package sberid.sdk.auth.network.tsl;

import android.content.res.Resources;
import android.util.Log;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import sberid.sdk.auth.R;

/* compiled from: X509TrustManagerProvider.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000F\n\u0000\n\u0002\u0010 \n\u0002\u0010\b\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\u001a\u0010\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\u0007H\u0002\u001a\u0012\u0010\t\u001a\u00020\n2\b\u0010\u000b\u001a\u0004\u0018\u00010\fH\u0002\u001a\b\u0010\r\u001a\u00020\u000eH\u0002\u001a\u0018\u0010\u000f\u001a\u00020\u00072\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0002\u001a\b\u0010\u0014\u001a\u00020\u0007H\u0002\u001a\u0018\u0010\u0015\u001a\u0004\u0018\u00010\u00162\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013\u001a(\u0010\u0017\u001a\u00020\n2\u0006\u0010\u0018\u001a\u00020\u000e2\u0006\u0010\b\u001a\u00020\u00072\u0006\u0010\u0019\u001a\u00020\u00112\u0006\u0010\u001a\u001a\u00020\u0002H\u0002\"\u0014\u0010\u0000\u001a\b\u0012\u0004\u0012\u00020\u00020\u0001X\u0082\u0004¢\u0006\u0002\n\u0000\"\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000\"\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u001b"}, d2 = {"CA_CERTIFICATE", "", "", "CERTIFICATE_FORMAT", "", "TAG", "addSystemCertification", "Ljava/security/KeyStore;", "keyStore", "close", "", "closeable", "Ljava/io/Closeable;", "createCertificateFactoryInternal", "Ljava/security/cert/CertificateFactory;", "createKeyStoreForTlsPinning", "resources", "Landroid/content/res/Resources;", "isAddSystemCertification", "", "createKeyStoreInternal", "createTrustManagers", "Ljavax/net/ssl/X509TrustManager;", "loadCertificateIntoKeyStore", "certificateFactory", "res", "resId", "SberIdSDK_release"}, k = 2, mv = {1, 4, 0})
/* loaded from: classes4.dex */
public final class X509TrustManagerProviderKt {
    private static final List<Integer> CA_CERTIFICATE = CollectionsKt.listOf((Object[]) new Integer[]{Integer.valueOf(R.raw.sberca_ext_web), Integer.valueOf(R.raw.sberca_root_ext), Integer.valueOf(R.raw.sberca_test_ext), Integer.valueOf(R.raw.sberca_test_root_ext), Integer.valueOf(R.raw.rusca_sub_rsa2022), Integer.valueOf(R.raw.rusca_root_rsa2022), Integer.valueOf(R.raw.actalis_root_ca), Integer.valueOf(R.raw.actalis_webclickstream), Integer.valueOf(R.raw.id_sber_ru)});
    private static final String CERTIFICATE_FORMAT = "X.509";
    private static final String TAG = "TrustManager";

    private static final KeyStore addSystemCertification(KeyStore keyStore) {
        TrustManager[] trustManagers;
        boolean z;
        int i;
        try {
            TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            factory.init((KeyStore) null);
            Intrinsics.checkNotNullExpressionValue(factory, "factory");
            trustManagers = factory.getTrustManagers();
            Intrinsics.checkNotNull(trustManagers);
            z = true;
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                z = false;
            }
        } catch (KeyStoreException e) {
            Log.e(TAG, "Factory is always created", e);
        } catch (NoSuchAlgorithmException e2) {
            Log.e(TAG, "Default algorithm of TrustManagerFactory and TLS protocol are supported by every Android device", e2);
        }
        if (!z) {
            StringBuilder append = new StringBuilder().append("Unexpected default trust managers: ");
            String arrays = Arrays.toString(trustManagers);
            Intrinsics.checkNotNullExpressionValue(arrays, "java.util.Arrays.toString(this)");
            throw new IllegalStateException(append.append(arrays).toString().toString());
        }
        TrustManager trustManager = trustManagers[0];
        if (trustManager == null) {
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        }
        X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
        Intrinsics.checkNotNullExpressionValue(acceptedIssuers, "(trustManagers[0] as X50…tManager).acceptedIssuers");
        int length = acceptedIssuers.length;
        for (i = 0; i < length; i++) {
            keyStore.setCertificateEntry("item_" + i, acceptedIssuers[i]);
        }
        return keyStore;
    }

    private static final void close(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
                Log.e(TAG, "IOException thrown while closing Closeable.", e);
            }
        }
    }

    private static final CertificateFactory createCertificateFactoryInternal() {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_FORMAT);
            Intrinsics.checkNotNullExpressionValue(certificateFactory, "CertificateFactory.getInstance(CERTIFICATE_FORMAT)");
            return certificateFactory;
        } catch (CertificateException e) {
            throw new Exception("X.509 is supported everywhere", e);
        }
    }

    private static final KeyStore createKeyStoreForTlsPinning(Resources resources, boolean z) {
        CertificateFactory createCertificateFactoryInternal = createCertificateFactoryInternal();
        KeyStore createKeyStoreInternal = createKeyStoreInternal();
        Iterator<Integer> it = CA_CERTIFICATE.iterator();
        while (it.hasNext()) {
            loadCertificateIntoKeyStore(createCertificateFactoryInternal, createKeyStoreInternal, resources, it.next().intValue());
        }
        return !z ? createKeyStoreInternal : addSystemCertification(createKeyStoreInternal);
    }

    private static final KeyStore createKeyStoreInternal() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            Intrinsics.checkNotNullExpressionValue(keyStore, "KeyStore.getInstance(Key…oad(null, null)\n        }");
            return keyStore;
        } catch (IOException e) {
            throw new Exception("There must be no error with this KeyStore's format", e);
        } catch (KeyStoreException e2) {
            throw new Exception("KeyStore with default type can be always created", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new Exception("KeyStore is empty now, there is no need for integrity checking algorithm", e3);
        } catch (CertificateException e4) {
            throw new Exception("There are no certificates in KeyStore, so no exception may be thrown", e4);
        }
    }

    public static final X509TrustManager createTrustManagers(Resources resources, boolean z) {
        Intrinsics.checkNotNullParameter(resources, "resources");
        try {
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(createKeyStoreForTlsPinning(resources, z));
            Intrinsics.checkNotNullExpressionValue(tmf, "tmf");
            TrustManager trustManager = tmf.getTrustManagers()[0];
            if (trustManager != null) {
                return (X509TrustManager) trustManager;
            }
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        } catch (KeyStoreException e) {
            Log.e(TAG, "Factory is always created: ", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            Log.e(TAG, "Default algorithm of TrustManagerFactory and TLS protocol are supported by every Android device:", e2);
            return null;
        } catch (Exception e3) {
            Log.e(TAG, "Create Trust Manager: ", e3);
            return null;
        }
    }

    private static final void loadCertificateIntoKeyStore(CertificateFactory certificateFactory, KeyStore keyStore, Resources resources, int i) {
        InputStream inputStream = null;
        try {
            try {
                inputStream = resources.openRawResource(i);
                keyStore.setCertificateEntry(resources.getResourceName(i), certificateFactory.generateCertificate(inputStream));
            } catch (KeyStoreException e) {
                throw new Exception("KeyStore is inited already, aliases aren't repeated certainly", e);
            } catch (CertificateException e2) {
                throw new Exception("Certificate is certainly valid", e2);
            }
        } finally {
            close(inputStream);
        }
    }
}
