package com.aliyun.alink.linksdk.channel.core.persistent.mqtt.a;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* compiled from: MqttTrustManager.java */
/* loaded from: classes2.dex */
public class c implements X509TrustManager {

    /* renamed from: a, reason: collision with root package name */
    private final X509TrustManager f2480a;
    private final KeyStore b;

    public c(InputStream inputStream) {
        this.b = a(inputStream);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init((KeyStore) null);
        this.f2480a = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    private KeyStore a(InputStream inputStream) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
        return keyStore;
    }

    private X509Certificate a(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getIssuerDN().equals(x509Certificate.getSubjectDN()) && !x509Certificate2.equals(x509Certificate)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private X509Certificate a(List<X509Certificate> list) {
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate next = it.next();
            X509Certificate b = b(next, list);
            if (b == null || b.equals(next)) {
                return next;
            }
        }
        return null;
    }

    private X509Certificate[] a(X509Certificate[] x509CertificateArr) {
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        int length = x509CertificateArr.length - 1;
        X509Certificate a2 = a(asList);
        x509CertificateArr2[length] = a2;
        while (true) {
            a2 = a(a2, asList);
            if (a2 == null || length <= 0) {
                break;
            }
            length--;
            x509CertificateArr2[length] = a2;
        }
        return x509CertificateArr2;
    }

    private X509Certificate b(X509Certificate x509Certificate, List<X509Certificate> list) {
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                return x509Certificate2;
            }
        }
        return null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        try {
            this.f2480a.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            try {
                X509Certificate[] a2 = a(x509CertificateArr);
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                CertPath generateCertPath = CertificateFactory.getInstance("X509").generateCertPath(Arrays.asList(a2));
                PKIXParameters pKIXParameters = new PKIXParameters(this.b);
                pKIXParameters.setRevocationEnabled(false);
                certPathValidator.validate(generateCertPath, pKIXParameters);
            } catch (CertificateNotYetValidException e2) {
                com.aliyun.alink.linksdk.channel.core.b.a.a("MqttTrustManager", "CertificateNotYetValidException " + e2);
            } catch (Exception e3) {
                if (e3.getCause() instanceof CertificateNotYetValidException) {
                    com.aliyun.alink.linksdk.channel.core.b.a.a("MqttTrustManager", "validate cert failed.because system is early than cert valid . wsf will ignore this exception," + e3);
                    return;
                }
                com.aliyun.alink.linksdk.channel.core.b.a.a("MqttTrustManager", "checkServerTrusted faied." + e);
                com.aliyun.alink.linksdk.channel.core.b.a.a("MqttTrustManager", "validate cert failed." + e3);
                throw e;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
