package com.cisco.jabber.app.cert;

import android.content.Context;
import android.content.SharedPreferences;
import android.net.http.SslError;
import android.os.Handler;
import android.support.annotation.Keep;
import android.text.TextUtils;
import com.cisco.jabber.jcf.JcfLog;
import com.cisco.jabber.service.config.factory.GlobalConfigKeys;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

@Keep
/* loaded from: classes.dex */
public final class CertValidation {
    private static final String CERT_SERVER_FILENAME = "certserver";
    private static final int INVALID = 1;
    private static final String LOCAL_CERT_STORE = "store.bks";
    private static final int VALID = 0;
    private static volatile Handler sHandler;
    private static KeyStore sStore;
    private static SharedPreferences sTrustServerPreferences;
    private static final char[] UPPER_CASE_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
    private static Runnable sSyncKeyStoreRunnable = new Runnable() { // from class: com.cisco.jabber.app.cert.CertValidation.1
        @Override // java.lang.Runnable
        public void run() {
            CertValidation.syncKeyStore();
        }
    };

    private CertValidation() {
    }

    public static void cleanApplicationCertificates() {
        synchronized (CertValidation.class) {
            try {
                Enumeration<String> aliases = sStore.aliases();
                while (aliases.hasMoreElements()) {
                    sStore.deleteEntry(aliases.nextElement());
                }
                syncKeyStoreDelay();
            } catch (KeyStoreException e) {
                JcfLog.error(CertValidation.class, "cleanApplicationCertificates", String.format("KeyStoreException : %s", e));
            }
        }
    }

    public static X509TrustManager createDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            return findX509TrustManager(trustManagerFactory.getTrustManagers());
        } catch (KeyStoreException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    public static void dumpCertificates() {
        synchronized (CertValidation.class) {
            if (sStore == null) {
                JcfLog.debug(CertValidation.class, "dumpCertificates", "dumpCertificates KeyStore not init yet");
                return;
            }
            try {
                Enumeration<String> aliases = sStore.aliases();
                while (aliases.hasMoreElements()) {
                    JcfLog.debug(CertValidation.class, "dumpCertificates", String.format("dumpCertificates certificate hash: %s", aliases.nextElement()));
                }
            } catch (KeyStoreException e) {
                JcfLog.error(CertValidation.class, "dumpCertificates", String.format("KeyStoreException : %s", e));
            }
        }
    }

    private static X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private static String fingerprint(byte[] bArr) {
        if (bArr == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            byte b = bArr[i];
            sb.append(UPPER_CASE_DIGITS[(b >> 4) & 15]);
            sb.append(UPPER_CASE_DIGITS[b & 15]);
            if (i + 1 != bArr.length) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    public static String getDigest(X509Certificate x509Certificate, String str) {
        if (x509Certificate == null) {
            return "";
        }
        try {
            return fingerprint(MessageDigest.getInstance(str).digest(x509Certificate.getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            return "";
        } catch (CertificateEncodingException e2) {
            return "";
        }
    }

    public static String getSerialNumber(X509Certificate x509Certificate) {
        BigInteger serialNumber;
        return (x509Certificate == null || (serialNumber = x509Certificate.getSerialNumber()) == null) ? "" : fingerprint(serialNumber.toByteArray());
    }

    public static String hashName(X509Certificate x509Certificate) {
        return getDigest(x509Certificate, "SHA1").replace(":", " ").toLowerCase(Locale.US);
    }

    public static void initialise(Context context) {
        loadApplicationCertificates(context);
    }

    public static void installCertificate(X509Certificate x509Certificate, String str) {
        if (x509Certificate != null) {
            try {
                synchronized (CertValidation.class) {
                    sStore.setCertificateEntry(str, x509Certificate);
                }
                JcfLog.debug(CertValidation.class, "installCertificate", "install cert:" + str);
                syncKeyStoreDelay();
            } catch (KeyStoreException e) {
                JcfLog.error(CertValidation.class, "installCertificate", String.format("KeyStoreException : %s", e));
            }
        }
    }

    public static boolean isCertExpired(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            return true;
        } catch (CertificateNotYetValidException e2) {
        }
        return false;
    }

    public static boolean isTrustedByApplication(X509Certificate x509Certificate, String str) {
        boolean z;
        try {
            synchronized (CertValidation.class) {
                X509Certificate x509Certificate2 = (X509Certificate) sStore.getCertificate(str);
                if (x509Certificate2 == null) {
                    JcfLog.debug(CertValidation.class, "isTrustedByApplication", "fail not exist hash:" + str);
                    z = false;
                } else if (!x509Certificate2.equals(x509Certificate)) {
                    JcfLog.debug(CertValidation.class, "isTrustedByApplication", "fail not equal hash:" + str);
                    z = false;
                } else if (isCertExpired(x509Certificate)) {
                    JcfLog.info(CertValidation.class, "isTrustedByApplication", "Certificate has expired, removing from trust");
                    sStore.deleteEntry(str);
                    z = false;
                } else {
                    JcfLog.debug(CertValidation.class, "isTrustedByApplication", "success:" + str);
                    z = true;
                }
            }
            return z;
        } catch (KeyStoreException e) {
            JcfLog.error(CertValidation.class, "isTrustedByApplication", "fail exception:" + str);
            return false;
        }
    }

    private static void loadApplicationCertificates(final Context context) {
        new Thread(new Runnable() { // from class: com.cisco.jabber.app.cert.CertValidation.2
            /* JADX WARN: Multi-variable type inference failed */
            /* JADX WARN: Removed duplicated region for block: B:20:0x0051 A[EXC_TOP_SPLITTER, SYNTHETIC] */
            /* JADX WARN: Removed duplicated region for block: B:8:0x005c A[Catch: all -> 0x00b7, TryCatch #16 {, blocks: (B:4:0x0004, B:13:0x0016, B:21:0x0051, B:24:0x00cb, B:53:0x009e, B:56:0x00a3, B:91:0x01ac, B:89:0x01af, B:94:0x01b1, B:45:0x018d, B:48:0x0193, B:69:0x015b, B:72:0x0161, B:61:0x0129, B:64:0x012f, B:37:0x00f7, B:40:0x00fd, B:6:0x0054, B:8:0x005c, B:9:0x005f), top: B:3:0x0004, inners: #6, #8, #9, #11, #17, #18, #20 }] */
            /* JADX WARN: Type inference failed for: r1v0, types: [java.lang.String] */
            /* JADX WARN: Type inference failed for: r1v1, types: [java.io.FileInputStream] */
            /* JADX WARN: Type inference failed for: r1v4 */
            @Override // java.lang.Runnable
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public void run() {
                /*
                    Method dump skipped, instructions count: 473
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: com.cisco.jabber.app.cert.CertValidation.AnonymousClass2.run():void");
            }
        }).start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void migrateCertificates() {
        synchronized (CertValidation.class) {
            JcfLog.debug(CertValidation.class, "migrateCertificates", "migrating certificates");
            HashMap hashMap = new HashMap();
            try {
                Enumeration<String> aliases = sStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    X509Certificate x509Certificate = (X509Certificate) sStore.getCertificate(nextElement);
                    String hashName = hashName(x509Certificate);
                    sStore.deleteEntry(nextElement);
                    Set<String> stringSet = sTrustServerPreferences.getStringSet(nextElement, null);
                    if (stringSet != null) {
                        Iterator<String> it = stringSet.iterator();
                        while (it.hasNext()) {
                            hashMap.put(it.next() + "_" + hashName, x509Certificate);
                        }
                    }
                }
                for (Map.Entry entry : hashMap.entrySet()) {
                    sStore.setCertificateEntry((String) entry.getKey(), (Certificate) entry.getValue());
                }
                syncKeyStore();
            } catch (KeyStoreException e) {
                JcfLog.error(CertValidation.class, "migrateCertificates", String.format("KeyStoreException : %s", e));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean needMigrateCertificates(Context context) {
        com.cisco.jabber.service.config.factory.a a = com.cisco.jabber.service.config.factory.a.a();
        a.a(context);
        String a2 = a.c().a(GlobalConfigKeys.KEY_EULA_VERSION, "");
        if (TextUtils.isEmpty(a2)) {
            return false;
        }
        String[] split = a2.split("\\.");
        return Integer.parseInt(split[1]) + (Integer.parseInt(split[0]) * 10) < 111;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void syncKeyStore() {
        new Thread(new Runnable() { // from class: com.cisco.jabber.app.cert.CertValidation.3
            /* JADX WARN: Multi-variable type inference failed */
            /* JADX WARN: Removed duplicated region for block: B:67:0x016b A[EXC_TOP_SPLITTER, SYNTHETIC] */
            /* JADX WARN: Type inference failed for: r1v10, types: [java.io.FileOutputStream] */
            /* JADX WARN: Type inference failed for: r1v2, types: [boolean] */
            /* JADX WARN: Type inference failed for: r1v4 */
            @Override // java.lang.Runnable
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public void run() {
                /*
                    Method dump skipped, instructions count: 404
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: com.cisco.jabber.app.cert.CertValidation.AnonymousClass3.run():void");
            }
        }).start();
    }

    private static void syncKeyStoreDelay() {
        if (sHandler == null) {
            synchronized (CertValidation.class) {
                if (sHandler == null) {
                    sHandler = new Handler();
                }
            }
        }
        sHandler.removeCallbacks(sSyncKeyStoreRunnable);
        sHandler.postDelayed(sSyncKeyStoreRunnable, 15000L);
    }

    public static X509Certificate translatePEMtoCertificate(String str) {
        return translatePEMtoCertificate(str.getBytes(Charset.forName("UTF-8")));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:34:0x0061 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.cert.X509Certificate translatePEMtoCertificate(byte[] r10) {
        /*
            r1 = 0
            r9 = 1
            r8 = 0
            java.lang.String r0 = "X.509"
            java.security.cert.CertificateFactory r0 = java.security.cert.CertificateFactory.getInstance(r0)     // Catch: java.security.cert.CertificateException -> L2d java.lang.Throwable -> L5d
            java.io.ByteArrayInputStream r2 = new java.io.ByteArrayInputStream     // Catch: java.security.cert.CertificateException -> L2d java.lang.Throwable -> L5d
            r2.<init>(r10)     // Catch: java.security.cert.CertificateException -> L2d java.lang.Throwable -> L5d
            java.security.cert.Certificate r0 = r0.generateCertificate(r2)     // Catch: java.lang.Throwable -> L78 java.security.cert.CertificateException -> L7a
            java.security.cert.X509Certificate r0 = (java.security.cert.X509Certificate) r0     // Catch: java.lang.Throwable -> L78 java.security.cert.CertificateException -> L7a
            if (r2 == 0) goto L19
            r2.close()     // Catch: java.io.IOException -> L1a
        L19:
            return r0
        L1a:
            r1 = move-exception
            java.lang.Class<com.cisco.jabber.app.cert.CertValidation> r2 = com.cisco.jabber.app.cert.CertValidation.class
            java.lang.String r3 = "translatePEMtoCertificate"
            java.lang.String r4 = "IOException : %s"
            java.lang.Object[] r5 = new java.lang.Object[r9]
            r5[r8] = r1
            java.lang.String r1 = java.lang.String.format(r4, r5)
            com.cisco.jabber.jcf.JcfLog.error(r2, r3, r1)
            goto L19
        L2d:
            r0 = move-exception
            r2 = r1
        L2f:
            java.lang.Class<com.cisco.jabber.app.cert.CertValidation> r3 = com.cisco.jabber.app.cert.CertValidation.class
            java.lang.String r4 = "translatePEMtoCertificate"
            java.lang.String r5 = "CertificateException : %s"
            r6 = 1
            java.lang.Object[] r6 = new java.lang.Object[r6]     // Catch: java.lang.Throwable -> L78
            r7 = 0
            r6[r7] = r0     // Catch: java.lang.Throwable -> L78
            java.lang.String r0 = java.lang.String.format(r5, r6)     // Catch: java.lang.Throwable -> L78
            com.cisco.jabber.jcf.JcfLog.error(r3, r4, r0)     // Catch: java.lang.Throwable -> L78
            if (r2 == 0) goto L7c
            r2.close()     // Catch: java.io.IOException -> L49
            r0 = r1
            goto L19
        L49:
            r0 = move-exception
            java.lang.Class<com.cisco.jabber.app.cert.CertValidation> r2 = com.cisco.jabber.app.cert.CertValidation.class
            java.lang.String r3 = "translatePEMtoCertificate"
            java.lang.String r4 = "IOException : %s"
            java.lang.Object[] r5 = new java.lang.Object[r9]
            r5[r8] = r0
            java.lang.String r0 = java.lang.String.format(r4, r5)
            com.cisco.jabber.jcf.JcfLog.error(r2, r3, r0)
            r0 = r1
            goto L19
        L5d:
            r0 = move-exception
            r2 = r1
        L5f:
            if (r2 == 0) goto L64
            r2.close()     // Catch: java.io.IOException -> L65
        L64:
            throw r0
        L65:
            r1 = move-exception
            java.lang.Class<com.cisco.jabber.app.cert.CertValidation> r2 = com.cisco.jabber.app.cert.CertValidation.class
            java.lang.String r3 = "translatePEMtoCertificate"
            java.lang.String r4 = "IOException : %s"
            java.lang.Object[] r5 = new java.lang.Object[r9]
            r5[r8] = r1
            java.lang.String r1 = java.lang.String.format(r4, r5)
            com.cisco.jabber.jcf.JcfLog.error(r2, r3, r1)
            goto L64
        L78:
            r0 = move-exception
            goto L5f
        L7a:
            r0 = move-exception
            goto L2f
        L7c:
            r0 = r1
            goto L19
        */
        throw new UnsupportedOperationException("Method not decompiled: com.cisco.jabber.app.cert.CertValidation.translatePEMtoCertificate(byte[]):java.security.cert.X509Certificate");
    }

    public static int verifyCertificate(byte[][] bArr) {
        JcfLog.debug(CertValidation.class, "verifyCertificate", "leng:" + bArr.length);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != null) {
                arrayList.add(translatePEMtoCertificate(bArr[i]));
            }
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        if (verifyCertificates(x509CertificateArr, "RSA") == null) {
            JcfLog.info(CertValidation.class, "verifyCertificate", "trust");
            return 0;
        }
        SslError verifyCertificates = verifyCertificates(x509CertificateArr, "ECDSA");
        if (verifyCertificates == null) {
            return 0;
        }
        JcfLog.info(CertValidation.class, "verifyCertificate", String.format("Untrusted, error = %s", verifyCertificates.toString()));
        return 1;
    }

    public static SslError verifyCertificates(X509Certificate[] x509CertificateArr, String str) {
        try {
            X509TrustManager createDefaultTrustManager = createDefaultTrustManager();
            if (createDefaultTrustManager != null) {
                createDefaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            }
            return null;
        } catch (CertificateException e) {
            return new SslError(3, x509CertificateArr[0]);
        }
    }
}
