package org.rustls.platformverifier;

import android.net.http.X509TrustManagerExtensions;
import android.util.Log;
import java.io.File;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateFactory;
import java.util.HashSet;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Metadata;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CertificateVerifier.kt */
@Metadata(bv = {}, d1 = {"\u00002\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0000\n\u0002\u0010\u0012\n\u0000\n\u0002\u0010\t\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\bÁ\u0002\u0018\u00002\u00020\u0001JU\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u0003\u001a\u00020\u00022\u0006\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0006\u001a\u00020\u00042\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00040\u00072\b\u0010\n\u001a\u0004\u0018\u00010\t2\u0006\u0010\f\u001a\u00020\u000b2\f\u0010\r\u001a\b\u0012\u0004\u0012\u00020\t0\u0007H\u0003¢\u0006\u0004\b\u000f\u0010\u0010¨\u0006\u0011"}, d2 = {"Lorg/rustls/platformverifier/CertificateVerifier;", "", "Landroid/content/Context;", "context", "", "serverName", "authMethod", "", "allowedEkus", "", "ocspResponse", "", "time", "certChain", "Lorg/rustls/platformverifier/VerificationResult;", "verifyCertificateChain", "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;[BJ[[B)Lorg/rustls/platformverifier/VerificationResult;", "rustls-platform-verifier_release"}, k = 1, mv = {1, 6, 0})
/* loaded from: classes4.dex */
public final class CertificateVerifier {
    public static final /* synthetic */ int $r8$clinit = 0;
    private static final CertificateFactory certFactory;
    private static final KeyStore systemKeystore;
    private static final Lazy<X509TrustManagerExtensions> systemTrustManager;

    static {
        final KeyStore keyStore;
        Lazy<X509TrustManagerExtensions> lazy;
        final KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        Intrinsics.checkNotNullExpressionValue(keyStore2, "getInstance(KeyStore.getDefaultType())");
        if (keyStore2 != null) {
            keyStore2.load(null);
        }
        LazyKt__LazyJVMKt.lazy(new Function0<X509TrustManagerExtensions>() { // from class: org.rustls.platformverifier.CertificateVerifier$makeLazyTrustManager$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final X509TrustManagerExtensions invoke() {
                int i = CertificateVerifier.$r8$clinit;
                return CertificateVerifier.access$createTrustManager(keyStore2);
            }
        });
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Intrinsics.checkNotNullExpressionValue(certificateFactory, "getInstance(\"X.509\")");
        certFactory = certificateFactory;
        new HashSet();
        String str = System.getenv("ANDROID_ROOT");
        if (str != null) {
            new File(Intrinsics.stringPlus(str, "/etc/security/cacerts"));
        }
        try {
            keyStore = KeyStore.getInstance("AndroidCAStore");
        } catch (KeyStoreException unused) {
            keyStore = null;
        }
        systemKeystore = keyStore;
        if (keyStore != null) {
            keyStore.load(null);
        }
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<X509TrustManagerExtensions>() { // from class: org.rustls.platformverifier.CertificateVerifier$makeLazyTrustManager$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final X509TrustManagerExtensions invoke() {
                int i = CertificateVerifier.$r8$clinit;
                return CertificateVerifier.access$createTrustManager(keyStore);
            }
        });
        systemTrustManager = lazy;
    }

    private CertificateVerifier() {
    }

    public static final X509TrustManagerExtensions access$createTrustManager(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        try {
            TrustManager[] availableTrustManagers = trustManagerFactory.getTrustManagers();
            Intrinsics.checkNotNullExpressionValue(availableTrustManagers, "availableTrustManagers");
            int length = availableTrustManagers.length;
            int i = 0;
            while (i < length) {
                TrustManager trustManager = availableTrustManagers[i];
                i++;
                if (trustManager instanceof X509TrustManager) {
                    return new X509TrustManagerExtensions((X509TrustManager) trustManager);
                }
            }
            Log.e("rustls-platform-verifier-android", "failed to find a usable trust manager");
            return null;
        } catch (RuntimeException e) {
            Log.w("rustls-platform-verifier-android", Intrinsics.stringPlus("exception thrown creating a TrustManager: ", e));
            return null;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:35:0x007d  */
    /* JADX WARN: Removed duplicated region for block: B:37:0x0085  */
    @kotlin.jvm.JvmStatic
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static final org.rustls.platformverifier.VerificationResult verifyCertificateChain(android.content.Context r12, java.lang.String r13, java.lang.String r14, java.lang.String[] r15, byte[] r16, long r17, byte[][] r19) {
        /*
            Method dump skipped, instructions count: 335
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.rustls.platformverifier.CertificateVerifier.verifyCertificateChain(android.content.Context, java.lang.String, java.lang.String, java.lang.String[], byte[], long, byte[][]):org.rustls.platformverifier.VerificationResult");
    }
}
