package com.thursby.pkard.conscrypt;

import com.thursby.pkard.sdk.PKCredentials;
import com.thursby.pkard.util.Log;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.pqc.math.linearalgebra.Matrix;

/* loaded from: classes3.dex */
public final class TrustedCertificateStore {
    private static File d;
    private static File e;
    private static File f;
    private static final CertificateFactory g;
    private static final char[] h;
    private static final char[] i;
    private final File a;
    private final File b;
    private final File c;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class a implements d {
        final /* synthetic */ X509Certificate a;

        a(TrustedCertificateStore trustedCertificateStore, X509Certificate x509Certificate) {
            this.a = x509Certificate;
        }

        @Override // com.thursby.pkard.conscrypt.TrustedCertificateStore.d
        public boolean a(X509Certificate x509Certificate) {
            return x509Certificate.equals(this.a);
        }
    }

    /* loaded from: classes3.dex */
    class b implements d {
        final /* synthetic */ X509Certificate a;

        b(TrustedCertificateStore trustedCertificateStore, X509Certificate x509Certificate) {
            this.a = x509Certificate;
        }

        @Override // com.thursby.pkard.conscrypt.TrustedCertificateStore.d
        public boolean a(X509Certificate x509Certificate) {
            return x509Certificate.getPublicKey().equals(this.a.getPublicKey());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class c implements d {
        final /* synthetic */ X509Certificate a;

        c(TrustedCertificateStore trustedCertificateStore, X509Certificate x509Certificate) {
            this.a = x509Certificate;
        }

        @Override // com.thursby.pkard.conscrypt.TrustedCertificateStore.d
        public boolean a(X509Certificate x509Certificate) {
            try {
                this.a.verify(x509Certificate.getPublicKey());
                return true;
            } catch (Exception unused) {
                return false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public interface d {
        boolean a(X509Certificate x509Certificate);
    }

    static {
        String str = System.getenv("ANDROID_ROOT");
        String str2 = System.getenv("ANDROID_DATA");
        d = new File(str + "/etc/security/cacerts");
        setDefaultUserDirectory(new File(str2 + "/misc/keychain"));
        try {
            g = CertificateFactory.getInstance("X509");
            h = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
            i = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', Matrix.MATRIX_TYPE_RANDOM_LT, 'M', 'N', 'O', 'P', 'Q', Matrix.MATRIX_TYPE_RANDOM_REGULAR, 'S', 'T', Matrix.MATRIX_TYPE_RANDOM_UT, 'V', 'W', 'X', 'Y', Matrix.MATRIX_TYPE_ZERO};
        } catch (CertificateException e2) {
            throw new AssertionError(e2);
        }
    }

    public TrustedCertificateStore() {
        this(d, e, f);
    }

    public TrustedCertificateStore(File file, File file2, File file3) {
        this.a = file;
        this.b = file2;
        this.c = file3;
    }

    private static OpenSSLX509Certificate a(X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate == null) {
            return null;
        }
        if (x509Certificate instanceof OpenSSLX509Certificate) {
            return (OpenSSLX509Certificate) x509Certificate;
        }
        try {
            return OpenSSLX509Certificate.fromX509Der(x509Certificate.getEncoded());
        } catch (Exception e2) {
            throw new CertificateException(e2);
        }
    }

    private File a(File file, String str, int i2) {
        return new File(file, str + '.' + i2);
    }

    private File a(File file, X509Certificate x509Certificate) {
        return (File) a(file, x509Certificate.getSubjectX500Principal(), new a(this, x509Certificate), File.class);
    }

    private File a(String str) {
        File file;
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        if (!isSystem(str)) {
            if (isUser(str)) {
                file = new File(this.b, str.substring(5));
            }
            return null;
        }
        file = new File(this.a, str.substring(7));
        if (!file.exists() || a(file)) {
            return null;
        }
        return file;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v0, types: [T, java.io.File] */
    /* JADX WARN: Type inference failed for: r2v2, types: [java.security.cert.X509Certificate, T] */
    private <T> T a(File file, X500Principal x500Principal, d dVar, Class<T> cls) {
        ?? r2;
        String a2 = a(x500Principal);
        int i2 = 0;
        while (true) {
            ?? r1 = (T) a(file, a2, i2);
            if (!r1.isFile()) {
                if (cls == Boolean.class) {
                    return (T) Boolean.FALSE;
                }
                if (cls == File.class) {
                    return r1;
                }
                return null;
            }
            if (!a((File) r1) && (r2 = (T) b((File) r1)) != 0 && dVar.a(r2)) {
                if (cls == X509Certificate.class) {
                    return r2;
                }
                if (cls == Boolean.class) {
                    return (T) Boolean.TRUE;
                }
                if (cls == File.class) {
                    return r1;
                }
                throw new AssertionError();
            }
            i2++;
        }
    }

    private String a(X500Principal x500Principal) {
        return intToHexString(NativeCrypto.X509_NAME_hash_old(x500Principal), false, 8);
    }

    private void a(Set<String> set, String str, File file) {
        String[] list = file.list();
        if (list == null) {
            return;
        }
        for (String str2 : list) {
            String str3 = str + str2;
            if (containsAlias(str3)) {
                set.add(str3);
            }
        }
    }

    private static boolean a(OpenSSLX509Certificate openSSLX509Certificate) {
        long context = openSSLX509Certificate.getContext();
        return NativeCrypto.X509_check_issued(context, context) == 0;
    }

    private boolean a(File file) {
        return file.length() == 0;
    }

    private boolean a(String str, boolean z) {
        return getCertificate(str, z) != null;
    }

    private X509Certificate b(File file) {
        BufferedInputStream bufferedInputStream;
        BufferedInputStream bufferedInputStream2 = null;
        if (!file.isFile()) {
            return null;
        }
        try {
            bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            try {
                X509Certificate x509Certificate = (X509Certificate) g.generateCertificate(bufferedInputStream);
                try {
                    bufferedInputStream.close();
                } catch (IOException e2) {
                    Log.w("TrustedCertificateStore", "failed to read certificate", e2);
                }
                return x509Certificate;
            } catch (IOException unused) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    Log.w("TrustedCertificateStore", "failed to read certificate", e3);
                }
                return null;
            } catch (CertificateException unused2) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e4) {
                    Log.w("TrustedCertificateStore", "failed to read certificate", e4);
                }
                return null;
            } catch (Throwable th) {
                th = th;
                bufferedInputStream2 = bufferedInputStream;
                try {
                    bufferedInputStream2.close();
                } catch (IOException e5) {
                    Log.w("TrustedCertificateStore", "failed to read certificate", e5);
                }
                throw th;
            }
        } catch (IOException unused3) {
            bufferedInputStream = null;
        } catch (CertificateException unused4) {
            bufferedInputStream = null;
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private void b(File file, X509Certificate x509Certificate) throws IOException, CertificateException {
        FileOutputStream fileOutputStream;
        File parentFile = file.getParentFile();
        parentFile.mkdirs();
        parentFile.setReadable(true, false);
        parentFile.setExecutable(true, false);
        try {
            fileOutputStream = new FileOutputStream(file);
            try {
                fileOutputStream.write(x509Certificate.getEncoded());
                fileOutputStream.close();
                file.setReadable(true, false);
            } catch (Throwable th) {
                th = th;
                fileOutputStream.close();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream = null;
        }
    }

    private void b(String str) throws IOException {
        if (!isUser(str)) {
            throw new AssertionError(str);
        }
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf == -1) {
            throw new AssertionError(str);
        }
        String substring = str.substring(5, lastIndexOf);
        int parseInt = Integer.parseInt(str.substring(lastIndexOf + 1));
        if (a(this.b, substring, parseInt + 1).exists()) {
            return;
        }
        while (parseInt >= 0) {
            File a2 = a(this.b, substring, parseInt);
            if (!a(a2)) {
                return;
            }
            if (!a2.delete()) {
                throw new IOException("Could not remove " + a2);
            }
            parseInt--;
        }
    }

    private boolean b(X509Certificate x509Certificate) {
        return a(this.c, x509Certificate).exists();
    }

    public static String intToHexString(int i2, boolean z, int i3) {
        int i4;
        int i5 = 8;
        char[] cArr = new char[8];
        char[] cArr2 = z ? i : h;
        while (true) {
            i5--;
            cArr[i5] = cArr2[i2 & 15];
            i2 >>>= 4;
            if (i2 == 0 && (i4 = 8 - i5) >= i3) {
                return new String(cArr, i4, i5);
            }
        }
    }

    public static final boolean isSystem(String str) {
        return str.startsWith(PKCredentials.CA_CERTIFICATE);
    }

    public static final boolean isUser(String str) {
        return str.startsWith(PKCredentials.USER_CERTIFICATE);
    }

    public static void setDefaultUserDirectory(File file) {
        e = new File(file, "cacerts-added");
        f = new File(file, "cacerts-removed");
    }

    public Set<String> aliases() {
        HashSet hashSet = new HashSet();
        a(hashSet, PKCredentials.USER_CERTIFICATE, this.b);
        a(hashSet, PKCredentials.CA_CERTIFICATE, this.a);
        return hashSet;
    }

    public Set<String> allSystemAliases() {
        HashSet hashSet = new HashSet();
        String[] list = this.a.list();
        if (list == null) {
            return hashSet;
        }
        for (String str : list) {
            String str2 = PKCredentials.CA_CERTIFICATE + str;
            if (a(str2, true)) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    public boolean containsAlias(String str) {
        return a(str, false);
    }

    public void deleteCertificateEntry(String str) throws IOException, CertificateException {
        File a2;
        if (str == null || (a2 = a(str)) == null) {
            return;
        }
        if (!isSystem(str)) {
            if (isUser(str)) {
                new FileOutputStream(a2).close();
                b(str);
                return;
            }
            return;
        }
        X509Certificate b2 = b(a2);
        if (b2 == null) {
            return;
        }
        File a3 = a(this.c, b2);
        if (a3.exists()) {
            return;
        }
        b(a3, b2);
    }

    public X509Certificate findIssuer(X509Certificate x509Certificate) {
        c cVar = new c(this, x509Certificate);
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X509Certificate x509Certificate2 = (X509Certificate) a(this.b, issuerX500Principal, cVar, X509Certificate.class);
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        X509Certificate x509Certificate3 = (X509Certificate) a(this.a, issuerX500Principal, cVar, X509Certificate.class);
        if (x509Certificate3 == null || b(x509Certificate3)) {
            return null;
        }
        return x509Certificate3;
    }

    public Certificate getCertificate(String str) {
        return getCertificate(str, false);
    }

    public Certificate getCertificate(String str, boolean z) {
        X509Certificate b2;
        File a2 = a(str);
        if (a2 == null || ((isUser(str) && a(a2)) || (b2 = b(a2)) == null || (isSystem(str) && !z && b(b2)))) {
            return null;
        }
        return b2;
    }

    public String getCertificateAlias(Certificate certificate) {
        if (certificate != null && (certificate instanceof X509Certificate)) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            File a2 = a(this.b, x509Certificate);
            if (a2.exists()) {
                return PKCredentials.USER_CERTIFICATE + a2.getName();
            }
            if (b(x509Certificate)) {
                return null;
            }
            File a3 = a(this.a, x509Certificate);
            if (a3.exists()) {
                return PKCredentials.CA_CERTIFICATE + a3.getName();
            }
        }
        return null;
    }

    public List<X509Certificate> getCertificateChain(X509Certificate x509Certificate) throws CertificateException {
        OpenSSLX509Certificate a2;
        ArrayList arrayList = new ArrayList();
        arrayList.add(a(x509Certificate));
        int i2 = 0;
        while (true) {
            OpenSSLX509Certificate openSSLX509Certificate = (OpenSSLX509Certificate) arrayList.get(i2);
            if (!a(openSSLX509Certificate) && (a2 = a(findIssuer(openSSLX509Certificate))) != null) {
                arrayList.add(a2);
                i2++;
            }
        }
        return new ArrayList(arrayList);
    }

    public Date getCreationDate(String str) {
        File a2;
        if (!containsAlias(str) || (a2 = a(str)) == null) {
            return null;
        }
        long lastModified = a2.lastModified();
        if (lastModified == 0) {
            return null;
        }
        return new Date(lastModified);
    }

    public X509Certificate getTrustAnchor(X509Certificate x509Certificate) {
        b bVar = new b(this, x509Certificate);
        X509Certificate x509Certificate2 = (X509Certificate) a(this.b, x509Certificate.getSubjectX500Principal(), bVar, X509Certificate.class);
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        X509Certificate x509Certificate3 = (X509Certificate) a(this.a, x509Certificate.getSubjectX500Principal(), bVar, X509Certificate.class);
        if (x509Certificate3 == null || b(x509Certificate3)) {
            return null;
        }
        return x509Certificate3;
    }

    public void installCertificate(X509Certificate x509Certificate) throws IOException, CertificateException {
        if (x509Certificate == null) {
            throw new NullPointerException("cert == null");
        }
        if (a(this.a, x509Certificate).exists()) {
            File a2 = a(this.c, x509Certificate);
            if (a2.exists() && !a2.delete()) {
                throw new IOException("Could not remove " + a2);
            }
            return;
        }
        File a3 = a(this.b, x509Certificate);
        if (a3.exists()) {
            return;
        }
        b(a3, x509Certificate);
    }

    public boolean isUserAddedCertificate(X509Certificate x509Certificate) {
        return a(this.b, x509Certificate).exists();
    }

    public Set<String> userAliases() {
        HashSet hashSet = new HashSet();
        a(hashSet, PKCredentials.USER_CERTIFICATE, this.b);
        return hashSet;
    }
}
