package org.jmrtd;

import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URLConnection;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import org.jmrtd.cert.CSCAMasterList;
import org.jmrtd.cert.KeyStoreCertStoreParameters;
import org.jmrtd.cert.PKDCertStoreParameters;
import org.jmrtd.cert.PKDMasterListCertStoreParameters;

/* loaded from: classes.dex */
public class MRTDTrustStore {
    private static final Provider JMRTD_PROVIDER = JMRTDSecurityProvider.getInstance();
    private static final Logger LOGGER = Logger.getLogger("org.jmrtd");
    private static final CertSelector SELF_SIGNED_X509_CERT_SELECTOR = new X509CertSelector() { // from class: org.jmrtd.MRTDTrustStore.1
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public Object clone() {
            return this;
        }

        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(Certificate certificate) {
            if (!(certificate instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            return (issuerX500Principal == null && subjectX500Principal == null) || subjectX500Principal.equals(issuerX500Principal);
        }
    };
    private Set<TrustAnchor> cscaAnchors;
    private List<CertStore> cscaStores;
    private List<KeyStore> cvcaStores;

    public MRTDTrustStore() {
        this(new HashSet(), new ArrayList(), new ArrayList());
    }

    public MRTDTrustStore(Set<TrustAnchor> set, List<CertStore> list, List<KeyStore> list2) {
        this.cscaAnchors = set;
        this.cscaStores = list;
        this.cvcaStores = list2;
    }

    private void addAsCSCAMasterList(URI uri) throws IOException, GeneralSecurityException {
        URLConnection openConnection = uri.toURL().openConnection();
        DataInputStream dataInputStream = new DataInputStream(openConnection.getInputStream());
        byte[] bArr = new byte[openConnection.getContentLength()];
        dataInputStream.readFully(bArr);
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(new CSCAMasterList(bArr).getCertificates()));
        addCSCAStore(certStore);
        addCSCAAnchors(getAsAnchors(certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR)));
    }

    private void addAsCVCAKeyStore(URI uri) {
        addCVCAStore(getKeyStore(uri));
    }

    private void addAsKeyStoreCSCACertStore(URI uri) throws KeyStoreException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertStoreException {
        KeyStore keyStore = getKeyStore(uri);
        CertStore certStore = CertStore.getInstance(keyStore.getType(), new KeyStoreCertStoreParameters(keyStore));
        addCSCAStore(certStore);
        addCSCAAnchors(getAsAnchors(certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR)));
    }

    private void addAsPKDStoreCSCACertStore(URI uri) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertStoreException {
        String host = uri.getHost();
        int port = uri.getPort();
        PKDCertStoreParameters pKDCertStoreParameters = port < 0 ? new PKDCertStoreParameters(host) : new PKDCertStoreParameters(host, port);
        PKDMasterListCertStoreParameters pKDMasterListCertStoreParameters = port < 0 ? new PKDMasterListCertStoreParameters(host) : new PKDMasterListCertStoreParameters(host, port);
        CertStore certStore = CertStore.getInstance("PKD", pKDCertStoreParameters);
        if (certStore != null) {
            addCSCAStore(certStore);
        }
        CertStore certStore2 = CertStore.getInstance("PKD", pKDMasterListCertStoreParameters);
        if (certStore2 != null) {
            addCSCAStore(certStore2);
        }
        addCSCAAnchors(getAsAnchors(certStore2.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR)));
    }

    private void addAsSingletonCSCACertStore(URI uri) throws MalformedURLException, IOException, CertificateException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, CertStoreException {
        InputStream inputStream = uri.toURL().openConnection().getInputStream();
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509", JMRTD_PROVIDER).generateCertificate(inputStream);
        inputStream.close();
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singleton(x509Certificate)));
        this.cscaStores.add(certStore);
        addCSCAAnchors(getAsAnchors(certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR)));
    }

    private static Set<TrustAnchor> getAsAnchors(Collection<? extends Certificate> collection) {
        HashSet hashSet = new HashSet(collection.size());
        for (Certificate certificate : collection) {
            if (certificate instanceof X509Certificate) {
                hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
            }
        }
        return hashSet;
    }

    private KeyStore getKeyStore(URI uri) {
        for (String str : new String[]{"JKS", "BKS", "PKCS12"}) {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                InputStream inputStream = uri.toURL().openConnection().getInputStream();
                keyStore.load(inputStream, "".toCharArray());
                inputStream.close();
                return keyStore;
            } catch (Exception e) {
            }
        }
        throw new IllegalArgumentException("Not a supported keystore");
    }

    public void addCSCAAnchor(TrustAnchor trustAnchor) {
        this.cscaAnchors.add(trustAnchor);
    }

    public void addCSCAAnchors(Collection<TrustAnchor> collection) {
        this.cscaAnchors.addAll(collection);
    }

    public void addCSCAStore(URI uri) {
        if (uri == null) {
            LOGGER.severe("uri == null");
            return;
        }
        String scheme = uri.getScheme();
        if (scheme == null) {
            LOGGER.severe("scheme == null, location = " + uri);
            return;
        }
        try {
            if (scheme.equalsIgnoreCase("ldap")) {
                addAsPKDStoreCSCACertStore(uri);
            } else {
                try {
                    LOGGER.info("Trying to open " + uri.toASCIIString() + " as keystore file");
                    addAsKeyStoreCSCACertStore(uri);
                } catch (Exception e) {
                    try {
                        LOGGER.info("Trying to open " + uri.toASCIIString() + " as CSCA as master list");
                        addAsCSCAMasterList(uri);
                    } catch (Exception e2) {
                        try {
                            LOGGER.info("Trying to open " + uri.toASCIIString() + " as certificate file");
                            addAsSingletonCSCACertStore(uri);
                        } catch (Exception e3) {
                            LOGGER.warning("Failed to open " + uri.toASCIIString() + " as a keystore, as a DER certificate file, and as a CSCA masterlist file");
                        }
                    }
                }
            }
        } catch (GeneralSecurityException e4) {
            e4.printStackTrace();
        }
    }

    public void addCSCAStore(CertStore certStore) {
        this.cscaStores.add(certStore);
    }

    public void addCSCAStores(List<URI> list) {
        if (list == null) {
            LOGGER.severe("uris == null");
            return;
        }
        Iterator<URI> it2 = list.iterator();
        while (it2.hasNext()) {
            addCSCAStore(it2.next());
        }
    }

    public void addCVCAStore(URI uri) {
        try {
            addAsCVCAKeyStore(uri);
        } catch (Exception e) {
            LOGGER.warning("Exception in addCVCAStore: " + e.getMessage());
        }
    }

    public void addCVCAStore(KeyStore keyStore) {
        this.cvcaStores.add(keyStore);
    }

    public void addCVCAStores(List<URI> list) {
        Iterator<URI> it2 = list.iterator();
        while (it2.hasNext()) {
            addCVCAStore(it2.next());
        }
    }

    public void clear() {
        this.cscaAnchors = new HashSet();
        this.cscaStores = new ArrayList();
        this.cvcaStores = new ArrayList();
    }

    public Set<TrustAnchor> getCSCAAnchors() {
        return this.cscaAnchors;
    }

    public List<CertStore> getCSCAStores() {
        return this.cscaStores;
    }

    public List<KeyStore> getCVCAStores() {
        return this.cvcaStores;
    }

    public void removeCSCAAnchor(TrustAnchor trustAnchor) {
        this.cscaAnchors.remove(trustAnchor);
    }

    public void removeCSCAStore(CertStore certStore) {
        this.cscaStores.remove(certStore);
    }

    public void removeCVCAStore(KeyStore keyStore) {
        this.cvcaStores.remove(keyStore);
    }
}
