package com.eero.android.pki;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.PropertyReference1Impl;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KProperty;

/* compiled from: Ssl.kt */
/* loaded from: classes.dex */
public final class SegmentedKeyStoreTrustManager implements X509TrustManager {
    static final /* synthetic */ KProperty[] $$delegatedProperties = {Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(SegmentedKeyStoreTrustManager.class), "orig", "getOrig()Ljavax/net/ssl/X509TrustManager;"))};
    private final LocalKeyStoreIdentity id;
    private final SegmentedKeyStore idKeyStore;
    private final Lazy orig$delegate;

    public SegmentedKeyStoreTrustManager(LocalKeyStoreIdentity id) {
        Lazy lazy;
        Intrinsics.checkParameterIsNotNull(id, "id");
        this.id = id;
        this.idKeyStore = this.id.getKeyStore();
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<X509TrustManager>() { // from class: com.eero.android.pki.SegmentedKeyStoreTrustManager$orig$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final X509TrustManager invoke() {
                TrustManagerFactory originalTrustManagerFactory = TrustManagerFactory.getInstance("X509");
                originalTrustManagerFactory.init(SegmentedKeyStoreTrustManager.this.getIdKeyStore().getKeyStore());
                Intrinsics.checkExpressionValueIsNotNull(originalTrustManagerFactory, "originalTrustManagerFactory");
                TrustManager[] trustManagers = originalTrustManagerFactory.getTrustManagers();
                Intrinsics.checkExpressionValueIsNotNull(trustManagers, "originalTrustManagerFactory.trustManagers");
                Object first = ArraysKt.first(trustManagers);
                if (first != null) {
                    return (X509TrustManager) first;
                }
                throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
            }
        });
        this.orig$delegate = lazy;
    }

    private final X509TrustManager getOrig() {
        Lazy lazy = this.orig$delegate;
        KProperty kProperty = $$delegatedProperties[0];
        return (X509TrustManager) lazy.getValue();
    }

    private final void validateChainWithTrustedRoot(X509Certificate[] x509CertificateArr, String str, boolean z) {
        if (z) {
            getOrig().checkClientTrusted(x509CertificateArr, str);
        } else {
            getOrig().checkServerTrusted(x509CertificateArr, str);
        }
        if (x509CertificateArr != null) {
            X509Certificate x509Certificate = (X509Certificate) ArraysKt.last(x509CertificateArr);
            for (X509Certificate x509Certificate2 : this.id.getTrustedAuthorities()) {
                if (Intrinsics.areEqual(x509Certificate2, x509Certificate)) {
                    return;
                }
            }
        }
        throw new CertificateException("No peer certificate chain presented");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        validateChainWithTrustedRoot(x509CertificateArr, str, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        validateChainWithTrustedRoot(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.id.getTrustedAuthorities();
    }

    public final LocalKeyStoreIdentity getId() {
        return this.id;
    }

    public final SegmentedKeyStore getIdKeyStore() {
        return this.idKeyStore;
    }
}
