package ru.rt.ebs.cryptosdk.core.g.a.a;

import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Lambda;
import ru.CryptoPro.JCP.tools.CertReader.Extension;
import ru.CryptoPro.ssl.cl_36;
import ru.CryptoPro.ssl.gost.GostConstants;
import ru.CryptoPro.ssl.util.TLSContext;
import ru.rt.ebs.cryptosdk.core.common.controllers.ICommonController;
import ru.rt.ebs.cryptosdk.core.security.entities.exceptions.CertificateSecurityEbsException;
import ru.rt.ebs.cryptosdk.core.security.entities.models.ITLSProvider;
import ru.rt.ebs.cryptosdk.core.security.entities.models.h;
import ru.rt.ebs.cryptosdk.core.security.entities.models.i;

/* compiled from: CryptoProTlsProviderManager.kt */
/* loaded from: classes5.dex */
public final class f implements ru.rt.ebs.cryptosdk.core.security.entities.models.f {

    /* renamed from: a, reason: collision with root package name */
    private static final String[] f2015a = {GostConstants.TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC, GostConstants.TLS_CIPHER_2012, GostConstants.TLS_CIPHER_2001};
    private final ICommonController b;

    /* compiled from: CryptoProTlsProviderManager.kt */
    /* loaded from: classes5.dex */
    static final class a extends Lambda implements Function0<Unit> {
        final /* synthetic */ i b;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        a(i iVar) {
            super(0);
            this.b = iVar;
        }

        @Override // kotlin.jvm.functions.Function0
        public Unit invoke() {
            f.a(f.this, this.b.a());
            return Unit.INSTANCE;
        }
    }

    public f(ICommonController commonController) {
        Intrinsics.checkNotNullParameter(commonController, "commonController");
        this.b = commonController;
    }

    private final void a(X509Certificate x509Certificate, String str) {
        throw new CertificateSecurityEbsException("Certificate " + ((Object) x509Certificate.getSerialNumber().toString(16)) + Extension.COLON_SPACE + str);
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x002e A[Catch: Exception -> 0x0063, TryCatch #0 {Exception -> 0x0063, blocks: (B:3:0x0003, B:4:0x0007, B:6:0x000d, B:8:0x001a, B:10:0x0022, B:15:0x002e, B:17:0x0034, B:19:0x003a, B:24:0x0046, B:30:0x0050, B:31:0x0055, B:34:0x0056, B:35:0x005b, B:39:0x005c, B:40:0x0061), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0046 A[Catch: Exception -> 0x0063, TryCatch #0 {Exception -> 0x0063, blocks: (B:3:0x0003, B:4:0x0007, B:6:0x000d, B:8:0x001a, B:10:0x0022, B:15:0x002e, B:17:0x0034, B:19:0x003a, B:24:0x0046, B:30:0x0050, B:31:0x0055, B:34:0x0056, B:35:0x005b, B:39:0x005c, B:40:0x0061), top: B:2:0x0003 }] */
    /* JADX WARN: Removed duplicated region for block: B:33:0x0056 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x005c A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static final void a(ru.rt.ebs.cryptosdk.core.g.a.a.f r7, java.util.List r8) {
        /*
            r7.getClass()
            java.util.Iterator r8 = r8.iterator()     // Catch: java.lang.Exception -> L63
        L7:
            boolean r0 = r8.hasNext()     // Catch: java.lang.Exception -> L63
            if (r0 == 0) goto L62
            java.lang.Object r0 = r8.next()     // Catch: java.lang.Exception -> L63
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.lang.Exception -> L63
            java.security.Principal r1 = r0.getIssuerDN()     // Catch: java.lang.Exception -> L63
            r2 = 0
            if (r1 == 0) goto L5c
            java.lang.String r3 = r1.getName()     // Catch: java.lang.Exception -> L63
            r4 = 0
            r5 = 1
            if (r3 == 0) goto L2b
            boolean r3 = kotlin.text.StringsKt.isBlank(r3)     // Catch: java.lang.Exception -> L63
            if (r3 == 0) goto L29
            goto L2b
        L29:
            r3 = r4
            goto L2c
        L2b:
            r3 = r5
        L2c:
            if (r3 != 0) goto L5c
            java.security.Principal r3 = r0.getSubjectDN()     // Catch: java.lang.Exception -> L63
            if (r3 == 0) goto L56
            java.lang.String r6 = r3.getName()     // Catch: java.lang.Exception -> L63
            if (r6 == 0) goto L43
            boolean r6 = kotlin.text.StringsKt.isBlank(r6)     // Catch: java.lang.Exception -> L63
            if (r6 == 0) goto L41
            goto L43
        L41:
            r6 = r4
            goto L44
        L43:
            r6 = r5
        L44:
            if (r6 != 0) goto L56
            boolean r1 = r3.equals(r1)     // Catch: java.lang.Exception -> L63
            if (r1 != r5) goto L4d
            r4 = r5
        L4d:
            if (r4 != 0) goto L50
            goto L7
        L50:
            java.lang.String r8 = "certificate is self-signed"
            r7.a(r0, r8)     // Catch: java.lang.Exception -> L63
            throw r2     // Catch: java.lang.Exception -> L63
        L56:
            java.lang.String r8 = "subjectDN is empty"
            r7.a(r0, r8)     // Catch: java.lang.Exception -> L63
            throw r2     // Catch: java.lang.Exception -> L63
        L5c:
            java.lang.String r8 = "issuerDN is empty"
            r7.a(r0, r8)     // Catch: java.lang.Exception -> L63
            throw r2     // Catch: java.lang.Exception -> L63
        L62:
            return
        L63:
            r7 = move-exception
            boolean r8 = r7 instanceof ru.rt.ebs.cryptosdk.core.security.entities.exceptions.CertificateSecurityEbsException
            if (r8 != 0) goto L6e
            ru.rt.ebs.cryptosdk.core.security.entities.exceptions.CertificateSecurityEbsException r8 = new ru.rt.ebs.cryptosdk.core.security.entities.exceptions.CertificateSecurityEbsException
            r8.<init>(r7)
            throw r8
        L6e:
            throw r7
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.rt.ebs.cryptosdk.core.g.a.a.f.a(ru.rt.ebs.cryptosdk.core.g.a.a.f, java.util.List):void");
    }

    @Override // ru.rt.ebs.cryptosdk.core.security.entities.models.f
    public ITLSProvider a(i tlsProviderConfig) {
        Intrinsics.checkNotNullParameter(tlsProviderConfig, "tlsProviderConfig");
        KeyStore keyStore = KeyStore.getInstance("CertStore", "JCSP");
        Intrinsics.checkNotNullExpressionValue(keyStore, "getInstance(\n           …  PROVIDER_NAME\n        )");
        keyStore.load(null, null);
        Enumeration<String> aliases = keyStore.aliases();
        Intrinsics.checkNotNullExpressionValue(aliases, "keyStore.aliases()");
        ArrayList<String> list = Collections.list(aliases);
        Intrinsics.checkNotNullExpressionValue(list, "list(this)");
        for (String str : list) {
            if (keyStore.containsAlias(str)) {
                keyStore.deleteEntry(str);
            }
        }
        this.b.verifySelfSignCertificates(new a(tlsProviderConfig));
        try {
            for (X509Certificate x509Certificate : CollectionsKt.plus((Collection) tlsProviderConfig.b(), (Iterable) tlsProviderConfig.a())) {
                String bigInteger = x509Certificate.getSerialNumber().toString(16);
                Intrinsics.checkNotNullExpressionValue(bigInteger, "certificate.serialNumber.toString(16)");
                if (keyStore.containsAlias(bigInteger)) {
                    a(x509Certificate, "is duplicate");
                    throw null;
                }
                keyStore.setCertificateEntry(bigInteger, x509Certificate);
            }
            TrustManager[] trustManagerArr = new TrustManager[1];
            SSLContext initClientSSL = TLSContext.initClientSSL(cl_36.PROVIDER_NAME, "TLSv1.2", keyStore, trustManagerArr);
            Intrinsics.checkNotNullExpressionValue(initClientSSL, "initClientSSL(\n        T…      trustManagers\n    )");
            SSLSocketFactory socketFactory = initClientSSL.getSocketFactory();
            TrustManager trustManager = trustManagerArr[0];
            if (trustManager == null) {
                throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            }
            String[] strArr = f2015a;
            Object[] copyOf = Arrays.copyOf(strArr, strArr.length);
            Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, size)");
            String[] strArr2 = (String[]) copyOf;
            Intrinsics.checkNotNullExpressionValue(socketFactory, "socketFactory");
            return new h("TLSv1.2", strArr2, (X509TrustManager) trustManager, socketFactory);
        } catch (Exception e) {
            if (e instanceof CertificateSecurityEbsException) {
                throw e;
            }
            throw new CertificateSecurityEbsException(e);
        }
    }
}
