package org.thoughtcrime.ssl.pinning;

import android.os.Build;
import android.util.Log;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;

/* loaded from: classes.dex */
public class SystemKeyStore {
    private static final String TAG = "SystemKeyStore";
    private final CertificateFactory certificateFactory;
    private final PKIXParameters parameters;
    private final CertPathValidator validator;

    public SystemKeyStore() throws CertificateException {
        try {
            this.parameters = getPkixParameters();
            this.certificateFactory = CertificateFactory.getInstance("X509");
            this.validator = CertPathValidator.getInstance("PKIX");
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException(e);
        }
    }

    private PKIXParameters getPkixParameters() {
        try {
            KeyStore trustStore = getTrustStore();
            HashSet hashSet = new HashSet();
            Enumeration<String> aliases = trustStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) trustStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    hashSet.add(new TrustAnchor(x509Certificate, null));
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            return pKIXParameters;
        } catch (InvalidAlgorithmParameterException e) {
            throw new AssertionError(e);
        } catch (KeyStoreException e2) {
            throw new AssertionError(e2);
        }
    }

    public X509Certificate getTrustRoot(X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            PKIXCertPathValidatorResult pKIXCertPathValidatorResult = (PKIXCertPathValidatorResult) this.validator.validate(this.certificateFactory.generateCertPath(Arrays.asList(x509CertificateArr)), this.parameters);
            if (pKIXCertPathValidatorResult == null) {
                return null;
            }
            return pKIXCertPathValidatorResult.getTrustAnchor().getTrustedCert();
        } catch (InvalidAlgorithmParameterException e) {
            throw new CertificateException(e);
        } catch (CertPathValidatorException e2) {
            return null;
        }
    }

    protected KeyStore getTrustStore() {
        KeyStore keyStore;
        try {
            Log.d(TAG, "Beginning keystore load");
            if (Build.VERSION.SDK_INT >= 14) {
                keyStore = KeyStore.getInstance("AndroidCAStore");
                keyStore.load(null, null);
            } else {
                keyStore = KeyStore.getInstance("BKS");
                keyStore.load(new BufferedInputStream(new FileInputStream(getTrustStorePath())), getTrustStorePassword().toCharArray());
            }
            Log.d(TAG, "Loaded keystore");
            return keyStore;
        } catch (FileNotFoundException e) {
            throw new AssertionError(e);
        } catch (IOException e2) {
            throw new AssertionError(e2);
        } catch (KeyStoreException e3) {
            throw new AssertionError(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new AssertionError(e4);
        } catch (CertificateException e5) {
            throw new AssertionError(e5);
        }
    }

    protected String getTrustStorePassword() {
        String property = System.getProperty("javax.net.ssl.trustStorePassword");
        return property == null ? "changeit" : property;
    }

    protected String getTrustStorePath() {
        String property = System.getProperty("javax.net.ssl.trustStore");
        return property == null ? String.valueOf(System.getProperty("java.home")) + File.separator + "etc" + File.separator + "security" + File.separator + "cacerts.bks" : property;
    }
}
