package io.grpc.xds.internal.security.trust;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import io.grpc.netty.shaded.io.netty.handler.ssl.util.SimpleTrustManagerFactory;
import io.grpc.xds.shaded.io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: classes5.dex */
public final class XdsTrustManagerFactory extends SimpleTrustManagerFactory {
    public static final Logger d = Logger.getLogger(XdsTrustManagerFactory.class.getName());
    public XdsX509TrustManager c;

    public XdsTrustManagerFactory(X509Certificate[] x509CertificateArr, CertificateValidationContext certificateValidationContext) throws CertStoreException {
        this(x509CertificateArr, certificateValidationContext, true);
    }

    public XdsTrustManagerFactory(X509Certificate[] x509CertificateArr, CertificateValidationContext certificateValidationContext, boolean z) throws CertStoreException {
        if (z) {
            Preconditions.e(certificateValidationContext == null || !certificateValidationContext.m1(), "only static certificateValidationContext expected");
        }
        this.c = d(x509CertificateArr, certificateValidationContext);
    }

    @VisibleForTesting
    public static XdsX509TrustManager d(X509Certificate[] x509CertificateArr, CertificateValidationContext certificateValidationContext) throws CertStoreException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            X509ExtendedTrustManager x509ExtendedTrustManager = null;
            keyStore.load(null, null);
            int i = 0;
            int i2 = 1;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                keyStore.setCertificateEntry("alias" + i2, x509Certificate);
                i2++;
            }
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                int length = trustManagers.length;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509ExtendedTrustManager) {
                        x509ExtendedTrustManager = (X509ExtendedTrustManager) trustManager;
                        break;
                    }
                    i++;
                }
            }
            if (x509ExtendedTrustManager != null) {
                return new XdsX509TrustManager(certificateValidationContext, x509ExtendedTrustManager);
            }
            throw new CertStoreException("Native X509 TrustManager not found.");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            d.log(Level.SEVERE, "createSdsX509TrustManager", e);
            throw new CertStoreException(e);
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.util.SimpleTrustManagerFactory
    public TrustManager[] a() {
        return new TrustManager[]{this.c};
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.util.SimpleTrustManagerFactory
    public void b(KeyStore keyStore) throws Exception {
        throw new UnsupportedOperationException();
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.util.SimpleTrustManagerFactory
    public void c(ManagerFactoryParameters managerFactoryParameters) throws Exception {
        throw new UnsupportedOperationException();
    }
}
