    private static final String TAG = "AndroidCertificateProvider";
    private static CertificateFactory mCertificateFactory;
    private final Lock _mKeyStoreLock;
    private boolean isCertificateStoreInUse;
    private Method mCheckServerTrusted;
    private Context mContext;
    private final PKCS12BackedClientIdentityCertificateStore mIdentitySecureStore;
    private Class mRootTrustManager;
    private final AndroidCertificateProviderSecurityPolicy mSecurityPolicy;
    private TrustManager[] mTrustManagers;
    private static final char[] AVAYA_KEY_STORE_PASSWORD = "password".toCharArray();
    private static final String OCSP_UNAUTHORIZED_ERROR = "OCSP Response error: UNAUTHORIZED".toLowerCase();

    /* renamed from: com.avaya.clientservices.provider.certificate.internal.AndroidCertificateProvider$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason;

        static {
            int[] iArr = new int[CertPathValidatorException.BasicReason.values().length];
            $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason = iArr;
            try {
                iArr[CertPathValidatorException.BasicReason.EXPIRED.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[CertPathValidatorException.BasicReason.NOT_YET_VALID.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[CertPathValidatorException.BasicReason.INVALID_SIGNATURE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[CertPathValidatorException.BasicReason.ALGORITHM_CONSTRAINED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[CertPathValidatorException.BasicReason.REVOKED.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[CertPathValidatorException.BasicReason.UNSPECIFIED.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
            try {
                $SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS.ordinal()] = 7;
            } catch (NoSuchFieldError unused7) {
            }
        }
    }

    static {
        mCertificateFactory = null;
        try {
            mCertificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e6) {
            Log.w("Unable to get an instance of a certificate factory. ", e6);
        }
    }

    private AndroidCertificateProvider() {
        this(new AndroidCertificateProviderSecurityPolicy());
    }

    public AndroidCertificateProvider(AndroidCertificateProviderSecurityPolicy androidCertificateProviderSecurityPolicy) {
        this._mKeyStoreLock = new ReentrantLock();
        this.isCertificateStoreInUse = false;
        Context context = App.getContext();
        this.mContext = context;
        this.mSecurityPolicy = androidCertificateProviderSecurityPolicy;
        PKCS12BackedClientIdentityCertificateStore pKCS12BackedClientIdentityCertificateStore = new PKCS12BackedClientIdentityCertificateStore(context, new AESEncrypter(context, SecretKeyParameters.Type.AES_GCM));
        this.mIdentitySecureStore = pKCS12BackedClientIdentityCertificateStore;
        try {
            pKCS12BackedClientIdentityCertificateStore.mayLoad();
        } catch (CertificateStoreException unused) {
            Log.e("Error loading identity secure store, resetting key store.");
            this.mIdentitySecureStore.setEmptyKeyStore();
        }
        String str = TAG + ".AndroidCertificateProvider(): ";
        Log.d(str);
        try {
            Class<?> cls = Class.forName("android.security.net.config.RootTrustManager");
            this.mRootTrustManager = cls;
            this.mCheckServerTrusted = cls.getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (ClassNotFoundException unused2) {
            Log.d(str + "RootTrustManager Class not found.");
        } catch (NoSuchMethodException unused3) {
            Log.d(str + " Method not found.");
        }
    }

    private void checkServerTrusted(X509Certificate[] x509CertificateArr, TrustManager[] trustManagerArr, String str) throws CertificateException {
        CertificateException certificateException = new CertificateException("Untrusted certificate chain; unable to find trusted anchors");
        String f10 = l.f(new StringBuilder(), TAG, ".checkServerTrusted(): ");
        for (TrustManager trustManager : trustManagerArr) {
            if (str != null) {
                try {
                    Class cls = this.mRootTrustManager;
                    if (cls != null && this.mCheckServerTrusted != null && cls.isInstance(trustManager)) {
                        Log.d(f10 + lMazGKOdaKLP.OoOlxaAIgIrtZQ + str);
                        this.mCheckServerTrusted.invoke(trustManager, x509CertificateArr, "RSA", str);
                        return;
                    }
                } catch (IllegalAccessException e6) {
                    e = e6;
                    certificateException = new CertificateException(e);
                } catch (InvocationTargetException e8) {
                    e = e8;
                    certificateException = new CertificateException(e);
                } catch (CertificateException e10) {
                    e = e10;
                    certificateException = new CertificateException(e);
                }
            }
            if (trustManager instanceof X509TrustManager) {
                Log.d(f10 + "Host not specified validating without host.");
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, "RSA");
                return;
            }
        }
        throw certificateException;
    }

    private void checkValidity(X509Certificate[] x509CertificateArr) throws CertificateExpiredException, CertificateNotYetValidException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("Invalid certificate chain received.");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
        }
    }

    private TrustManager[] concatTrustManagers(TrustManager[] trustManagerArr, TrustManager[] trustManagerArr2) {
        TrustManager[] trustManagerArr3 = new TrustManager[trustManagerArr.length + trustManagerArr2.length];
        System.arraycopy(trustManagerArr, 0, trustManagerArr3, 0, trustManagerArr.length);
        System.arraycopy(trustManagerArr2, 0, trustManagerArr3, trustManagerArr.length, trustManagerArr2.length);
        return trustManagerArr3;
    }

    private KeyStore createJavaKeyStore() throws CertificateStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e6) {
            throw new CertificateStoreException(e6);
        } catch (KeyStoreException e8) {
            throw new CertificateStoreException(e8);
        } catch (NoSuchAlgorithmException e10) {
            throw new CertificateStoreException(e10);
        } catch (CertificateException e11) {
            throw new CertificateStoreException(e11);
        }
    }

    private static String generateCertificateAlias() {
        return UUID.randomUUID().toString();
    }

    private X509Certificate[] getAcceptedIssuers() {
        String f10 = l.f(new StringBuilder(), TAG, ".getAcceptedIssuers(): ");
        if (!isCertificateStoreInUse()) {
            Log.w(f10 + "Application certificate store is not in-use");
            return null;
        }
        try {
            this._mKeyStoreLock.lock();
            if (this.mTrustManagers == null) {
                Log.e(f10 + "Application certificate store does not contain any issuers.");
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (TrustManager trustManager : this.mTrustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    for (X509Certificate x509Certificate : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
                        arrayList.add(x509Certificate);
                    }
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    private TrustManager[] getCombinedTrustManagers() {
        TrustManager[] trustManagerArr = this.mTrustManagers;
        return trustManagerArr != null ? concatTrustManagers(trustManagerArr, getSystemTrustManagers()) : getSystemTrustManagers();
    }

    private TrustManager[] getDelegates(boolean z7) {
        TrustManager[] combinedTrustManagers;
        String f10 = l.f(new StringBuilder(), TAG, ".getDelegates(): ");
        this._mKeyStoreLock.lock();
        try {
            if (z7) {
                Log.d(f10 + "Private Trust store override: Using the trusted anchors from system trust store.");
                combinedTrustManagers = getSystemTrustManagers();
            } else if (this.mSecurityPolicy.getTrustStoreMode() != TrustStoreMode.PRIVATE_ONLY) {
                Log.i(f10 + "Trust store mode has been set to \"privateAndSystem\" using the trusted anchors from private and system trust store.");
                combinedTrustManagers = getCombinedTrustManagers();
            } else if (this.mSecurityPolicy.isPrivateTrustStoreEnabled() && isCertificateStoreInUse()) {
                Log.i(f10 + "Trust store mode has been set to \"privateOnly\"; using the trusted anchors from private trust store.");
                combinedTrustManagers = this.mTrustManagers;
            } else {
                Log.i(f10 + "Trust store mode has been set to \"privateOnly\", but the private trust store has not been created; using system trust store for certificate validation");
                combinedTrustManagers = getSystemTrustManagers();
            }
            return combinedTrustManagers;
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    private static Throwable getRootCause(Throwable th2) {
        List<Throwable> throwableList = getThrowableList(th2);
        if (throwableList.isEmpty()) {
            return null;
        }
        return (Throwable) d.f(1, throwableList);
    }

    private static TrustManager[] getSystemTrustManagers() {
        return getTrustManagers(null);
    }

    private static List<Throwable> getThrowableList(Throwable th2) {
        ArrayList arrayList = new ArrayList();
        while (th2 != null && !arrayList.contains(th2)) {
            arrayList.add(th2);
            th2 = th2.getCause();
        }
        return arrayList;
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e6) {
            throw new AssertionError(e6);
        } catch (NoSuchAlgorithmException e8) {
            throw new AssertionError(e8);
        }
    }

    private void persistCertificateStore(KeyStore keyStore) throws CertificateException {
        String f10 = l.f(new StringBuilder(), TAG, ".persistCertificateStore(): ");
        if (keyStore == null) {
            Log.i(f10 + "Deleting certificate store.");
            this.mContext.deleteFile(AVAYA_PRIVATE_KEY_STORE);
        } else {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    try {
                        try {
                            fileOutputStream = this.mContext.openFileOutput(AVAYA_PRIVATE_KEY_STORE, 0);
                            keyStore.store(fileOutputStream, AVAYA_KEY_STORE_PASSWORD);
                            try {
                                fileOutputStream.close();
                            } catch (IOException unused) {
                            }
                        } catch (IOException e6) {
                            Log.e(f10 + "Error occurred while closing certificate store.", e6);
                            throw new CertificateException(e6);
                        }
                    } catch (NoSuchAlgorithmException e8) {
                        Log.e(f10 + "Error occurred while closing certificate store.", e8);
                        throw new CertificateException(e8);
                    }
                } catch (KeyStoreException e10) {
                    Log.e(f10 + "Error occurred while closing certificate store.", e10);
                    throw new CertificateException(e10);
                }
            } catch (Throwable th2) {
                try {
                    fileOutputStream.close();
                } catch (IOException unused2) {
                }
                throw th2;
            }
        }
        setKeyStore(keyStore);
    }

    private void setKeyStore(KeyStore keyStore) {
        String f10 = l.f(new StringBuilder(), TAG, ".setKeyStore(): ");
        this._mKeyStoreLock.lock();
        try {
            this.mTrustManagers = getTrustManagers(keyStore);
            this.isCertificateStoreInUse = keyStore != null;
            StringBuilder q10 = a.q(f10, "Application certificate store is ");
            q10.append(this.isCertificateStoreInUse ? "in use." : "not in use");
            Log.i(q10.toString());
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    public void checkOCSPStatus(String[] strArr, boolean z7, boolean z10) throws CertPathValidatorException {
        String f10 = l.f(new StringBuilder(), TAG, ".checkOCSPStatus(): ");
        int i6 = Build.VERSION.SDK_INT;
        if (i6 < 26) {
            Log.seci(f10 + "OCSP revocation check is not supported by this Android SDK version: " + i6);
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            X509Certificate convertToX509Certificate = CertificateUtils.convertToX509Certificate(str);
            if (convertToX509Certificate != null && convertToX509Certificate.getBasicConstraints() == -1) {
                arrayList.add(convertToX509Certificate);
            }
        }
        if (arrayList.size() <= 0) {
            Log.e(f10 + "Empty certificate list.");
            return;
        }
        String name = ((X509Certificate) arrayList.get(0)).getSubjectX500Principal().getName();
        String name2 = ((X509Certificate) arrayList.get(0)).getIssuerDN().getName();
        String bigInteger = ((X509Certificate) arrayList.get(0)).getSerialNumber().toString();
        String f11 = l.f(a.r("[SECURITY] WARN Certificate status is unknown or OCSP responder is not accessible to verify certificate with subject ", name, ", issuer ", name2, ", serial number "), bigInteger, ".");
        String f12 = l.f(a.r("[SECURITY] ERROR TLS connection is closed as result of certificate expiration or OCSP revocation operation for certificate with subject ", name, ", issuer ", name2, ", serial number "), bigInteger, ".");
        CertificateFactory certificateFactory = mCertificateFactory;
        if (certificateFactory == null) {
            Log.e(f10 + "No instance of certificate factory.");
            if (z10) {
                Log.w(f11);
                return;
            } else {
                Log.e(f12);
                throw new CertPathValidatorException("No instance of certificate factory.", null, null, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
            }
        }
        try {
            CertPath generateCertPath = certificateFactory.generateCertPath(arrayList);
            try {
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
                pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.NO_FALLBACK));
                TrustManager[] delegates = getDelegates(z7);
                ArrayList arrayList2 = new ArrayList();
                for (TrustManager trustManager : delegates) {
                    if (trustManager instanceof X509TrustManager) {
                        for (X509Certificate x509Certificate : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
                            arrayList2.add(x509Certificate);
                        }
                    }
                }
                X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList2.toArray(new X509Certificate[arrayList2.size()]);
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    Log.e(f10 + "There are no accepted issuers to validate X.509 certification paths.");
                    if (z10) {
                        Log.w(f11);
                        return;
                    } else {
                        Log.e(f12);
                        throw new CertPathValidatorException("There are no accepted issuers to validate X.509 certification paths.", null, generateCertPath, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
                    }
                }
                HashSet hashSet = new HashSet();
                for (X509Certificate x509Certificate2 : x509CertificateArr) {
                    hashSet.add(new TrustAnchor(x509Certificate2, null));
                }
                try {
                    PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
                    pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
                    pKIXParameters.setRevocationEnabled(false);
                    try {
                        certPathValidator.validate(generateCertPath, pKIXParameters);
                        Log.d(f10 + "OCSP validation success.");
                    } catch (InvalidAlgorithmParameterException e6) {
                        StringBuilder q10 = a.q(f10, "Invalid parameters for CertPathValidator: ");
                        q10.append(e6.getMessage());
                        Log.e(q10.toString());
                        if (!z10) {
                            Log.e(f12);
                            throw new CertPathValidatorException("Invalid parameters for CertPathValidator.", e6, generateCertPath, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
                        }
                        Log.w(f11);
                    } catch (CertPathValidatorException e8) {
                        StringBuilder q11 = a.q(f10, " CertPathValidatorException exception with Reason=");
                        q11.append(e8.getReason());
                        q11.append(" occurred due to ");
                        q11.append(e8.getMessage());
                        Log.e(q11.toString());
                        if (e8.getReason() instanceof CertPathValidatorException.BasicReason) {
                            switch (AnonymousClass1.$SwitchMap$java$security$cert$CertPathValidatorException$BasicReason[((CertPathValidatorException.BasicReason) e8.getReason()).ordinal()]) {
                                case 1:
                                case 2:
                                case 3:
                                case 4:
                                case 5:
                                    Log.e(f12);
                                    throw e8;
                                case 6:
                                    if (PlatformUtils.isVantagePlatform() && e8.getMessage().toLowerCase().contains(OCSP_UNAUTHORIZED_ERROR)) {
                                        Log.e(f12);
                                        throw e8;
                                    }
                                    break;
                                case 7:
                                    break;
                                default:
                                    return;
                            }
                            if (!z10) {
                                Log.e(f12);
                                throw e8;
                            }
                            Log.w(f11);
                        }
                    }
                } catch (InvalidAlgorithmParameterException e10) {
                    StringBuilder q12 = a.q(f10, "Invalid Set of TrustAnchors: ");
                    q12.append(e10.getMessage());
                    Log.e(q12.toString());
                    if (!z10) {
                        Log.e(f12);
                        throw new CertPathValidatorException("Invalid Set of TrustAnchors.", e10, generateCertPath, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
                    }
                    Log.w(f11);
                }
            } catch (NoSuchAlgorithmException e11) {
                StringBuilder q13 = a.q(f10, "No CertPathValidator for PKIX algorithm: ");
                q13.append(e11.getMessage());
                Log.e(q13.toString());
                if (!z10) {
                    Log.e(f12);
                    throw new CertPathValidatorException("No CertPathValidator for PKIX algorithm.", e11, null, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
                }
                Log.w(f11);
            }
        } catch (CertificateException e12) {
            StringBuilder q14 = a.q(f10, "Failed to generate certification path: ");
            q14.append(e12.getMessage());
            Log.e(q14.toString());
            if (!z10) {
                Log.e(f12);
                throw new CertPathValidatorException("Failed to generate certification path.", e12, null, -1, CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS);
            }
            Log.w(f11);
        }
    }

    public void createStore() throws CertificateStoreException {
        String f10 = l.f(new StringBuilder(), TAG, ".createStore(): ");
        KeyStore createJavaKeyStore = createJavaKeyStore();
        KeyStore keyStore = null;
        try {
            if (this.mSecurityPolicy.isPrivateTrustStoreEnabled()) {
                createJavaKeyStore.load(this.mContext.openFileInput(AVAYA_PRIVATE_KEY_STORE), AVAYA_KEY_STORE_PASSWORD);
                this.isCertificateStoreInUse = true;
            } else {
                Log.i(f10 + "Private trust store has not been enabled.");
                this.isCertificateStoreInUse = false;
                createJavaKeyStore = null;
            }
            keyStore = createJavaKeyStore;
        } catch (FileNotFoundException unused) {
            Log.w(f10 + "Could not find the KeyStore file to load.");
        } catch (IOException e6) {
            throw new CertificateStoreException(e6);
        } catch (NoSuchAlgorithmException e8) {
            throw new CertificateStoreException(e8);
        } catch (CertificateException e10) {
            throw new CertificateStoreException(e10);
        }
        setKeyStore(keyStore);
        StringBuilder q10 = a.q(f10, "Using application's certificate store = ");
        q10.append(this.isCertificateStoreInUse);
        Log.i(q10.toString());
    }

    public void deleteCertStore() throws AppCertificateStoreException, AppCertificateStoreNotInUseException {
        String f10 = l.f(new StringBuilder(), TAG, ".deleteCertStore(): ");
        if (!isCertificateStoreInUse()) {
            Log.w(f10 + "Application's certificate store is not in use.");
            throw new AppCertificateStoreNotInUseException();
        }
        try {
            this.isCertificateStoreInUse = false;
            persistCertificateStore(null);
        } catch (CertificateException e6) {
            Log.w(f10 + "Exception received while deleting certificate store");
            throw new AppCertificateStoreException(e6);
        }
    }

    public void deleteClientIdentityCertificateChain() throws CertificateStoreException {
        this.mIdentitySecureStore.deleteCertificateStore();
    }

    public String[] getCertificates() throws AppCertificateStoreException, AppCertificateStoreNotInUseException {
        String f10 = l.f(new StringBuilder(), TAG, ".getCertificates(): ");
        if (!isCertificateStoreInUse()) {
            Log.w(f10 + "Application certificate store is not in use");
            throw new AppCertificateStoreNotInUseException();
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
            try {
                arrayList.add(CertificateUtils.convertToPEMString(x509Certificate));
            } catch (CertificateEncodingException e6) {
                StringBuilder q10 = a.q(f10, "Encoding error occurred = ");
                q10.append(e6.getMessage());
                Log.w(q10.toString());
                Log.w(f10 + "Root cause:" + getRootCause(e6).toString());
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String[] getClientIdentityCertificateChain() {
        String f10 = l.f(new StringBuilder(), TAG, ".getClientIdentityCertificateChain(): ");
        try {
            String[] identityCertificateChainAsPEMStringArray = this.mIdentitySecureStore.getIdentityCertificateChainAsPEMStringArray();
            if (identityCertificateChainAsPEMStringArray.length != 0) {
                Log.w(f10 + "Endpoint certificate = " + identityCertificateChainAsPEMStringArray);
                return identityCertificateChainAsPEMStringArray;
            }
        } catch (CertificateStoreException e6) {
            Log.w(f10 + "Unable to retrieve endpoint certificate", e6);
        } catch (CertificateEncodingException e8) {
            Log.w(f10 + "Unable to encode endpoint certificate ", e8);
        }
        return new String[0];
    }

    public String getClientPrivateKey() {
        return this.mIdentitySecureStore.getPEMEncodedPrivateKeyString();
    }

    public boolean isCertificateStoreInUse() {
        return this.isCertificateStoreInUse;
    }

    public void setCertificates(String[] strArr) throws CertificateException {
        String f10 = l.f(new StringBuilder(), TAG, ".setCertificates(): ");
        KeyStore createJavaKeyStore = createJavaKeyStore();
        if (createJavaKeyStore == null) {
            Log.e(f10 + "Unable to create a keystore to create an application's certificate store.");
            throw new CertificateException();
        }
        for (String str : strArr) {
            X509Certificate convertToX509Certificate = CertificateUtils.convertToX509Certificate(str);
            if (convertToX509Certificate == null) {
                Log.e(f10 + "Invalid formatted certificate received, cannot add to certificate store");
                throw new CertificateException();
            }
            try {
                Log.d(f10 + "Adding certificate = " + convertToX509Certificate.getSubjectDN().getName());
                createJavaKeyStore.setCertificateEntry(generateCertificateAlias(), convertToX509Certificate);
            } catch (KeyStoreException e6) {
                Log.e(f10 + "Failed to add a certificate to the store.", e6);
                throw new CertificateStoreException(e6);
            }
        }
        setKeyStore(createJavaKeyStore);
        this.isCertificateStoreInUse = true;
        persistCertificateStore(createJavaKeyStore);
        Log.d(f10 + "Certificate store is populated successfully, put it to use.");
    }

    public void setClientIdentityCertificateChain(String[] strArr, String str) throws CertificateException, CertificateStoreException {
        this.mIdentitySecureStore.saveCertificateChainAndKey(strArr, str.toCharArray());
    }

    public void validateCertificates(String[] strArr, String str, String str2, int i6, boolean z7, int i10) throws CertificateException {
        String f10 = l.f(new StringBuilder(), TAG, ".validateCertificates(): ");
        ArrayList arrayList = new ArrayList();
        for (String str3 : strArr) {
            X509Certificate convertToX509Certificate = CertificateUtils.convertToX509Certificate(str3);
            if (convertToX509Certificate == null) {
                throw new CertificateParsingException();
            }
            arrayList.add(convertToX509Certificate);
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("Invalid certificate chain received.");
        }
        try {
            checkServerTrusted(x509CertificateArr, getDelegates(z7), str2);
            checkValidity(x509CertificateArr);
            StringBuilder o2 = androidx.work.a.o(f10);
            o2.append(RequestIdLogger.create(i10));
            o2.append("The certificate is not revoked.");
            Log.seci(o2.toString());
            new AndroidHostnameValidator().validateHostname(x509CertificateArr[0], str, str2, i6, i10);
            StringBuilder o7 = androidx.work.a.o(f10);
            o7.append(RequestIdLogger.create(i10));
            o7.append("Certificate hostname is valid.");
            Log.seci(o7.toString());
        } catch (CertificateException e6) {
            StringBuilder q10 = a.q(f10, " Certificate exception occurred due to ");
            q10.append(e6.getMessage());
            Log.e(q10.toString());
            Log.e(f10 + " Root cause:" + getRootCause(e6).toString());
            StringBuilder sb2 = new StringBuilder();
            sb2.append(f10);
            sb2.append(" Verifying if this exception is due to expired certificate chain.");
            Log.i(sb2.toString());
            checkValidity(x509CertificateArr);
            throw e6;
        }
    }
}
