package e0;

import android.annotation.SuppressLint;
import android.app.Application;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Pair;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import com.google.common.base.Ascii;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import us.zoom.net.ZmX509Helper;

/* compiled from: X509Util.java */
/* loaded from: classes2.dex */
public final class b {

    /* renamed from: a, reason: collision with root package name */
    private static CertificateFactory f5747a;

    /* renamed from: b, reason: collision with root package name */
    @Nullable
    private static C0275b f5748b;

    /* renamed from: c, reason: collision with root package name */
    @Nullable
    private static C0275b f5749c;
    private static a d;

    /* renamed from: e, reason: collision with root package name */
    @Nullable
    private static C0275b f5750e;

    /* renamed from: f, reason: collision with root package name */
    private static KeyStore f5751f;

    /* renamed from: g, reason: collision with root package name */
    private static KeyStore f5752g;

    /* renamed from: h, reason: collision with root package name */
    private static File f5753h;

    /* renamed from: i, reason: collision with root package name */
    @Nullable
    private static HashSet f5754i;

    /* renamed from: j, reason: collision with root package name */
    private static boolean f5755j;

    /* renamed from: k, reason: collision with root package name */
    private static final Object f5756k = new Object();

    /* renamed from: l, reason: collision with root package name */
    private static final char[] f5757l = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: X509Util.java */
    /* loaded from: classes2.dex */
    public static final class a extends BroadcastReceiver {
        @Override // android.content.BroadcastReceiver
        public final void onReceive(Context context, Intent intent) {
            boolean equals;
            if (Build.VERSION.SDK_INT >= 26) {
                equals = true;
                if (!"android.security.action.KEYCHAIN_CHANGED".equals(intent.getAction()) && !"android.security.action.TRUST_STORE_CHANGED".equals(intent.getAction()) && (!"android.security.action.KEY_ACCESS_CHANGED".equals(intent.getAction()) || intent.getBooleanExtra("android.security.extra.KEY_ACCESSIBLE", false))) {
                    equals = false;
                }
            } else {
                equals = "android.security.STORAGE_CHANGED".equals(intent.getAction());
            }
            if (equals) {
                try {
                    b.a();
                } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException unused) {
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: X509Util.java */
    /* renamed from: e0.b$b, reason: collision with other inner class name */
    /* loaded from: classes2.dex */
    public static final class C0275b {

        /* renamed from: a, reason: collision with root package name */
        private final X509TrustManagerExtensions f5758a;

        @SuppressLint({"NewApi"})
        public C0275b(X509TrustManager x509TrustManager) {
            this.f5758a = new X509TrustManagerExtensions(x509TrustManager);
        }

        @RequiresApi(api = 17)
        public final List<X509Certificate> a(X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
            return this.f5758a.checkServerTrusted(x509CertificateArr, str, str2);
        }
    }

    static void a() {
        synchronized (f5756k) {
            f5748b = null;
            f5749c = null;
            f5754i = null;
            e();
        }
    }

    @NonNull
    public static X509Certificate b(byte[] bArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        d();
        return (X509Certificate) f5747a.generateCertificate(new ByteArrayInputStream(bArr));
    }

    @Nullable
    private static C0275b c(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        try {
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    try {
                        return new C0275b((X509TrustManager) trustManager);
                    } catch (IllegalArgumentException unused) {
                        trustManager.getClass();
                    }
                }
            }
            return null;
        } catch (RuntimeException e5) {
            throw new KeyStoreException(e5);
        }
    }

    private static void d() throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        synchronized (f5756k) {
            e();
        }
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [e0.b$a, android.content.BroadcastReceiver] */
    private static void e() throws CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (f5747a == null) {
            f5747a = CertificateFactory.getInstance("X.509");
        }
        if (f5748b == null) {
            f5748b = c(null);
        }
        if (!f5755j) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                f5752g = keyStore;
                try {
                    keyStore.load(null);
                } catch (IOException unused) {
                }
                f5753h = new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
            } catch (KeyStoreException unused2) {
            }
            f5755j = true;
        }
        if (f5749c == null) {
            f5749c = c(f5752g);
        }
        if (f5754i == null) {
            f5754i = new HashSet();
        }
        if (f5751f == null) {
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            f5751f = keyStore2;
            try {
                keyStore2.load(null);
            } catch (IOException unused3) {
            }
        }
        if (f5750e == null) {
            f5750e = c(f5751f);
        }
        if (d == null) {
            d = new BroadcastReceiver();
            IntentFilter intentFilter = new IntentFilter();
            int i5 = Build.VERSION.SDK_INT;
            if (i5 >= 26) {
                intentFilter.addAction("android.security.action.KEYCHAIN_CHANGED");
                intentFilter.addAction("android.security.action.KEY_ACCESS_CHANGED");
                intentFilter.addAction("android.security.action.TRUST_STORE_CHANGED");
            } else {
                intentFilter.addAction("android.security.STORAGE_CHANGED");
            }
            Application a5 = t0.a.a();
            if (a5 != null) {
                if (i5 >= 34) {
                    a5.registerReceiver(d, intentFilter, 2);
                } else {
                    a5.registerReceiver(d, intentFilter);
                }
            }
        }
    }

    private static boolean f(@NonNull X509Certificate x509Certificate) throws NoSuchAlgorithmException, KeyStoreException {
        if (f5752g == null) {
            return false;
        }
        Pair pair = new Pair(x509Certificate.getSubjectX500Principal(), x509Certificate.getPublicKey());
        HashSet hashSet = f5754i;
        if (hashSet != null && hashSet.contains(pair)) {
            return true;
        }
        byte[] digest = MessageDigest.getInstance("MD5").digest(x509Certificate.getSubjectX500Principal().getEncoded());
        char[] cArr = new char[8];
        for (int i5 = 0; i5 < 4; i5++) {
            int i6 = i5 * 2;
            char[] cArr2 = f5757l;
            byte b5 = digest[3 - i5];
            cArr[i6] = cArr2[(b5 >> 4) & 15];
            cArr[i6 + 1] = cArr2[b5 & Ascii.SI];
        }
        String str = new String(cArr);
        int i7 = 0;
        while (true) {
            String str2 = str + '.' + i7;
            if (!new File(f5753h, str2).exists()) {
                if (ZmX509Helper.isTrustUserInstalledCert()) {
                    List<X509Certificate> certificateList = ZmX509Helper.getCertificateList();
                    for (int i8 = 0; i8 < certificateList.size(); i8++) {
                        if (x509Certificate.getSubjectX500Principal().equals(certificateList.get(i8).getSubjectX500Principal()) && x509Certificate.getPublicKey().equals(certificateList.get(i8).getPublicKey())) {
                            HashSet hashSet2 = f5754i;
                            if (hashSet2 != null) {
                                hashSet2.add(pair);
                            }
                            return true;
                        }
                    }
                }
                return false;
            }
            Certificate certificate = f5752g.getCertificate("system:" + str2);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                X509Certificate x509Certificate2 = (X509Certificate) certificate;
                if (x509Certificate.getSubjectX500Principal().equals(x509Certificate2.getSubjectX500Principal()) && x509Certificate.getPublicKey().equals(x509Certificate2.getPublicKey())) {
                    HashSet hashSet3 = f5754i;
                    if (hashSet3 != null) {
                        hashSet3.add(pair);
                    }
                    return true;
                }
            }
            i7++;
        }
    }

    static boolean g(@NonNull X509Certificate x509Certificate) throws CertificateException {
        List<String> extendedKeyUsage;
        try {
            extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        } catch (NullPointerException unused) {
        }
        if (extendedKeyUsage == null) {
            return true;
        }
        for (String str : extendedKeyUsage) {
            if (str.equals("1.3.6.1.5.5.7.3.1") || str.equals("2.5.29.37.0") || str.equals("2.16.840.1.113730.4.1") || str.equals("1.3.6.1.4.1.311.10.3.3")) {
                return true;
            }
        }
        return false;
    }

    public static C1248a h(@Nullable byte[][] bArr, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException {
        List<X509Certificate> a5;
        if (bArr != null && bArr.length != 0) {
            if (bArr[0] != null) {
                try {
                    d();
                    ArrayList arrayList = new ArrayList();
                    try {
                        arrayList.add(b(bArr[0]));
                        for (int i5 = 1; i5 < bArr.length; i5++) {
                            try {
                                arrayList.add(b(bArr[i5]));
                            } catch (CertificateException unused) {
                            }
                        }
                        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                        try {
                            x509CertificateArr[0].checkValidity();
                            if (!g(x509CertificateArr[0])) {
                                return new C1248a(-6);
                            }
                            synchronized (f5756k) {
                                C0275b c0275b = f5748b;
                                try {
                                    try {
                                    } catch (CertificateException unused2) {
                                        C0275b c0275b2 = f5750e;
                                        if (c0275b2 == null) {
                                            return new C1248a(-1);
                                        }
                                        try {
                                            a5 = c0275b2.a(x509CertificateArr, str, str2);
                                        } catch (RuntimeException e5) {
                                            throw new CertificateException(e5);
                                        }
                                    }
                                } catch (CertificateException unused3) {
                                    try {
                                        if (!ZmX509Helper.isTrustUserInstalledCert()) {
                                            return new C1248a(-2);
                                        }
                                        C0275b c0275b3 = f5749c;
                                        if (c0275b3 == null) {
                                            return new C1248a(-1);
                                        }
                                        a5 = c0275b3.a(x509CertificateArr, str, str2);
                                    } catch (Exception unused4) {
                                        return new C1248a(-2);
                                    }
                                }
                                if (c0275b == null) {
                                    return new C1248a(-1);
                                }
                                try {
                                    a5 = c0275b.a(x509CertificateArr, str, str2);
                                    return new C1248a(a5.size() > 0 ? f(a5.get(a5.size() - 1)) : false, a5);
                                } catch (RuntimeException e6) {
                                    throw new CertificateException(e6);
                                }
                            }
                        } catch (CertificateExpiredException unused5) {
                            return new C1248a(-3);
                        } catch (CertificateNotYetValidException unused6) {
                            return new C1248a(-4);
                        } catch (CertificateException unused7) {
                            return new C1248a(-1);
                        }
                    } catch (CertificateException unused8) {
                        return new C1248a(-5);
                    }
                } catch (CertificateException unused9) {
                    return new C1248a(-1);
                }
            }
        }
        throw new IllegalArgumentException("Expected non-null and non-empty certificate chain passed as |certChain|. |certChain|=" + Arrays.deepToString(bArr));
    }
}
