package org.strongswan.android.logic;

import android.annotation.SuppressLint;
import android.content.Context;
import defpackage.cq1;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public class TrustedCertificateManager {
    private static final Class TAG = TrustedCertificateManager.class;
    private Hashtable<String, X509Certificate> mCACerts;
    private Context mContext;
    private final ArrayList<KeyStore> mKeyStores;
    private boolean mLoaded;
    private final ReentrantReadWriteLock mLock;
    private volatile boolean mReload;

    /* loaded from: classes.dex */
    private static class Singleton {

        @SuppressLint({"StaticFieldLeak"})
        public static final TrustedCertificateManager mInstance = new TrustedCertificateManager();

        private Singleton() {
        }
    }

    /* loaded from: classes.dex */
    public enum TrustedCertificateSource {
        SYSTEM("system:"),
        USER("user:"),
        LOCAL("local:");

        private final String mPrefix;

        TrustedCertificateSource(String str) {
            this.mPrefix = str;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getPrefix() {
            return this.mPrefix;
        }
    }

    private TrustedCertificateManager() {
        this.mLock = new ReentrantReadWriteLock();
        this.mCACerts = new Hashtable<>();
        ArrayList<KeyStore> arrayList = new ArrayList<>();
        this.mKeyStores = arrayList;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            arrayList.add(keyStore);
        } catch (Exception unused) {
            cq1.b(TAG, "Unable to load KeyStore: AndroidCAStore");
        }
    }

    private static byte[] convertStreamToByteArray(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[10240];
        while (true) {
            int read = inputStream.read(bArr, 0, 10240);
            if (read <= 0) {
                try {
                    byteArrayOutputStream.close();
                    return byteArrayOutputStream.toByteArray();
                } finally {
                    byteArrayOutputStream.close();
                    inputStream.close();
                }
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private Hashtable<String, X509Certificate> fetchCertificates(String str) {
        Hashtable<String, X509Certificate> hashtable = new Hashtable<>();
        try {
            CredentialHelper credentialHelper = new CredentialHelper(convertStreamToByteArray(new FileInputStream(new File(this.mContext.getFilesDir() + File.separator + str))), "");
            if (credentialHelper.hasCaCerts()) {
                hashtable.put(credentialHelper.getName(), credentialHelper.getmCaCerts().get(0));
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return hashtable;
    }

    public static TrustedCertificateManager getInstance(Context context) {
        TrustedCertificateManager trustedCertificateManager = Singleton.mInstance;
        trustedCertificateManager.mContext = context.getApplicationContext();
        trustedCertificateManager.load();
        return trustedCertificateManager;
    }

    private void loadCertificates() {
        Class cls = TAG;
        cq1.a(cls, "Load cached CA certificates");
        try {
            this.mCACerts.putAll(fetchCertificates("android.p12"));
            this.mLoaded = true;
            cq1.a(cls, "Cached CA certificates loaded");
        } catch (Exception e) {
            e.printStackTrace();
            this.mCACerts = new Hashtable<>();
        }
    }

    public Hashtable<String, X509Certificate> getAllCACertificates() {
        this.mLock.readLock().lock();
        Hashtable<String, X509Certificate> hashtable = (Hashtable) this.mCACerts.clone();
        this.mLock.readLock().unlock();
        return hashtable;
    }

    public X509Certificate getCACertificateFromAlias(String str) {
        X509Certificate x509Certificate = null;
        if (this.mLock.readLock().tryLock()) {
            Iterator<Map.Entry<String, X509Certificate>> it = this.mCACerts.entrySet().iterator();
            while (it.hasNext()) {
                x509Certificate = it.next().getValue();
            }
            this.mLock.readLock().unlock();
        }
        return x509Certificate;
    }

    public Hashtable<String, X509Certificate> getCACertificates(TrustedCertificateSource trustedCertificateSource) {
        Hashtable<String, X509Certificate> hashtable = new Hashtable<>();
        this.mLock.readLock().lock();
        for (String str : this.mCACerts.keySet()) {
            if (str.startsWith(trustedCertificateSource.getPrefix())) {
                hashtable.put(str, this.mCACerts.get(str));
            }
        }
        this.mLock.readLock().unlock();
        return hashtable;
    }

    public TrustedCertificateManager load() {
        cq1.a(TAG, "Ensure cached CA certificates are loaded");
        this.mLock.writeLock().lock();
        if (!this.mLoaded || this.mReload) {
            this.mReload = false;
            loadCertificates();
        }
        this.mLock.writeLock().unlock();
        return this;
    }

    public TrustedCertificateManager reset() {
        cq1.a(TAG, "Force reload of cached CA certificates on next load");
        this.mReload = true;
        return this;
    }
}
