package com.airwatch.certpinning;

import android.content.Context;
import com.airwatch.certpinning.TrustSpecs;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import java.io.InputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.reflect.KClass;

@Metadata(d1 = {"\u0000L\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\b\b\u0011\u0018\u0000 \u001c2\u00020\u00012\u00020\u0002:\u0001\u001dB\u0017\u0012\u0006\u0010\u0019\u001a\u00020\u000f\u0012\u0006\u0010\u0006\u001a\u00020\u0005¢\u0006\u0004\b\u001a\u0010\u001bJ\u0018\u0010\b\u001a\u00020\u00072\u0006\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0006\u001a\u00020\u0005H\u0002J\u0018\u0010\t\u001a\u00020\u00072\u0006\u0010\u0004\u001a\u00020\u00032\u0006\u0010\u0006\u001a\u00020\u0005H\u0002J-\u0010\u0012\u001a\u00020\u00112\u0006\u0010\u000b\u001a\u00020\n2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\r0\f2\u0006\u0010\u0010\u001a\u00020\u000fH\u0014¢\u0006\u0004\b\u0012\u0010\u0013J\b\u0010\u0015\u001a\u00020\u0014H\u0014J\u0019\u0010\u0017\u001a\u0004\u0018\u00010\u00162\u0006\u0010\u0004\u001a\u00020\u0003H\u0010¢\u0006\u0004\b\u0017\u0010\u0018¨\u0006\u001e"}, d2 = {"Lcom/airwatch/certpinning/o;", "Lcom/airwatch/certpinning/k;", "Lni0/a;", "Landroid/content/Context;", "context", "Lcom/airwatch/certpinning/TrustSpecs;", "trustSpecs", "Ljava/security/KeyStore;", "l", "k", "Ljava/net/InetAddress;", "host", "", "Ljava/security/cert/X509Certificate;", "chain", "", "authType", "Lrb0/r;", "b", "(Ljava/net/InetAddress;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "", "h", "Ljavax/net/ssl/X509TrustManager;", "m", "(Landroid/content/Context;)Ljavax/net/ssl/X509TrustManager;", "targetHost", "<init>", "(Ljava/lang/String;Lcom/airwatch/certpinning/TrustSpecs;)V", "i", "a", "AWFramework_release"}, k = 1, mv = {1, 5, 1})
/* loaded from: classes2.dex */
public class o extends k {
    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public o(String targetHost, TrustSpecs trustSpecs) {
        super(targetHost, trustSpecs);
        kotlin.jvm.internal.n.g(targetHost, "targetHost");
        kotlin.jvm.internal.n.g(trustSpecs, "trustSpecs");
    }

    private final KeyStore k(Context context, TrustSpecs trustSpecs) {
        if (!(trustSpecs instanceof TrustSpecs.b)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream inputStream = null;
        try {
            InputStream open = context.getAssets().open(((TrustSpecs.b) trustSpecs).getAssetId());
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(open);
                kotlin.jvm.internal.n.f(generateCertificate, "cf.generateCertificate(caInput)");
                ym.g0.i("LocalCertificateTrustManager", kotlin.jvm.internal.n.p("ca=", ((X509Certificate) generateCertificate).getSubjectDN()), null, 4, null);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", generateCertificate);
                kotlin.jvm.internal.n.f(keyStore, "keyStore");
                if (open != null) {
                    open.close();
                }
                return keyStore;
            } catch (Throwable th2) {
                th = th2;
                inputStream = open;
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Throwable th3) {
            th = th3;
        }
    }

    private final KeyStore l(Context context, TrustSpecs trustSpecs) {
        if (!(trustSpecs instanceof TrustSpecs.d)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        try {
            try {
                KeyStore trustStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12);
                InputStream open = context.getAssets().open(((TrustSpecs.d) trustSpecs).getAssetId());
                String password = ((TrustSpecs.d) trustSpecs).getPassword();
                if (password == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                }
                char[] charArray = password.toCharArray();
                kotlin.jvm.internal.n.f(charArray, "(this as java.lang.String).toCharArray()");
                trustStore.load(open, charArray);
                kotlin.jvm.internal.n.f(trustStore, "trustStore");
                ym.e0.b(open);
                return trustStore;
            } catch (Exception e11) {
                throw new RuntimeException("could not load auto discovery trust store", e11);
            }
        } catch (Throwable th2) {
            ym.e0.b(null);
            throw th2;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.airwatch.certpinning.k
    protected void b(InetAddress host, X509Certificate[] chain, String authType) throws CertificateException {
        wi0.a rootScope;
        KClass<?> b11;
        kotlin.jvm.internal.n.g(host, "host");
        kotlin.jvm.internal.n.g(chain, "chain");
        kotlin.jvm.internal.n.g(authType, "authType");
        try {
            if (!(getTrustSpecs() instanceof TrustSpecs.f)) {
                X509TrustManager m11 = m(getApplicationContext());
                if (m11 == null) {
                    throw new IllegalStateException("Required value was null.".toString());
                }
                m11.checkServerTrusted(chain, authType);
                return;
            }
            if (this instanceof ni0.b) {
                rootScope = ((ni0.b) this).getScope();
                b11 = kotlin.jvm.internal.s.b(v.class);
            } else {
                rootScope = getKoin().getScopeRegistry().getRootScope();
                b11 = kotlin.jvm.internal.s.b(v.class);
            }
            ((v) rootScope.g(b11, null, null)).b(chain, getTrustSpecs());
        } catch (Exception e11) {
            throw new SSLPinningCertificateException(getTargetHost(), e11);
        }
    }

    @Override // com.airwatch.certpinning.k
    protected boolean h() {
        return true;
    }

    public X509TrustManager m(Context context) {
        KeyStore k11;
        kotlin.jvm.internal.n.g(context, "context");
        TrustSpecs trustSpecs = getTrustSpecs();
        if (trustSpecs instanceof TrustSpecs.d) {
            k11 = l(context, getTrustSpecs());
        } else {
            if (!(trustSpecs instanceof TrustSpecs.b)) {
                throw new IllegalArgumentException("Invalid trust specs");
            }
            k11 = k(context, getTrustSpecs());
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(k11);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            kotlin.jvm.internal.n.f(trustManagers, "tmf.trustManagers");
            int length = trustManagers.length;
            int i11 = 0;
            while (i11 < length) {
                TrustManager trustManager = trustManagers[i11];
                i11++;
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            ym.g0.X("LocalCertificateTrustManager", "A valid local trust manager was not found", null, 4, null);
            return null;
        } catch (Exception e11) {
            ym.g0.n("LocalCertificateTrustManager", "Could not create trust manager from asset credentials", e11);
            return null;
        }
    }
}
