package org.jmrtd;

import androidx.annotation.Keep;
import androidx.core.app.NotificationCompat;
import com.google.firebase.perf.network.FirebasePerfUrlConnection;
import defpackage.ak7;
import defpackage.c77;
import defpackage.eh7;
import defpackage.gx8;
import defpackage.hx8;
import defpackage.mj7;
import defpackage.yb7;
import defpackage.zq7;
import java.io.InputStream;
import java.net.URI;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import kotlin.TypeCastException;
import ly.count.android.sdk.messaging.ModulePush;
import org.jmrtd.cert.KeyStoreCertStoreParameters;
import org.jmrtd.cert.PKDCertStoreParameters;
import org.jmrtd.cert.PKDMasterListCertStoreParameters;
import org.spongycastle.jce.provider.BouncyCastleProvider;

@c77(bv = {1, 0, 3}, d1 = {"\u0000N\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u001e\n\u0002\b\u0011\n\u0002\u0010#\n\u0002\b\u0005\n\u0002\u0010!\n\u0002\b\f\b\u0007\u0018\u0000 =2\u00020\u0001:\u0001>B?\b\u0007\u0012\u0010\b\u0002\u0010.\u001a\n\u0012\u0004\u0012\u00020\u0010\u0018\u00010-\u0012\u0010\b\u0002\u00104\u001a\n\u0012\u0004\u0012\u00020\u0014\u0018\u000103\u0012\u0010\b\u0002\u00108\u001a\n\u0012\u0004\u0012\u00020\n\u0018\u000103¢\u0006\u0004\b;\u0010<J\u0017\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u0005\u0010\u0006J\u0017\u0010\u0007\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u0007\u0010\u0006J\u0017\u0010\b\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\b\u0010\u0006J\u0017\u0010\t\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\t\u0010\u0006J\u0017\u0010\u000b\u001a\u00020\n2\u0006\u0010\u0003\u001a\u00020\u0002H\u0002¢\u0006\u0004\b\u000b\u0010\fJ\r\u0010\r\u001a\u00020\u0004¢\u0006\u0004\b\r\u0010\u000eJ\u0015\u0010\u0011\u001a\n\u0012\u0004\u0012\u00020\u0010\u0018\u00010\u000f¢\u0006\u0004\b\u0011\u0010\u0012J\u0015\u0010\u0015\u001a\n\u0012\u0004\u0012\u00020\u0014\u0018\u00010\u0013¢\u0006\u0004\b\u0015\u0010\u0016J\u0015\u0010\u0017\u001a\n\u0012\u0004\u0012\u00020\n\u0018\u00010\u0013¢\u0006\u0004\b\u0017\u0010\u0016J\u0015\u0010\u0019\u001a\u00020\u00042\u0006\u0010\u0018\u001a\u00020\u0010¢\u0006\u0004\b\u0019\u0010\u001aJ\u001b\u0010\u001d\u001a\u00020\u00042\f\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u00100\u001b¢\u0006\u0004\b\u001d\u0010\u001eJ\u0017\u0010\u001f\u001a\u00020\u00042\b\u0010\u0003\u001a\u0004\u0018\u00010\u0002¢\u0006\u0004\b\u001f\u0010\u0006J\u001d\u0010!\u001a\u00020\u00042\u000e\u0010 \u001a\n\u0012\u0004\u0012\u00020\u0002\u0018\u00010\u0013¢\u0006\u0004\b!\u0010\"J\u0015\u0010#\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002¢\u0006\u0004\b#\u0010\u0006J\u001b\u0010$\u001a\u00020\u00042\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00020\u0013¢\u0006\u0004\b$\u0010\"J\u0015\u0010\u001f\u001a\u00020\u00042\u0006\u0010%\u001a\u00020\u0014¢\u0006\u0004\b\u001f\u0010&J\u0015\u0010#\u001a\u00020\u00042\u0006\u0010'\u001a\u00020\n¢\u0006\u0004\b#\u0010(J\u0015\u0010)\u001a\u00020\u00042\u0006\u0010\u0018\u001a\u00020\u0010¢\u0006\u0004\b)\u0010\u001aJ\u0015\u0010*\u001a\u00020\u00042\u0006\u0010%\u001a\u00020\u0014¢\u0006\u0004\b*\u0010&J\u0015\u0010+\u001a\u00020\u00042\u0006\u0010'\u001a\u00020\n¢\u0006\u0004\b+\u0010(J\u0015\u0010,\u001a\u00020\u00042\u0006\u0010%\u001a\u00020\u0014¢\u0006\u0004\b,\u0010&R*\u0010.\u001a\n\u0012\u0004\u0012\u00020\u0010\u0018\u00010-8\u0006@\u0006X\u0086\u000e¢\u0006\u0012\n\u0004\b.\u0010/\u001a\u0004\b0\u0010\u0012\"\u0004\b1\u00102R*\u00104\u001a\n\u0012\u0004\u0012\u00020\u0014\u0018\u0001038\u0006@\u0006X\u0086\u000e¢\u0006\u0012\n\u0004\b4\u00105\u001a\u0004\b6\u0010\u0016\"\u0004\b7\u0010\"R*\u00108\u001a\n\u0012\u0004\u0012\u00020\n\u0018\u0001038\u0006@\u0006X\u0086\u000e¢\u0006\u0012\n\u0004\b8\u00105\u001a\u0004\b9\u0010\u0016\"\u0004\b:\u0010\"¨\u0006?"}, d2 = {"Lorg/jmrtd/MRTDTrustStore;", "", "Ljava/net/URI;", NotificationCompat.MessagingStyle.Message.KEY_DATA_URI, "Lb97;", "addAsSingletonCSCACertStore", "(Ljava/net/URI;)V", "addAsCVCAKeyStore", "addAsPKDStoreCSCACertStore", "addAsKeyStoreCSCACertStore", "Ljava/security/KeyStore;", "getKeyStore", "(Ljava/net/URI;)Ljava/security/KeyStore;", "clear", "()V", "", "Ljava/security/cert/TrustAnchor;", "getCSCAAnchors", "()Ljava/util/Set;", "", "Ljava/security/cert/CertStore;", "getCSCAStores", "()Ljava/util/List;", "getCVCAStores", "trustAnchor", "addCSCAAnchor", "(Ljava/security/cert/TrustAnchor;)V", "", "trustAnchors", "addCSCAAnchors", "(Ljava/util/Collection;)V", "addCSCAStore", "uris", "addCSCAStores", "(Ljava/util/List;)V", "addCVCAStore", "addCVCAStores", "certStore", "(Ljava/security/cert/CertStore;)V", "keyStore", "(Ljava/security/KeyStore;)V", "removeCSCAAnchor", "removeCSCAStore", "removeCVCAStore", "addAsCSCACertStore", "", "cscaAnchors", "Ljava/util/Set;", "getCscaAnchors", "setCscaAnchors", "(Ljava/util/Set;)V", "", "cscaStores", "Ljava/util/List;", "getCscaStores", "setCscaStores", "cvcaStores", "getCvcaStores", "setCvcaStores", "<init>", "(Ljava/util/Set;Ljava/util/List;Ljava/util/List;)V", "Companion", ModulePush.PUSH_EVENT_ACTION_INDEX_KEY, "samobilecapture_release"}, k = 1, mv = {1, 1, 15})
@Keep
/* loaded from: classes4.dex */
public final class MRTDTrustStore {
    public static final b Companion = new b(null);
    private static final Provider JMRTD_PROVIDER;
    private static final Logger LOGGER;
    private static final a SELF_SIGNED_X509_CERT_SELECTOR;

    @hx8
    private Set<TrustAnchor> cscaAnchors;

    @hx8
    private List<CertStore> cscaStores;

    @hx8
    private List<KeyStore> cvcaStores;

    /* loaded from: classes4.dex */
    public static final class a extends X509CertSelector {
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        @gx8
        public Object clone() {
            return this;
        }

        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(@gx8 Certificate certificate) {
            ak7.q(certificate, "cert");
            if (!(certificate instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            return (issuerX500Principal == null && subjectX500Principal == null) || ak7.g(subjectX500Principal, issuerX500Principal);
        }
    }

    /* loaded from: classes4.dex */
    public static final class b {
        private b() {
        }

        public /* synthetic */ b(mj7 mj7Var) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Set<TrustAnchor> a(Collection<? extends Certificate> collection) {
            HashSet hashSet = new HashSet(collection.size());
            for (Certificate certificate : collection) {
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
            return hashSet;
        }
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        JMRTD_PROVIDER = JMRTDSecurityProvider.Companion.c();
        LOGGER = Logger.getLogger("org.jmrtd");
        SELF_SIGNED_X509_CERT_SELECTOR = new a();
    }

    @eh7
    public MRTDTrustStore() {
        this(null, null, null, 7, null);
    }

    @eh7
    public MRTDTrustStore(@hx8 Set<TrustAnchor> set) {
        this(set, null, null, 6, null);
    }

    @eh7
    public MRTDTrustStore(@hx8 Set<TrustAnchor> set, @hx8 List<CertStore> list) {
        this(set, list, null, 4, null);
    }

    @eh7
    public MRTDTrustStore(@hx8 Set<TrustAnchor> set, @hx8 List<CertStore> list, @hx8 List<KeyStore> list2) {
        this.cscaAnchors = set;
        this.cscaStores = list;
        this.cvcaStores = list2;
    }

    public /* synthetic */ MRTDTrustStore(Set set, List list, List list2, int i, mj7 mj7Var) {
        this((i & 1) != 0 ? new HashSet() : set, (i & 2) != 0 ? new ArrayList() : list, (i & 4) != 0 ? new ArrayList() : list2);
    }

    private final void addAsCVCAKeyStore(URI uri) {
        addCVCAStore(getKeyStore(uri));
    }

    private final void addAsKeyStoreCSCACertStore(URI uri) {
        KeyStore keyStore = getKeyStore(uri);
        CertStore certStore = CertStore.getInstance(keyStore.getType(), new KeyStoreCertStoreParameters(keyStore));
        ak7.h(certStore, "certStore");
        addCSCAStore(certStore);
        Collection<? extends Certificate> certificates = certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        b bVar = Companion;
        ak7.h(certificates, "rootCerts");
        addCSCAAnchors(bVar.a(certificates));
    }

    private final void addAsPKDStoreCSCACertStore(URI uri) {
        String host = uri.getHost();
        int port = uri.getPort();
        ak7.h(host, "server");
        PKDCertStoreParameters pKDCertStoreParameters = port < 0 ? new PKDCertStoreParameters(host, 0, null, 6, null) : new PKDCertStoreParameters(host, port, null, 4, null);
        PKDMasterListCertStoreParameters pKDMasterListCertStoreParameters = port < 0 ? new PKDMasterListCertStoreParameters(host, null, 2, null) : new PKDMasterListCertStoreParameters(host, port, null, 4, null);
        CertStore certStore = CertStore.getInstance("PKD", pKDCertStoreParameters);
        if (certStore != null) {
            addCSCAStore(certStore);
        }
        CertStore certStore2 = CertStore.getInstance("PKD", pKDMasterListCertStoreParameters);
        if (certStore2 != null) {
            addCSCAStore(certStore2);
        }
        if (certStore2 == null) {
            ak7.L();
        }
        Collection<? extends Certificate> certificates = certStore2.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        b bVar = Companion;
        ak7.h(certificates, "rootCerts");
        addCSCAAnchors(bVar.a(certificates));
    }

    private final void addAsSingletonCSCACertStore(URI uri) {
        InputStream inputStream = ((URLConnection) FirebasePerfUrlConnection.instrument(uri.toURL().openConnection())).getInputStream();
        Certificate generateCertificate = CertificateFactory.getInstance("X.509", JMRTD_PROVIDER).generateCertificate(inputStream);
        if (generateCertificate == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        inputStream.close();
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(yb7.f((X509Certificate) generateCertificate)));
        List<CertStore> list = this.cscaStores;
        if (list == null) {
            ak7.L();
        }
        ak7.h(certStore, "cscaStore");
        list.add(certStore);
        Collection<? extends Certificate> certificates = certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        b bVar = Companion;
        ak7.h(certificates, "rootCerts");
        addCSCAAnchors(bVar.a(certificates));
    }

    private final KeyStore getKeyStore(URI uri) {
        String[] strArr = {"JKS", "BKS", "PKCS12"};
        for (int i = 0; i < 3; i++) {
            try {
                KeyStore keyStore = KeyStore.getInstance(strArr[i]);
                InputStream inputStream = ((URLConnection) FirebasePerfUrlConnection.instrument(uri.toURL().openConnection())).getInputStream();
                char[] charArray = "".toCharArray();
                ak7.h(charArray, "(this as java.lang.String).toCharArray()");
                keyStore.load(inputStream, charArray);
                inputStream.close();
                ak7.h(keyStore, "keyStore");
                return keyStore;
            } catch (Exception unused) {
            }
        }
        throw new IllegalArgumentException("Not a supported keystore");
    }

    public final void addAsCSCACertStore(@gx8 CertStore certStore) {
        ak7.q(certStore, "certStore");
        addCSCAStore(certStore);
        Collection<? extends Certificate> certificates = certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        b bVar = Companion;
        ak7.h(certificates, "rootCerts");
        addCSCAAnchors(bVar.a(certificates));
    }

    public final void addCSCAAnchor(@gx8 TrustAnchor trustAnchor) {
        ak7.q(trustAnchor, "trustAnchor");
        Set<TrustAnchor> set = this.cscaAnchors;
        if (set == null) {
            ak7.L();
        }
        set.add(trustAnchor);
    }

    public final void addCSCAAnchors(@gx8 Collection<? extends TrustAnchor> collection) {
        ak7.q(collection, "trustAnchors");
        Set<TrustAnchor> set = this.cscaAnchors;
        if (set == null) {
            ak7.L();
        }
        set.addAll(collection);
    }

    public final void addCSCAStore(@hx8 URI uri) {
        if (uri == null) {
            LOGGER.severe("uri == null");
            return;
        }
        String scheme = uri.getScheme();
        if (scheme == null) {
            LOGGER.severe("scheme == null, location = " + uri);
            return;
        }
        try {
            if (zq7.I1(scheme, "ldap", true)) {
                addAsPKDStoreCSCACertStore(uri);
            } else {
                try {
                    addAsKeyStoreCSCACertStore(uri);
                } catch (Exception e) {
                    try {
                        addAsSingletonCSCACertStore(uri);
                    } catch (Exception e2) {
                        LOGGER.warning("Failed to open " + uri.toASCIIString() + " both as a keystore and as a DER certificate file");
                        e.printStackTrace();
                        e2.printStackTrace();
                    }
                }
            }
        } catch (GeneralSecurityException e3) {
            e3.printStackTrace();
        }
    }

    public final void addCSCAStore(@gx8 CertStore certStore) {
        ak7.q(certStore, "certStore");
        List<CertStore> list = this.cscaStores;
        if (list == null) {
            ak7.L();
        }
        list.add(certStore);
    }

    public final void addCSCAStores(@hx8 List<URI> list) {
        if (list == null) {
            LOGGER.severe("uris == null");
            return;
        }
        Iterator<URI> it = list.iterator();
        while (it.hasNext()) {
            addCSCAStore(it.next());
        }
    }

    public final void addCVCAStore(@gx8 URI uri) {
        ak7.q(uri, NotificationCompat.MessagingStyle.Message.KEY_DATA_URI);
        try {
            addAsCVCAKeyStore(uri);
        } catch (Exception e) {
            LOGGER.warning("Exception in addCVCAStore: " + e.getMessage());
        }
    }

    public final void addCVCAStore(@gx8 KeyStore keyStore) {
        ak7.q(keyStore, "keyStore");
        List<KeyStore> list = this.cvcaStores;
        if (list == null) {
            ak7.L();
        }
        list.add(keyStore);
    }

    public final void addCVCAStores(@gx8 List<URI> list) {
        ak7.q(list, "uris");
        Iterator<URI> it = list.iterator();
        while (it.hasNext()) {
            addCVCAStore(it.next());
        }
    }

    public final void clear() {
        this.cscaAnchors = new HashSet();
        this.cscaStores = new ArrayList();
        this.cvcaStores = new ArrayList();
    }

    @hx8
    public final Set<TrustAnchor> getCSCAAnchors() {
        return this.cscaAnchors;
    }

    @hx8
    public final List<CertStore> getCSCAStores() {
        return this.cscaStores;
    }

    @hx8
    public final List<KeyStore> getCVCAStores() {
        return this.cvcaStores;
    }

    @hx8
    public final Set<TrustAnchor> getCscaAnchors() {
        return this.cscaAnchors;
    }

    @hx8
    public final List<CertStore> getCscaStores() {
        return this.cscaStores;
    }

    @hx8
    public final List<KeyStore> getCvcaStores() {
        return this.cvcaStores;
    }

    public final void removeCSCAAnchor(@gx8 TrustAnchor trustAnchor) {
        ak7.q(trustAnchor, "trustAnchor");
        Set<TrustAnchor> set = this.cscaAnchors;
        if (set == null) {
            ak7.L();
        }
        set.remove(trustAnchor);
    }

    public final void removeCSCAStore(@gx8 CertStore certStore) {
        ak7.q(certStore, "certStore");
        List<CertStore> list = this.cscaStores;
        if (list == null) {
            ak7.L();
        }
        list.remove(certStore);
    }

    public final void removeCVCAStore(@gx8 KeyStore keyStore) {
        ak7.q(keyStore, "keyStore");
        List<KeyStore> list = this.cvcaStores;
        if (list == null) {
            ak7.L();
        }
        list.remove(keyStore);
    }

    public final void setCscaAnchors(@hx8 Set<TrustAnchor> set) {
        this.cscaAnchors = set;
    }

    public final void setCscaStores(@hx8 List<CertStore> list) {
        this.cscaStores = list;
    }

    public final void setCvcaStores(@hx8 List<KeyStore> list) {
        this.cvcaStores = list;
    }
}
