package kl.ssl.util;

import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManagerFactory;
import kl.ssl.exception.GMSSLErrorCode;
import kl.ssl.gm.GMBase;
import kl.ssl.jsse.provider.KlGMJsseProvider;

/* loaded from: classes2.dex */
public class CertChainUtil extends GMBase {
    public static TrustManagerFactory constructTrustManagerFactory(List<String> list) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(null, null);
        setKeyStore(keyStore, list);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX", KlGMJsseProvider.PROVIDER_NAME);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    public static void setKeyStore(KeyStore keyStore, List<String> list) throws IOException, KeyStoreException {
        for (int i2 = 0; i2 < list.size(); i2++) {
            keyStore.setCertificateEntry("ca" + i2, CertUtil.loadJcaTlsCertificate(GMBase.CRYPTO, list.get(i2)).getX509Certificate());
        }
    }

    public static X509Certificate strCert2X509Cert(String str) throws IOException {
        return CertUtil.loadJcaTlsCertificate(GMBase.CRYPTO, str).getX509Certificate();
    }

    public static Set<X509Certificate> strCert2X509Cert(List<String> list) throws IOException {
        HashSet hashSet = new HashSet(16);
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            hashSet.add(strCert2X509Cert(it.next()));
        }
        return hashSet;
    }

    public static void validateChain(List<String> list) {
        try {
            Set<X509Certificate> strCert2X509Cert = strCert2X509Cert(list);
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            for (X509Certificate x509Certificate : strCert2X509Cert) {
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    hashSet.add(x509Certificate);
                } catch (Exception unused) {
                    hashSet2.add(x509Certificate);
                }
            }
            if (hashSet.isEmpty()) {
                throw GMSSLErrorCode.SET_CLIENT_CERT_CHAIN.toException();
            }
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate2 = (X509Certificate) it.next();
                boolean z = false;
                Iterator it2 = hashSet.iterator();
                while (it2.hasNext()) {
                    try {
                        x509Certificate2.verify(((X509Certificate) it2.next()).getPublicKey());
                        z = true;
                    } catch (Exception unused2) {
                    }
                }
                if (!z) {
                    throw GMSSLErrorCode.SET_CLIENT_CERT_CHAIN.toException();
                }
            }
        } catch (IOException e2) {
            throw GMSSLErrorCode.CLIENT_CREATE_CERT_CHAIN.toException(e2);
        }
    }
}
