package org.b.a.h.d;

import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.security.cert.CRL;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathValidator;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.concurrent.atomic.AtomicLong;
import org.fourthline.cling.model.message.header.EXTHeader;

/* loaded from: classes.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final org.b.a.h.b.d f2233a = org.b.a.h.b.b.a((Class<?>) b.class);
    private static AtomicLong b = new AtomicLong();
    private KeyStore c;
    private Collection<? extends CRL> d;
    private int e = -1;
    private boolean f = false;
    private boolean g = false;
    private String h;

    public b(KeyStore keyStore, Collection<? extends CRL> collection) {
        if (keyStore == null) {
            throw new InvalidParameterException("TrustStore must be specified for CertificateValidator.");
        }
        this.c = keyStore;
        this.d = collection;
    }

    public final void a(int i) {
        this.e = i;
    }

    public final void a(String str) {
        this.h = str;
    }

    public final void a(KeyStore keyStore, Certificate certificate) {
        String str;
        KeyStoreException keyStoreException;
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return;
        }
        ((X509Certificate) certificate).checkValidity();
        try {
            if (keyStore == null) {
                throw new InvalidParameterException("Keystore cannot be null");
            }
            String certificateAlias = keyStore.getCertificateAlias((X509Certificate) certificate);
            if (certificateAlias == null) {
                try {
                    certificateAlias = "JETTY" + String.format("%016X", Long.valueOf(b.incrementAndGet()));
                    keyStore.setCertificateEntry(certificateAlias, certificate);
                } catch (KeyStoreException e) {
                    str = certificateAlias;
                    keyStoreException = e;
                    f2233a.b(keyStoreException);
                    throw new CertificateException("Unable to validate certificate" + (str == null ? EXTHeader.DEFAULT_VALUE : " for alias [" + str + "]") + ": " + keyStoreException.getMessage(), keyStoreException);
                }
            }
            Certificate[] certificateChain = keyStore.getCertificateChain(certificateAlias);
            if (certificateChain == null || certificateChain.length == 0) {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
            a(certificateChain);
        } catch (KeyStoreException e2) {
            str = null;
            keyStoreException = e2;
        }
    }

    public final void a(boolean z) {
        this.f = z;
    }

    public final void a(Certificate[] certificateArr) {
        try {
            ArrayList arrayList = new ArrayList();
            for (Certificate certificate : certificateArr) {
                if (certificate != null) {
                    if (!(certificate instanceof X509Certificate)) {
                        throw new IllegalStateException("Invalid certificate type in chain");
                    }
                    arrayList.add((X509Certificate) certificate);
                }
            }
            if (arrayList.isEmpty()) {
                throw new IllegalStateException("Invalid certificate chain");
            }
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) arrayList.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.c, x509CertSelector);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList)));
            pKIXBuilderParameters.setMaxPathLength(this.e);
            pKIXBuilderParameters.setRevocationEnabled(true);
            if (this.d != null && !this.d.isEmpty()) {
                pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(this.d)));
            }
            if (this.g) {
                Security.setProperty("ocsp.enable", "true");
            }
            if (this.f) {
                System.setProperty("com.sun.security.enableCRLDP", "true");
            }
            CertPathValidator.getInstance("PKIX").validate(CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters).getCertPath(), pKIXBuilderParameters);
        } catch (GeneralSecurityException e) {
            f2233a.b(e);
            throw new CertificateException("Unable to validate certificate: " + e.getMessage(), e);
        }
    }

    public final void b(boolean z) {
        this.g = z;
    }
}
