package o9;

import coil.util.e;
import com.google.common.base.u;
import io.grpc.xds.shaded.io.envoyproxy.envoy.api.v2.core.v;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;

/* compiled from: SdsTrustManagerFactory.java */
/* loaded from: classes4.dex */
public final class b extends io.grpc.netty.shaded.io.netty.handler.ssl.util.a {

    /* renamed from: d, reason: collision with root package name */
    private static final Logger f11050d = Logger.getLogger(b.class.getName());
    private c c;

    public b(io.grpc.xds.shaded.io.envoyproxy.envoy.api.v2.auth.b bVar) throws CertificateException, IOException, CertStoreException {
        X509Certificate[] a10;
        e.j(bVar, "certificateValidationContext");
        v.d specifierCase = bVar.getTrustedCa().getSpecifierCase();
        int i10 = 1;
        if (specifierCase == v.d.FILENAME) {
            String filename = bVar.getTrustedCa().getFilename();
            e.r("trustedCa.file-name in certificateValidationContext cannot be empty", !u.b(filename));
            a10 = a.a(new BufferedInputStream(new FileInputStream(new File(filename))));
        } else {
            if (specifierCase != v.d.INLINE_BYTES) {
                throw new IllegalArgumentException("Not supported: " + specifierCase);
            }
            a10 = a.a(bVar.getTrustedCa().getInlineBytes().newInput());
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            X509ExtendedTrustManager x509ExtendedTrustManager = null;
            keyStore.load(null, null);
            int i11 = 0;
            for (X509Certificate x509Certificate : a10) {
                keyStore.setCertificateEntry("alias" + i10, x509Certificate);
                i10++;
            }
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                int length = trustManagers.length;
                while (true) {
                    if (i11 >= length) {
                        break;
                    }
                    TrustManager trustManager = trustManagers[i11];
                    if (trustManager instanceof X509ExtendedTrustManager) {
                        x509ExtendedTrustManager = (X509ExtendedTrustManager) trustManager;
                        break;
                    }
                    i11++;
                }
            }
            if (x509ExtendedTrustManager == null) {
                throw new CertStoreException("Native X509 TrustManager not found.");
            }
            this.c = new c(bVar, x509ExtendedTrustManager);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
            f11050d.log(Level.SEVERE, "createSdsX509TrustManager", e10);
            throw new CertStoreException(e10);
        }
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.util.a
    protected final TrustManager[] a() {
        return new TrustManager[]{this.c};
    }
}
