package com.microsoft.rightsmanagement.communication;

import com.microsoft.rightsmanagement.exceptions.ProtectionException;
import com.microsoft.rightsmanagement.logger.h;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class PRSSTrustManager implements X509TrustManager {
    private static final String TAG = "PRSSTrustManager";

    private X509Certificate reloadCertIfNeeded(X509Certificate x509Certificate) throws CertificateException {
        ByteArrayInputStream byteArrayInputStream;
        Throwable th;
        X509Certificate x509Certificate2 = null;
        if (x509Certificate != null) {
            h.a(TAG, "Reloading certificate");
            try {
                byteArrayInputStream = new ByteArrayInputStream(x509Certificate.getEncoded());
                try {
                    x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException unused) {
                            h.a(TAG, "Failed closing byte array input stream.");
                        }
                    }
                    if (x509Certificate2 == null) {
                        throw new CertificateException("Failed reloading certificate");
                    }
                } catch (Throwable th2) {
                    th = th2;
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException unused2) {
                            h.a(TAG, "Failed closing byte array input stream.");
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                byteArrayInputStream = null;
                th = th3;
            }
        }
        return x509Certificate2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        h.a(TAG, "checkClientTrusted called. Doing nothing.");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            X509Certificate certificate = RootCertificate.getInstance().getCertificate();
            try {
                CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    arrayList.add(reloadCertIfNeeded(x509Certificate));
                }
                CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
                TrustAnchor trustAnchor = new TrustAnchor(certificate, null);
                HashSet hashSet = new HashSet();
                hashSet.add(trustAnchor);
                try {
                    PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
                    pKIXParameters.setRevocationEnabled(false);
                    try {
                        certPathValidator.validate(generateCertPath, pKIXParameters);
                    } catch (InvalidAlgorithmParameterException e) {
                        h.c(TAG, "InvalidAlgorithmParameterException caught. Throwing CertificateException. Exception is: " + e.getLocalizedMessage());
                        throw new CertificateException(e);
                    } catch (CertPathValidatorException e2) {
                        h.c(TAG, "CertPathValidatorException caught. Throwing CertificateException. Exception is: " + e2.getLocalizedMessage());
                        throw new CertificateException(e2);
                    }
                } catch (InvalidAlgorithmParameterException e3) {
                    h.c(TAG, "InvalidAlgorithmParameterException caught. Throwing CertificateException. Exception is: " + e3.getLocalizedMessage());
                    throw new CertificateException(e3);
                }
            } catch (NoSuchAlgorithmException e4) {
                h.c(TAG, "NoSuchAlgorithmException caught. Throwing CertificateException. Exception is: " + e4.getLocalizedMessage());
                throw new CertificateException(e4);
            }
        } catch (ProtectionException e5) {
            h.c(TAG, "ProtectionException caught. Thrwoing CertificateException. Exception is: " + e5.getLocalizedMessage());
            throw new CertificateException(e5);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        h.a(TAG, "getAcceptedIssuers called. returning null.");
        return null;
    }
}
