package com.paessler.prtgandroid.ssl;

import android.app.Application;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.util.SparseArray;
import androidx.localbroadcastmanager.content.LocalBroadcastManager;
import com.paessler.prtgandroid.PRTGDroid;
import com.paessler.prtgandroid.R;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class PRTGTrustManager implements X509TrustManager {
    private static final String KEYSTORE_PASS = "PRTGdroid";
    private static int mCurrentChoiceId;
    private static SparseArray<SSLChoice> mOpenChoices = new SparseArray<>();
    private Context mApplicationContext;
    private boolean mInteractive;
    private KeyStore mKeyStore;
    private File mKeyStoreFile;
    private X509TrustManager mPRTGTrustManager;
    private X509TrustManager mSystemTrustManager;

    /* loaded from: classes2.dex */
    public class PRTGHostnameVerifier implements HostnameVerifier {
        private HostnameVerifier defaultVerifier;

        public PRTGHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultVerifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (this.defaultVerifier.verify(str, sSLSession)) {
                return true;
            }
            try {
                X509Certificate x509Certificate = (X509Certificate) sSLSession.getPeerCertificates()[0];
                if (x509Certificate.equals(PRTGTrustManager.this.mKeyStore.getCertificate(str.toLowerCase(Locale.US))) || x509Certificate.equals(PRTGTrustManager.this.mKeyStore.getCertificate(x509Certificate.getSubjectDN().toString()))) {
                    return true;
                }
                return PRTGTrustManager.this.showHostDialog(x509Certificate, str);
            } catch (Exception e) {
                e.printStackTrace();
                return false;
            }
        }
    }

    public PRTGTrustManager(Context context) {
        boolean z = false;
        this.mInteractive = false;
        if (context != null) {
            if (!(context instanceof Application)) {
                throw new ClassCastException("Must be an application context");
            }
            z = true;
        }
        this.mInteractive = z;
        this.mApplicationContext = context;
        this.mKeyStoreFile = new File(PRTGDroid.mKeyStorePath + File.separator + "keystore");
        this.mKeyStore = initKeystore();
        this.mSystemTrustManager = initTrustManager(null);
        this.mPRTGTrustManager = initTrustManager(this.mKeyStore);
    }

    private String certDetails(X509Certificate x509Certificate) {
        return "\n\n" + x509Certificate.getSubjectDN().toString() + "\nMD5: " + certHash(x509Certificate, "MD5") + "\nSHA1: " + certHash(x509Certificate, "SHA-1") + "\nSigned by: " + x509Certificate.getIssuerDN().toString();
    }

    private String certDetails(X509Certificate[] x509CertificateArr, CertificateException certificateException) {
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            sb.append(certDetails(x509Certificate));
        }
        return sb.toString();
    }

    private static String certHash(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return e.getMessage();
        } catch (CertificateEncodingException e2) {
            return e2.getMessage();
        }
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr, String str, boolean z) {
        try {
            try {
                if (z) {
                    this.mPRTGTrustManager.checkClientTrusted(x509CertificateArr, str);
                } else {
                    this.mPRTGTrustManager.checkServerTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e) {
                if (!this.mInteractive) {
                    throw e;
                }
                showCertDialog(x509CertificateArr, str, e);
            }
        } catch (CertificateException unused) {
            if (z) {
                this.mSystemTrustManager.checkClientTrusted(x509CertificateArr, str);
            } else {
                this.mSystemTrustManager.checkServerTrusted(x509CertificateArr, str);
            }
        }
    }

    public static void dialogResult(Intent intent) {
        SSLChoice sSLChoice;
        int intExtra = intent.getIntExtra("id", 0);
        int intExtra2 = intent.getIntExtra("choice", 0);
        synchronized (mOpenChoices) {
            sSLChoice = mOpenChoices.get(intExtra);
            mOpenChoices.remove(intExtra);
        }
        if (sSLChoice == null) {
            return;
        }
        synchronized (sSLChoice) {
            sSLChoice.state = intExtra2;
            sSLChoice.notify();
        }
    }

    public static X509TrustManager[] getInstanceList(Context context) {
        return new X509TrustManager[]{new PRTGTrustManager(context)};
    }

    private static String hexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            sb.append(String.format(Locale.US, "%02x", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    private KeyStore initKeystore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
                keyStore.load(new FileInputStream(this.mKeyStoreFile), KEYSTORE_PASS.toCharArray());
            } catch (FileNotFoundException unused) {
            } catch (Exception e) {
                e.printStackTrace();
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    private X509TrustManager initTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            e.printStackTrace();
            return null;
        }
    }

    private int newChoiceId(SSLChoice sSLChoice) {
        int i;
        synchronized (mOpenChoices) {
            i = mCurrentChoiceId;
            mOpenChoices.put(i, sSLChoice);
            mCurrentChoiceId++;
        }
        return i;
    }

    private void showCertDialog(X509Certificate[] x509CertificateArr, String str, CertificateException certificateException) {
        if (showDialog(certDetails(x509CertificateArr, certificateException)) != 2) {
            throw certificateException;
        }
        storeChain(x509CertificateArr);
    }

    private int showDialog(final String str) {
        SSLChoice sSLChoice = new SSLChoice();
        final int newChoiceId = newChoiceId(sSLChoice);
        BroadcastReceiver broadcastReceiver = new BroadcastReceiver() { // from class: com.paessler.prtgandroid.ssl.PRTGTrustManager.1
            @Override // android.content.BroadcastReceiver
            public void onReceive(Context context, Intent intent) {
                PRTGTrustManager.dialogResult(intent);
            }
        };
        LocalBroadcastManager.getInstance(this.mApplicationContext).registerReceiver(broadcastReceiver, new IntentFilter(SSLTrustDialog.BROADCAST_RECEIVER));
        new Thread(new Runnable() { // from class: com.paessler.prtgandroid.ssl.PRTGTrustManager.2
            @Override // java.lang.Runnable
            public void run() {
                Intent intent = new Intent(PRTGTrustManager.this.mApplicationContext, (Class<?>) SSLTrustDialog.class);
                intent.setFlags(268435456);
                intent.putExtra("id", newChoiceId);
                intent.putExtra("message", str);
                try {
                    PRTGTrustManager.this.mApplicationContext.startActivity(intent);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }).start();
        try {
            synchronized (sSLChoice) {
                sSLChoice.wait();
            }
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        LocalBroadcastManager.getInstance(this.mApplicationContext).unregisterReceiver(broadcastReceiver);
        return sSLChoice.state;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean showHostDialog(X509Certificate x509Certificate, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(this.mApplicationContext.getString(R.string.mismatching_certificate_hosts_message, str));
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                sb.append(x509Certificate.getSubjectDN());
                sb.append("\n");
            } else {
                for (List<?> list : subjectAlternativeNames) {
                    Object obj = list.get(1);
                    if (obj instanceof String) {
                        sb.append("[");
                        sb.append((Integer) list.get(0));
                        sb.append("] ");
                        sb.append(obj);
                        sb.append("\n");
                    }
                }
            }
        } catch (CertificateParsingException e) {
            e.printStackTrace();
            sb.append("<Parsing error: ");
            sb.append(e.getLocalizedMessage());
            sb.append(">\n");
        }
        sb.append("\n\nCertificate:");
        sb.append(certDetails(x509Certificate));
        sb.append("\n\n");
        sb.append(this.mApplicationContext.getString(R.string.mismatching_certificate_hosts_question));
        if (showDialog(sb.toString()) != 2) {
            return false;
        }
        storeCert(x509Certificate, str);
        return true;
    }

    private void storeCert(X509Certificate x509Certificate, String str) {
        try {
            this.mKeyStore.setCertificateEntry(str, x509Certificate);
            writeKeystoreToDisk();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
    }

    private void writeKeystoreToDisk() {
        this.mPRTGTrustManager = initTrustManager(this.mKeyStore);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.mKeyStoreFile);
            this.mKeyStore.store(fileOutputStream, KEYSTORE_PASS.toCharArray());
            fileOutputStream.close();
        } catch (FileNotFoundException | IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            e.printStackTrace();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkTrusted(x509CertificateArr, str, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkTrusted(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mSystemTrustManager.getAcceptedIssuers();
    }

    public HostnameVerifier getHostnameVerifier(HostnameVerifier hostnameVerifier) {
        return new PRTGHostnameVerifier(hostnameVerifier);
    }

    public void storeChain(X509Certificate[] x509CertificateArr) {
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                this.mKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().toString(), x509Certificate);
            }
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
        writeKeystoreToDisk();
    }
}
