package at.bitfire.cert4android;

import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.util.Log;
import android.util.SparseArray;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CustomCertManager implements Closeable, X509TrustManager {
    protected static final String CMD_CERTIFICATION_DECISION = "certDecision";
    protected static final String CMD_RESET_CERTIFICATES = "resetCertificates";
    protected static final String EXTRA_CERTIFICATE = "certificate";
    protected static final String EXTRA_TRUSTED = "trusted";
    public static final String KEYSTORE_DIR = "KeyStore";
    public static final String KEYSTORE_NAME = "KeyStore.bks";
    public static final int MSG_CERTIFICATE_DECISION = 0;
    protected static int SERVICE_TIMEOUT = 300000;
    final Context context;
    X509TrustManager customTrustManager;
    final Object decisionLock;
    final SparseArray<Boolean> decisions;
    File keyStoreFile;
    final Messenger messenger;
    final HandlerThread messengerThread;
    final AtomicInteger nextDecisionID;
    Messenger service;
    ServiceConnection serviceConnection;
    X509TrustManager systemTrustManager;
    KeyStore trustedKeyStore;
    Set<X509Certificate> untrustedCerts;

    /* loaded from: classes.dex */
    public class CustomHostnameVerifier implements HostnameVerifier {
        final HostnameVerifier defaultVerifier;

        public CustomHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultVerifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            Constants.log.fine("Verifying certificate for " + str);
            if (this.defaultVerifier != null && this.defaultVerifier.verify(str, sSLSession)) {
                return true;
            }
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if ((peerCertificates instanceof X509Certificate[]) && peerCertificates.length > 0) {
                    Constants.log.fine("Certificate is in custom trust store, accepting");
                    return true;
                }
            } catch (SSLPeerUnverifiedException e) {
                Constants.log.log(Level.WARNING, "Couldn't get certificate for host name verification", (Throwable) e);
            }
            return false;
        }
    }

    /* loaded from: classes.dex */
    class MessageHandler implements Handler.Callback {
        private MessageHandler() {
        }

        @Override // android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            Constants.log.fine("Received reply from CustomCertificateService: " + message);
            switch (message.what) {
                case 0:
                    synchronized (CustomCertManager.this.decisionLock) {
                        CustomCertManager.this.decisions.put(message.arg1, Boolean.valueOf(message.arg2 != 0));
                        CustomCertManager.this.decisionLock.notifyAll();
                    }
                    return true;
                default:
                    return false;
            }
        }
    }

    public CustomCertManager(@NonNull Context context, boolean z) {
        this(context, z, null);
    }

    CustomCertManager(@NonNull Context context, boolean z, @Nullable Messenger messenger) {
        FileInputStream fileInputStream;
        this.nextDecisionID = new AtomicInteger();
        this.decisions = new SparseArray<>();
        this.decisionLock = new Object();
        this.untrustedCerts = new HashSet();
        this.serviceConnection = new ServiceConnection() { // from class: at.bitfire.cert4android.CustomCertManager.1
            @Override // android.content.ServiceConnection
            public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
                Constants.log.fine("Connected to service");
                CustomCertManager.this.service = new Messenger(iBinder);
            }

            @Override // android.content.ServiceConnection
            public void onServiceDisconnected(ComponentName componentName) {
                CustomCertManager.this.service = null;
            }
        };
        this.context = context;
        this.systemTrustManager = z ? CertUtils.getTrustManager(null) : null;
        this.keyStoreFile = new File(context.getDir("KeyStore", 0), "KeyStore.bks");
        try {
            Log.d("performSync", "keyStoreFile -> " + this.keyStoreFile.toString());
            this.trustedKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                fileInputStream = new FileInputStream(this.keyStoreFile);
            } catch (FileNotFoundException e) {
                Constants.log.fine("No custom keystore found");
                fileInputStream = null;
            }
            this.trustedKeyStore.load(fileInputStream, null);
            this.customTrustManager = CertUtils.getTrustManager(this.trustedKeyStore);
            this.systemTrustManager = CertUtils.getTrustManager(this.trustedKeyStore);
            Log.d("performSync", "customTrustManager -> " + this.customTrustManager.toString());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            Log.d("performSync", "Couldn't initialize key store, creating in-memory key store" + e2.toString());
            Constants.log.log(Level.SEVERE, "Couldn't initialize key store, creating in-memory key store", (Throwable) e2);
            try {
                this.trustedKeyStore.load(null, null);
            } catch (IOException | NoSuchAlgorithmException | CertificateException e3) {
                Constants.log.log(Level.SEVERE, "Couldn't initialize in-memory key store", e3);
            }
        }
        this.messengerThread = new HandlerThread("CustomCertificateManager.Messenger");
        this.messengerThread.start();
        this.messenger = new Messenger(new Handler(this.messengerThread.getLooper(), new MessageHandler()));
        Log.d("performSync", "new MessageHandler");
        if (messenger != null) {
            this.service = messenger;
            this.serviceConnection = null;
            Log.d("performSync", "service != null");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("cert4android doesn't validate client certificates");
    }

    protected void checkCustomTrusted(X509Certificate x509Certificate) throws CertificateException {
        Constants.log.fine("Querying custom certificate trustworthiness");
        this.untrustedCerts.remove(x509Certificate);
        try {
            this.trustedKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
        } catch (KeyStoreException e) {
            Constants.log.log(Level.SEVERE, "Couldn't add certificate into key store", (Throwable) e);
        }
        saveKeyStore();
        this.systemTrustManager = CertUtils.getTrustManager(this.trustedKeyStore);
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x0014  */
    /* JADX WARN: Removed duplicated region for block: B:8:? A[RETURN, SYNTHETIC] */
    @Override // javax.net.ssl.X509TrustManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkServerTrusted(java.security.cert.X509Certificate[] r4, java.lang.String r5) throws java.security.cert.CertificateException {
        /*
            r3 = this;
            r1 = 0
            java.lang.String r0 = "performSync"
            java.lang.String r2 = "checkServerTrusted is called!"
            android.util.Log.d(r0, r2)
            javax.net.ssl.X509TrustManager r0 = r3.systemTrustManager
            if (r0 == 0) goto L22
            javax.net.ssl.X509TrustManager r0 = r3.systemTrustManager     // Catch: java.security.cert.CertificateException -> L1a
            r0.checkServerTrusted(r4, r5)     // Catch: java.security.cert.CertificateException -> L1a
            r0 = 1
        L12:
            if (r0 != 0) goto L19
            r0 = r4[r1]
            r3.checkCustomTrusted(r0)
        L19:
            return
        L1a:
            r0 = move-exception
            java.util.logging.Logger r0 = at.bitfire.cert4android.Constants.log
            java.lang.String r2 = "Certificate not trusted by system"
            r0.fine(r2)
        L22:
            r0 = r1
            goto L12
        */
        throw new UnsupportedOperationException("Method not decompiled: at.bitfire.cert4android.CustomCertManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.messengerThread.quit();
        if (this.serviceConnection != null) {
            this.context.unbindService(this.serviceConnection);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public HostnameVerifier hostnameVerifier(@Nullable HostnameVerifier hostnameVerifier) {
        return new CustomHostnameVerifier(hostnameVerifier);
    }

    public void resetCertificates() {
        Intent intent = new Intent(this.context, (Class<?>) CustomCertService.class);
        intent.setAction(CMD_RESET_CERTIFICATES);
        this.context.startService(intent);
    }

    protected void saveKeyStore() {
        try {
            Constants.log.fine("Saving custom certificate key store to " + this.keyStoreFile);
            this.trustedKeyStore.store(new FileOutputStream(this.keyStoreFile), null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Constants.log.log(Level.SEVERE, "Couldn't save custom certificate key store", e);
        }
    }
}
