package com.heytap.upgrade.util;

import android.text.TextUtils;
import androidx.appcompat.widget.e;
import com.heytap.upgrade.log.LogHelper;
import com.oapm.perftest.trace.TraceWeaver;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public class CustomTrustManager implements X509TrustManager {
    private static final String TAG = "upgrade_CustomTrustManager";
    public ExecutorService executorService;
    public AtomicBoolean localCertsLoaded;
    public KeyStore mKeyStore;
    public Object mLock;
    public Map<String, String> mMemoryCache;
    private final boolean needCheckHttpsCert;
    public Map<X509Certificate, String> sysCerts;
    public X509TrustManager trustManager;
    public List<X509Certificate> userCerts;

    /* loaded from: classes4.dex */
    public class a implements Runnable {

        /* renamed from: a, reason: collision with root package name */
        public final /* synthetic */ X509Certificate[] f16123a;

        public a(X509Certificate[] x509CertificateArr) {
            this.f16123a = x509CertificateArr;
            TraceWeaver.i(106699);
            TraceWeaver.o(106699);
        }

        @Override // java.lang.Runnable
        public void run() {
            TraceWeaver.i(106701);
            CustomTrustManager.this.cacheCerts(this.f16123a);
            TraceWeaver.o(106701);
        }
    }

    /* loaded from: classes4.dex */
    public class b implements Runnable {
        public b() {
            TraceWeaver.i(106598);
            TraceWeaver.o(106598);
        }

        @Override // java.lang.Runnable
        public void run() {
            TraceWeaver.i(106599);
            System.currentTimeMillis();
            synchronized (CustomTrustManager.this.mLock) {
                try {
                    CustomTrustManager customTrustManager = CustomTrustManager.this;
                    CertificateUtil.getCertsFromKeyStore(customTrustManager.mKeyStore, customTrustManager.userCerts, customTrustManager.sysCerts);
                    CustomTrustManager.this.localCertsLoaded.set(true);
                    CustomTrustManager.this.mLock.notifyAll();
                } catch (Throwable th2) {
                    TraceWeaver.o(106599);
                    throw th2;
                }
            }
            TraceWeaver.o(106599);
        }
    }

    public CustomTrustManager(X509TrustManager x509TrustManager) {
        TraceWeaver.i(106903);
        this.needCheckHttpsCert = true;
        this.mMemoryCache = new ConcurrentHashMap();
        this.sysCerts = new HashMap();
        this.userCerts = new ArrayList();
        this.localCertsLoaded = new AtomicBoolean(false);
        this.mLock = new Object();
        this.executorService = Executors.newSingleThreadExecutor();
        this.trustManager = x509TrustManager;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            this.mKeyStore = keyStore;
            keyStore.load(null, null);
        } catch (Throwable th2) {
            StringBuilder j11 = e.j("CustomTrustManager failed : ");
            j11.append(th2.getMessage());
            LogHelper.w(TAG, j11.toString());
        }
        getCertsFromKeyStore();
        TraceWeaver.o(106903);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cacheCerts(X509Certificate[] x509CertificateArr) {
        TraceWeaver.i(106923);
        String hostFromCert = CertificateUtil.getHostFromCert(x509CertificateArr[0]);
        if (!TextUtils.isEmpty(hostFromCert) && this.localCertsLoaded.get() && !this.mMemoryCache.containsKey(hostFromCert)) {
            StringBuilder sb2 = new StringBuilder();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                Iterator<X509Certificate> it2 = this.sysCerts.keySet().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        X509Certificate next = it2.next();
                        if (lowerCase.equals(next.getSubjectDN().getName().toLowerCase())) {
                            sb2.append(this.sysCerts.get(next));
                            sb2.append(";");
                            break;
                        }
                    }
                }
            }
            String sb3 = sb2.toString();
            if (!TextUtils.isEmpty(sb3)) {
                this.mMemoryCache.put(hostFromCert, sb3);
            }
        }
        TraceWeaver.o(106923);
    }

    private void getCertsFromKeyStore() {
        TraceWeaver.i(106935);
        new Thread(new b()).start();
        TraceWeaver.o(106935);
    }

    private boolean isAllSysCerts(X509Certificate[] x509CertificateArr, List<String> list) {
        TraceWeaver.i(106917);
        X509Certificate[] certsFromAlias = CertificateUtil.getCertsFromAlias(list, this.mKeyStore);
        if (certsFromAlias == null) {
            TraceWeaver.o(106917);
            return false;
        }
        try {
            boolean z11 = false;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                int length = certsFromAlias.length;
                int i11 = 0;
                while (true) {
                    if (i11 >= length) {
                        break;
                    }
                    if (lowerCase.equals(certsFromAlias[i11].getSubjectDN().getName().toLowerCase())) {
                        z11 = true;
                        break;
                    }
                    i11++;
                }
                if (z11) {
                    break;
                }
            }
            if (!z11) {
                TraceWeaver.o(106917);
                return false;
            }
        } catch (Throwable th2) {
            StringBuilder j11 = e.j("isAllSysCerts failed : ");
            j11.append(th2.getMessage());
            LogHelper.w(TAG, j11.toString());
        }
        TraceWeaver.o(106917);
        return true;
    }

    private boolean isTrusted(X509Certificate[] x509CertificateArr) {
        TraceWeaver.i(106911);
        if (this.localCertsLoaded.get()) {
            boolean z11 = !isUserCerts(x509CertificateArr);
            TraceWeaver.o(106911);
            return z11;
        }
        if (isTrustedUsingCache(x509CertificateArr)) {
            TraceWeaver.o(106911);
            return true;
        }
        if (!isTrustedUsingKeyStroe(x509CertificateArr)) {
            TraceWeaver.o(106911);
            return false;
        }
        removeCache(x509CertificateArr);
        TraceWeaver.o(106911);
        return true;
    }

    private boolean isTrustedUsingCache(X509Certificate[] x509CertificateArr) {
        String[] split;
        TraceWeaver.i(106914);
        String hostFromCert = CertificateUtil.getHostFromCert(x509CertificateArr[0]);
        ArrayList arrayList = new ArrayList();
        if (!TextUtils.isEmpty(hostFromCert)) {
            String str = this.mMemoryCache.containsKey(hostFromCert) ? this.mMemoryCache.get(hostFromCert) : null;
            if (!TextUtils.isEmpty(str) && (split = str.split(";")) != null) {
                for (String str2 : split) {
                    if (!TextUtils.isEmpty(str2) && !arrayList.contains(str2)) {
                        arrayList.add(str2);
                    }
                }
            }
        }
        boolean isAllSysCerts = isAllSysCerts(x509CertificateArr, arrayList);
        TraceWeaver.o(106914);
        return isAllSysCerts;
    }

    private boolean isTrustedUsingKeyStroe(X509Certificate[] x509CertificateArr) {
        TraceWeaver.i(106916);
        waitUntileLocalCertsLoaded();
        boolean z11 = !isUserCerts(x509CertificateArr);
        TraceWeaver.o(106916);
        return z11;
    }

    private boolean isUserCerts(X509Certificate[] x509CertificateArr) {
        TraceWeaver.i(106928);
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                String lowerCase = x509Certificate.getIssuerDN().getName().toLowerCase();
                Iterator<X509Certificate> it2 = this.userCerts.iterator();
                while (it2.hasNext()) {
                    if (lowerCase.equals(it2.next().getSubjectDN().getName().toLowerCase())) {
                        TraceWeaver.o(106928);
                        return true;
                    }
                }
            }
        } catch (Throwable th2) {
            StringBuilder j11 = e.j("isUserCerts failed : ");
            j11.append(th2.getMessage());
            LogHelper.w(TAG, j11.toString());
        }
        TraceWeaver.o(106928);
        return false;
    }

    private void removeCache(X509Certificate[] x509CertificateArr) {
        TraceWeaver.i(106925);
        String hostFromCert = CertificateUtil.getHostFromCert(x509CertificateArr[0]);
        if (!TextUtils.isEmpty(hostFromCert) && this.localCertsLoaded.get() && this.mMemoryCache.containsKey(hostFromCert)) {
            this.mMemoryCache.remove(hostFromCert);
        }
        TraceWeaver.o(106925);
    }

    private void waitUntileLocalCertsLoaded() {
        TraceWeaver.i(106936);
        if (!this.localCertsLoaded.get()) {
            synchronized (this.mLock) {
                try {
                    if (!this.localCertsLoaded.get()) {
                        try {
                            this.mLock.wait();
                        } catch (InterruptedException e11) {
                            LogHelper.w(TAG, "waitUntileLocalCertsLoaded failed : " + e11.getMessage());
                        }
                    }
                } finally {
                    TraceWeaver.o(106936);
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        TraceWeaver.i(106906);
        X509TrustManager x509TrustManager = this.trustManager;
        if (x509TrustManager != null) {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
        TraceWeaver.o(106906);
    }

    @Override // javax.net.ssl.X509TrustManager
    public synchronized void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        TraceWeaver.i(106907);
        try {
            X509TrustManager x509TrustManager = this.trustManager;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                if (!isTrusted(x509CertificateArr)) {
                    CertificateException certificateException = new CertificateException("Proxy Certificate");
                    TraceWeaver.o(106907);
                    throw certificateException;
                }
                this.executorService.submit(new a(x509CertificateArr));
            }
            TraceWeaver.o(106907);
        } catch (CertificateException e11) {
            TraceWeaver.o(106907);
            throw e11;
        } catch (Throwable th2) {
            CertificateException certificateException2 = new CertificateException(th2);
            TraceWeaver.o(106907);
            throw certificateException2;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        TraceWeaver.i(106910);
        X509TrustManager x509TrustManager = this.trustManager;
        if (x509TrustManager != null) {
            X509Certificate[] acceptedIssuers = x509TrustManager.getAcceptedIssuers();
            TraceWeaver.o(106910);
            return acceptedIssuers;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        TraceWeaver.o(106910);
        return x509CertificateArr;
    }
}
