package com.thursby.pkard.sdk;

import android.content.Context;
import android.util.Base64;
import com.thursby.pkard.conscrypt.NativeCrypto;
import com.thursby.pkard.conscrypt.OpenSSLX509Certificate;
import com.thursby.pkard.conscrypt.PKTrustStoreException;
import com.thursby.pkard.sdk.deployment.PKPolicy;
import com.thursby.pkard.util.Log;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class PKTrustStore {
    private static final String l = "PKTrustStore";
    private static String m = "TrustAnchors";
    private static String n = "trustedCerts.pem";
    private static String o = "untrustedCAs.pem";
    private static String p = "blacklistCerts.pem";
    private Context a;
    private final String b;
    private KeyStore c;
    private boolean d = false;
    private boolean e = true;
    HashMap<String, X509Certificate> f = new HashMap<>();
    HashMap<String, X509Certificate> g = new HashMap<>();
    HashMap<String, X509Certificate> h = new HashMap<>();
    HashMap<String, X509Certificate> i = null;
    HashMap<String, X509Certificate> j = null;
    HashMap<String, X509Certificate> k = null;

    public PKTrustStore(Context context) {
        this.a = context;
        this.b = context.getDir(m, 0).toString();
    }

    private String a(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerDN().getName() + "::" + x509Certificate.getSerialNumber().toString();
    }

    private void a() {
        JSONObject PKPolicyManagementLoad = PKPolicy.PKPolicyManagementLoad(this.a, null, false);
        if (PKPolicyManagementLoad == null) {
            return;
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            try {
                JSONArray jSONArray = PKPolicyManagementLoad.getJSONArray("trusted_roots");
                for (int i = 0; i < jSONArray.length(); i++) {
                    String string = jSONArray.getString(i);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(string.getBytes(), 0, string.length(), 0));
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    this.g.put(a(x509Certificate), x509Certificate);
                }
            } catch (IOException | CertificateException | JSONException e) {
                Log.d(l, e.getLocalizedMessage());
            }
            try {
                JSONArray jSONArray2 = PKPolicyManagementLoad.getJSONArray("untrusted_roots");
                for (int i2 = 0; i2 < jSONArray2.length(); i2++) {
                    String string2 = jSONArray2.getString(i2);
                    ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(Base64.decode(string2.getBytes(), 0, string2.length(), 0));
                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                    byteArrayInputStream2.close();
                    this.h.put(a(x509Certificate2), x509Certificate2);
                }
            } catch (IOException | CertificateException | JSONException e2) {
                Log.d(l, e2.getLocalizedMessage());
            }
            try {
                JSONArray jSONArray3 = PKPolicyManagementLoad.getJSONArray("trusted_certificates");
                for (int i3 = 0; i3 < jSONArray3.length(); i3++) {
                    String string3 = jSONArray3.getString(i3);
                    ByteArrayInputStream byteArrayInputStream3 = new ByteArrayInputStream(Base64.decode(string3.getBytes(), 0, string3.length(), 0));
                    X509Certificate x509Certificate3 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream3);
                    byteArrayInputStream3.close();
                    if (this.f == null) {
                        this.f = new HashMap<>();
                    }
                    this.f.put(a(x509Certificate3), x509Certificate3);
                }
            } catch (IOException | CertificateException | JSONException e3) {
                Log.d(l, e3.getLocalizedMessage());
            }
        } catch (CertificateException e4) {
            Log.d(l, e4.getLocalizedMessage());
        }
    }

    private static void a(KeyStore keyStore, HashMap<String, X509Certificate> hashMap) {
        if (keyStore == null || hashMap == null) {
            return;
        }
        Log.i(l, "XXXCK: adding " + hashMap.size() + " certificates");
        for (Map.Entry<String, X509Certificate> entry : hashMap.entrySet()) {
            try {
                if (keyStore.containsAlias(entry.getKey())) {
                    Log.w(l, "collision adding " + entry.getKey());
                }
                keyStore.setCertificateEntry(entry.getKey(), entry.getValue());
            } catch (KeyStoreException e) {
                Log.e(l, "failed to add cert to trust store", e);
            }
        }
        try {
            Log.i(l, "XXXCK: trusting " + keyStore.size() + " certificates");
        } catch (KeyStoreException unused) {
        }
    }

    private static void a(HashMap<String, X509Certificate> hashMap, String str) {
        if (hashMap == null || hashMap.size() == 0 || str == null || str.length() == 0) {
            String str2 = l;
            Object[] objArr = new Object[4];
            objArr[0] = hashMap == null ? 0 : hashMap.toString();
            objArr[1] = Integer.valueOf(hashMap == null ? 0 : hashMap.size());
            objArr[2] = str == null ? "" : str;
            objArr[3] = Integer.valueOf(str != null ? str.length() : 0);
            Log.d(str2, String.format("Inavid Parameters: hashMap = %s, hashMap.size() = %d, pemFile = %s, pemFile.length() = %d", objArr));
            return;
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(new File(str));
            Iterator<X509Certificate> it = hashMap.values().iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getEncoded();
                if (encoded != null) {
                    String encodeToString = Base64.encodeToString(encoded, 0);
                    if (encodeToString != null) {
                        fileOutputStream.write("-----BEGIN CERTIFICATE-----\n".getBytes());
                        fileOutputStream.write(encodeToString.getBytes());
                        fileOutputStream.write("-----END CERTIFICATE-----\n".getBytes());
                    } else {
                        Log.d(l, "saveCertificatesToPemFile() - Failed to encode to Base64!");
                    }
                }
            }
            fileOutputStream.close();
        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        } catch (CertificateEncodingException e3) {
            e3.printStackTrace();
        }
    }

    private boolean a(List<X509Certificate> list) {
        HashMap<String, X509Certificate> hashMap;
        int size = list.size() - 0;
        boolean z = false;
        for (int i = 0; i < size; i++) {
            if (this.f.containsValue(list.get(i)) || ((hashMap = this.i) != null && hashMap.containsValue(list.get(i)))) {
                z = true;
            }
            if (z) {
                break;
            }
        }
        return z;
    }

    private X509Certificate[] a(int i) {
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X509").generateCertificates(this.a.getResources().openRawResource(i));
            Log.d(l, "found " + generateCertificates.size() + " certificates in raw file");
            return (X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]);
        } catch (CertificateException e) {
            Log.e(l, "Certificate Exception reading resource");
            e.printStackTrace();
            return null;
        }
    }

    private X509Certificate[] a(String str) {
        try {
            File file = new File(str);
            if (!file.exists() && !file.createNewFile()) {
                return null;
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            X509Certificate[] x509CertificateArr = (X509Certificate[]) CertificateFactory.getInstance("X509").generateCertificates(fileInputStream).toArray(new X509Certificate[0]);
            fileInputStream.close();
            return x509CertificateArr;
        } catch (FileNotFoundException e) {
            Log.e(l, "File Exception reading File : " + e.getLocalizedMessage());
            e.printStackTrace();
            return null;
        } catch (IOException e2) {
            Log.e(l, "I/O Exception : " + e2.getLocalizedMessage());
            e2.printStackTrace();
            return null;
        } catch (CertificateException e3) {
            Log.e(l, "Certificate Exception reading resource : " + e3.getLocalizedMessage());
            e3.printStackTrace();
            return null;
        }
    }

    private static X509Certificate[] a(X509Certificate[] x509CertificateArr, boolean z) {
        boolean z2;
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        int i = 0;
        int i2 = 0;
        while (i2 < x509CertificateArr.length) {
            int i3 = i2 + 1;
            int i4 = i3;
            while (true) {
                if (i4 >= x509CertificateArr.length) {
                    z2 = false;
                    break;
                }
                if (x509CertificateArr[i2].getIssuerDN().equals(x509CertificateArr[i4].getSubjectDN())) {
                    if (i4 != i3) {
                        X509Certificate x509Certificate = x509CertificateArr[i4];
                        x509CertificateArr[i4] = x509CertificateArr[i3];
                        x509CertificateArr[i3] = x509Certificate;
                    }
                    z2 = true;
                } else {
                    i4++;
                }
            }
            if (!z2) {
                break;
            }
            i2 = i3;
        }
        if (z) {
            System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, x509CertificateArr.length);
        } else {
            int length = x509CertificateArr.length - 1;
            while (i < x509CertificateArr.length) {
                x509CertificateArr2[i] = x509CertificateArr[length];
                i++;
                length--;
            }
        }
        return x509CertificateArr2;
    }

    private HashMap<String, X509Certificate> b(int i) {
        X509Certificate[] a = a(i);
        if (a == null || a.length == 0) {
            return null;
        }
        HashMap<String, X509Certificate> hashMap = new HashMap<>();
        for (X509Certificate x509Certificate : a) {
            hashMap.put(a(x509Certificate), x509Certificate);
        }
        return hashMap;
    }

    private HashMap<String, X509Certificate> b(String str) {
        X509Certificate[] a = a(str);
        if (a == null || a.length == 0) {
            return new HashMap<>();
        }
        HashMap<String, X509Certificate> hashMap = new HashMap<>();
        for (X509Certificate x509Certificate : a) {
            hashMap.put(a(x509Certificate), x509Certificate);
        }
        return hashMap;
    }

    private void b() {
        Log.d(l, "SAVING BUCKETS...");
        a(this.i, this.b + File.separator + n);
        a(this.j, this.b + File.separator + o);
    }

    private boolean b(List<X509Certificate> list) {
        HashMap<String, X509Certificate> hashMap;
        X509Certificate x509Certificate = list.get(list.size() - 1);
        HashMap<String, X509Certificate> hashMap2 = this.h;
        return (hashMap2 != null && hashMap2.containsValue(x509Certificate)) || ((hashMap = this.j) != null && hashMap.containsValue(x509Certificate));
    }

    public void addToBlackList(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length < 1 || this.k == null) {
            return;
        }
        X509Certificate[] a = a(x509CertificateArr, true);
        try {
            this.k.put(a(a[0]), a[0]);
            if (this.e) {
                b();
            }
            a(this.k, this.b + File.separator + p);
        } catch (NullPointerException e) {
            Log.e(l, "storeCert(" + x509CertificateArr + ")", e);
        }
    }

    public synchronized KeyStore buildKeyStore() {
        if (!this.d) {
            Log.e(l, "no key store, this trust store has not been initialized yet");
            return null;
        }
        this.c = null;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.c = keyStore;
            keyStore.load(null);
            a(this.c, this.g);
            a(this.c, this.f);
            HashMap<String, X509Certificate> hashMap = this.i;
            if (hashMap != null) {
                a(this.c, hashMap);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Log.e(l, "failed to add certs to trust store", e);
            this.c = null;
        }
        return this.c;
    }

    public void checkTrust(List<X509Certificate> list) throws PKTrustStoreException {
        b(list);
        if (!a(list)) {
            throw new PKTrustStoreException("Leaf or Intermediate Certificate is Untrusted!");
        }
    }

    public void flushPermissiveStore() {
        b();
    }

    public KeyStore getCurrentKeyStore() {
        return this.c;
    }

    public boolean init() {
        HashMap<String, X509Certificate> b = b(R.raw.trusted_cas);
        this.g = b;
        if (b == null) {
            Log.d(l, "unable to load trusted_cas");
            this.g = new HashMap<>();
        }
        HashMap<String, X509Certificate> b2 = b(R.raw.trusted_certs);
        this.f = b2;
        if (b2 == null) {
            Log.d(l, "unable to load trusted_certs");
            this.f = new HashMap<>();
        }
        HashMap<String, X509Certificate> b3 = b(R.raw.untrusted_cas);
        this.h = b3;
        if (b3 == null) {
            Log.d(l, "unable to load untrusted_cas");
            this.h = new HashMap<>();
        }
        a();
        OpenSSLX509Certificate[] openSSLX509CertificateArr = new OpenSSLX509Certificate[this.g.size()];
        long[] jArr = new long[this.g.size()];
        OpenSSLX509Certificate[] openSSLX509CertificateArr2 = new OpenSSLX509Certificate[this.f.size()];
        long[] jArr2 = new long[this.f.size()];
        OpenSSLX509Certificate[] openSSLX509CertificateArr3 = new OpenSSLX509Certificate[this.h.size()];
        long[] jArr3 = new long[this.h.size()];
        Iterator<X509Certificate> it = this.g.values().iterator();
        int i = 0;
        int i2 = 0;
        while (it.hasNext()) {
            try {
                OpenSSLX509Certificate fromCertificate = OpenSSLX509Certificate.fromCertificate(it.next());
                openSSLX509CertificateArr[i2] = fromCertificate;
                jArr[i2] = fromCertificate.getContext();
                i2++;
            } catch (CertificateEncodingException unused) {
            }
        }
        Iterator<X509Certificate> it2 = this.f.values().iterator();
        int i3 = 0;
        while (it2.hasNext()) {
            try {
                OpenSSLX509Certificate fromCertificate2 = OpenSSLX509Certificate.fromCertificate(it2.next());
                openSSLX509CertificateArr2[i3] = fromCertificate2;
                jArr2[i3] = fromCertificate2.getContext();
                i3++;
            } catch (CertificateEncodingException unused2) {
            }
        }
        Iterator<X509Certificate> it3 = this.h.values().iterator();
        while (it3.hasNext()) {
            try {
                OpenSSLX509Certificate fromCertificate3 = OpenSSLX509Certificate.fromCertificate(it3.next());
                openSSLX509CertificateArr3[i] = fromCertificate3;
                jArr3[i] = fromCertificate3.getContext();
                i++;
            } catch (CertificateEncodingException unused3) {
            }
        }
        NativeCrypto.ConfigureCertificateChains(jArr, jArr2, jArr3);
        synchronized (this) {
            this.d = true;
        }
        return true;
    }

    public boolean isBlacklisted(X509Certificate[] x509CertificateArr) {
        return this.k.containsValue(a(x509CertificateArr, true)[0]);
    }

    public void loadPermissiveTrustStores() {
        HashMap<String, X509Certificate> hashMap = this.i;
        if (hashMap != null) {
            hashMap.clear();
            this.i = null;
        }
        this.i = b(this.b + File.separator + n);
        HashMap<String, X509Certificate> hashMap2 = this.j;
        if (hashMap2 != null) {
            hashMap2.clear();
            this.j = null;
        }
        this.j = b(this.b + File.separator + o);
        HashMap<String, X509Certificate> hashMap3 = this.k;
        if (hashMap3 != null) {
            hashMap3.clear();
            this.k = null;
        }
        this.k = b(this.b + File.separator + p);
    }

    public synchronized boolean secureReset() {
        boolean z = true;
        String str = l;
        Log.d(str, "secure resetting");
        if (!this.d) {
            return false;
        }
        File file = new File(this.b + File.separator + n);
        String name = file.getName();
        if (file.exists()) {
            z = file.delete();
            Log.d(str, z ? "deleted" : "did not delete" + name);
            if (!z) {
                return z;
            }
        }
        File file2 = new File(this.b + File.separator + o);
        String name2 = file2.getName();
        if (file2.exists()) {
            z = file2.delete();
            Log.d(str, z ? "deleted" : "did not delete" + name2);
            if (!z) {
                return z;
            }
        }
        File file3 = new File(this.b + File.separator + p);
        String name3 = file3.getName();
        if (file3.exists()) {
            z = file3.delete();
            Log.d(str, z ? "deleted" : "did not delete" + name3);
            if (!z) {
                return z;
            }
        }
        loadPermissiveTrustStores();
        PKTrustManager.reloadTrustStore();
        return z;
    }

    public boolean shouldDoRevocationChecking(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[x509CertificateArr.length - 1];
        HashMap<String, X509Certificate> hashMap = this.g;
        return hashMap != null && hashMap.containsValue(x509Certificate);
    }

    public synchronized void storePermissiveTrustStores(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr != null) {
            if (x509CertificateArr.length >= 1 && this.i != null && this.j != null) {
                X509Certificate[] a = a(x509CertificateArr, true);
                for (int i = 0; i < a.length; i++) {
                    try {
                        String a2 = a(x509CertificateArr[i]);
                        if (i >= a.length - 1 && a.length != 1) {
                            if (this.j.put(a2, a[i]) != null) {
                                Log.d(l, "storePermissiveTrustStore() - Replaced Untrusted Cert ->" + a2);
                            }
                        }
                        if (this.i.put(a2, a[i]) != null) {
                            Log.d(l, "storePermissiveTrustStore() - Replaced Trusted Cert -> " + a2);
                        }
                    } catch (NullPointerException e) {
                        Log.e(l, "storeCert(" + x509CertificateArr + ")", e);
                        return;
                    }
                }
                if (this.e) {
                    b();
                }
            }
        }
    }
}
