package defpackage;

import android.os.Build;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509Certificate;
import java.util.EnumSet;
import java.util.List;

/* loaded from: classes.dex */
public final class bfo {
    private static final CertificateFactory a;

    static {
        try {
            a = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw bdk.CERTIFICATE_FAILURE.a(e);
        }
    }

    private static X509Certificate a(InputStream inputStream) throws CertificateException {
        Certificate generateCertificate = a.generateCertificate(inputStream);
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new CertificateException("Certificate is not a X.509 certificate.");
    }

    public static X509Certificate a(String str) throws CertificateException {
        return a(new ByteArrayInputStream(String.format("-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----", str).getBytes(azi.a)));
    }

    public static void a(X509Certificate x509Certificate, List<X509Certificate> list) throws CertificateException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("root", x509Certificate);
            PKIXParameters pKIXParameters = new PKIXParameters(keyStore);
            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
            if (Build.VERSION.SDK_INT >= 24) {
                PKIXRevocationChecker pKIXRevocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker();
                if (pKIXRevocationChecker.getOcspResponder() == null && Security.getProperty("ocsp.responderURL") == null) {
                    pKIXParameters.setRevocationEnabled(false);
                }
                pKIXRevocationChecker.setOptions(EnumSet.of(PKIXRevocationChecker.Option.SOFT_FAIL));
                pKIXParameters.addCertPathChecker(pKIXRevocationChecker);
            } else {
                pKIXParameters.setRevocationEnabled(false);
            }
            if (certPathValidator.validate(a.generateCertPath(list), pKIXParameters) != null) {
            } else {
                throw new CertificateException("Error verifying certificate chain (null).");
            }
        } catch (IOException e) {
            e = e;
            throw new CertificateException("Error verifying certificate chain: " + x509Certificate.getSubjectX500Principal(), e);
        } catch (CertificateException e2) {
            throw e2;
        } catch (GeneralSecurityException e3) {
            e = e3;
            throw new CertificateException("Error verifying certificate chain: " + x509Certificate.getSubjectX500Principal(), e);
        }
    }
}
