package com.daon.sdk.crypto.e;

import android.content.Context;
import android.os.Bundle;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class d implements g {

    /* renamed from: a, reason: collision with root package name */
    private e f4002a = new b();

    /* renamed from: b, reason: collision with root package name */
    private f f4003b = new c();
    private h c;
    private String d;
    private Context e;

    private h a() {
        if (this.c == null) {
            this.c = new j(this.e);
        }
        return this.c;
    }

    private List<X509Certificate> a(byte[][] bArr, CertificateFactory certificateFactory) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        for (byte[] bArr2 : bArr) {
            if (bArr2 == null) {
                String str = "Certificate at index " + i + " in the certificate list is null.";
                Log.e("DAON", str);
                throw new CertificateException(str);
            }
            try {
                arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2)));
                i++;
            } catch (CertificateException e) {
                String str2 = "Certificate at index " + i + " in the certificate list is not a valid X.509 certificate. Message: " + e.getMessage();
                Log.e("DAON", str2);
                throw new CertificateException(str2, e);
            }
        }
        return arrayList;
    }

    private void a(List<X509Certificate> list, List<X509Certificate> list2, Bundle bundle) {
        String str;
        String str2;
        if (list.size() == 1 && list.get(0).getSubjectDN().equals(list.get(0).getIssuerDN())) {
            str = "DAON";
            str2 = "Certificate chain consists of one self-signed certificate. Quit validation.";
        } else {
            String str3 = this.d;
            if (!this.f4003b.a(list.get(0), str3 != null ? bundle.getString(str3, null) : null)) {
                throw new CertificateException("The end-entity certificate failed its identity validation check.");
            }
            HashSet hashSet = new HashSet();
            Iterator<X509Certificate> it = list2.iterator();
            while (it.hasNext()) {
                hashSet.add(new TrustAnchor(it.next(), null));
            }
            Log.d("DAON", "Number of root certs: " + hashSet.size());
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate(list.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(CertStore.getInstance("Collection", new CollectionCertStoreParameters(list)));
            pKIXBuilderParameters.setCertStores(arrayList);
            this.f4002a.a(pKIXBuilderParameters, bundle);
            PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) CertPathValidator.getInstance("PKIX").validate(((PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters)).getCertPath(), pKIXBuilderParameters);
            a().a();
            if (pKIXCertPathValidatorResult == null) {
                Log.e("DAON", "Certificate chain validation failed to return a result");
                throw new CertPathValidatorException("Certificate chain validation failed to return a result");
            }
            str = "DAON";
            str2 = "Certificate path validated successfully.";
        }
        Log.d(str, str2);
    }

    private void a(byte[][] bArr, byte[][] bArr2) {
        if (bArr == null) {
            throw new NullPointerException("certificateChain is null.");
        }
        if (bArr.length == 0) {
            throw new IllegalArgumentException("certificateChain array is empty.");
        }
        if (bArr2 == null) {
            throw new NullPointerException("rootCertificates is null.");
        }
        if (bArr2.length == 0) {
            throw new IllegalArgumentException("rootCertificates array is empty.");
        }
    }

    public void a(Context context) {
        this.e = context;
    }

    public void a(e eVar) {
        this.f4002a = eVar;
    }

    public void a(f fVar) {
        this.f4003b = fVar;
    }

    public void a(String str) {
        this.d = str;
    }

    @Override // com.daon.sdk.crypto.e.g
    public void a(byte[][] bArr, byte[][] bArr2, Bundle bundle) {
        a(bArr, bArr2);
        Log.d("DAON", "Validate certificate chain.");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        try {
            try {
                a(a(bArr, certificateFactory), a(bArr2, certificateFactory), bundle);
            } catch (CertificateException e) {
                throw new CertificateException("Root certificate list conversion error. " + e.getMessage(), e);
            }
        } catch (CertificateException e2) {
            throw new CertificateException("Certificate chain conversion error. " + e2.getMessage(), e2);
        }
    }
}
