package com.commonsware.cwac.netsecurity.config;

import com.commonsware.cwac.netsecurity.conscrypt.Hex;
import java.io.File;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
abstract class DirectoryCertificateSource implements CertificateSource {
    private final CertificateFactory mCertFactory;
    private Set<X509Certificate> mCertificates;
    private final File mDir;
    private final Object mLock = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface CertSelector {
        boolean match(X509Certificate x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DirectoryCertificateSource(File file) {
        this.mDir = file;
        try {
            this.mCertFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e);
        }
    }

    private static int X509_NAME_hash(X500Principal x500Principal, String str) {
        try {
            byte[] digest = MessageDigest.getInstance(str).digest(x500Principal.getEncoded());
            int i = 0 + 1;
            int i2 = i + 1;
            return ((digest[0] & 255) << 0) | ((digest[i] & 255) << 8) | ((digest[i2] & 255) << 16) | ((digest[i2 + 1] & 255) << 24);
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static int X509_NAME_hash_old(X500Principal x500Principal) {
        return X509_NAME_hash(x500Principal, "MD5");
    }

    private X509Certificate findCert(X500Principal x500Principal, CertSelector certSelector) {
        String hash = getHash(x500Principal);
        for (int i = 0; i >= 0; i++) {
            String str = hash + "." + i;
            if (!new File(this.mDir, str).exists()) {
                break;
            }
            if (!isCertMarkedAsRemoved(str)) {
                X509Certificate readCertificate = readCertificate(str);
                if (x500Principal.equals(readCertificate.getSubjectX500Principal()) && certSelector.match(readCertificate)) {
                    return readCertificate;
                }
            }
        }
        return null;
    }

    private Set<X509Certificate> findCerts(X500Principal x500Principal, CertSelector certSelector) {
        String hash = getHash(x500Principal);
        HashSet hashSet = null;
        for (int i = 0; i >= 0; i++) {
            String str = hash + "." + i;
            if (!new File(this.mDir, str).exists()) {
                break;
            }
            if (!isCertMarkedAsRemoved(str)) {
                X509Certificate readCertificate = readCertificate(str);
                if (x500Principal.equals(readCertificate.getSubjectX500Principal()) && certSelector.match(readCertificate)) {
                    if (hashSet == null) {
                        hashSet = new HashSet();
                    }
                    hashSet.add(readCertificate);
                }
            }
        }
        return hashSet != null ? hashSet : Collections.emptySet();
    }

    private String getHash(X500Principal x500Principal) {
        return Hex.intToHexString(X509_NAME_hash_old(x500Principal), 8);
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x0027 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.X509Certificate readCertificate(java.lang.String r8) {
        /*
            r7 = this;
            r1 = 0
            java.io.BufferedInputStream r2 = new java.io.BufferedInputStream     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            java.io.FileInputStream r4 = new java.io.FileInputStream     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            java.io.File r5 = new java.io.File     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            java.io.File r6 = r7.mDir     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            r5.<init>(r6, r8)     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            r4.<init>(r5)     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            r2.<init>(r4)     // Catch: java.security.cert.CertificateException -> L23 java.lang.Throwable -> L2d java.io.IOException -> L42
            java.security.cert.CertificateFactory r4 = r7.mCertFactory     // Catch: java.lang.Throwable -> L3c java.security.cert.CertificateException -> L3f java.io.IOException -> L44
            java.security.cert.Certificate r4 = r4.generateCertificate(r2)     // Catch: java.lang.Throwable -> L3c java.security.cert.CertificateException -> L3f java.io.IOException -> L44
            java.security.cert.X509Certificate r4 = (java.security.cert.X509Certificate) r4     // Catch: java.lang.Throwable -> L3c java.security.cert.CertificateException -> L3f java.io.IOException -> L44
            if (r2 == 0) goto L1f
            r2.close()     // Catch: java.lang.RuntimeException -> L21 java.lang.Exception -> L36
        L1f:
            r1 = r2
        L20:
            return r4
        L21:
            r3 = move-exception
            throw r3
        L23:
            r0 = move-exception
        L24:
            r4 = 0
            if (r1 == 0) goto L20
            r1.close()     // Catch: java.lang.RuntimeException -> L2b java.lang.Exception -> L38
            goto L20
        L2b:
            r3 = move-exception
            throw r3
        L2d:
            r4 = move-exception
        L2e:
            if (r1 == 0) goto L33
            r1.close()     // Catch: java.lang.RuntimeException -> L34 java.lang.Exception -> L3a
        L33:
            throw r4
        L34:
            r3 = move-exception
            throw r3
        L36:
            r5 = move-exception
            goto L1f
        L38:
            r5 = move-exception
            goto L20
        L3a:
            r5 = move-exception
            goto L33
        L3c:
            r4 = move-exception
            r1 = r2
            goto L2e
        L3f:
            r0 = move-exception
            r1 = r2
            goto L24
        L42:
            r0 = move-exception
            goto L24
        L44:
            r0 = move-exception
            r1 = r2
            goto L24
        */
        throw new UnsupportedOperationException("Method not decompiled: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.readCertificate(java.lang.String):java.security.cert.X509Certificate");
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public Set<X509Certificate> findAllByIssuerAndSignature(final X509Certificate x509Certificate) {
        return findCerts(x509Certificate.getIssuerX500Principal(), new CertSelector() { // from class: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.3
            @Override // com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        });
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public X509Certificate findByIssuerAndSignature(final X509Certificate x509Certificate) {
        return findCert(x509Certificate.getIssuerX500Principal(), new CertSelector() { // from class: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.2
            @Override // com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        });
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public X509Certificate findBySubjectAndPublicKey(final X509Certificate x509Certificate) {
        return findCert(x509Certificate.getSubjectX500Principal(), new CertSelector() { // from class: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.1
            @Override // com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                return x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey());
            }
        });
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public Set<X509Certificate> getCertificates() {
        Set<X509Certificate> set;
        X509Certificate readCertificate;
        synchronized (this.mLock) {
            if (this.mCertificates != null) {
                set = this.mCertificates;
            } else {
                HashSet hashSet = new HashSet();
                if (this.mDir.isDirectory()) {
                    for (String str : this.mDir.list()) {
                        if (!isCertMarkedAsRemoved(str) && (readCertificate = readCertificate(str)) != null) {
                            hashSet.add(readCertificate);
                        }
                    }
                }
                this.mCertificates = hashSet;
                set = this.mCertificates;
            }
        }
        return set;
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public void handleTrustStorageUpdate() {
        synchronized (this.mLock) {
            this.mCertificates = null;
        }
    }

    protected abstract boolean isCertMarkedAsRemoved(String str);
}
