package com.medtronic.securitysubsystem;

import com.medtronic.networkadapter.NWConstants;
import com.medtronic.vvlogger.VVLogger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CareLinkTrustManager implements X509TrustManager {
    public static final int CARELINK_SERVER_VALIDATION_FAILED = 7027;
    private static final int CONSTANT_ONE = 1;
    private static final int INDEX_ZERO = 0;
    private static final String TAG = "SECURITY_SUBSYSTEM";
    private static final VVLogger VV_LOGGER = new VVLogger();
    private final KeyStore m_trustStore;

    public CareLinkTrustManager(KeyStore keyStore) {
        this.m_trustStore = keyStore;
    }

    private X509Certificate findRootCert(List<X509Certificate> list) {
        X509Certificate x509Certificate = null;
        if (list == null) {
            VV_LOGGER.logError(TAG, "certificates is null", "7027");
            return null;
        }
        for (X509Certificate x509Certificate2 : list) {
            X509Certificate findSigner = findSigner(x509Certificate2, list);
            if (findSigner == null || findSigner.equals(x509Certificate2)) {
                x509Certificate = x509Certificate2;
                break;
            }
        }
        return x509Certificate;
    }

    private X509Certificate findSignedCert(X509Certificate x509Certificate, List<X509Certificate> list) {
        X509Certificate x509Certificate2 = null;
        if (x509Certificate == null) {
            VV_LOGGER.logError(TAG, "signingCert is null", "7027");
            return null;
        }
        if (list == null) {
            VV_LOGGER.logError(TAG, "certificates is null", "7027");
            return null;
        }
        Iterator<X509Certificate> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate next = it.next();
            if (next.getIssuerDN().equals(x509Certificate.getSubjectDN()) && !next.equals(x509Certificate)) {
                x509Certificate2 = next;
                break;
            }
        }
        return x509Certificate2;
    }

    private X509Certificate findSigner(X509Certificate x509Certificate, List<X509Certificate> list) {
        X509Certificate x509Certificate2 = null;
        if (x509Certificate == null) {
            VV_LOGGER.logError(TAG, "signedCert is null", "7027");
            return null;
        }
        if (list == null) {
            VV_LOGGER.logError(TAG, "certificates is null", "7027");
            return null;
        }
        Iterator<X509Certificate> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            X509Certificate next = it.next();
            if (next.getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                x509Certificate2 = next;
                break;
            }
        }
        return x509Certificate2;
    }

    private X509Certificate[] reorderCertificateChain(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            VV_LOGGER.logError(TAG, "Chain is null", "7027");
            return x509CertificateArr;
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        List<X509Certificate> asList = Arrays.asList(x509CertificateArr);
        int length = x509CertificateArr.length - 1;
        X509Certificate findRootCert = findRootCert(asList);
        if (findRootCert == null) {
            VV_LOGGER.logError(TAG, "Root Certificate is null", "7027");
            return x509CertificateArr;
        }
        x509CertificateArr2[length] = findRootCert;
        X509Certificate x509Certificate = findRootCert;
        while (true) {
            x509Certificate = findSignedCert(x509Certificate, asList);
            if (x509Certificate == null || length <= 0) {
                break;
            }
            length--;
            x509CertificateArr2[length] = x509Certificate;
        }
        return x509CertificateArr2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException, IllegalArgumentException {
        try {
            if (x509CertificateArr == null) {
                VV_LOGGER.logError(TAG, "Certificate chain from server is null", "7027");
                throw new CertificateException("Certificate chain from server null");
            }
            VV_LOGGER.logDebug(TAG, "Certificate chain length from server : " + x509CertificateArr.length);
            X509Certificate[] reorderCertificateChain = reorderCertificateChain(x509CertificateArr);
            if (reorderCertificateChain == null) {
                VV_LOGGER.logError(TAG, "reorderedChain is null", "7027");
                throw new CertificateException("reorderedChain is null");
            }
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            if (certPathValidator == null) {
                VV_LOGGER.logError(TAG, "validator is null", "2316");
                throw new IllegalArgumentException("CertPathValidator  instance is null");
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            if (certificateFactory == null) {
                VV_LOGGER.logError(TAG, "factory is null", "2316");
                throw new IllegalArgumentException("CertificateFactory instance is null");
            }
            CertPath generateCertPath = certificateFactory.generateCertPath(Arrays.asList(reorderCertificateChain));
            if (generateCertPath == null) {
                VV_LOGGER.logError(TAG, "certPath is null", "7027");
                throw new CertificateException("certPath is null");
            }
            if (this.m_trustStore == null) {
                VV_LOGGER.logError(TAG, "trustStore is null", "7027");
                throw new CertificateException("trustStore is null");
            }
            PKIXParameters pKIXParameters = new PKIXParameters(this.m_trustStore);
            pKIXParameters.setRevocationEnabled(false);
            certPathValidator.validate(generateCertPath, pKIXParameters);
            VV_LOGGER.logDebug(TAG, "Validated Carelink Server");
        } catch (InvalidAlgorithmParameterException e) {
            VV_LOGGER.logError(TAG, "Failed due to InvalidAlgorithmParameterException: " + e.getMessage(), "7027");
            throw new CertificateException("InvalidAlgorithmParameterException" + e.toString());
        } catch (KeyStoreException e2) {
            VV_LOGGER.logError(TAG, "Failed due to KeyStoreException " + e2.getMessage(), "7027");
            throw new CertificateException("KeyStoreException" + e2.toString());
        } catch (NoSuchAlgorithmException e3) {
            VV_LOGGER.logError(TAG, "Failed due to NoSuchAlgorithmException: " + e3.getMessage(), "7027");
            throw new CertificateException("NoSuchAlgorithmException" + e3.toString());
        } catch (CertPathValidatorException e4) {
            VV_LOGGER.logError(TAG, "Failed due to CertPathValidatorException " + e4.getMessage(), "7027");
            throw new CertificateException(NWConstants.CERT_PATH_VALIDATOR_EXCEPTION + e4.toString());
        } catch (CertificateException e5) {
            VV_LOGGER.logError(TAG, "Failed due to CertificateException " + e5.getMessage(), "7027");
            throw e5;
        } catch (Exception e6) {
            VV_LOGGER.logError(TAG, "Exception caught : " + e6.getMessage(), "7027");
            throw new CertificateException("Exception" + e6.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}
