package com.fillr.browsersdk.tls;

import android.support.v4.media.a;
import android.text.TextUtils;
import com.fillr.browsersdk.BrowserSDKLogger;
import com.fillr.browsersdk.tls.asn1.complextypes.AlgorithmIdentifier;
import com.fillr.browsersdk.tls.asn1.complextypes.PublicKeyInfo;
import com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate;
import java.math.BigInteger;
import java.security.KeyPair;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

/* loaded from: classes3.dex */
public class CertificateRegistry {
    private static final String DEFAULT_SUBJECT = "FillrCA";
    private static final String[] BANNED_HOSTS = {"^(api|ft|schema)\\.fillr\\.com", "^rakuten\\.co\\.jp$", ".*\\.rakuten\\.co\\.jp$"};
    private static final Map<String, SSLCertificate> GENERATED_CERTS = Collections.synchronizedMap(new HashMap());

    public static SSLCertificate generateSelfSignedCertificate(String str, KeyPair keyPair) {
        if (TextUtils.isEmpty(str) || keyPair == null) {
            return null;
        }
        for (String str2 : BANNED_HOSTS) {
            if (str.matches(str2)) {
                return null;
            }
        }
        String wildcard = wildcard(str);
        SSLCertificate whitelistedCertificate = getWhitelistedCertificate(wildcard);
        if (whitelistedCertificate != null) {
            return whitelistedCertificate;
        }
        if (TextUtils.isEmpty(wildcard)) {
            str = DEFAULT_SUBJECT;
            wildcard = DEFAULT_SUBJECT;
        }
        SSLCertificate sSLCertificate = new SSLCertificate(newSerialNumber(), AlgorithmIdentifier.sha256WithRSA(), new PublicKeyInfo(keyPair.getPublic().getEncoded()), keyPair);
        sSLCertificate.setIssuedBy(str, sSLCertificate.getSerialNumberAsHex());
        sSLCertificate.setSubject(wildcard);
        BrowserSDKLogger.Companion companion = BrowserSDKLogger.INSTANCE;
        StringBuilder y2 = a.y("Generated self-signed certificate for host=", wildcard, ", serial=");
        y2.append(sSLCertificate.getSerialNumberAsHex());
        companion.d(y2.toString());
        GENERATED_CERTS.put(wildcard, sSLCertificate);
        companion.d("Registering generated certificate");
        return sSLCertificate;
    }

    public static SSLCertificate getWhitelistedCertificate(String str) {
        String wildcard = wildcard(str);
        Map<String, SSLCertificate> map = GENERATED_CERTS;
        SSLCertificate sSLCertificate = map.get(wildcard);
        BrowserSDKLogger.Companion companion = BrowserSDKLogger.INSTANCE;
        companion.d("Getting whitelisted certificate " + wildcard);
        if (sSLCertificate != null && sSLCertificate.isExpired()) {
            map.remove(wildcard);
            companion.d("fillr.proxy", "Removing expired certificate " + wildcard);
        }
        return map.get(wildcard);
    }

    private static BigInteger newSerialNumber() {
        UUID randomUUID = UUID.randomUUID();
        BigInteger or = BigInteger.valueOf(randomUUID.getMostSignificantBits()).shiftLeft(64).or(BigInteger.valueOf(randomUUID.getLeastSignificantBits()));
        return or.signum() < 1 ? or.negate() : or;
    }

    public static void removeCertificate(String str) {
        GENERATED_CERTS.remove(str);
    }

    public static String wildcard(String str) {
        if (!TextUtils.isEmpty(str)) {
            str.startsWith("*.");
        }
        return str;
    }
}
