package com.zimperium.zdetection.apisecurity;

import android.text.TextUtils;
import android.util.Base64;
import ch.qos.logback.classic.net.SyslogAppender;
import com.zimperium.zdetection.api.v1.enums.ZLogLevel;
import com.zimperium.zdetection.internal.ZDetectionInternal;
import com.zimperium.zips.ZTrustManager;
import com.zimperium.zips.Zcloud;
import com.zimperium.zlog.ZLog;
import java.io.ByteArrayInputStream;
import java.lang.reflect.Field;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes2.dex */
public class PinnedCertStore {

    /* renamed from: i, reason: collision with root package name */
    private static PinnedCertStore f18851i;

    /* renamed from: b, reason: collision with root package name */
    private TrustManagerFactory f18853b;

    /* renamed from: c, reason: collision with root package name */
    private KeyStore f18854c;

    /* renamed from: a, reason: collision with root package name */
    private SSLContext f18852a = SSLContext.getInstance("TLS");

    /* renamed from: d, reason: collision with root package name */
    private HashSet<String> f18855d = new HashSet<>();

    /* renamed from: e, reason: collision with root package name */
    private HashSet<Certificate> f18856e = new HashSet<>();

    /* renamed from: f, reason: collision with root package name */
    private HashSet<String> f18857f = new HashSet<>();

    /* renamed from: g, reason: collision with root package name */
    private HashSet<String> f18858g = new HashSet<>();

    /* renamed from: h, reason: collision with root package name */
    private boolean f18859h = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public enum a {
        Z_TRUSTED,
        NO_TRUSTED,
        ERROR
    }

    private PinnedCertStore() {
        this.f18854c = null;
        b("PinnedCertStore()");
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.f18854c = keyStore;
            keyStore.load(null, null);
            String supportedCertificates = ZDetectionInternal.getConfiguration().getSupportedCertificates();
            if (TextUtils.isEmpty(supportedCertificates)) {
                supportedCertificates = ZDetectionInternal.getDefaultConfiguration().getSupportedCertificates();
                b("\tUsing Default certs in ziap");
            } else {
                b("\tUsing custom certs from the implemented Configuration");
            }
            a(supportedCertificates);
            readCertsFromStorage();
            b("\tCreate TrustManager...");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.f18854c);
            this.f18853b = trustManagerFactory;
        } catch (Exception e2) {
            b(d.a.a.a.a.M("\tException: ", e2));
            throw e2;
        }
    }

    private a a(SSLContext sSLContext) {
        try {
            Field declaredField = sSLContext.getClass().getDeclaredField("contextSpi");
            declaredField.setAccessible(true);
            Object obj = declaredField.get(sSLContext);
            Field declaredField2 = obj.getClass().getSuperclass().getDeclaredField("sslParameters");
            declaredField2.setAccessible(true);
            Object obj2 = declaredField2.get(obj);
            Field declaredField3 = obj2.getClass().getDeclaredField("x509TrustManager");
            declaredField3.setAccessible(true);
            Object obj3 = declaredField3.get(obj2);
            b("[APP-TAMPERING] getTrustManagerState : object " + obj3.getClass() + StringUtils.SPACE + (obj3 instanceof ZTrustManager));
            return obj3 instanceof ZTrustManager ? a.Z_TRUSTED : a.NO_TRUSTED;
        } catch (Exception e2) {
            b(d.a.a.a.a.x(e2, d.a.a.a.a.l0("[APP-TAMPERING] Error verifying trust manager : ")));
            return a.ERROR;
        }
    }

    private void a(String str) {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (str != null) {
            String[] split = str.split("-----BEGIN CERTIFICATE-----");
            for (int i2 = 0; i2 < split.length; i2++) {
                StringBuilder m0 = d.a.a.a.a.m0(SyslogAppender.DEFAULT_STACKTRACE_PATTERN, i2, ":");
                m0.append(split[i2]);
                b(m0.toString());
                if (TextUtils.isEmpty(split[i2])) {
                    b("\t\tEmpty entry...");
                } else {
                    StringBuilder l0 = d.a.a.a.a.l0("-----BEGIN CERTIFICATE-----");
                    l0.append(split[i2]);
                    String sb = l0.toString();
                    split[i2] = sb;
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(sb.getBytes("UTF-8"));
                    try {
                        b("\tGenerating Certificate(" + i2 + "): ");
                        Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                        b("\tca" + i2 + "=" + ((X509Certificate) generateCertificate).getSubjectDN().getName());
                        StringBuilder sb2 = new StringBuilder();
                        sb2.append("\tCreate a new KeyStore alias: ");
                        sb2.append("ca");
                        sb2.append(i2);
                        b(sb2.toString());
                        this.f18854c.setCertificateEntry("ca" + i2, generateCertificate);
                        this.f18856e.add(generateCertificate);
                        List<String> a2 = com.zimperium.zips.a.a(generateCertificate);
                        if (a2 != null) {
                            b("\tAdding host: " + a2.size());
                            this.f18855d.addAll(a2);
                        }
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                        byte[] encoded = generateCertificate.getPublicKey().getEncoded();
                        messageDigest.update(encoded, 0, encoded.length);
                        String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                        b("\tPublic key hash=" + encodeToString);
                        this.f18857f.add(encodeToString);
                    } finally {
                        byteArrayInputStream.close();
                    }
                }
            }
        }
    }

    private static void b(String str) {
        ZLog.i(d.a.a.a.a.O("PinnedCertStore: ", str), new Object[0]);
    }

    public static synchronized PinnedCertStore getInstance() {
        PinnedCertStore pinnedCertStore;
        synchronized (PinnedCertStore.class) {
            if (f18851i == null) {
                f18851i = new PinnedCertStore();
            }
            pinnedCertStore = f18851i;
        }
        return pinnedCertStore;
    }

    public void addCert(String str) {
        try {
            a(str);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.f18854c);
            this.f18853b = trustManagerFactory;
        } catch (Exception unused) {
            ZDetectionInternal.logEvent(ZLogLevel.DEBUG, "Error adding cert to pinned cert store");
        }
    }

    public SSLContext getContext() {
        try {
            this.f18852a.init(null, new TrustManager[]{new ZTrustManager()}, null);
        } catch (KeyManagementException e2) {
            StringBuilder l0 = d.a.a.a.a.l0("PinnedCertStore: ");
            l0.append(e2.getMessage());
            ZLog.e(l0.toString(), new Object[0]);
        }
        a a2 = a(this.f18852a);
        b("[APP-TAMPERING] Trust manager state : " + a2);
        if (a2 == a.Z_TRUSTED || a2 == a.ERROR) {
            return this.f18852a;
        }
        return null;
    }

    public SSLContext getContext(ZTrustManager zTrustManager) {
        this.f18852a.init(null, new TrustManager[]{zTrustManager}, null);
        a a2 = a(this.f18852a);
        b("[APP-TAMPERING] Trust manager state : " + a2);
        if (a2 == a.Z_TRUSTED || a2 == a.ERROR) {
            return this.f18852a;
        }
        return null;
    }

    public TrustManager[] getTrustManagers() {
        TrustManagerFactory trustManagerFactory = this.f18853b;
        if (trustManagerFactory != null) {
            return trustManagerFactory.getTrustManagers();
        }
        return null;
    }

    public boolean hasWhitelistedCerts() {
        return this.f18859h;
    }

    public boolean isCertInProxyWhitelist(String str) {
        return this.f18858g.contains(str);
    }

    public boolean isCertValid(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr != null) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                if (this.f18856e.contains(x509Certificate)) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean isHostValid(String str) {
        Iterator<String> it = this.f18855d.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    public boolean isPublicKeyHashValid(String str) {
        return this.f18857f.contains(str);
    }

    public void readCertsFromStorage() {
        String readCerts = Zcloud.readCerts();
        if (readCerts.length() > 0) {
            try {
                a(readCerts);
            } catch (Exception unused) {
                ZDetectionInternal.logEvent(ZLogLevel.DEBUG, "Error adding certs from storage to pinned cert store");
            }
        }
        String[] readPublicKeyHashes = Zcloud.readPublicKeyHashes();
        if (readPublicKeyHashes != null) {
            StringBuilder l0 = d.a.a.a.a.l0("readCertsFromStorage: read hashes=");
            l0.append(readPublicKeyHashes.length);
            b(l0.toString());
            for (String str : readPublicKeyHashes) {
                setPublicKeyHashes(str);
            }
        }
    }

    public void removePublicKeyHashes() {
        this.f18858g.clear();
    }

    public void setPublicKeyHashes(String str) {
        int indexOf = str.indexOf(10);
        if (indexOf >= 0) {
            String substring = str.substring(indexOf + 1);
            b(d.a.a.a.a.O("setPublicKeyHashes: add=", substring));
            this.f18858g.add(substring);
            this.f18859h = true;
        }
    }
}
