package com.thursby.pkard.sdk;

import android.app.Activity;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Build;
import android.os.Handler;
import android.util.SparseArray;
import ch.qos.logback.core.spi.AbstractComponentTracker;
import com.thursby.pkard.conscrypt.PKTrustManagerImpl;
import com.thursby.pkard.conscrypt.TrustManagerFactoryImpl;
import com.thursby.pkard.sdk.deployment.PKPolicy;
import com.thursby.pkard.sdk.deployment.TssX509PolicyRecord;
import com.thursby.pkard.util.Log;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x500.style.IETFUtils;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;

/* loaded from: classes3.dex */
public class PKTrustManager implements X509TrustManager {
    private static X509TrustManager g;
    private static X509TrustManager h;
    private static PKTrustStore i;
    static Context j;
    private static int k;
    private static SparseArray<PKTrustDecision> l = new SparseArray<>();
    private boolean a;
    Handler b;
    Activity c;
    NotificationManager d;
    private long e = AbstractComponentTracker.LINGERING_TIMEOUT;
    private TssX509PolicyRecord f = PKPolicy.getX509PolicyRecord();

    /* loaded from: classes3.dex */
    class a implements Runnable {
        a() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (PKTrustManager.j == null) {
                return;
            }
            if (PKTrustManager.i == null) {
                PKTrustStore unused = PKTrustManager.i = new PKTrustStore(PKTrustManager.j);
            }
            synchronized (PKTrustManager.i) {
                PKTrustManager.i.init();
            }
            if (PKTrustManager.this.a) {
                Log.e("PKTrustManager", "could not load permissive trust store...we are in strict mode");
            } else {
                PKTrustManager.e();
            }
            if (PKTrustManager.g == null) {
                throw new IllegalStateException("Couldn't find X509TrustManager");
            }
            if (PKTrustManager.g instanceof PKTrustManagerImpl) {
                ((PKTrustManagerImpl) PKTrustManager.g).mMainPKTrustStore = PKTrustManager.i;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class b implements Runnable {
        final /* synthetic */ int a;
        final /* synthetic */ String b;
        final /* synthetic */ CertificateException c;

        b(int i, String str, CertificateException certificateException) {
            this.a = i;
            this.b = str;
            this.c = certificateException;
        }

        @Override // java.lang.Runnable
        public void run() {
            Intent intent = new Intent(PKTrustManager.this.a(), (Class<?>) PKTrustActivity.class);
            intent.setData(Uri.parse(PKTrustManager.class.getName() + "/" + this.a));
            intent.putExtra("com.thursby.pkard.sdk.TRUST.decisionId", this.a);
            intent.putExtra("com.thursby.pkard.sdk.TRUST.cert", this.b);
            Throwable th = this.c;
            while (th.getCause() != null) {
                th = th.getCause();
                if (th instanceof CertificateExpiredException) {
                    intent.putExtra("com.thursby.pkard.sdk.TRUST.title", PKTrustManager.this.a().getResources().getString(R.string.trust_accept_expired));
                }
            }
            try {
                PKTrustManager.this.a().startActivity(intent);
            } catch (Exception e) {
                Log.e("PKTrustManager", "startActivity: " + e);
                PKTrustManager.this.a(intent, this.b);
            }
        }
    }

    public PKTrustManager(Context context, boolean z) throws IllegalStateException {
        this.a = false;
        j = context;
        this.a = z;
        this.b = new Handler(context.getMainLooper());
        this.d = (NotificationManager) context.getSystemService("notification");
        if (i == null) {
            PKTrustStore pKTrustStore = new PKTrustStore(context);
            i = pKTrustStore;
            pKTrustStore.init();
        }
        if (z) {
            Log.e("PKTrustManager", "could not load permissive trust store...we are in strict mode");
        } else {
            e();
        }
        try {
            X509TrustManager a2 = a(i.buildKeyStore());
            g = a2;
            if (a2 == null) {
                throw new IllegalStateException("Couldn't find PKard X509TrustManager");
            }
            if (a2 instanceof PKTrustManagerImpl) {
                ((PKTrustManagerImpl) a2).mMainPKTrustStore = i;
            }
            if (this.f.trust_system_certs) {
                X509TrustManager a3 = a((KeyStore) null);
                h = a3;
                if (a3 == null) {
                    throw new IllegalStateException("Couldn't find default X509TrustManager");
                }
                Log.d("PKTrustManager", "default TM: " + h.getClass().getName());
                Log.d("PKTrustManager", "initialized default trust manager with " + h.getAcceptedIssuers().length + " accepted issuers");
            }
        } catch (GeneralSecurityException e) {
            Log.e("PKTrustManager", "unable to get a trust manager", e);
            IllegalStateException illegalStateException = new IllegalStateException("unable to get a trust manager");
            illegalStateException.initCause(e);
            throw illegalStateException;
        }
    }

    private int a(PKTrustDecision pKTrustDecision) {
        int i2;
        synchronized (l) {
            i2 = k;
            l.put(i2, pKTrustDecision);
            k++;
        }
        return i2;
    }

    static X509TrustManager a(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException {
        X509TrustManager x509TrustManager;
        int i2 = 0;
        if (keyStore != null) {
            if (keyStore != null && "AndroidCAStore".equals(keyStore.getType())) {
                i2 = 1;
            }
            if (i2 == 0) {
                return new PKTrustManagerImpl(keyStore);
            }
            TrustManagerFactoryImpl trustManagerFactoryImpl = new TrustManagerFactoryImpl();
            trustManagerFactoryImpl.engineInit(keyStore);
            trustManagerFactoryImpl.engineGetTrustManagers();
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        Log.d("PKTrustManager", "default TMF: " + trustManagerFactory.getProvider().getName());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers != null) {
            int length = trustManagers.length;
            x509TrustManager = null;
            while (i2 < length) {
                TrustManager trustManager = trustManagers[i2];
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                }
                i2++;
            }
        } else {
            x509TrustManager = null;
        }
        if (x509TrustManager != null) {
            return x509TrustManager;
        }
        return null;
    }

    private synchronized void a(X509Certificate[] x509CertificateArr, String str, CertificateException certificateException) throws CertificateException {
        PKTrustStore pKTrustStore = i;
        if (pKTrustStore != null && pKTrustStore.isBlacklisted(x509CertificateArr)) {
            Log.e("PKTrustManager", "blacklisted cert found");
            throw certificateException;
        }
        PKTrustDecision pKTrustDecision = new PKTrustDecision();
        int a2 = a(pKTrustDecision);
        String c = c(x509CertificateArr);
        Log.d("PKTrustManager", "Handler's looper attached to thread " + this.b.getLooper().getThread().getName());
        Log.d("PKTrustManager", "posting decision for interaction: " + (this.b.post(new b(a2, c, certificateException)) ? "OK" : "failed"));
        Log.d("PKTrustManager", "waiting on " + a2);
        try {
            synchronized (pKTrustDecision) {
                pKTrustDecision.wait(this.e);
            }
        } catch (InterruptedException e) {
            Log.e("PKTrustManager", "interrupted waiting for user trust choice", e);
        }
        Log.d("PKTrustManager", "finished wait on " + a2 + ", chose to " + (pKTrustDecision.a == 3 ? "trust always" : "not trust"));
        int i2 = pKTrustDecision.a;
        if (i2 != 2) {
            if (i2 != 3) {
                if (i2 != 4) {
                    throw certificateException;
                }
                a(x509CertificateArr);
                throw certificateException;
            }
            b(x509CertificateArr);
        }
    }

    private String c(X509Certificate[] x509CertificateArr) {
        String substring;
        String substring2;
        StringBuffer stringBuffer = new StringBuffer();
        String name = x509CertificateArr[0].getSubjectX500Principal().getName();
        String name2 = x509CertificateArr[0].getIssuerX500Principal().getName();
        try {
            substring = name.substring(name.indexOf("=") + 1, name.indexOf(","));
        } catch (StringIndexOutOfBoundsException unused) {
            substring = name.substring(name.indexOf("=") + 1);
        }
        try {
            substring2 = name2.substring(name2.indexOf("=") + 1, name2.indexOf(","));
        } catch (StringIndexOutOfBoundsException unused2) {
            substring2 = name2.substring(name2.indexOf("=") + 1);
        }
        stringBuffer.append("Subject: " + substring);
        stringBuffer.append("\nIssued by: " + substring2);
        return stringBuffer.toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x006f  */
    /* JADX WARN: Removed duplicated region for block: B:40:0x0076  */
    /* JADX WARN: Removed duplicated region for block: B:82:0x0108  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void d(java.security.cert.X509Certificate[] r10) throws java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 285
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.thursby.pkard.sdk.PKTrustManager.d(java.security.cert.X509Certificate[]):void");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void e() {
        PKTrustStore pKTrustStore = i;
        if (pKTrustStore == null) {
            return;
        }
        synchronized (pKTrustStore) {
            i.loadPermissiveTrustStores();
        }
    }

    private static boolean e(X509Certificate[] x509CertificateArr) {
        Date date = new Date();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (date.after(x509Certificate.getNotAfter()) || date.before(x509Certificate.getNotBefore())) {
                return false;
            }
        }
        return true;
    }

    private synchronized void f(X509Certificate[] x509CertificateArr) {
        PKTrustStore pKTrustStore = i;
        if (pKTrustStore == null) {
            return;
        }
        pKTrustStore.storePermissiveTrustStores(x509CertificateArr);
        X509TrustManager x509TrustManager = g;
        if (x509TrustManager instanceof PKTrustManagerImpl) {
            ((PKTrustManagerImpl) x509TrustManager).reload(i.buildKeyStore());
        }
    }

    public static void flushPermissiveStore() {
        PKTrustStore pKTrustStore = i;
        if (pKTrustStore == null) {
            return;
        }
        pKTrustStore.flushPermissiveStore();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void interactResult(int i2, int i3) {
        PKTrustDecision pKTrustDecision;
        synchronized (l) {
            pKTrustDecision = l.get(i2);
            l.remove(i2);
        }
        if (pKTrustDecision == null) {
            Log.e("PKTrustManager", "interactResult: aborting due to stale decision reference!");
            return;
        }
        synchronized (pKTrustDecision) {
            pKTrustDecision.a = i3;
            pKTrustDecision.notify();
        }
    }

    public static synchronized void reloadTrustStore() {
        synchronized (PKTrustManager.class) {
            X509TrustManager x509TrustManager = g;
            if (x509TrustManager instanceof PKTrustManagerImpl) {
                ((PKTrustManagerImpl) x509TrustManager).reload(i.buildKeyStore());
            }
        }
    }

    public static boolean secureReset() {
        PKTrustStore pKTrustStore = i;
        if (pKTrustStore == null) {
            return false;
        }
        return pKTrustStore.secureReset();
    }

    Context a() {
        Activity activity = this.c;
        return activity != null ? activity : j;
    }

    void a(Intent intent, String str) {
        this.d.notify(100509, new Notification.Builder(j).setContentTitle(j.getString(R.string.trust_notification)).setSmallIcon(R.drawable.ic_launcher).setContentText(str).setContentIntent(PendingIntent.getActivity(j, 0, intent, 0)).setPriority(2).setAutoCancel(true).build());
    }

    void a(X509Certificate[] x509CertificateArr) {
        PKTrustStore pKTrustStore;
        if (this.a || (pKTrustStore = i) == null) {
            return;
        }
        pKTrustStore.addToBlackList(x509CertificateArr);
    }

    void b(X509Certificate[] x509CertificateArr) {
        if (this.a) {
            return;
        }
        f(x509CertificateArr);
    }

    public void bindActivity(Activity activity) {
        this.c = activity;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrust(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrust(x509CertificateArr, str, true);
    }

    public synchronized void checkTrust(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
        Boolean bool;
        String valueToString;
        Log.d("PKTrustManager", "checkTrust(chain of " + x509CertificateArr.length + ")" + x509CertificateArr + ", " + str + ", " + z + ")");
        boolean z2 = true;
        try {
            Log.d("PKTrustManager", "checkCertTrusted: trying default trust manager");
            if (Build.VERSION.SDK_INT >= 23) {
                Log.d("PKTrustManager", "on API23+: using network security trust config if available");
            }
            bool = false;
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    valueToString = IETFUtils.valueToString(new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.O)[0].getFirst().getValue());
                    Log.d("PKTrustManager", "+++ Checking SubjectName: " + valueToString);
                } catch (Exception unused) {
                }
                if (valueToString.equals("Google Inc") || valueToString.equals("Microsoft Corporation") || valueToString.equals("Thursby Software Systems") || valueToString.equals("DigiCert Inc") || valueToString.equals("Let's Encrypt")) {
                    bool = true;
                    break;
                }
            }
        } catch (Exception e) {
            e = e;
            Log.d("PKTrustManager", "not trusted by platform: checking PK trust manager");
            while (e.getCause() != null) {
                e = e.getCause();
                if (e instanceof CertificateExpiredException) {
                    Log.d("PKTrustManager", "FOUND IT!!!");
                    a(x509CertificateArr, str, new CertificateException(e));
                    if (i.shouldDoRevocationChecking(x509CertificateArr)) {
                        d(x509CertificateArr);
                        return;
                    }
                    return;
                }
            }
            try {
                Log.d("PKTrustManager", "checkCertTrusted: trying appTrustManager");
                if (z) {
                    g.checkServerTrusted(x509CertificateArr, str);
                } else {
                    g.checkClientTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e2) {
                if (e2.getCause() != null) {
                    z2 = false;
                }
                if (e2.getCause() instanceof CertPathValidatorException) {
                    e2.getCause().getLocalizedMessage();
                    if (e2.getCause().getLocalizedMessage().startsWith("Trust anchor")) {
                        if (this.a || !this.f.userMayApproveUnverifiedCerts) {
                            throw e2;
                        }
                        Log.d("PKTrustManager", "Chain OK, no trust anchor found, ask user");
                        a(x509CertificateArr, str, e2);
                    }
                } else {
                    if (e2.getCause() instanceof CertPathValidatorException) {
                        throw e2;
                    }
                    if (z2) {
                        if (this.a || !this.f.userMayApproveUnverifiedCerts) {
                            throw e2;
                        }
                        Log.d("PKTrustManager", "Chain OK, not trusted by buckets, ask user");
                        a(x509CertificateArr, str, e2);
                    }
                }
            }
        }
        if (h == null) {
            throw new IllegalStateException("no platform trust manager prepared, skipping");
        }
        if (!bool.booleanValue()) {
            throw new IllegalStateException("no platform trust manager prepared, skipping");
        }
        if (z) {
            h.checkServerTrusted(x509CertificateArr, str);
        } else {
            h.checkClientTrusted(x509CertificateArr, str);
        }
        if (i.shouldDoRevocationChecking(x509CertificateArr)) {
            d(x509CertificateArr);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return g.getAcceptedIssuers();
    }

    public void onPolicyChanged() {
        new Thread(new a()).start();
    }

    public void setDecisionTimeoutMillis(long j2) {
        this.e = j2;
    }

    public void setStictMode(boolean z) {
        if (z && !this.a) {
            PKTrustStore pKTrustStore = i;
            if (pKTrustStore != null) {
                pKTrustStore.storePermissiveTrustStores(null);
            }
        } else if (!z && this.a) {
            e();
        }
        this.a = z;
    }

    public void unbindActivity(Activity activity) {
        if (this.c == activity) {
            this.c = null;
        }
    }
}
