package at.bitfire.cert4android;

import D.W;
import D9.C0560f;
import D9.K;
import F.l0;
import G9.L;
import android.annotation.SuppressLint;
import android.content.Context;
import b9.o;
import b9.z;
import f9.C4943h;
import j3.C5142a;
import j3.C5145d;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509TrustManager;
import org.conscrypt.Conscrypt;

/* loaded from: classes.dex */
public final class b {

    /* renamed from: g, reason: collision with root package name */
    public static final a f19003g = new Object();

    /* renamed from: h, reason: collision with root package name */
    @SuppressLint({"StaticFieldLeak"})
    public static b f19004h;

    /* renamed from: a, reason: collision with root package name */
    public final Context f19005a;

    /* renamed from: b, reason: collision with root package name */
    public final long f19006b = 60000;

    /* renamed from: c, reason: collision with root package name */
    public final o f19007c = K.q(C5145d.f37786A);

    /* renamed from: d, reason: collision with root package name */
    public final File f19008d;

    /* renamed from: e, reason: collision with root package name */
    public final KeyStore f19009e;

    /* renamed from: f, reason: collision with root package name */
    public final HashSet<X509Certificate> f19010f;

    /* loaded from: classes.dex */
    public static final class a {
        public final synchronized b a(Context context) {
            q9.l.g(context, "context");
            b bVar = b.f19004h;
            if (bVar != null) {
                return bVar;
            }
            Context applicationContext = context.getApplicationContext();
            q9.l.f(applicationContext, "getApplicationContext(...)");
            b bVar2 = new b(applicationContext);
            b.f19004h = bVar2;
            return bVar2;
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [at.bitfire.cert4android.b$a, java.lang.Object] */
    static {
        Security.insertProviderAt(Conscrypt.newProvider(), 1);
        Conscrypt.Version version = Conscrypt.version();
        Logger logger = C5142a.f37778a;
        int major = version.major();
        int minor = version.minor();
        int patch = version.patch();
        StringBuilder e10 = W.e("Using Conscrypt/", major, ".", minor, ".");
        e10.append(patch);
        e10.append(" for TLS");
        logger.info(e10.toString());
        SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
        String[] enabledProtocols = createSSLEngine.getEnabledProtocols();
        q9.l.f(enabledProtocols, "getEnabledProtocols(...)");
        logger.info("Enabled protocols: ".concat(c9.l.V(enabledProtocols, ", ", 62)));
        String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
        q9.l.f(enabledCipherSuites, "getEnabledCipherSuites(...)");
        logger.info("Enabled ciphers: ".concat(c9.l.V(enabledCipherSuites, ", ", 62)));
    }

    public b(Context context) {
        this.f19005a = context;
        File file = new File(context.getDir("KeyStore", 0), "KeyStore.bks");
        this.f19008d = file;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        q9.l.d(keyStore);
        this.f19009e = keyStore;
        this.f19010f = new HashSet<>();
        synchronized (this) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                try {
                    keyStore.load(fileInputStream, null);
                    C5142a.f37778a.fine("Loaded " + keyStore.size() + " trusted certificate(s)");
                    z zVar = z.f19771a;
                    l0.c(fileInputStream, null);
                } finally {
                }
            } catch (Exception unused) {
                C5142a.f37778a.fine("No key store for trusted certificates (yet); creating in-memory key store.");
                try {
                    this.f19009e.load(null, null);
                } catch (Exception e10) {
                    C5142a.f37778a.log(Level.SEVERE, "Couldn't initialize in-memory key store", (Throwable) e10);
                }
            }
        }
    }

    public final boolean a(X509Certificate[] x509CertificateArr, String str, boolean z10, L l10) {
        boolean z11;
        q9.l.g(x509CertificateArr, "chain");
        q9.l.g(str, "authType");
        if (x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain must not be empty");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        synchronized (this) {
            synchronized (this) {
                q9.l.g(x509Certificate, "cert");
                z11 = this.f19009e.getCertificateAlias(x509Certificate) != null;
            }
        }
        if (z11) {
            return true;
        }
        if (this.f19010f.contains(x509Certificate)) {
            return false;
        }
        if (z10) {
            try {
                ((X509TrustManager) this.f19007c.getValue()).checkServerTrusted(x509CertificateArr, str);
                return true;
            } catch (CertificateException unused) {
            }
        }
        z zVar = z.f19771a;
        if (l10 != null) {
            return ((Boolean) C0560f.m(C4943h.f36087n, new c(this, x509Certificate, l10, null))).booleanValue();
        }
        C5142a.f37778a.log(Level.INFO, "Certificate not known and running in non-interactive mode, rejecting");
        return false;
    }

    public final synchronized void b() {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.f19008d);
            try {
                this.f19009e.store(fileOutputStream, null);
                z zVar = z.f19771a;
                l0.c(fileOutputStream, null);
            } finally {
            }
        } catch (Exception e10) {
            Logger logger = C5142a.f37778a;
            C5142a.f37778a.log(Level.SEVERE, "Couldn't save custom certificate key store", (Throwable) e10);
        }
    }
}
