package ch.alpeinsoft.passsecurium.ui.mvp.information;

import android.app.Activity;
import android.app.Application;
import android.app.Service;
import android.content.Context;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.commons.lang3.StringUtils;
import org.apache.tika.metadata.Metadata;
import timber.log.Timber;

/* loaded from: classes.dex */
public class SecuriumTrustManager implements X509TrustManager {
    private static final String KEYSTORE_DIR = "KeyStore";
    private static final String KEYSTORE_FILE = "KeyStore.bks";
    private static final Logger LOGGER = Logger.getLogger(SecuriumTrustManager.class.getName());
    private static volatile SecuriumTrustManager sInstance;
    private KeyStore appKeyStore;
    private X509TrustManager appTrustManager;
    private X509TrustManager defaultTrustManager;
    private File keyStoreFile;

    /* loaded from: classes.dex */
    private class NonInteractiveSecuriumTrustManager implements X509TrustManager {
        private NonInteractiveSecuriumTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            SecuriumTrustManager.this.checkCertTrusted(x509CertificateArr, str, false, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            SecuriumTrustManager.this.checkCertTrusted(x509CertificateArr, str, true, false);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return SecuriumTrustManager.this.getAcceptedIssuers();
        }
    }

    /* loaded from: classes.dex */
    private static class SecuriumHostnameVerifier implements HostnameVerifier {
        private HostnameVerifier defaultVerifier;

        SecuriumHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultVerifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            return this.defaultVerifier.verify(str, sSLSession);
        }
    }

    private SecuriumTrustManager(Context context) {
        init(context);
        this.appTrustManager = getTrustManager(this.appKeyStore);
        this.defaultTrustManager = getTrustManager(null);
    }

    private void certDetails(StringBuffer stringBuffer, X509Certificate x509Certificate) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH);
        stringBuffer.append(StringUtils.LF);
        stringBuffer.append(x509Certificate.getSubjectDN().toString());
        stringBuffer.append(StringUtils.LF);
        stringBuffer.append(simpleDateFormat.format(x509Certificate.getNotBefore()));
        stringBuffer.append(" - ");
        stringBuffer.append(simpleDateFormat.format(x509Certificate.getNotAfter()));
        stringBuffer.append("\nSHA-256: ");
        stringBuffer.append(certHash(x509Certificate, MessageDigestAlgorithms.SHA_256));
        stringBuffer.append("\nSHA-1: ");
        stringBuffer.append(certHash(x509Certificate, MessageDigestAlgorithms.SHA_1));
        stringBuffer.append("\nSigned by: ");
        stringBuffer.append(x509Certificate.getIssuerDN().toString());
        stringBuffer.append(StringUtils.LF);
    }

    private static String certHash(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return e.getMessage();
        } catch (CertificateEncodingException e2) {
            return e2.getMessage();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkCertTrusted(X509Certificate[] x509CertificateArr, String str, boolean z, boolean z2) throws CertificateException {
        storeCert(x509CertificateArr[0]);
        try {
            if (z) {
                this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            e.printStackTrace();
            throw e;
        }
    }

    private HashMap<String, String> getDetailsMap(String str) {
        HashMap<String, String> hashMap = new HashMap<>();
        for (String str2 : str.split(",")) {
            hashMap.put(str2.substring(0, str2.indexOf(61)), str2.substring(str2.indexOf(61) + 1));
        }
        return hashMap;
    }

    public static SecuriumTrustManager getInstance() {
        return sInstance;
    }

    private X509Certificate getLastCert() {
        return this.appTrustManager.getAcceptedIssuers()[r0.length - 1];
    }

    private X509TrustManager getTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static String hexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            sb.append(String.format(Locale.ENGLISH, "%02x", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                sb.append(Metadata.NAMESPACE_PREFIX_DELIMITER);
            }
        }
        return sb.toString();
    }

    private void init(Context context) {
        Application application;
        if (context instanceof Application) {
            application = (Application) context;
        } else if (context instanceof Service) {
            application = ((Service) context).getApplication();
        } else {
            if (!(context instanceof Activity)) {
                throw new ClassCastException("SecuriumTrustManager context must be either Activity or Service!");
            }
            application = ((Activity) context).getApplication();
        }
        File dir = application.getDir(KEYSTORE_DIR, 0);
        Timber.d("Key store path:" + dir + File.separator + KEYSTORE_FILE, new Object[0]);
        this.keyStoreFile = new File(dir + File.separator + KEYSTORE_FILE);
        this.appKeyStore = loadAppKeyStore();
    }

    public static void inititialize(Context context) {
        sInstance = new SecuriumTrustManager(context);
    }

    private boolean isCertKnown(X509Certificate x509Certificate) {
        try {
            return this.appKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    private boolean isExpiredException(Throwable th) {
        while (!(th instanceof CertificateExpiredException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x0034 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void keyStoreUpdated() {
        /*
            r4 = this;
            java.security.KeyStore r0 = r4.appKeyStore
            javax.net.ssl.X509TrustManager r0 = r4.getTrustManager(r0)
            r4.appTrustManager = r0
            r0 = 0
            java.io.FileOutputStream r1 = new java.io.FileOutputStream     // Catch: java.lang.Throwable -> L21 java.lang.Exception -> L26
            java.io.File r2 = r4.keyStoreFile     // Catch: java.lang.Throwable -> L21 java.lang.Exception -> L26
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L21 java.lang.Exception -> L26
            java.security.KeyStore r0 = r4.appKeyStore     // Catch: java.lang.Exception -> L1f java.lang.Throwable -> L31
            java.lang.String r2 = "MTM"
            char[] r2 = r2.toCharArray()     // Catch: java.lang.Exception -> L1f java.lang.Throwable -> L31
            r0.store(r1, r2)     // Catch: java.lang.Exception -> L1f java.lang.Throwable -> L31
        L1b:
            r1.close()     // Catch: java.io.IOException -> L30
            goto L30
        L1f:
            r0 = move-exception
            goto L2a
        L21:
            r1 = move-exception
            r3 = r1
            r1 = r0
            r0 = r3
            goto L32
        L26:
            r1 = move-exception
            r3 = r1
            r1 = r0
            r0 = r3
        L2a:
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L31
            if (r1 == 0) goto L30
            goto L1b
        L30:
            return
        L31:
            r0 = move-exception
        L32:
            if (r1 == 0) goto L37
            r1.close()     // Catch: java.io.IOException -> L37
        L37:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: ch.alpeinsoft.passsecurium.ui.mvp.information.SecuriumTrustManager.keyStoreUpdated():void");
    }

    private KeyStore loadAppKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
                keyStore.load(new FileInputStream(this.keyStoreFile), "MTM".toCharArray());
            } catch (Exception e) {
                e.printStackTrace();
            }
            return keyStore;
        } catch (KeyStoreException unused) {
            return null;
        }
    }

    private void storeCert(String str, Certificate certificate) {
        try {
            Iterator it = Collections.list(this.appKeyStore.aliases()).iterator();
            while (it.hasNext()) {
                this.appKeyStore.deleteEntry((String) it.next());
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        try {
            this.appKeyStore.setCertificateEntry(str, certificate);
            keyStoreUpdated();
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
        }
    }

    private void storeCert(X509Certificate x509Certificate) {
        storeCert(x509Certificate.getSubjectDN().toString(), x509Certificate);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, false, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, true, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        LOGGER.log(Level.FINE, "getAcceptedIssuers()");
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    public String getCertExpireDate() {
        return this.appTrustManager == null ? "" : getLastCert().getNotAfter().toLocaleString();
    }

    public String getCertIssueDate() {
        return this.appTrustManager == null ? "" : getLastCert().getNotBefore().toLocaleString();
    }

    public HashMap<String, String> getCertIssuerDN() {
        if (this.appTrustManager == null) {
            return null;
        }
        return getDetailsMap(getLastCert().getIssuerDN().getName());
    }

    public HashMap<String, String> getCertSubjectDN() {
        if (this.appTrustManager == null) {
            return null;
        }
        return getDetailsMap(getLastCert().getSubjectDN().getName());
    }

    public String getSignatureAlgorthm() {
        return this.appTrustManager == null ? "" : getLastCert().getSigAlgName() + StringUtils.SPACE + getLastCert().getSigAlgOID();
    }

    public String getTrustedCertificateChainMessage() {
        if (this.appTrustManager == null) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer();
        certDetails(stringBuffer, getLastCert());
        return stringBuffer.toString();
    }

    public HostnameVerifier wrapHostnameVerifier(HostnameVerifier hostnameVerifier) {
        if (hostnameVerifier != null) {
            return new SecuriumHostnameVerifier(hostnameVerifier);
        }
        throw new IllegalArgumentException("The default verifier may not be null");
    }
}
