package sun.security.ssl;

import com.secneo.apkwrapper.Helper;
import java.net.Socket;
import java.security.AlgorithmConstraints;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509TrustManager;
import sun.security.util.HostnameChecker;
import sun.security.validator.KeyStores;
import sun.security.validator.Validator;

/* loaded from: classes2.dex */
final class X509TrustManagerImpl extends X509ExtendedTrustManager implements X509TrustManager {
    private static final Debug debug;
    private volatile Validator clientValidator;
    private final PKIXBuilderParameters pkixParams;
    private volatile Validator serverValidator;
    private final Collection<X509Certificate> trustedCerts;
    private final String validatorType;

    static {
        Helper.stub();
        debug = Debug.getInstance("ssl");
    }

    X509TrustManagerImpl(String str, KeyStore keyStore) throws KeyStoreException {
        this.validatorType = str;
        this.pkixParams = null;
        if (keyStore == null) {
            this.trustedCerts = Collections.emptySet();
        } else {
            this.trustedCerts = KeyStores.getTrustedCerts(keyStore);
        }
        showTrustedCerts();
    }

    X509TrustManagerImpl(String str, PKIXBuilderParameters pKIXBuilderParameters) {
        this.validatorType = str;
        this.pkixParams = pKIXBuilderParameters;
        Validator validator = getValidator("tls server");
        this.trustedCerts = validator.getTrustedCertificates();
        this.serverValidator = validator;
        showTrustedCerts();
    }

    static void checkIdentity(String str, X509Certificate x509Certificate, String str2) throws CertificateException {
        if (str2 == null || str2.length() == 0) {
            return;
        }
        if (str != null && str.startsWith("[") && str.endsWith("]")) {
            str = str.substring(1, str.length() - 1);
        }
        if (str2.equalsIgnoreCase("HTTPS")) {
            HostnameChecker.getInstance((byte) 1).match(str, x509Certificate);
        } else {
            if (!str2.equalsIgnoreCase("LDAP") && !str2.equalsIgnoreCase("LDAPS")) {
                throw new CertificateException("Unknown identification algorithm: " + str2);
            }
            HostnameChecker.getInstance((byte) 2).match(str, x509Certificate);
        }
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket, boolean z) throws CertificateException {
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine, boolean z) throws CertificateException {
    }

    private Validator checkTrustedInit(X509Certificate[] x509CertificateArr, String str, boolean z) {
        return null;
    }

    private Validator getValidator(String str) {
        return null;
    }

    private void showTrustedCerts() {
    }

    private static X509Certificate[] validate(Validator validator, X509Certificate[] x509CertificateArr, AlgorithmConstraints algorithmConstraints, String str) throws CertificateException {
        Object beginFipsProvider = JsseJce.beginFipsProvider();
        try {
            return validator.validate(x509CertificateArr, (Collection) null, algorithmConstraints, str);
        } finally {
            JsseJce.endFipsProvider(beginFipsProvider);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str, (Socket) null, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkTrusted(x509CertificateArr, str, socket, true);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkTrusted(x509CertificateArr, str, sSLEngine, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrusted(x509CertificateArr, str, (Socket) null, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        checkTrusted(x509CertificateArr, str, socket, false);
    }

    @Override // javax.net.ssl.X509ExtendedTrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        checkTrusted(x509CertificateArr, str, sSLEngine, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
}
