package unet.org.chromium.net;

import android.annotation.SuppressLint;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.http.X509TrustManagerExtensions;
import android.util.Pair;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import unet.org.chromium.base.ContextUtils;
import unet.org.chromium.base.annotations.JNINamespace;
import unet.org.chromium.base.annotations.SuppressFBWarnings;

/* compiled from: ProGuard */
@JNINamespace
/* loaded from: classes2.dex */
public class X509Util {

    /* renamed from: a, reason: collision with root package name */
    public static CertificateFactory f37992a;

    /* renamed from: b, reason: collision with root package name */
    public static X509TrustManagerJellyBean f37993b;

    /* renamed from: c, reason: collision with root package name */
    public static TrustStorageListener f37994c;

    /* renamed from: d, reason: collision with root package name */
    public static X509TrustManagerJellyBean f37995d;

    /* renamed from: e, reason: collision with root package name */
    public static KeyStore f37996e;
    public static KeyStore f;

    /* renamed from: g, reason: collision with root package name */
    public static File f37997g;

    /* renamed from: h, reason: collision with root package name */
    public static HashSet f37998h;

    /* renamed from: i, reason: collision with root package name */
    public static boolean f37999i;

    /* renamed from: j, reason: collision with root package name */
    public static final Object f38000j = new Object();

    /* renamed from: k, reason: collision with root package name */
    public static final char[] f38001k = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static final class TrustStorageListener extends BroadcastReceiver {
        @Override // android.content.BroadcastReceiver
        public final void onReceive(Context context, Intent intent) {
            if (intent.getAction().equals("android.security.STORAGE_CHANGED")) {
                try {
                    X509Util.d();
                } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
                }
            }
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static final class X509TrustManagerIceCreamSandwich implements X509TrustManagerImplementation {
        public X509TrustManagerIceCreamSandwich() {
            throw null;
        }
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public interface X509TrustManagerImplementation {
    }

    /* compiled from: ProGuard */
    /* loaded from: classes2.dex */
    public static final class X509TrustManagerJellyBean implements X509TrustManagerImplementation {

        /* renamed from: a, reason: collision with root package name */
        public final X509TrustManagerExtensions f38002a;

        @SuppressLint({"NewApi"})
        public X509TrustManagerJellyBean(X509TrustManager x509TrustManager) {
            this.f38002a = new X509TrustManagerExtensions(x509TrustManager);
        }
    }

    public static AndroidCertVerifyResult a(byte[][] bArr, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException {
        List<X509Certificate> checkServerTrusted;
        if (bArr != null && bArr.length != 0) {
            if (bArr[0] != null) {
                try {
                    synchronized (f38000j) {
                        f();
                    }
                    X509Certificate[] x509CertificateArr = new X509Certificate[bArr.length];
                    for (int i6 = 0; i6 < bArr.length; i6++) {
                        try {
                            byte[] bArr2 = bArr[i6];
                            synchronized (f38000j) {
                                f();
                            }
                            x509CertificateArr[i6] = (X509Certificate) f37992a.generateCertificate(new ByteArrayInputStream(bArr2));
                        } catch (CertificateException unused) {
                            return new AndroidCertVerifyResult(-5);
                        }
                    }
                    try {
                        x509CertificateArr[0].checkValidity();
                        if (!e(x509CertificateArr[0])) {
                            return new AndroidCertVerifyResult(-6);
                        }
                        synchronized (f38000j) {
                            X509TrustManagerJellyBean x509TrustManagerJellyBean = f37993b;
                            if (x509TrustManagerJellyBean == null) {
                                return new AndroidCertVerifyResult(-1);
                            }
                            try {
                                checkServerTrusted = x509TrustManagerJellyBean.f38002a.checkServerTrusted(x509CertificateArr, str, str2);
                            } catch (CertificateException e7) {
                                try {
                                    checkServerTrusted = f37995d.f38002a.checkServerTrusted(x509CertificateArr, str, str2);
                                } catch (CertificateException unused2) {
                                    e7.getMessage();
                                    return new AndroidCertVerifyResult(-2);
                                }
                            }
                            return new AndroidCertVerifyResult(checkServerTrusted.size() > 0 ? c(checkServerTrusted.get(checkServerTrusted.size() - 1)) : false, checkServerTrusted);
                        }
                    } catch (CertificateExpiredException unused3) {
                        return new AndroidCertVerifyResult(-3);
                    } catch (CertificateNotYetValidException unused4) {
                        return new AndroidCertVerifyResult(-4);
                    } catch (CertificateException unused5) {
                        return new AndroidCertVerifyResult(-1);
                    }
                } catch (CertificateException unused6) {
                    return new AndroidCertVerifyResult(-1);
                }
            }
        }
        throw new IllegalArgumentException("Expected non-null and non-empty certificate chain passed as |certChain|. |certChain|=" + Arrays.deepToString(bArr));
    }

    public static X509TrustManagerJellyBean b(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    return new X509TrustManagerJellyBean((X509TrustManager) trustManager);
                } catch (IllegalArgumentException e7) {
                    trustManager.getClass();
                    e7.toString();
                }
            }
        }
        return null;
    }

    public static boolean c(X509Certificate x509Certificate) throws NoSuchAlgorithmException, KeyStoreException {
        if (f == null) {
            return false;
        }
        Pair pair = new Pair(x509Certificate.getSubjectX500Principal(), x509Certificate.getPublicKey());
        if (f37998h.contains(pair)) {
            return true;
        }
        byte[] digest = MessageDigest.getInstance("MD5").digest(x509Certificate.getSubjectX500Principal().getEncoded());
        char[] cArr = new char[8];
        for (int i6 = 0; i6 < 4; i6++) {
            int i7 = i6 * 2;
            char[] cArr2 = f38001k;
            byte b7 = digest[3 - i6];
            cArr[i7] = cArr2[(b7 >> 4) & 15];
            cArr[i7 + 1] = cArr2[b7 & 15];
        }
        String str = new String(cArr);
        int i11 = 0;
        while (true) {
            String str2 = str + '.' + i11;
            if (!new File(f37997g, str2).exists()) {
                return false;
            }
            Certificate certificate = f.getCertificate("system:" + str2);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                X509Certificate x509Certificate2 = (X509Certificate) certificate;
                if (x509Certificate.getSubjectX500Principal().equals(x509Certificate2.getSubjectX500Principal()) && x509Certificate.getPublicKey().equals(x509Certificate2.getPublicKey())) {
                    f37998h.add(pair);
                    return true;
                }
            }
            i11++;
        }
    }

    public static /* synthetic */ void d() throws KeyStoreException, NoSuchAlgorithmException, CertificateException {
        synchronized (f38000j) {
            f37993b = null;
            f37998h = null;
            f();
        }
        nativeNotifyKeyChainChanged();
    }

    public static boolean e(X509Certificate x509Certificate) throws CertificateException {
        List<String> extendedKeyUsage;
        try {
            extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        } catch (NullPointerException unused) {
        }
        if (extendedKeyUsage == null) {
            return true;
        }
        for (String str : extendedKeyUsage) {
            if (str.equals("1.3.6.1.5.5.7.3.1") || str.equals("2.5.29.37.0") || str.equals("2.16.840.1.113730.4.1") || str.equals("1.3.6.1.4.1.311.10.3.3")) {
                return true;
            }
        }
        return false;
    }

    @SuppressFBWarnings
    public static void f() throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (f37992a == null) {
            f37992a = CertificateFactory.getInstance("X.509");
        }
        if (f37993b == null) {
            f37993b = b(null);
        }
        if (!f37999i) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                f = keyStore;
                try {
                    keyStore.load(null);
                } catch (IOException unused) {
                }
                f37997g = new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
            } catch (KeyStoreException unused2) {
            }
            nativeRecordCertVerifyCapabilitiesHistogram(f != null);
            f37999i = true;
        }
        if (f37998h == null) {
            f37998h = new HashSet();
        }
        if (f37996e == null) {
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            f37996e = keyStore2;
            try {
                keyStore2.load(null);
            } catch (IOException unused3) {
            }
        }
        if (f37995d == null) {
            f37995d = b(f37996e);
        }
        if (f37994c == null) {
            TrustStorageListener trustStorageListener = new TrustStorageListener();
            f37994c = trustStorageListener;
            try {
                ContextUtils.f37844a.registerReceiver(trustStorageListener, new IntentFilter("android.security.STORAGE_CHANGED"));
            } catch (Exception unused4) {
            }
        }
    }

    private static native void nativeNotifyKeyChainChanged();

    private static native void nativeRecordCertVerifyCapabilitiesHistogram(boolean z);
}
