package ru.CryptoPro.AdES.certificate;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import ru.CryptoPro.AdES.AdESConfig;
import ru.CryptoPro.AdES.exception.AdESException;
import ru.CryptoPro.AdES.tools.AdESUtility;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.Util.GetProperty;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.JCP.tools.Platform;
import ru.CryptoPro.JCSP.support.BKSTrustStore;
import ru.CryptoPro.reprov.RevCheck;

/* loaded from: classes4.dex */
public abstract class AbstractCertificateChainBuilder {
    public static final Set<X509Certificate> CACERTS_INTERMEDIATE_CERTIFICATES;
    public static final Set<X509Certificate> CACERTS_TRUST_CERTIFICATES;
    public static final String DEFAULT_TRUST_STORE = "cacerts";
    public static final char[] DEFAULT_TRUST_STORE_PASSWORD;
    public static final String DEFAULT_TRUST_STORE_PATH;
    public static final String JAVA_HOME;
    protected Date validationDate = null;
    protected String provider = null;
    protected X509Certificate targetCert = null;
    protected X509Certificate rootCert = null;

    static {
        String stringProperty = GetProperty.getStringProperty("java.home", null);
        JAVA_HOME = stringProperty;
        String str = stringProperty + File.separatorChar + "lib" + File.separatorChar + BKSTrustStore.STORAGE_DIRECTORY + File.separatorChar + "cacerts";
        DEFAULT_TRUST_STORE_PATH = str;
        char[] cACertsPassword = Platform.isAndroid ? AdESConfig.DEFAULT_CACERTS_PASSWORD : AdESConfig.getCACertsPassword();
        DEFAULT_TRUST_STORE_PASSWORD = cACertsPassword;
        JCPLogger.subTrace("%%% Loading trusted certificates... %%%");
        HashSet hashSet = new HashSet();
        CACERTS_TRUST_CERTIFICATES = hashSet;
        HashSet hashSet2 = new HashSet();
        CACERTS_INTERMEDIATE_CERTIFICATES = hashSet2;
        try {
            if (Platform.isAndroid) {
                loadTrustedCertificates("AndroidCAStore", null, null, hashSet, hashSet2);
            } else {
                loadTrustedCertificates("JKS", str, cACertsPassword, hashSet, hashSet2);
            }
        } catch (AdESException e) {
            JCPLogger.ignoredException(e);
        }
        if (Platform.isAndroid) {
            try {
                String str2 = JCP.ANDROID_APP_DIR_PREFIX + File.separatorChar + BKSTrustStore.STORAGE_DIRECTORY + File.separatorChar + "cacerts";
                JCPLogger.subTrace("%%% Loading additional android trusted certificates: ", str2);
                loadTrustedCertificates(BKSTrustStore.STORAGE_TYPE, str2, DEFAULT_TRUST_STORE_PASSWORD, CACERTS_TRUST_CERTIFICATES, CACERTS_INTERMEDIATE_CERTIFICATES);
                JCPLogger.subTrace("%%% Additional android trusted certificates were loaded %%%");
            } catch (AdESException e2) {
                JCPLogger.ignoredException(e2);
            }
        }
        JCPLogger.subTrace("%%% Trusted certificates were loaded %%%");
    }

    private static void loadTrustedCertificates(String str, String str2, char[] cArr, Set<X509Certificate> set, Set<X509Certificate> set2) throws AdESException {
        JCPLogger.subEnter();
        JCPLogger.subTraceFormat("Loading trusted certificates from store {0}  with type {1}", str2, str);
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(str2 != null ? new FileInputStream(str2) : null, cArr);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    if (Platform.isAndroid) {
                        x509Certificate = (X509Certificate) AdESUtility.CERT_FACTORY.generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
                    }
                    if (!AdESUtility.isSelfSignedForCaCerts(x509Certificate)) {
                        if (!Platform.isIbm && !Platform.isAndroid) {
                            set2.add(x509Certificate);
                        }
                        if (AdESUtility.isGost(x509Certificate)) {
                            set2.add(x509Certificate);
                        }
                    }
                    set.add(x509Certificate);
                }
            }
            if (set.isEmpty()) {
                JCPLogger.subTrace("Trust store is empty.");
            } else {
                JCPLogger.subTrace("A few trust certificates were loaded: ", Integer.valueOf(set.size()));
            }
            if (!set2.isEmpty()) {
                JCPLogger.subTrace("A few intermediate certificates were loaded: ", Integer.valueOf(set2.size()));
            }
            JCPLogger.subExit();
        } catch (Exception e) {
            throw new AdESException(e, AdESException.ecInternal);
        }
    }

    public String getAlgorithm() {
        return RevCheck.CP_REV_CHECK_ALG;
    }

    public String getRevocationProvider() {
        return RevCheck.PROVIDER_NAME;
    }
}
