package kz.akkamal.essclia.aktest.ccm.core.ssl;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Vector;
import javax.net.ssl.X509TrustManager;
import kz.akkamal.aksig.X509Principal;
import kz.akkamal.essclia.aktest.ESSClient;
import kz.akkamal.essclia.aktest.FileLogger;
import kz.akkamal.essclia.aktest.ccm.ApplicationProps;
import kz.akkamal.org.bouncycastle.asn1.x509.X509Name;

/* loaded from: classes.dex */
public class X509TrustManagerImpl implements X509TrustManager {
    private ArrayList<X509Certificate> tcList;

    public X509TrustManagerImpl() {
        InputStream inputStream = null;
        try {
            try {
                inputStream = ApplicationProps.getTrustStoreStream();
                KeyStore keyStore = KeyStore.getInstance("BKS");
                keyStore.load(inputStream, ApplicationProps.getTrustStorePassword().toCharArray());
                this.tcList = new ArrayList<>();
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isCertificateEntry(nextElement)) {
                        this.tcList.add((X509Certificate) keyStore.getCertificate(nextElement));
                    }
                }
                try {
                    inputStream.close();
                } catch (Exception e) {
                }
            } finally {
                try {
                    inputStream.close();
                } catch (Exception e2) {
                }
            }
        } catch (Exception e3) {
            FileLogger.appendLog("X509TrustManagerImpl", e3);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate x509Certificate;
        String property = ESSClient.localProps.getProperty("ecs.reg.cn");
        FileLogger.appendLog("checkServerTrusted cn=" + property);
        X509Principal x509Principal = new X509Principal(x509CertificateArr[0].getSubjectDN().getName());
        FileLogger.appendLog(x509Principal.getName());
        String cnFromDn = getCnFromDn(x509Principal.toString());
        FileLogger.appendLog("checkServerTrusted cnFromServer=" + cnFromDn);
        for (int i = 0; i < this.tcList.size(); i++) {
            try {
                x509Certificate = this.tcList.get(i);
            } catch (Exception e) {
                FileLogger.appendLog("Error in X509TrustManager", e);
            }
            if (x509CertificateArr[0].equals(x509Certificate)) {
                FileLogger.appendLog("Equals cert");
                return;
            } else {
                if (cnFromDn.equals(property)) {
                    FileLogger.appendLog("verify by " + x509Certificate.getSubjectDN());
                    x509CertificateArr[0].verify(x509Certificate.getPublicKey());
                    return;
                }
            }
        }
        throw new CertificateException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public String getCnFromDn(String str) {
        Vector values = new X509Name(str).getValues(X509Name.CN);
        if (values.size() == 1) {
            return (String) values.get(0);
        }
        FileLogger.appendLog("In DN CN count != 1");
        throw new RuntimeException("In DN CN count != 1");
    }
}
