package by.avest.crypto.service;

import android.os.RemoteException;
import android.util.Log;
import by.avest.crypto.ipc.ServiceCrypto;
import by.avest.crypto.ipc.VerException;
import by.avest.crypto.service.hl.CertValidityException;
import by.avest.crypto.service.hl.core.ServiceComponent;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public final class AvTrustManager extends ServiceComponent implements X509TrustManager {
    private static final String TAG = "AvTrustManager";
    private X509Certificate[] certChain;
    private Exception err;
    private final String profileList;

    public AvTrustManager(ServiceCrypto serviceCrypto, String str) {
        super(serviceCrypto);
        this.err = null;
        this.profileList = str;
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        int createHLContext;
        this.certChain = null;
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (this.err != null) {
            throw new CertificateException(this.err);
        }
        Log.i(TAG, "checkTrusted, chain length=" + x509CertificateArr.length);
        try {
            createHLContext = getService().createHLContext();
        } catch (RemoteException | VerException e) {
            e = e;
        }
        try {
            try {
                String str3 = this.profileList;
                if (str3 != null && !str3.isEmpty()) {
                    getService().openProfile(createHLContext, this.profileList);
                }
                for (int i = 1; i < x509CertificateArr.length; i++) {
                    getService().addCertToChain(createHLContext, x509CertificateArr[i].getEncoded());
                }
                try {
                    boolean verifyCert = getService().verifyCert(createHLContext, x509CertificateArr[0].getEncoded(), str2);
                    String operationResultMessage = getService().getOperationResultMessage(createHLContext);
                    int operationResultCode = getService().getOperationResultCode(createHLContext);
                    if (!verifyCert) {
                        throw new CertValidityException(operationResultCode, operationResultMessage);
                    }
                    try {
                        ArrayList arrayList = new ArrayList();
                        int certChainCount = getService().getCertChainCount(createHLContext);
                        for (int i2 = 0; i2 < certChainCount; i2++) {
                            arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(getService().getCertChainElem(createHLContext, i2))));
                        }
                        this.certChain = (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
                    } catch (VerException e2) {
                        Log.i(TAG, "checkTrusted, CertPath not supported by crypto service", e2);
                    }
                    getService().releaseHLContext(createHLContext);
                } catch (Throwable th) {
                    th = th;
                    getService().releaseHLContext(createHLContext);
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (RemoteException e3) {
            e = e3;
            throw new CertificateException(e);
        } catch (VerException e4) {
            e = e4;
            throw new CertificateException(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str, null);
    }

    public List<X509Certificate> checkServerTrusted(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        checkTrusted(x509CertificateArr, str, str2);
        return Arrays.asList(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str, null);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public X509Certificate[] getCertChain() {
        return this.certChain;
    }

    public String getProfileList() {
        String str = this.profileList;
        return str != null ? str : "";
    }
}
