package com.blackberry.security.trustmgr.jca;

import android.content.Context;
import android.util.Log;
import com.blackberry.security.trustmgr.CertificateUsageType;
import com.blackberry.security.trustmgr.FutureResult;
import com.blackberry.security.trustmgr.PeerIdentity;
import com.blackberry.security.trustmgr.PkixProfile;
import com.blackberry.security.trustmgr.ValidationException;
import com.blackberry.security.trustmgr.ValidationResult;
import com.blackberry.security.trustmgr.ValidatorEngine;
import com.blackberry.security.trustmgr.ValidatorEngineFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class BBX509TrustManager implements X509TrustManager {
    private static final long DEFAULT_TIMEOUT = 60;
    private static final TimeUnit DEFAULT_TIMEOUT_UNIT = TimeUnit.SECONDS;
    private static final String LOG_TAG = "certmgr:BBX509TrustManager";
    private Context mAppContext;
    private Date mDate;
    private BBTrustManagerHandler mHandler;
    private PeerIdentity mServerIdentity;
    private long mTimeout = DEFAULT_TIMEOUT;
    private TimeUnit mTimeoutUnit = DEFAULT_TIMEOUT_UNIT;
    private final KeyStore mTrustStore;
    private ValidatorEngineFactory mValidatorFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BBX509TrustManager(KeyStore keyStore) {
        if (keyStore == null) {
            throw new IllegalArgumentException("Can't use null KeyStore.");
        }
        this.mTrustStore = keyStore;
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str, CertificateUsageType certificateUsageType) {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("chain is null");
        }
        if (x509CertificateArr.length < 1) {
            throw new IllegalArgumentException("chain is empty");
        }
        if (str == null) {
            throw new IllegalArgumentException("authType is null");
        }
        if (str.isEmpty()) {
            throw new IllegalArgumentException("authType is empty");
        }
        X509Certificate[] orderCertificateChain = BBTrustManagerUtil.orderCertificateChain(x509CertificateArr);
        ValidatorEngineFactory validatorEngineFactory = this.mValidatorFactory;
        if (validatorEngineFactory == null) {
            validatorEngineFactory = ValidatorEngineFactory.getInstance(this.mAppContext);
        }
        try {
            ValidatorEngine createDefaultValidatorEngine = validatorEngineFactory.createDefaultValidatorEngine();
            PkixProfile pkixProfile = (PkixProfile) createDefaultValidatorEngine.getProfile(PkixProfile.class);
            if (pkixProfile == null) {
                pkixProfile = new PkixProfile();
            }
            pkixProfile.setTrustStore(this.mTrustStore);
            pkixProfile.setCertificateUsageType(certificateUsageType);
            pkixProfile.setPeerIdentity(this.mServerIdentity);
            pkixProfile.setReferenceDate(this.mDate);
            HashSet hashSet = new HashSet();
            hashSet.addAll(Arrays.asList(orderCertificateChain).subList(1, orderCertificateChain.length));
            pkixProfile.addIntermediateCertificates(hashSet);
            try {
                FutureResult<ValidationResult> validate = createDefaultValidatorEngine.validate(orderCertificateChain[0]);
                validate.setTimeout(this.mTimeout, this.mTimeoutUnit);
                try {
                    ValidationResult validationResult = validate.get();
                    switch (validationResult.getStatus()) {
                        case TRUSTED:
                            return;
                        case WARNING:
                            BBTrustManagerHandler bBTrustManagerHandler = this.mHandler;
                            if (bBTrustManagerHandler != null && bBTrustManagerHandler.allow(validationResult)) {
                                return;
                            }
                            break;
                    }
                    throw new CertificateValidationException("Certificate failed verification", validationResult);
                } catch (Exception e) {
                    throw new CertificateException("Validation failed", e);
                }
            } catch (ValidationException e2) {
                throw new CertificateException("Failed to initialize trust manager", e2);
            }
        } catch (ValidationException e3) {
            throw new CertificateException("Failed to initialize trust manager", e3);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkTrusted(x509CertificateArr, str, CertificateUsageType.SSL_CLIENT);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkTrusted(x509CertificateArr, str, CertificateUsageType.SSL_SERVER);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.mTrustStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) this.mTrustStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    arrayList.add(x509Certificate);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException e) {
            Log.e(LOG_TAG, "Failed to retrieve accepted issuers", e);
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAppContext(Context context) {
        if (context == null) {
            throw new IllegalArgumentException("Can't use null Context.");
        }
        this.mAppContext = context;
    }

    public void setCertificateValidatorFactory(ValidatorEngineFactory validatorEngineFactory) {
        this.mValidatorFactory = validatorEngineFactory;
    }

    public void setDate(Date date) {
        this.mDate = date;
    }

    public void setHandler(BBTrustManagerHandler bBTrustManagerHandler) {
        this.mHandler = bBTrustManagerHandler;
    }

    public void setServerIdentity(PeerIdentity peerIdentity) {
        this.mServerIdentity = peerIdentity;
    }

    public void setTimeout(long j, TimeUnit timeUnit) {
        if (timeUnit == null) {
            throw new IllegalArgumentException();
        }
        this.mTimeout = j;
        this.mTimeoutUnit = timeUnit;
    }
}
