package com.yandex.browser.ssl;

import android.util.Log;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;

@Metadata(d1 = {"\u0000`\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\f\b\u0000\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0019\u0010\u0013\u001a\u00020\u00142\f\u0010\u0015\u001a\b\u0012\u0004\u0012\u00020\u00170\u0016¢\u0006\u0002\u0010\u0018J'\u0010\u0019\u001a\u00020\u00142\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001b\u0018\u00010\u00162\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d¢\u0006\u0002\u0010\u001eJ1\u0010\u0019\u001a\u00020\u00142\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001b\u0018\u00010\u00162\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\b\u0010\u001f\u001a\u0004\u0018\u00010 ¢\u0006\u0002\u0010!J1\u0010\u0019\u001a\u00020\u00142\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001b\u0018\u00010\u00162\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\b\u0010\"\u001a\u0004\u0018\u00010#¢\u0006\u0002\u0010$J'\u0010%\u001a\u00020\u00142\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001b\u0018\u00010\u00162\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d¢\u0006\u0002\u0010\u001eJ1\u0010%\u001a\u00020\u00142\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001b\u0018\u00010\u00162\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\b\u0010\u001f\u001a\u0004\u0018\u00010 ¢\u0006\u0002\u0010!J1\u0010%\u001a\u00020\u00142\u0010\u0010\u001a\u001a\f\u0012\u0006\b\u0001\u0012\u00020\u001b\u0018\u00010\u00162\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\b\u0010\"\u001a\u0004\u0018\u00010#¢\u0006\u0002\u0010$J\u001d\u0010&\u001a\u00020\u00142\u0012\u0010'\u001a\u000e\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\u00140(H\u0082\bJ\n\u0010)\u001a\u0004\u0018\u00010\u0006H\u0002J\b\u0010*\u001a\u00020\u0014H\u0002J\b\u0010+\u001a\u00020\u0014H\u0002J\u0011\u0010,\u001a\b\u0012\u0004\u0012\u00020\u001b0\u0016¢\u0006\u0002\u0010-J\b\u0010.\u001a\u00020\u0014H\u0002J\u0014\u0010/\u001a\u00020\u0014*\u00020\u00062\u0006\u00100\u001a\u00020\u001bH\u0002J\u001f\u00101\u001a\u00020\u0014*\u00020\u00062\f\u00102\u001a\b\u0012\u0004\u0012\u00020\u00170\u0016H\u0002¢\u0006\u0002\u00103R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u0018\u0010\u0005\u001a\u0004\u0018\u00010\u00068BX\u0082\u000e¢\u0006\b\n\u0000\u001a\u0004\b\u0007\u0010\bR\u0018\u0010\t\u001a\u0004\u0018\u00010\n8BX\u0082\u000e¢\u0006\b\n\u0000\u001a\u0004\b\u000b\u0010\fR\u001b\u0010\r\u001a\u00020\n8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u000f\u0010\u0010\u001a\u0004\b\u000e\u0010\fR\u000e\u0010\u0011\u001a\u00020\u0012X\u0082\u0004¢\u0006\u0002\n\u0000¨\u00064"}, d2 = {"Lcom/yandex/browser/ssl/YandexTrustManagerDelegate;", "", "customCertificatesProvider", "Lcom/yandex/browser/ssl/CustomCertificatesProvider;", "(Lcom/yandex/browser/ssl/CustomCertificatesProvider;)V", "customKeyStore", "Ljava/security/KeyStore;", "getCustomKeyStore", "()Ljava/security/KeyStore;", "customTrustManager", "Ljavax/net/ssl/X509TrustManager;", "getCustomTrustManager", "()Ljavax/net/ssl/X509TrustManager;", "defaultTrustManager", "getDefaultTrustManager", "defaultTrustManager$delegate", "Lkotlin/Lazy;", "lock", "Ljava/lang/Object;", "addCertificates", "", "certBytes", "", "", "([[B)V", "checkClientTrusted", "chain", "Ljava/security/cert/X509Certificate;", "authType", "", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "socket", "Ljava/net/Socket;", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljava/net/Socket;)V", "engine", "Ljavax/net/ssl/SSLEngine;", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;Ljavax/net/ssl/SSLEngine;)V", "checkServerTrusted", "checkServerTrustedInternal", "block", "Lkotlin/Function1;", "createCustomKeyStore", "ensureInitializedLocked", "ensureThreadLocked", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "reloadCustomTrustManager", "storeCertificate", "cert", "storeCertificates", "certs", "(Ljava/security/KeyStore;[[B)V", "lib-ssl_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class YandexTrustManagerDelegate {
    private final CustomCertificatesProvider a;
    private final Lazy b;
    private KeyStore c;
    private X509TrustManager d;
    private final Object e;

    public YandexTrustManagerDelegate(CustomCertificatesProvider customCertificatesProvider) {
        Lazy b;
        Intrinsics.g(customCertificatesProvider, "customCertificatesProvider");
        this.a = customCertificatesProvider;
        b = LazyKt__LazyJVMKt.b(new Function0<X509TrustManager>() { // from class: com.yandex.browser.ssl.YandexTrustManagerDelegate$defaultTrustManager$2
            @Override // kotlin.jvm.functions.Function0
            public final X509TrustManager invoke() {
                X509TrustManager d = TrustUtilKt.d();
                if (d != null) {
                    return d;
                }
                throw new IllegalArgumentException("Failed to create default TrustManager");
            }
        });
        this.b = b;
        this.e = new Object();
    }

    private final KeyStore g() {
        KeyStore b = TrustUtilKt.b();
        if (b == null) {
            Log.w("YandexTrustManager", "Custom KeyStore is null, failed to add certs");
            return null;
        }
        o(b, this.a.a());
        return b;
    }

    private final void h() {
        i();
        if (k() == null) {
            this.c = g();
        }
        if (l() != null || k() == null) {
            return;
        }
        this.d = TrustUtilKt.c(k());
    }

    private final void i() {
        if (!Thread.holdsLock(this.e)) {
            throw new IllegalStateException("Operation should be performed under lock");
        }
    }

    private final KeyStore k() {
        i();
        return this.c;
    }

    private final X509TrustManager l() {
        i();
        return this.d;
    }

    private final X509TrustManager m() {
        return (X509TrustManager) this.b.getValue();
    }

    private final void n(KeyStore keyStore, X509Certificate x509Certificate) {
        try {
            keyStore.setCertificateEntry(Intrinsics.o("custom_cert_", Integer.valueOf(keyStore.size())), x509Certificate);
        } catch (KeyStoreException e) {
            Log.w("YandexTrustManager", "Failed to store certificate", e);
        }
    }

    private final void o(KeyStore keyStore, byte[][] bArr) {
        ArrayList arrayList = new ArrayList();
        for (byte[] bArr2 : bArr) {
            X509Certificate e = TrustUtilKt.e(bArr2);
            if (e != null) {
                arrayList.add(e);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            n(keyStore, (X509Certificate) it.next());
        }
    }

    public final void a(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        m().checkClientTrusted(x509CertificateArr, str);
    }

    public final void b(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        if (TrustUtilKt.a()) {
            Api24Impl.a(m(), x509CertificateArr, str, socket);
        } else {
            m().checkClientTrusted(x509CertificateArr, str);
        }
    }

    public final void c(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        if (TrustUtilKt.a()) {
            Api24Impl.b(m(), x509CertificateArr, str, sSLEngine);
        } else {
            m().checkClientTrusted(x509CertificateArr, str);
        }
    }

    public final void d(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Unit unit;
        try {
            m().checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            synchronized (this.e) {
                h();
                X509TrustManager l = l();
                if (l == null) {
                    unit = null;
                } else {
                    l.checkServerTrusted(x509CertificateArr, str);
                    unit = Unit.a;
                }
                if (unit != null) {
                    Unit unit2 = Unit.a;
                } else {
                    Log.w("YandexTrustManager", "Custom TrustManager is null");
                    throw e;
                }
            }
        }
    }

    public final void e(X509Certificate[] x509CertificateArr, String str, Socket socket) throws CertificateException {
        Unit unit;
        try {
            X509TrustManager m = m();
            if (TrustUtilKt.a()) {
                Api24Impl.c(m, x509CertificateArr, str, socket);
            } else {
                m.checkServerTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            synchronized (this.e) {
                h();
                X509TrustManager l = l();
                if (l == null) {
                    unit = null;
                } else {
                    if (TrustUtilKt.a()) {
                        Api24Impl.c(l, x509CertificateArr, str, socket);
                    } else {
                        l.checkServerTrusted(x509CertificateArr, str);
                    }
                    unit = Unit.a;
                }
                if (unit != null) {
                    Unit unit2 = Unit.a;
                } else {
                    Log.w("YandexTrustManager", "Custom TrustManager is null");
                    throw e;
                }
            }
        }
    }

    public final void f(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) throws CertificateException {
        Unit unit;
        try {
            X509TrustManager m = m();
            if (TrustUtilKt.a()) {
                Api24Impl.d(m, x509CertificateArr, str, sSLEngine);
            } else {
                m.checkServerTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            synchronized (this.e) {
                h();
                X509TrustManager l = l();
                if (l == null) {
                    unit = null;
                } else {
                    if (TrustUtilKt.a()) {
                        Api24Impl.d(l, x509CertificateArr, str, sSLEngine);
                    } else {
                        l.checkServerTrusted(x509CertificateArr, str);
                    }
                    unit = Unit.a;
                }
                if (unit != null) {
                    Unit unit2 = Unit.a;
                } else {
                    Log.w("YandexTrustManager", "Custom TrustManager is null");
                    throw e;
                }
            }
        }
    }

    public final X509Certificate[] j() {
        X509Certificate[] acceptedIssuers = m().getAcceptedIssuers();
        Intrinsics.f(acceptedIssuers, "defaultTrustManager.acceptedIssuers");
        return acceptedIssuers;
    }
}
