package net.openvpn.openvpn;

import android.content.Context;
import android.net.http.X509TrustManagerExtensions;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class TrustMan implements X509TrustManager {
    private static final String KEYSTORE_FILE = "trusted-certs.keystore";
    private static final String TAG = "TrustMan";
    private static int generation;
    private KeyStore appKeyStore;
    private X509TrustManager appTrustManager;
    private int current_generation;
    private X509TrustManager defaultTrustManager;
    private File keyStoreFile;
    private Callback parent;

    /* loaded from: classes.dex */
    public interface Callback {
        void onTrustFail(TrustContext trustContext);

        void onTrustSucceed(boolean z);
    }

    /* loaded from: classes.dex */
    public static class Error extends Exception {
        public Error(String str) {
            super("TrustMan: " + str);
        }
    }

    /* loaded from: classes.dex */
    public static class TrustContext {
        public String authType;
        public X509Certificate[] chain;
        public Exception excep;

        public String toString() {
            return "TrustContext chain=" + this.chain + " authType=" + this.authType + " excep=" + this.excep;
        }
    }

    /* loaded from: classes.dex */
    public static class TrustFail extends CertificateException {
        TrustFail(Exception exc) {
            super(exc);
        }
    }

    public TrustMan(Context context) {
        this.keyStoreFile = new File(context.getFilesDir() + File.separator + KEYSTORE_FILE);
        try {
            reload();
        } catch (Exception e) {
            Log.e(TAG, "check_reload", e);
        }
    }

    private void callOnTrustSucceed(boolean z) {
        Callback callback = this.parent;
        if (callback != null) {
            callback.onTrustSucceed(z);
        }
    }

    private void checkCertTrusted(X509Certificate[] x509CertificateArr, String str, boolean z) {
        Log.d(TAG, "checkCertTrusted(" + x509CertificateArr + ", " + str + ", " + z + ")");
        check_reload();
        try {
            Log.d(TAG, "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.appTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.appTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
            callOnTrustSucceed(true);
        } catch (CertificateException unused) {
            if (isCertKnown(x509CertificateArr[0])) {
                Log.d(TAG, "checkCertTrusted: accepting cert already stored in keystore");
                callOnTrustSucceed(true);
                return;
            }
            try {
                try {
                    Log.d(TAG, "checkCertTrusted: trying defaultTrustManager");
                    if (z) {
                        this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                    } else {
                        this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                    }
                    callOnTrustSucceed(false);
                } catch (CertificateException e) {
                    TrustContext trustContext = new TrustContext();
                    trustContext.chain = x509CertificateArr;
                    trustContext.authType = str;
                    trustContext.excep = e;
                    Callback callback = this.parent;
                    if (callback != null) {
                        callback.onTrustFail(trustContext);
                    }
                    throw new TrustFail(e);
                }
            } catch (CertificateException unused2) {
                new X509TrustManagerExtensions(this.defaultTrustManager).checkServerTrusted(x509CertificateArr, str, "");
            }
        }
    }

    private void check_reload() {
        try {
            if (this.current_generation != generation) {
                reload();
            }
        } catch (Error | Exception e) {
            Log.e(TAG, "check_reload", e);
        }
    }

    public static void forget_certs(Context context) {
        boolean deleteFile = context.deleteFile(KEYSTORE_FILE);
        generation++;
        Log.d(TAG, String.format("forget certs: fn=%s status=%b gen=%d", KEYSTORE_FILE, Boolean.valueOf(deleteFile), Integer.valueOf(generation)));
    }

    private X509TrustManager getTrustManager(KeyStore keyStore, String str) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception e) {
            Log.e(TAG, "getTrustManager(" + keyStore + "," + str + ")", e);
            return null;
        }
    }

    private boolean isCertKnown(X509Certificate x509Certificate) {
        try {
            return this.appKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:0:?, code lost:
    
        r1 = r1;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean isTrustFail(java.lang.Exception r1) {
        /*
        L0:
            if (r1 == 0) goto Ld
            boolean r0 = r1 instanceof net.openvpn.openvpn.TrustMan.TrustFail
            if (r0 == 0) goto L8
            r1 = 1
            return r1
        L8:
            java.lang.Throwable r1 = r1.getCause()
            goto L0
        Ld:
            r1 = 0
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: net.openvpn.openvpn.TrustMan.isTrustFail(java.lang.Exception):boolean");
    }

    private KeyStore loadAppKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
                keyStore.load(new FileInputStream(this.keyStoreFile), "OpenVPN".toCharArray());
            } catch (FileNotFoundException unused) {
                Log.d(TAG, "loadAppKeyStore(" + this.keyStoreFile + ") - file does not exist");
            } catch (Exception e) {
                Log.e(TAG, "loadAppKeyStore(" + this.keyStoreFile + ")", e);
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            Log.e(TAG, "loadAppKeyStore()", e2);
            return null;
        }
    }

    private void reload() {
        Log.d(TAG, String.format("reload certs: gen=%d/%d", Integer.valueOf(this.current_generation), Integer.valueOf(generation)));
        KeyStore loadAppKeyStore = loadAppKeyStore();
        if (loadAppKeyStore == null) {
            throw new Error("could not load appKeyStore");
        }
        X509TrustManager trustManager = getTrustManager(null, "default");
        if (trustManager == null) {
            throw new Error("could not load defaultTrustManager");
        }
        X509TrustManager trustManager2 = getTrustManager(loadAppKeyStore, "app-init");
        if (trustManager2 == null) {
            throw new Error("could not load appTrustManager");
        }
        this.current_generation = generation;
        this.appKeyStore = loadAppKeyStore;
        this.defaultTrustManager = trustManager;
        this.appTrustManager = trustManager2;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkCertTrusted(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        checkCertTrusted(x509CertificateArr, str, true);
    }

    public void clearCallback() {
        this.parent = null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        check_reload();
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    public void setCallback(Callback callback) {
        this.parent = callback;
    }

    public void trustCert(TrustContext trustContext) {
        Log.d(TAG, "trust cert: " + trustContext.toString());
        try {
            this.appKeyStore.setCertificateEntry(trustContext.chain[0].getSubjectDN().toString(), trustContext.chain[0]);
            X509TrustManager trustManager = getTrustManager(this.appKeyStore, "app-reload");
            if (trustManager != null) {
                this.appTrustManager = trustManager;
            }
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
                this.appKeyStore.store(fileOutputStream, "OpenVPN".toCharArray());
                fileOutputStream.close();
            } catch (Exception e) {
                Log.e(TAG, "trustCert(" + this.keyStoreFile + ")", e);
            }
        } catch (KeyStoreException e2) {
            Log.e(TAG, "trustCert(" + trustContext.chain + ")", e2);
        }
    }
}
