package com.seafile.seadroid2.ssl;

import android.util.Log;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.seafile.seadroid2.account.Account;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;

/* loaded from: classes5.dex */
public final class SSLTrustManager {
    private static final String DEBUG_TAG = "SSLTrustManager";
    private static SSLTrustManager instance;
    private X509TrustManager defaultTrustManager;
    private Map<Account, SecureX509TrustManager> managers = Maps.newHashMap();
    private Map<Account, SSLSocketFactory> cachedFactories = Maps.newHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes7.dex */
    public class SecureX509TrustManager implements X509TrustManager {
        private Account account;
        private volatile List<X509Certificate> certsChain = ImmutableList.of();
        private SslFailureReason reason;

        public SecureX509TrustManager(Account account) {
            this.account = account;
            Log.d(SSLTrustManager.DEBUG_TAG, "a SecureX509TrustManager is created:" + hashCode());
        }

        private void customCheck(List<X509Certificate> list, String str) throws CertificateException {
            this.certsChain = ImmutableList.copyOf((Collection) list);
            X509Certificate x509Certificate = list.get(0);
            X509Certificate certificate = CertsManager.instance().getCertificate(this.account);
            if (certificate == null) {
                Log.d(SSLTrustManager.DEBUG_TAG, "no saved cert for " + this.account.server);
                this.reason = SslFailureReason.CERT_NOT_TRUSTED;
                throw new CertificateException();
            }
            if (certificate.equals(x509Certificate)) {
                Log.d(SSLTrustManager.DEBUG_TAG, "the cert of " + this.account.server + " is trusted");
                return;
            }
            Log.d(SSLTrustManager.DEBUG_TAG, "the cert of " + this.account.server + " has changed");
            this.reason = SslFailureReason.CERT_CHANGED;
            throw new CertificateException();
        }

        private void validateHostName(List<X509Certificate> list) throws CertificateException {
            X509Certificate x509Certificate = list.get(0);
            try {
                new BrowserCompatHostnameVerifier().verify(this.account.getServerDomainName(), x509Certificate);
            } catch (SSLException e) {
                throw new CertificateException();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            SSLTrustManager.this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                SSLTrustManager.this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
            List<X509Certificate> orderCerts = SSLTrustManager.this.orderCerts(x509CertificateArr);
            try {
                SSLTrustManager.this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                validateHostName(orderCerts);
            } catch (CertificateException e) {
                customCheck(orderCerts, str);
            }
        }

        protected void finalize() {
            Log.d(SSLTrustManager.DEBUG_TAG, "a SecureX509TrustManager is finalized:" + hashCode());
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return SSLTrustManager.this.defaultTrustManager.getAcceptedIssuers();
        }

        public String getCeritificateInfo() throws CertificateParsingException {
            X509Certificate certificate = CertsManager.instance().getCertificate(this.account);
            return "sigalgName:" + certificate.getSigAlgName() + " Type: " + certificate.getType() + " Version: " + certificate.getVersion() + " IssuerAlternative: " + certificate.getIssuerAlternativeNames() + " NotAfter: " + certificate.getNotAfter();
        }

        public SslFailureReason getReason() {
            return this.reason;
        }

        public List<X509Certificate> getServerCertsChain() {
            return this.certsChain;
        }
    }

    /* loaded from: classes7.dex */
    public enum SslFailureReason {
        CERT_NOT_TRUSTED,
        CERT_CHANGED
    }

    private SSLTrustManager() {
    }

    private void init() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        this.defaultTrustManager = (X509TrustManager) trustManager;
                        return;
                    }
                }
            }
        } catch (KeyStoreException e) {
            Log.e(DEBUG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
        } catch (NoSuchAlgorithmException e2) {
            Log.e(DEBUG_TAG, "Unable to get X509 Trust Manager ", e2);
        }
    }

    public static synchronized SSLTrustManager instance() {
        SSLTrustManager sSLTrustManager;
        synchronized (SSLTrustManager.class) {
            if (instance == null) {
                instance = new SSLTrustManager();
                instance.init();
            }
            sSLTrustManager = instance;
        }
        return sSLTrustManager;
    }

    public Map<Account, SSLSocketFactory> getCachedFactories() {
        return this.cachedFactories;
    }

    public X509Certificate getCertificateInfo(Account account) throws CertificateParsingException {
        List<X509Certificate> certsChainForAccount = getCertsChainForAccount(account);
        if (certsChainForAccount == null || certsChainForAccount.size() == 0) {
            return null;
        }
        return certsChainForAccount.get(0);
    }

    public List<X509Certificate> getCertsChainForAccount(Account account) {
        SecureX509TrustManager secureX509TrustManager = this.managers.get(account);
        if (secureX509TrustManager == null) {
            return null;
        }
        return secureX509TrustManager.getServerCertsChain();
    }

    public X509TrustManager getDefaultTrustManager() {
        return this.defaultTrustManager;
    }

    public SslFailureReason getFailureReason(Account account) {
        SecureX509TrustManager secureX509TrustManager = this.managers.get(account);
        SslFailureReason reason = secureX509TrustManager != null ? secureX509TrustManager.getReason() : null;
        return reason != null ? reason : SslFailureReason.CERT_NOT_TRUSTED;
    }

    public synchronized SSLSocketFactory getSSLSocketFactory(Account account) {
        SSLSocketFactory sSLSocketFactory = this.cachedFactories.get(account);
        if (sSLSocketFactory != null) {
            return sSLSocketFactory;
        }
        try {
            sSLSocketFactory = new SSLSeafileSocketFactory(null, getTrustManagers(account), new SecureRandom());
            Log.d(DEBUG_TAG, "a SSLSocketFactory is created:" + sSLSocketFactory);
        } catch (Exception e) {
            Log.e(DEBUG_TAG, "error when create SSLSocketFactory", e);
        }
        if (sSLSocketFactory != null) {
            this.cachedFactories.put(account, sSLSocketFactory);
        }
        return sSLSocketFactory;
    }

    public synchronized TrustManager[] getTrustManagers(Account account) {
        SecureX509TrustManager secureX509TrustManager;
        secureX509TrustManager = this.managers.get(account);
        if (secureX509TrustManager == null) {
            secureX509TrustManager = new SecureX509TrustManager(account);
            this.managers.put(account, secureX509TrustManager);
        }
        return new TrustManager[]{secureX509TrustManager};
    }

    public List<X509Certificate> orderCerts(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return ImmutableList.of();
        }
        ArrayList newArrayList = Lists.newArrayList(Sets.newHashSet(x509CertificateArr));
        X509Certificate x509Certificate = (X509Certificate) newArrayList.get(0);
        newArrayList.remove(x509Certificate);
        LinkedList newLinkedList = Lists.newLinkedList();
        newLinkedList.add(x509Certificate);
        Principal issuerDN = x509Certificate.getIssuerDN();
        Principal subjectDN = x509Certificate.getSubjectDN();
        for (int size = newArrayList.size(); !newArrayList.isEmpty() && size > 0; size--) {
            for (X509Certificate x509Certificate2 : ImmutableList.copyOf((Collection) newArrayList)) {
                if (x509Certificate2.getIssuerDN().equals(subjectDN)) {
                    newLinkedList.addFirst(x509Certificate2);
                    subjectDN = x509Certificate2.getSubjectDN();
                    newArrayList.remove(x509Certificate2);
                } else if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                    newLinkedList.addLast(x509Certificate2);
                    issuerDN = x509Certificate2.getIssuerDN();
                    newArrayList.remove(x509Certificate2);
                }
            }
        }
        return newLinkedList;
    }
}
