package org.snmp4j.transport.tls;

import androidx.constraintlayout.widget.ConstraintLayout;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathChecker;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXRevocationChecker;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.snmp4j.TransportStateReference;
import org.snmp4j.event.CounterEvent;
import org.snmp4j.log.LogAdapter;
import org.snmp4j.log.LogFactory;
import org.snmp4j.mp.CounterSupport;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.OctetString;

/* loaded from: classes3.dex */
public class TLSTMUtil {

    /* renamed from: a, reason: collision with root package name */
    private static final LogAdapter f34262a = LogFactory.getLogger((Class<?>) TLSTMUtil.class);

    /* renamed from: b, reason: collision with root package name */
    private static final int f34263b = 3;

    private static void a(KeyStore keyStore, TransportStateReference transportStateReference, TlsTmSecurityCallback tlsTmSecurityCallback, String str) {
        String localCertificateAlias;
        if (tlsTmSecurityCallback != null && transportStateReference != null && (localCertificateAlias = tlsTmSecurityCallback.getLocalCertificateAlias(transportStateReference.getAddress())) != null) {
            str = localCertificateAlias;
        }
        if (str != null) {
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(str);
                if (certificateChain == null) {
                    f34262a.warn("Local certificate with alias '" + str + "' not found. Known aliases are: " + Collections.list(keyStore.aliases()));
                    return;
                }
                ArrayList arrayList = new ArrayList(certificateChain.length);
                for (Certificate certificate : certificateChain) {
                    String certificateAlias = keyStore.getCertificateAlias(certificate);
                    if (certificateAlias != null) {
                        arrayList.add(certificateAlias);
                    }
                }
                Iterator it = Collections.list(keyStore.aliases()).iterator();
                while (it.hasNext()) {
                    String str2 = (String) it.next();
                    if (!arrayList.contains(str2)) {
                        keyStore.deleteEntry(str2);
                    }
                }
            } catch (KeyStoreException e2) {
                f34262a.error("Failed to get certificate chain for alias " + str + ": " + e2.getMessage(), e2);
            }
        }
    }

    protected static void addCRLCertStore(String str, PKIXBuilderParameters pKIXBuilderParameters) {
        if (str == null || str.length() <= 0) {
            return;
        }
        try {
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(b(str))));
            pKIXBuilderParameters.setRevocationEnabled(true);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static Collection b(String str) {
        List emptyList = Collections.emptyList();
        if (str == null) {
            return emptyList;
        }
        try {
            try {
                InputStream openStream = new URI(str).toURL().openStream();
                try {
                    Collection<? extends CRL> generateCRLs = CertificateFactory.getInstance("X.509").generateCRLs(openStream);
                    if (openStream != null) {
                        openStream.close();
                    }
                    return generateCRLs;
                } finally {
                }
            } catch (IOException | CRLException | CertificateException e2) {
                throw new RuntimeException("Unable to load certificate revocation list '" + str + "' :" + e2, e2);
            }
        } catch (URISyntaxException e3) {
            throw new RuntimeException(e3);
        }
    }

    public static PKIXRevocationChecker createDefaultPKIXRevocationChecker() {
        CertPathChecker revocationChecker;
        PKIXRevocationChecker.Option option;
        PKIXRevocationChecker.Option option2;
        PKIXRevocationChecker.Option option3;
        try {
            revocationChecker = CertPathBuilder.getInstance(TrustManagerFactory.getDefaultAlgorithm()).getRevocationChecker();
            PKIXRevocationChecker a2 = h.a(revocationChecker);
            option = PKIXRevocationChecker.Option.PREFER_CRLS;
            option2 = PKIXRevocationChecker.Option.ONLY_END_ENTITY;
            option3 = PKIXRevocationChecker.Option.NO_FALLBACK;
            a2.setOptions(EnumSet.of(option, option2, option3));
            return a2;
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static SSLContext createSSLContext(String str, String str2, String str3, String str4, String str5, TransportStateReference transportStateReference, TLSTMTrustManagerFactory tLSTMTrustManagerFactory, boolean z2, TlsTmSecurityCallback<X509Certificate> tlsTmSecurityCallback, String str6, PKIXRevocationChecker pKIXRevocationChecker, String str7) {
        SSLContext sSLContext = SSLContext.getInstance(str);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        try {
            FileInputStream fileInputStream = new FileInputStream(str2);
            try {
                FileInputStream fileInputStream2 = new FileInputStream(str4);
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, str3 != null ? str3.toCharArray() : null);
                    LogAdapter logAdapter = f34262a;
                    if (logAdapter.isInfoEnabled()) {
                        logAdapter.info("KeyStore '" + str2 + "' contains: " + Collections.list(keyStore.aliases()));
                    }
                    a(keyStore, transportStateReference, tlsTmSecurityCallback, str6);
                    KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore2.load(fileInputStream2, str5 != null ? str5.toCharArray() : null);
                    if (logAdapter.isInfoEnabled()) {
                        logAdapter.info("TrustStore '" + str4 + "' contains: " + Collections.list(keyStore2.aliases()));
                    }
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, str3 != null ? str3.toCharArray() : null);
                    if (pKIXRevocationChecker != null) {
                        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(keyStore2, new X509CertSelector());
                        pKIXBuilderParameters.addCertPathChecker(pKIXRevocationChecker);
                        if (str7 != null) {
                            addCRLCertStore(str7, pKIXBuilderParameters);
                        }
                        trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters));
                    } else if (str7 != null) {
                        PKIXBuilderParameters pKIXBuilderParameters2 = new PKIXBuilderParameters(keyStore2, new X509CertSelector());
                        addCRLCertStore(str7, pKIXBuilderParameters2);
                        trustManagerFactory.init(new CertPathTrustManagerParameters(pKIXBuilderParameters2));
                    } else {
                        trustManagerFactory.init(keyStore2);
                    }
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    if (logAdapter.isDebugEnabled()) {
                        logAdapter.debug("SSL context initializing with TrustManagers: " + Arrays.asList(trustManagers) + " and factory " + tLSTMTrustManagerFactory.getClass().getName());
                    }
                    sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{tLSTMTrustManagerFactory.create((X509TrustManager) trustManagers[0], z2, transportStateReference)}, null);
                    fileInputStream2.close();
                    fileInputStream.close();
                    return sSLContext;
                } finally {
                }
            } finally {
            }
        } catch (FileNotFoundException e2) {
            String str8 = "Failed to initialize SSLContext because of a FileNotFoundException: " + e2.getMessage();
            f34262a.error(str8, e2);
            throw new KeyStoreException(str8, e2);
        } catch (IOException e3) {
            String str9 = "Failed to initialize SSLContext because of an IOException: " + e3.getMessage();
            f34262a.error(str9, e3);
            throw new KeyStoreException(str9, e3);
        } catch (NullPointerException e4) {
            f34262a.error("Failed to initialize SSLContext because of missing key store (javax.net.ssl.keyStore)");
            throw new KeyStoreException("Failed to initialize SSLContext because of missing key store (javax.net.ssl.keyStore)", e4);
        } catch (KeyManagementException e5) {
            f34262a.error("Failed to initialize SSLContext because of a KeyManagementException: " + e5.getMessage(), e5);
            throw e5;
        } catch (KeyStoreException e6) {
            f34262a.error("Failed to initialize SSLContext because of a KeyStoreException: " + e6.getMessage(), e6);
            throw e6;
        } catch (UnrecoverableKeyException e7) {
            f34262a.error("Failed to initialize SSLContext because of an UnrecoverableKeyException: " + e7.getMessage(), e7);
            throw e7;
        } catch (CertificateException e8) {
            f34262a.error("Failed to initialize SSLContext because of a CertificateException: " + e8.getMessage(), e8);
            throw e8;
        }
    }

    public static OctetString getFingerprint(X509Certificate x509Certificate) {
        try {
            String sigAlgName = x509Certificate.getSigAlgName();
            if (sigAlgName.contains("with")) {
                sigAlgName = sigAlgName.substring(0, sigAlgName.indexOf("with"));
            }
            int length = sigAlgName.length();
            int i2 = f34263b;
            if (length > i2) {
                switch (sigAlgName.charAt(i2)) {
                    case ConstraintLayout.LayoutParams.Table.LAYOUT_EDITOR_ABSOLUTEX /* 49 */:
                    case '2':
                    case '3':
                    case '5':
                        sigAlgName = sigAlgName.substring(0, i2) + "-" + sigAlgName.substring(i2);
                        break;
                }
            }
            MessageDigest messageDigest = MessageDigest.getInstance(sigAlgName);
            messageDigest.update(x509Certificate.getEncoded());
            return new OctetString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e2) {
            f34262a.error("No such digest algorithm exception while getting fingerprint from " + x509Certificate + ": " + e2.getMessage(), e2);
            return null;
        } catch (CertificateEncodingException e3) {
            f34262a.error("Certificate encoding exception while getting fingerprint from " + x509Certificate + ": " + e3.getMessage(), e3);
            return null;
        }
    }

    public static OctetString getIpAddressFromSubjAltName(Collection<List<?>> collection) {
        Object subjAltName = getSubjAltName(collection, 7);
        if (subjAltName == null) {
            return null;
        }
        String lowerCase = ((String) subjAltName).toLowerCase();
        if (lowerCase.indexOf(58) < 0) {
            return new OctetString(lowerCase);
        }
        StringBuilder sb = new StringBuilder(16);
        for (String str : lowerCase.split(":")) {
            for (int length = 2 - str.length(); length > 0; length--) {
                sb.append('0');
            }
            sb.append(str);
        }
        return new OctetString(sb.toString());
    }

    public static Object getSubjAltName(Collection<List<?>> collection, int i2) {
        if (collection == null) {
            return null;
        }
        for (List<?> list : collection) {
            if (((Integer) list.get(0)).intValue() == i2) {
                return list.get(1);
            }
        }
        return null;
    }

    public static boolean isMatchingFingerprint(X509Certificate[] x509CertificateArr, OctetString octetString, boolean z2, CounterSupport counterSupport, LogAdapter logAdapter, Object obj) {
        X509Certificate x509Certificate = x509CertificateArr[0];
        if (octetString == null || octetString.length() <= 0) {
            return false;
        }
        OctetString fingerprint = getFingerprint(x509Certificate);
        if (logAdapter.isDebugEnabled()) {
            logAdapter.debug("Comparing certificate fingerprint " + x509Certificate.getSubjectX500Principal() + ": " + fingerprint + " with " + octetString);
        }
        if (fingerprint == null) {
            logAdapter.error("Failed to determine fingerprint for certificate " + x509Certificate + " and algorithm " + x509Certificate.getSigAlgName());
        } else if (fingerprint.equals(octetString)) {
            if (!logAdapter.isInfoEnabled()) {
                return true;
            }
            logAdapter.info("Peer is trusted by fingerprint '" + octetString + "' of certificate: '" + x509Certificate + "'");
            return true;
        }
        counterSupport.fireIncrementCounter(new CounterEvent(obj, z2 ? SnmpConstants.snmpTlstmSessionInvalidServerCertificates : SnmpConstants.snmpTlstmSessionInvalidClientCertificates));
        throw new CertificateException("Fingerprint of provided certificate " + x509Certificate.getSubjectX500Principal() + "(" + fingerprint + ") does not match " + octetString.toHexString());
    }
}
