package org.conscrypt;

import defpackage.a86;
import defpackage.ho8;
import defpackage.io8;
import defpackage.jo8;
import defpackage.lz0;
import java.net.Socket;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.CertPathChecker;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.X509ExtendedTrustManager;
import org.conscrypt.ct.CTPolicy;
import org.conscrypt.ct.CTVerifier;

/* loaded from: classes6.dex */
public final class TrustManagerImpl extends X509ExtendedTrustManager {
    public static final jo8 m = new Object();
    public final CertPinManager a;
    public final ConscryptCertStore b;
    public final CertPathValidator c;
    public final TrustedCertificateIndex d;
    public final TrustedCertificateIndex e;
    public final X509Certificate[] f;
    public final Exception g;
    public final CertificateFactory h;
    public final CertBlacklist i;
    public CTVerifier j;
    public CTPolicy k;
    public boolean l;

    public TrustManagerImpl(KeyStore keyStore) {
        this(keyStore, null);
    }

    public TrustManagerImpl(KeyStore keyStore, CertPinManager certPinManager) {
        this(keyStore, certPinManager, null);
    }

    public TrustManagerImpl(KeyStore keyStore, CertPinManager certPinManager, ConscryptCertStore conscryptCertStore) {
        this(keyStore, certPinManager, conscryptCertStore, null);
    }

    public TrustManagerImpl(KeyStore keyStore, CertPinManager certPinManager, ConscryptCertStore conscryptCertStore, CertBlacklist certBlacklist) {
        this(keyStore, certPinManager, conscryptCertStore, certBlacklist, null, null, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:23:0x0069  */
    /* JADX WARN: Removed duplicated region for block: B:25:0x0070  */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0078  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x007c  */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0074  */
    /* JADX WARN: Removed duplicated region for block: B:33:0x006d  */
    /* JADX WARN: Type inference failed for: r5v9, types: [java.security.cert.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r7v0 */
    /* JADX WARN: Type inference failed for: r7v1, types: [java.security.cert.X509Certificate[]] */
    /* JADX WARN: Type inference failed for: r7v4 */
    /* JADX WARN: Type inference failed for: r9v4, types: [java.security.cert.X509Certificate] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public TrustManagerImpl(java.security.KeyStore r12, org.conscrypt.CertPinManager r13, org.conscrypt.ConscryptCertStore r14, org.conscrypt.CertBlacklist r15, org.conscrypt.ct.CTLogStore r16, org.conscrypt.ct.CTVerifier r17, org.conscrypt.ct.CTPolicy r18) {
        /*
            r11 = this;
            r1 = r11
            r11.<init>()
            r2 = 0
            java.lang.String r0 = "PKIX"
            java.security.cert.CertPathValidator r3 = java.security.cert.CertPathValidator.getInstance(r0)     // Catch: java.lang.Exception -> L5d
            java.lang.String r0 = "X509"
            java.security.cert.CertificateFactory r4 = java.security.cert.CertificateFactory.getInstance(r0)     // Catch: java.lang.Exception -> L59
            java.lang.String r0 = "AndroidCAStore"
            java.lang.String r5 = r12.getType()     // Catch: java.lang.Exception -> L57
            boolean r0 = r0.equals(r5)     // Catch: java.lang.Exception -> L57
            if (r0 == 0) goto L26
            int r0 = defpackage.a86.a     // Catch: java.lang.Exception -> L57
            goto L26
        L20:
            r6 = r2
            r5 = r4
        L22:
            r4 = r3
            r3 = r0
            r0 = r6
            goto L63
        L26:
            java.security.cert.X509Certificate[] r5 = a(r12)     // Catch: java.lang.Exception -> L54
            org.conscrypt.TrustedCertificateIndex r0 = new org.conscrypt.TrustedCertificateIndex     // Catch: java.lang.Exception -> L4d
            java.util.HashSet r6 = new java.util.HashSet     // Catch: java.lang.Exception -> L4d
            int r7 = r5.length     // Catch: java.lang.Exception -> L4d
            r6.<init>(r7)     // Catch: java.lang.Exception -> L4d
            int r7 = r5.length     // Catch: java.lang.Exception -> L4d
            r8 = 0
        L34:
            if (r8 >= r7) goto L43
            r9 = r5[r8]     // Catch: java.lang.Exception -> L4d
            java.security.cert.TrustAnchor r10 = new java.security.cert.TrustAnchor     // Catch: java.lang.Exception -> L4d
            r10.<init>(r9, r2)     // Catch: java.lang.Exception -> L4d
            r6.add(r10)     // Catch: java.lang.Exception -> L4d
            int r8 = r8 + 1
            goto L34
        L43:
            r0.<init>(r6)     // Catch: java.lang.Exception -> L4d
            r6 = r4
            r7 = r5
            r5 = r2
            r4 = r3
            r3 = r0
            r0 = r14
            goto L67
        L4d:
            r0 = move-exception
            r6 = r5
        L4f:
            r5 = r4
            r4 = r3
            r3 = r0
            r0 = r14
            goto L63
        L54:
            r0 = move-exception
            r6 = r2
            goto L4f
        L57:
            r0 = move-exception
            goto L20
        L59:
            r0 = move-exception
            r5 = r2
            r6 = r5
            goto L22
        L5d:
            r0 = move-exception
            r3 = r0
            r0 = r2
            r4 = r0
            r5 = r4
            r6 = r5
        L63:
            r7 = r6
            r6 = r5
            r5 = r3
            r3 = r2
        L67:
            if (r15 != 0) goto L6d
            int r8 = defpackage.a86.a
            r8 = r2
            goto L6e
        L6d:
            r8 = r15
        L6e:
            if (r16 != 0) goto L74
            int r9 = defpackage.a86.a
            r9 = r2
            goto L76
        L74:
            r9 = r16
        L76:
            if (r18 != 0) goto L7c
            int r10 = defpackage.a86.a
            r10 = r13
            goto L7f
        L7c:
            r10 = r13
            r2 = r18
        L7f:
            r1.a = r10
            r1.b = r0
            r1.c = r4
            r1.h = r6
            r1.d = r3
            org.conscrypt.TrustedCertificateIndex r0 = new org.conscrypt.TrustedCertificateIndex
            r0.<init>()
            r1.e = r0
            r1.f = r7
            r1.g = r5
            r1.i = r8
            org.conscrypt.ct.CTVerifier r0 = new org.conscrypt.ct.CTVerifier
            r0.<init>(r9)
            r1.j = r0
            r1.k = r2
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.conscrypt.TrustManagerImpl.<init>(java.security.KeyStore, org.conscrypt.CertPinManager, org.conscrypt.ConscryptCertStore, org.conscrypt.CertBlacklist, org.conscrypt.ct.CTLogStore, org.conscrypt.ct.CTVerifier, org.conscrypt.ct.CTPolicy):void");
    }

    public static X509Certificate[] a(KeyStore keyStore) {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException unused) {
            return new X509Certificate[0];
        }
    }

    public final void b(X509Certificate x509Certificate) {
        CertBlacklist certBlacklist = this.i;
        if (certBlacklist == null || !certBlacklist.isPublicKeyBlackListed(x509Certificate.getPublicKey())) {
            return;
        }
        throw new CertificateException("Certificate blacklisted by public key: " + x509Certificate);
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x008b, code lost:
    
        r1 = r17.getEndpointIdentificationAlgorithm();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List c(java.security.cert.X509Certificate[] r14, java.lang.String r15, javax.net.ssl.SSLSession r16, javax.net.ssl.SSLParameters r17, boolean r18) {
        /*
            r13 = this;
            r0 = r16
            r1 = 0
            if (r0 == 0) goto L84
            java.lang.String r2 = r16.getPeerHost()
            boolean r3 = r0 instanceof defpackage.ws1
            r4 = 1
            if (r3 == 0) goto L16
            r5 = r0
            ws1 r5 = (defpackage.ws1) r5
            java.util.List r5 = r5.c()
            goto L3d
        L16:
            java.lang.Class r5 = r16.getClass()     // Catch: java.lang.reflect.InvocationTargetException -> L2e java.lang.Throwable -> L30
            java.lang.String r6 = "getStatusResponses"
            java.lang.reflect.Method r5 = r5.getDeclaredMethod(r6, r1)     // Catch: java.lang.reflect.InvocationTargetException -> L2e java.lang.Throwable -> L30
            r5.setAccessible(r4)     // Catch: java.lang.reflect.InvocationTargetException -> L2e java.lang.Throwable -> L30
            java.lang.Object r5 = r5.invoke(r0, r1)     // Catch: java.lang.reflect.InvocationTargetException -> L2e java.lang.Throwable -> L30
            boolean r6 = r5 instanceof java.util.List     // Catch: java.lang.reflect.InvocationTargetException -> L2e java.lang.Throwable -> L30
            if (r6 == 0) goto L3c
            java.util.List r5 = (java.util.List) r5     // Catch: java.lang.reflect.InvocationTargetException -> L2e java.lang.Throwable -> L30
            goto L3d
        L2e:
            r0 = move-exception
            goto L32
        L30:
            goto L3c
        L32:
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            java.lang.Throwable r0 = r0.getCause()
            r1.<init>(r0)
            throw r1
        L3c:
            r5 = r1
        L3d:
            if (r5 == 0) goto L4e
            boolean r6 = r5.isEmpty()
            if (r6 == 0) goto L46
            goto L4e
        L46:
            r6 = 0
            java.lang.Object r5 = r5.get(r6)
            byte[] r5 = (byte[]) r5
            goto L4f
        L4e:
            r5 = r1
        L4f:
            if (r3 == 0) goto L59
            r1 = r0
            ws1 r1 = (defpackage.ws1) r1
            byte[] r1 = r1.a()
            goto L80
        L59:
            java.lang.Class r3 = r16.getClass()     // Catch: java.lang.reflect.InvocationTargetException -> L72 java.lang.Throwable -> L74
            java.lang.String r6 = "getPeerSignedCertificateTimestamp"
            java.lang.reflect.Method r3 = r3.getDeclaredMethod(r6, r1)     // Catch: java.lang.reflect.InvocationTargetException -> L72 java.lang.Throwable -> L74
            r3.setAccessible(r4)     // Catch: java.lang.reflect.InvocationTargetException -> L72 java.lang.Throwable -> L74
            java.lang.Object r3 = r3.invoke(r0, r1)     // Catch: java.lang.reflect.InvocationTargetException -> L72 java.lang.Throwable -> L74
            boolean r4 = r3 instanceof byte[]     // Catch: java.lang.reflect.InvocationTargetException -> L72 java.lang.Throwable -> L74
            if (r4 == 0) goto L80
            byte[] r3 = (byte[]) r3     // Catch: java.lang.reflect.InvocationTargetException -> L72 java.lang.Throwable -> L74
            r1 = r3
            goto L80
        L72:
            r0 = move-exception
            goto L76
        L74:
            goto L80
        L76:
            java.lang.RuntimeException r1 = new java.lang.RuntimeException
            java.lang.Throwable r0 = r0.getCause()
            r1.<init>(r0)
            throw r1
        L80:
            r9 = r1
            r11 = r2
            r8 = r5
            goto L87
        L84:
            r8 = r1
            r9 = r8
            r11 = r9
        L87:
            if (r0 == 0) goto Lb2
            if (r17 == 0) goto Lb2
            java.lang.String r1 = defpackage.ws3.h(r17)
            if (r1 == 0) goto Lb2
            java.util.Locale r2 = java.util.Locale.US
            java.lang.String r1 = r1.toUpperCase(r2)
            java.lang.String r2 = "HTTPS"
            boolean r1 = r2.equals(r1)
            if (r1 == 0) goto Lb2
            javax.net.ssl.HostnameVerifier r1 = javax.net.ssl.HttpsURLConnection.getDefaultHostnameVerifier()
            boolean r0 = r1.verify(r11, r0)
            if (r0 == 0) goto Laa
            goto Lb2
        Laa:
            java.security.cert.CertificateException r0 = new java.security.cert.CertificateException
            java.lang.String r1 = "No subjectAltNames on the certificate match"
            r0.<init>(r1)
            throw r0
        Lb2:
            r6 = r13
            r7 = r14
            r10 = r15
            r12 = r18
            java.util.List r0 = r6.d(r7, r8, r9, r10, r11, r12)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.conscrypt.TrustManagerImpl.c(java.security.cert.X509Certificate[], java.lang.String, javax.net.ssl.SSLSession, javax.net.ssl.SSLParameters, boolean):java.util.List");
    }

    public List<X509Certificate> checkClientTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        return d(x509CertificateArr, null, null, str, str2, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        d(x509CertificateArr, null, null, str, null, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        SSLSession handshakeSession;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            handshakeSession = sSLSocket.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("Not in handshake; no session available");
            }
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = handshakeSession;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        c(x509CertificateArr, str, sSLSession, sSLParameters, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        SSLSession handshakeSession;
        handshakeSession = sSLEngine.getHandshakeSession();
        if (handshakeSession == null) {
            throw new CertificateException("Not in handshake; no session available");
        }
        c(x509CertificateArr, str, handshakeSession, sSLEngine.getSSLParameters(), true);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        return d(x509CertificateArr, null, null, str, str2, false);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLSession sSLSession) throws CertificateException {
        return c(x509CertificateArr, str, sSLSession, null, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        d(x509CertificateArr, null, null, str, null, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        getTrustedChainForServer(x509CertificateArr, str, socket);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        getTrustedChainForServer(x509CertificateArr, str, sSLEngine);
    }

    public final List d(X509Certificate[] x509CertificateArr, byte[] bArr, byte[] bArr2, String str, String str2, boolean z) {
        X509Certificate trustAnchor;
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.g != null) {
            throw new CertificateException(this.g);
        }
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        X509Certificate x509Certificate = x509CertificateArr[0];
        TrustAnchor findBySubjectAndPublicKey = this.d.findBySubjectAndPublicKey(x509Certificate);
        if (findBySubjectAndPublicKey == null) {
            ConscryptCertStore conscryptCertStore = this.b;
            findBySubjectAndPublicKey = (conscryptCertStore == null || (trustAnchor = conscryptCertStore.getTrustAnchor(x509Certificate)) == null) ? null : new TrustAnchor(trustAnchor, null);
        }
        if (findBySubjectAndPublicKey != null) {
            arrayList2.add(findBySubjectAndPublicKey);
            hashSet.add(findBySubjectAndPublicKey.getTrustedCert());
        } else {
            arrayList.add(x509Certificate);
        }
        hashSet.add(x509Certificate);
        return e(x509CertificateArr, bArr, bArr2, str2, z, arrayList, arrayList2, hashSet);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v40, types: [java.util.HashSet] */
    /* JADX WARN: Type inference failed for: r0v8, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.util.Collection, java.util.Set] */
    /* JADX WARN: Type inference failed for: r6v3, types: [java.util.List, java.util.ArrayList] */
    public final List e(X509Certificate[] x509CertificateArr, byte[] bArr, byte[] bArr2, String str, boolean z, ArrayList arrayList, ArrayList arrayList2, HashSet hashSet) {
        ConscryptCertStore conscryptCertStore;
        X509Certificate trustedCert = arrayList2.isEmpty() ? (X509Certificate) lz0.c(arrayList, 1) : ((TrustAnchor) lz0.c(arrayList2, 1)).getTrustedCert();
        b(trustedCert);
        if (trustedCert.getIssuerDN().equals(trustedCert.getSubjectDN())) {
            return g(arrayList, arrayList2, str, z, bArr, bArr2);
        }
        ?? findAllByIssuerAndSignature = this.d.findAllByIssuerAndSignature(trustedCert);
        if (findAllByIssuerAndSignature.isEmpty() && (conscryptCertStore = this.b) != null) {
            Set<X509Certificate> findAllIssuers = conscryptCertStore.findAllIssuers(trustedCert);
            if (!findAllIssuers.isEmpty()) {
                findAllByIssuerAndSignature = new HashSet(findAllIssuers.size());
                Iterator<X509Certificate> it = findAllIssuers.iterator();
                while (it.hasNext()) {
                    findAllByIssuerAndSignature.add(this.d.index(it.next()));
                }
            }
        }
        int size = findAllByIssuerAndSignature.size();
        ArrayList<TrustAnchor> arrayList3 = findAllByIssuerAndSignature;
        if (size > 1) {
            ArrayList arrayList4 = new ArrayList((Collection) findAllByIssuerAndSignature);
            Collections.sort(arrayList4, m);
            arrayList3 = arrayList4;
        }
        boolean z2 = false;
        CertificateException certificateException = null;
        for (TrustAnchor trustAnchor : arrayList3) {
            X509Certificate trustedCert2 = trustAnchor.getTrustedCert();
            if (!hashSet.contains(trustedCert2)) {
                hashSet.add(trustedCert2);
                arrayList2.add(trustAnchor);
                try {
                    return e(x509CertificateArr, bArr, bArr2, str, z, arrayList, arrayList2, hashSet);
                } catch (CertificateException e) {
                    arrayList2.remove(arrayList2.size() - 1);
                    hashSet.remove(trustedCert2);
                    certificateException = e;
                    z2 = true;
                }
            }
        }
        if (!arrayList2.isEmpty()) {
            if (z2) {
                throw certificateException;
            }
            return g(arrayList, arrayList2, str, z, bArr, bArr2);
        }
        for (int i = 1; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            if (!hashSet.contains(x509Certificate) && trustedCert.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                try {
                    x509Certificate.checkValidity();
                    ChainStrengthAnalyzer.checkCert(x509Certificate);
                    hashSet.add(x509Certificate);
                    arrayList.add(x509Certificate);
                    try {
                        return e(x509CertificateArr, bArr, bArr2, str, z, arrayList, arrayList2, hashSet);
                    } catch (CertificateException e2) {
                        hashSet.remove(x509Certificate);
                        arrayList.remove(arrayList.size() - 1);
                        certificateException = e2;
                    }
                } catch (CertificateException e3) {
                    certificateException = new CertificateException("Unacceptable certificate: " + x509Certificate.getSubjectX500Principal(), e3);
                }
            }
        }
        Set<TrustAnchor> findAllByIssuerAndSignature2 = this.e.findAllByIssuerAndSignature(trustedCert);
        if (findAllByIssuerAndSignature2.size() > 1) {
            ?? arrayList5 = new ArrayList(findAllByIssuerAndSignature2);
            Collections.sort(arrayList5, m);
            findAllByIssuerAndSignature2 = arrayList5;
        }
        Iterator<TrustAnchor> it2 = findAllByIssuerAndSignature2.iterator();
        while (it2.hasNext()) {
            X509Certificate trustedCert3 = it2.next().getTrustedCert();
            if (!hashSet.contains(trustedCert3)) {
                hashSet.add(trustedCert3);
                arrayList.add(trustedCert3);
                try {
                    return e(x509CertificateArr, bArr, bArr2, str, z, arrayList, arrayList2, hashSet);
                } catch (CertificateException e4) {
                    arrayList.remove(arrayList.size() - 1);
                    hashSet.remove(trustedCert3);
                    certificateException = e4;
                }
            }
        }
        if (certificateException != null) {
            throw certificateException;
        }
        throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, this.h.generateCertPath(arrayList), -1));
    }

    public final void f(PKIXParameters pKIXParameters, X509Certificate x509Certificate, byte[] bArr) {
        PKIXRevocationChecker pKIXRevocationChecker;
        CertPathChecker revocationChecker;
        PKIXRevocationChecker.Option option;
        if (bArr == null) {
            return;
        }
        ArrayList arrayList = new ArrayList(pKIXParameters.getCertPathCheckers());
        Iterator it = arrayList.iterator();
        while (true) {
            if (!it.hasNext()) {
                pKIXRevocationChecker = null;
                break;
            }
            PKIXCertPathChecker pKIXCertPathChecker = (PKIXCertPathChecker) it.next();
            if (ho8.t(pKIXCertPathChecker)) {
                pKIXRevocationChecker = ho8.e(pKIXCertPathChecker);
                break;
            }
        }
        if (pKIXRevocationChecker == null) {
            try {
                revocationChecker = this.c.getRevocationChecker();
                pKIXRevocationChecker = ho8.d(revocationChecker);
                arrayList.add(pKIXRevocationChecker);
                option = PKIXRevocationChecker.Option.ONLY_END_ENTITY;
                pKIXRevocationChecker.setOptions(Collections.singleton(option));
            } catch (UnsupportedOperationException unused) {
                return;
            }
        }
        pKIXRevocationChecker.setOcspResponses(Collections.singletonMap(x509Certificate, bArr));
        pKIXParameters.setCertPathCheckers(arrayList);
    }

    public final ArrayList g(ArrayList arrayList, ArrayList arrayList2, String str, boolean z, byte[] bArr, byte[] bArr2) {
        CertPath generateCertPath = this.h.generateCertPath(arrayList);
        if (arrayList2.isEmpty()) {
            throw new CertificateException(new CertPathValidatorException("Trust anchor for certification path not found.", null, generateCertPath, -1));
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.addAll(arrayList);
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            arrayList3.add(((TrustAnchor) it.next()).getTrustedCert());
        }
        CertPinManager certPinManager = this.a;
        if (certPinManager != null) {
            certPinManager.checkChainPinning(str, arrayList3);
        }
        Iterator it2 = arrayList3.iterator();
        while (it2.hasNext()) {
            b((X509Certificate) it2.next());
        }
        if (!z && (this.l || (str != null && a86.d(str)))) {
            if (!this.k.doesResultConformToPolicy(this.j.verifySignedCertificateTimestamps(arrayList3, bArr2, bArr), str, (X509Certificate[]) arrayList3.toArray(new X509Certificate[arrayList3.size()]))) {
                throw new CertificateException("Certificate chain does not conform to required transparency policy.");
            }
        }
        if (arrayList.isEmpty()) {
            return arrayList3;
        }
        ChainStrengthAnalyzer.check(arrayList);
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(arrayList2.get(0));
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            X509Certificate x509Certificate = (X509Certificate) arrayList.get(0);
            f(pKIXParameters, x509Certificate, bArr);
            pKIXParameters.addCertPathChecker(new io8(z, x509Certificate));
            this.c.validate(generateCertPath, pKIXParameters);
            for (int i = 1; i < arrayList.size(); i++) {
                this.e.index((X509Certificate) arrayList.get(i));
            }
            return arrayList3;
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException("Chain validation failed", e);
        } catch (CertPathValidatorException e2) {
            throw new CertificateException("Chain validation failed", e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr = this.f;
        return x509CertificateArr != null ? (X509Certificate[]) x509CertificateArr.clone() : a(null);
    }

    public List<X509Certificate> getTrustedChainForServer(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        SSLSession sSLSession;
        SSLParameters sSLParameters;
        SSLSession handshakeSession;
        if (socket instanceof SSLSocket) {
            SSLSocket sSLSocket = (SSLSocket) socket;
            handshakeSession = sSLSocket.getHandshakeSession();
            if (handshakeSession == null) {
                throw new CertificateException("Not in handshake; no session available");
            }
            sSLParameters = sSLSocket.getSSLParameters();
            sSLSession = handshakeSession;
        } else {
            sSLSession = null;
            sSLParameters = null;
        }
        return c(x509CertificateArr, str, sSLSession, sSLParameters, false);
    }

    public List<X509Certificate> getTrustedChainForServer(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        SSLSession handshakeSession;
        handshakeSession = sSLEngine.getHandshakeSession();
        if (handshakeSession != null) {
            return c(x509CertificateArr, str, handshakeSession, sSLEngine.getSSLParameters(), false);
        }
        throw new CertificateException("Not in handshake; no session available");
    }

    public void handleTrustStorageUpdate() {
        X509Certificate[] x509CertificateArr = this.f;
        if (x509CertificateArr == null) {
            this.d.reset();
            return;
        }
        TrustedCertificateIndex trustedCertificateIndex = this.d;
        HashSet hashSet = new HashSet(x509CertificateArr.length);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            hashSet.add(new TrustAnchor(x509Certificate, null));
        }
        trustedCertificateIndex.reset(hashSet);
    }

    public void setCTEnabledOverride(boolean z) {
        this.l = z;
    }

    public void setCTPolicy(CTPolicy cTPolicy) {
        this.k = cTPolicy;
    }

    public void setCTVerifier(CTVerifier cTVerifier) {
        this.j = cTVerifier;
    }
}
