package defpackage;

import android.util.Log;
import androidx.media3.container.NalUnitUtil;
import androidx.media3.exoplayer.upstream.CmcdData;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;

/* JADX INFO: loaded from: classes3.dex */
@Metadata(d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u00002\u00020\u0001:\u0001\u0002¨\u0006\u0003"}, d2 = {"Lbt6;", "Ljavax/net/ssl/X509TrustManager;", CmcdData.OBJECT_TYPE_AUDIO_ONLY, "app_sideloadRelease"}, k = 1, mv = {2, 0, 0}, xi = NalUnitUtil.H265_NAL_UNIT_TYPE_UNSPECIFIED)
@vx8
public final class bt6 implements X509TrustManager {
    public final X509TrustManager a;
    public final Set b;

    @Metadata(d1 = {"\u0000\u0010\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\b\u0086\u0003\u0018\u00002\u00020\u0001R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082T¢\u0006\u0006\n\u0004\b\u0003\u0010\u0004¨\u0006\u0005"}, d2 = {"Lbt6$a;", "", "", "TAG", "Ljava/lang/String;", "app_sideloadRelease"}, k = 1, mv = {2, 0, 0}, xi = NalUnitUtil.H265_NAL_UNIT_TYPE_UNSPECIFIED)
    public static final class a {
    }

    public bt6() throws NoSuchAlgorithmException, IOException, KeyStoreException, CertificateException {
        Set setH;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        cr4.f(trustManagers, "getTrustManagers(...)");
        ArrayList arrayList = new ArrayList();
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                arrayList.add(trustManager);
            }
        }
        this.a = (X509TrustManager) y41.z(arrayList);
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null);
        Enumeration<String> enumerationAliases = keyStore.aliases();
        cr4.f(enumerationAliases, "aliases(...)");
        vt9 vt9Var = new vt9(sg8.n(sg8.o(sg8.b(new f51(enumerationAliases)), new co(keyStore, 28)), new l24(24)));
        Iterator it = vt9Var.a;
        if (it.hasNext()) {
            Object next = vt9Var.next();
            if (it.hasNext()) {
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                linkedHashSet.add(next);
                while (it.hasNext()) {
                    linkedHashSet.add(vt9Var.next());
                }
                setH = linkedHashSet;
            } else {
                setH = km8.h(next);
            }
        } else {
            setH = pk2.a;
        }
        this.b = setH;
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        cr4.g(x509CertificateArr, "chain");
        cr4.g(str, "authType");
        this.a.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException, CertPathValidatorException, InvalidAlgorithmParameterException {
        String message;
        cr4.g(x509CertificateArr, "chain");
        cr4.g(str, "authType");
        try {
            this.a.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            for (Throwable cause = e; cause != null; cause = cause.getCause()) {
                if ((cause instanceof CertPathValidatorException) && (message = ((CertPathValidatorException) cause).getMessage()) != null && n89.l(message, "validity interval is out-of-date", false)) {
                    Log.w("OcspSoftFail", "OCSP soft-fail: stale OCSP response, re-validating without revocation check");
                    CertPath certPathGenerateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(st.al(x509CertificateArr));
                    PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) this.b);
                    pKIXParameters.setRevocationEnabled(false);
                    CertPathValidator.getInstance("PKIX").validate(certPathGenerateCertPath, pKIXParameters);
                    return;
                }
            }
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.a.getAcceptedIssuers();
        cr4.f(acceptedIssuers, "getAcceptedIssuers(...)");
        return acceptedIssuers;
    }
}
