package com.epocrates.net.engine;

import com.epocrates.epocutil.EPOCLogger;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class HTCWorkAroundX509TrustManager implements X509TrustManager {
    final X509TrustManager delegate;
    final CertificateFactory factory;
    private KeyStore keyStore;
    final PKIXParameters params;
    final CertPathValidator validator;
    private static final X500Principal ROOT = new X500Principal("OU=Class 3 Public Primary Certification Authority, O=\"VeriSign, Inc.\", C=US");
    private static final X500Principal INTERMEDIATE = new X500Principal("OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU=\"VeriSign, Inc.\", O=VeriSign Trust Network");

    /* JADX INFO: Access modifiers changed from: package-private */
    public HTCWorkAroundX509TrustManager() throws Exception {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        this.delegate = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        this.keyStore = KeyStore.getInstance("BKS");
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream("/system/etc/security/cacerts.bks"));
        this.keyStore.load(bufferedInputStream, null);
        bufferedInputStream.close();
        EPOCLogger.d("## &&&&&&&&&&&&&&&&&&&&&&&&&&&& ##");
        EPOCLogger.d("&& HTCWorkAroundX509TrustManager Constructor");
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(nextElement);
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            if (subjectX500Principal.equals(ROOT)) {
                EPOCLogger.d("ROOT");
            } else if (subjectX500Principal.equals(INTERMEDIATE)) {
                EPOCLogger.d("INTERMEDIATE");
                this.keyStore.deleteEntry(nextElement);
            } else if (!subjectX500Principal.equals(issuerX500Principal)) {
                EPOCLogger.d("OTHER NON ROOT");
                this.keyStore.deleteEntry(nextElement);
            }
            EPOCLogger.d("alias=" + nextElement);
            EPOCLogger.d(subjectX500Principal.toString());
            EPOCLogger.d(issuerX500Principal.toString());
            EPOCLogger.d("---");
        }
        EPOCLogger.d("## &&&&&&&&&&&&&&&&&&&&&&&&&&&& ##");
        this.validator = CertPathValidator.getInstance("PKIX");
        this.factory = CertificateFactory.getInstance("X509");
        this.params = new PKIXParameters(this.keyStore);
        this.params.setRevocationEnabled(false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        EPOCLogger.d("## &&&&&&&&&&&&&&&&&&&&&&&&&&&& ##");
        EPOCLogger.d("&& HTCWorkAroundX509TrustManager checkServerTrusted");
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            EPOCLogger.d("i=" + i);
            EPOCLogger.d(x509Certificate.getSubjectX500Principal().toString());
            EPOCLogger.d(x509Certificate.getIssuerX500Principal().toString());
            EPOCLogger.d("---");
        }
        try {
            this.validator.validate(this.factory.generateCertPath(Arrays.asList(x509CertificateArr)), this.params);
            EPOCLogger.d("valid!");
            EPOCLogger.d("## &&&&&&&&&&&&&&&&&&&&&&&&&&&& ##");
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }
}
