package org.jmrtd;

import androidx.annotation.Keep;
import androidx.core.app.NotificationCompat;
import java.io.InputStream;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.SetsKt__SetsJVMKt;
import kotlin.jvm.JvmOverloads;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.jmrtd.cert.KeyStoreCertStoreParameters;
import org.jmrtd.cert.PKDCertStoreParameters;
import org.jmrtd.cert.PKDMasterListCertStoreParameters;
import org.spongycastle.jce.provider.BouncyCastleProvider;

@Keep
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000J\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\"\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u001e\n\u0002\b\u0011\n\u0002\u0010!\n\u0002\b\u0004\n\u0002\u0010#\n\u0002\b\f\b\u0007\u0018\u0000 <:\u0001<B?\b\u0007\u0012\u0010\b\u0002\u00102\u001a\n\u0012\u0004\u0012\u00020\u000f\u0018\u000101\u0012\u0010\b\u0002\u0010-\u001a\n\u0012\u0004\u0012\u00020\u0013\u0018\u00010,\u0012\u0010\b\u0002\u00107\u001a\n\u0012\u0004\u0012\u00020\t\u0018\u00010,¢\u0006\u0004\b:\u0010;J\u0017\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u0001H\u0002¢\u0006\u0004\b\u0004\u0010\u0005J\u0017\u0010\u0006\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u0001H\u0002¢\u0006\u0004\b\u0006\u0010\u0005J\u0017\u0010\u0007\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u0001H\u0002¢\u0006\u0004\b\u0007\u0010\u0005J\u0017\u0010\b\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u0001H\u0002¢\u0006\u0004\b\b\u0010\u0005J\u0017\u0010\n\u001a\u00020\t2\u0006\u0010\u0002\u001a\u00020\u0001H\u0002¢\u0006\u0004\b\n\u0010\u000bJ\r\u0010\f\u001a\u00020\u0003¢\u0006\u0004\b\f\u0010\rJ\u0015\u0010\u0010\u001a\n\u0012\u0004\u0012\u00020\u000f\u0018\u00010\u000e¢\u0006\u0004\b\u0010\u0010\u0011J\u0015\u0010\u0014\u001a\n\u0012\u0004\u0012\u00020\u0013\u0018\u00010\u0012¢\u0006\u0004\b\u0014\u0010\u0015J\u0015\u0010\u0016\u001a\n\u0012\u0004\u0012\u00020\t\u0018\u00010\u0012¢\u0006\u0004\b\u0016\u0010\u0015J\u0015\u0010\u0018\u001a\u00020\u00032\u0006\u0010\u0017\u001a\u00020\u000f¢\u0006\u0004\b\u0018\u0010\u0019J\u001b\u0010\u001c\u001a\u00020\u00032\f\u0010\u001b\u001a\b\u0012\u0004\u0012\u00020\u000f0\u001a¢\u0006\u0004\b\u001c\u0010\u001dJ\u0017\u0010\u001e\u001a\u00020\u00032\b\u0010\u0002\u001a\u0004\u0018\u00010\u0001¢\u0006\u0004\b\u001e\u0010\u0005J\u001d\u0010 \u001a\u00020\u00032\u000e\u0010\u001f\u001a\n\u0012\u0004\u0012\u00020\u0001\u0018\u00010\u0012¢\u0006\u0004\b \u0010!J\u0015\u0010\"\u001a\u00020\u00032\u0006\u0010\u0002\u001a\u00020\u0001¢\u0006\u0004\b\"\u0010\u0005J\u001b\u0010#\u001a\u00020\u00032\f\u0010\u001f\u001a\b\u0012\u0004\u0012\u00020\u00010\u0012¢\u0006\u0004\b#\u0010!J\u0015\u0010\u001e\u001a\u00020\u00032\u0006\u0010$\u001a\u00020\u0013¢\u0006\u0004\b\u001e\u0010%J\u0015\u0010\"\u001a\u00020\u00032\u0006\u0010&\u001a\u00020\t¢\u0006\u0004\b\"\u0010'J\u0015\u0010(\u001a\u00020\u00032\u0006\u0010\u0017\u001a\u00020\u000f¢\u0006\u0004\b(\u0010\u0019J\u0015\u0010)\u001a\u00020\u00032\u0006\u0010$\u001a\u00020\u0013¢\u0006\u0004\b)\u0010%J\u0015\u0010*\u001a\u00020\u00032\u0006\u0010&\u001a\u00020\t¢\u0006\u0004\b*\u0010'J\u0015\u0010+\u001a\u00020\u00032\u0006\u0010$\u001a\u00020\u0013¢\u0006\u0004\b+\u0010%R*\u0010-\u001a\n\u0012\u0004\u0012\u00020\u0013\u0018\u00010,8\u0006@\u0006X\u0086\u000e¢\u0006\u0012\n\u0004\b-\u0010.\u001a\u0004\b/\u0010\u0015\"\u0004\b0\u0010!R*\u00102\u001a\n\u0012\u0004\u0012\u00020\u000f\u0018\u0001018\u0006@\u0006X\u0086\u000e¢\u0006\u0012\n\u0004\b2\u00103\u001a\u0004\b4\u0010\u0011\"\u0004\b5\u00106R*\u00107\u001a\n\u0012\u0004\u0012\u00020\t\u0018\u00010,8\u0006@\u0006X\u0086\u000e¢\u0006\u0012\n\u0004\b7\u0010.\u001a\u0004\b8\u0010\u0015\"\u0004\b9\u0010!¨\u0006="}, d2 = {"Lorg/jmrtd/MRTDTrustStore;", "Ljava/net/URI;", NotificationCompat.MessagingStyle.Message.KEY_DATA_URI, "", "addAsSingletonCSCACertStore", "(Ljava/net/URI;)V", "addAsCVCAKeyStore", "addAsPKDStoreCSCACertStore", "addAsKeyStoreCSCACertStore", "Ljava/security/KeyStore;", "getKeyStore", "(Ljava/net/URI;)Ljava/security/KeyStore;", "clear", "()V", "", "Ljava/security/cert/TrustAnchor;", "getCSCAAnchors", "()Ljava/util/Set;", "", "Ljava/security/cert/CertStore;", "getCSCAStores", "()Ljava/util/List;", "getCVCAStores", "trustAnchor", "addCSCAAnchor", "(Ljava/security/cert/TrustAnchor;)V", "", "trustAnchors", "addCSCAAnchors", "(Ljava/util/Collection;)V", "addCSCAStore", "uris", "addCSCAStores", "(Ljava/util/List;)V", "addCVCAStore", "addCVCAStores", "certStore", "(Ljava/security/cert/CertStore;)V", "keyStore", "(Ljava/security/KeyStore;)V", "removeCSCAAnchor", "removeCSCAStore", "removeCVCAStore", "addAsCSCACertStore", "", "cscaStores", "Ljava/util/List;", "getCscaStores", "setCscaStores", "", "cscaAnchors", "Ljava/util/Set;", "getCscaAnchors", "setCscaAnchors", "(Ljava/util/Set;)V", "cvcaStores", "getCvcaStores", "setCvcaStores", "<init>", "(Ljava/util/Set;Ljava/util/List;Ljava/util/List;)V", "Companion", "samobilecapture_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes6.dex */
public final class MRTDTrustStore {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final Provider JMRTD_PROVIDER;
    private static final Logger LOGGER;
    private static final a SELF_SIGNED_X509_CERT_SELECTOR;

    @Nullable
    private Set<TrustAnchor> cscaAnchors;

    @Nullable
    private List<CertStore> cscaStores;

    @Nullable
    private List<KeyStore> cvcaStores;

    /* loaded from: classes6.dex */
    public static final class a extends X509CertSelector {
        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        @NotNull
        public Object clone() {
            return this;
        }

        @Override // java.security.cert.X509CertSelector, java.security.cert.CertSelector
        public boolean match(@NotNull Certificate certificate) {
            if (!(certificate instanceof X509Certificate)) {
                return false;
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            return (issuerX500Principal == null && subjectX500Principal == null) || Intrinsics.areEqual(subjectX500Principal, issuerX500Principal);
        }
    }

    /* renamed from: org.jmrtd.MRTDTrustStore$b, reason: from kotlin metadata */
    /* loaded from: classes6.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final Set<TrustAnchor> a(Collection<? extends Certificate> collection) {
            HashSet hashSet = new HashSet(collection.size());
            for (Certificate certificate : collection) {
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
            return hashSet;
        }
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        JMRTD_PROVIDER = JMRTDSecurityProvider.INSTANCE.c();
        LOGGER = Logger.getLogger("org.jmrtd");
        SELF_SIGNED_X509_CERT_SELECTOR = new a();
    }

    @JvmOverloads
    public MRTDTrustStore() {
        this(null, null, null, 7, null);
    }

    @JvmOverloads
    public MRTDTrustStore(@Nullable Set<TrustAnchor> set) {
        this(set, null, null, 6, null);
    }

    @JvmOverloads
    public MRTDTrustStore(@Nullable Set<TrustAnchor> set, @Nullable List<CertStore> list) {
        this(set, list, null, 4, null);
    }

    @JvmOverloads
    public MRTDTrustStore(@Nullable Set<TrustAnchor> set, @Nullable List<CertStore> list, @Nullable List<KeyStore> list2) {
        this.cscaAnchors = set;
        this.cscaStores = list;
        this.cvcaStores = list2;
    }

    public /* synthetic */ MRTDTrustStore(Set set, List list, List list2, int i2, DefaultConstructorMarker defaultConstructorMarker) {
        this((i2 & 1) != 0 ? new HashSet() : set, (i2 & 2) != 0 ? new ArrayList() : list, (i2 & 4) != 0 ? new ArrayList() : list2);
    }

    private final void addAsCVCAKeyStore(URI uri) {
        addCVCAStore(getKeyStore(uri));
    }

    private final void addAsKeyStoreCSCACertStore(URI uri) {
        KeyStore keyStore = getKeyStore(uri);
        CertStore certStore = CertStore.getInstance(keyStore.getType(), new KeyStoreCertStoreParameters(keyStore));
        Intrinsics.checkExpressionValueIsNotNull(certStore, "certStore");
        addCSCAStore(certStore);
        Collection<? extends Certificate> rootCerts = certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        Companion companion = INSTANCE;
        Intrinsics.checkExpressionValueIsNotNull(rootCerts, "rootCerts");
        addCSCAAnchors(companion.a(rootCerts));
    }

    private final void addAsPKDStoreCSCACertStore(URI uri) {
        String server = uri.getHost();
        int port = uri.getPort();
        Intrinsics.checkExpressionValueIsNotNull(server, "server");
        PKDCertStoreParameters pKDCertStoreParameters = port < 0 ? new PKDCertStoreParameters(server, 0, null, 6, null) : new PKDCertStoreParameters(server, port, null, 4, null);
        PKDMasterListCertStoreParameters pKDMasterListCertStoreParameters = port < 0 ? new PKDMasterListCertStoreParameters(server, null, 2, null) : new PKDMasterListCertStoreParameters(server, port, null, 4, null);
        CertStore certStore = CertStore.getInstance("PKD", pKDCertStoreParameters);
        if (certStore != null) {
            addCSCAStore(certStore);
        }
        CertStore certStore2 = CertStore.getInstance("PKD", pKDMasterListCertStoreParameters);
        if (certStore2 != null) {
            addCSCAStore(certStore2);
        }
        if (certStore2 == null) {
            Intrinsics.throwNpe();
        }
        Collection<? extends Certificate> rootCerts = certStore2.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        Companion companion = INSTANCE;
        Intrinsics.checkExpressionValueIsNotNull(rootCerts, "rootCerts");
        addCSCAAnchors(companion.a(rootCerts));
    }

    private final void addAsSingletonCSCACertStore(URI uri) {
        InputStream inputStream = uri.toURL().openConnection().getInputStream();
        Certificate generateCertificate = CertificateFactory.getInstance("X.509", JMRTD_PROVIDER).generateCertificate(inputStream);
        if (generateCertificate == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        inputStream.close();
        CertStore cscaStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(SetsKt__SetsJVMKt.setOf((X509Certificate) generateCertificate)));
        List<CertStore> list = this.cscaStores;
        if (list == null) {
            Intrinsics.throwNpe();
        }
        Intrinsics.checkExpressionValueIsNotNull(cscaStore, "cscaStore");
        list.add(cscaStore);
        Collection<? extends Certificate> rootCerts = cscaStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        Companion companion = INSTANCE;
        Intrinsics.checkExpressionValueIsNotNull(rootCerts, "rootCerts");
        addCSCAAnchors(companion.a(rootCerts));
    }

    private final KeyStore getKeyStore(URI uri) {
        String[] strArr = {"JKS", "BKS", "PKCS12"};
        for (int i2 = 0; i2 < 3; i2++) {
            try {
                KeyStore keyStore = KeyStore.getInstance(strArr[i2]);
                InputStream inputStream = uri.toURL().openConnection().getInputStream();
                char[] charArray = "".toCharArray();
                Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
                keyStore.load(inputStream, charArray);
                inputStream.close();
                Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
                return keyStore;
            } catch (Exception unused) {
            }
        }
        throw new IllegalArgumentException("Not a supported keystore");
    }

    public final void addAsCSCACertStore(@NotNull CertStore certStore) {
        addCSCAStore(certStore);
        Collection<? extends Certificate> rootCerts = certStore.getCertificates(SELF_SIGNED_X509_CERT_SELECTOR);
        Companion companion = INSTANCE;
        Intrinsics.checkExpressionValueIsNotNull(rootCerts, "rootCerts");
        addCSCAAnchors(companion.a(rootCerts));
    }

    public final void addCSCAAnchor(@NotNull TrustAnchor trustAnchor) {
        Set<TrustAnchor> set = this.cscaAnchors;
        if (set == null) {
            Intrinsics.throwNpe();
        }
        set.add(trustAnchor);
    }

    public final void addCSCAAnchors(@NotNull Collection<? extends TrustAnchor> trustAnchors) {
        Set<TrustAnchor> set = this.cscaAnchors;
        if (set == null) {
            Intrinsics.throwNpe();
        }
        set.addAll(trustAnchors);
    }

    public final void addCSCAStore(@Nullable URI uri) {
        if (uri == null) {
            LOGGER.severe("uri == null");
            return;
        }
        String scheme = uri.getScheme();
        if (scheme == null) {
            LOGGER.severe("scheme == null, location = " + uri);
            return;
        }
        try {
            if (StringsKt__StringsJVMKt.equals(scheme, "ldap", true)) {
                addAsPKDStoreCSCACertStore(uri);
            } else {
                try {
                    addAsKeyStoreCSCACertStore(uri);
                } catch (Exception e2) {
                    try {
                        addAsSingletonCSCACertStore(uri);
                    } catch (Exception e3) {
                        LOGGER.warning("Failed to open " + uri.toASCIIString() + " both as a keystore and as a DER certificate file");
                        e2.printStackTrace();
                        e3.printStackTrace();
                    }
                }
            }
        } catch (GeneralSecurityException e4) {
            e4.printStackTrace();
        }
    }

    public final void addCSCAStore(@NotNull CertStore certStore) {
        List<CertStore> list = this.cscaStores;
        if (list == null) {
            Intrinsics.throwNpe();
        }
        list.add(certStore);
    }

    public final void addCSCAStores(@Nullable List<URI> uris) {
        if (uris == null) {
            LOGGER.severe("uris == null");
            return;
        }
        Iterator<URI> it = uris.iterator();
        while (it.hasNext()) {
            addCSCAStore(it.next());
        }
    }

    public final void addCVCAStore(@NotNull URI uri) {
        try {
            addAsCVCAKeyStore(uri);
        } catch (Exception e2) {
            LOGGER.warning("Exception in addCVCAStore: " + e2.getMessage());
        }
    }

    public final void addCVCAStore(@NotNull KeyStore keyStore) {
        List<KeyStore> list = this.cvcaStores;
        if (list == null) {
            Intrinsics.throwNpe();
        }
        list.add(keyStore);
    }

    public final void addCVCAStores(@NotNull List<URI> uris) {
        Iterator<URI> it = uris.iterator();
        while (it.hasNext()) {
            addCVCAStore(it.next());
        }
    }

    public final void clear() {
        this.cscaAnchors = new HashSet();
        this.cscaStores = new ArrayList();
        this.cvcaStores = new ArrayList();
    }

    @Nullable
    public final Set<TrustAnchor> getCSCAAnchors() {
        return this.cscaAnchors;
    }

    @Nullable
    public final List<CertStore> getCSCAStores() {
        return this.cscaStores;
    }

    @Nullable
    public final List<KeyStore> getCVCAStores() {
        return this.cvcaStores;
    }

    @Nullable
    public final Set<TrustAnchor> getCscaAnchors() {
        return this.cscaAnchors;
    }

    @Nullable
    public final List<CertStore> getCscaStores() {
        return this.cscaStores;
    }

    @Nullable
    public final List<KeyStore> getCvcaStores() {
        return this.cvcaStores;
    }

    public final void removeCSCAAnchor(@NotNull TrustAnchor trustAnchor) {
        Set<TrustAnchor> set = this.cscaAnchors;
        if (set == null) {
            Intrinsics.throwNpe();
        }
        set.remove(trustAnchor);
    }

    public final void removeCSCAStore(@NotNull CertStore certStore) {
        List<CertStore> list = this.cscaStores;
        if (list == null) {
            Intrinsics.throwNpe();
        }
        list.remove(certStore);
    }

    public final void removeCVCAStore(@NotNull KeyStore keyStore) {
        List<KeyStore> list = this.cvcaStores;
        if (list == null) {
            Intrinsics.throwNpe();
        }
        list.remove(keyStore);
    }

    public final void setCscaAnchors(@Nullable Set<TrustAnchor> set) {
        this.cscaAnchors = set;
    }

    public final void setCscaStores(@Nullable List<CertStore> list) {
        this.cscaStores = list;
    }

    public final void setCvcaStores(@Nullable List<KeyStore> list) {
        this.cvcaStores = list;
    }
}
