package com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust;

import com.microsoft.inject.Injector;
import com.microsoft.office.lync.persistence.X509CertificateInfo;
import com.microsoft.office.lync.platform.ContextProvider;
import com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.UserApproval.ICertificateNotificationUiManager;
import com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.UserApproval.IUserCertificateApprovalManager;
import com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.UserApproval.UserCertificateApprovalResponse;
import com.microsoft.office.lync.platform.http.NetworkSecurity.ThreadHostCertificateMapper;
import com.microsoft.office.lync.proxy.enums.CTrustModelManagerEvent;
import com.microsoft.office.lync.tracing.Trace;
import com.microsoft.office.lync.utility.errors.ErrorMessage;
import com.microsoft.office.lync.utility.errors.ErrorUtils;
import com.microsoft.office.lync.utility.errors.NoHostNameMappedForThreadId;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.inject.Inject;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SfbCertificateTrustEngine implements ISfbCertificateTrustEngine {
    private static final int UCMP_EVENT_HANDLER_THREADPOOL_CORE_POOL_SIZE = 1;
    private static final long UCMP_EVENT_HANDLER_THREADPOOL_KEEP_ALIVE_TIME = Long.MAX_VALUE;
    private static final int UCMP_EVENT_HANDLER_THREADPOOL_MAXIMUM_POOL_SIZE = 1;

    @Inject
    private X509TrustManager mAndroidStandardTrustManager;
    private AtomicBoolean mIsRunning = new AtomicBoolean(false);
    ThreadPoolExecutor mUcmpEventHandlerThreadPoolExecutor;
    private IUcmpTrustModelManager mUcmpTrustModelManager;

    @Inject
    private IUserCertificateApprovalManager mUserCertificateApprovalManager;
    private static final String TAG = String.format("[%s] %s", ErrorUtils.Category.Http.name(), SfbCertificateTrustEngine.class.getSimpleName());
    private static final TimeUnit UCMP_EVENT_HANDLER_THREADPOOL_KEEP_ALIVE_TIMEUNIT = TimeUnit.NANOSECONDS;

    public SfbCertificateTrustEngine() {
        Injector.getInstance().injectNonView(ContextProvider.getContext(), this);
        this.mUcmpEventHandlerThreadPoolExecutor = new ThreadPoolExecutor(1, 1, UCMP_EVENT_HANDLER_THREADPOOL_KEEP_ALIVE_TIME, UCMP_EVENT_HANDLER_THREADPOOL_KEEP_ALIVE_TIMEUNIT, new LinkedBlockingQueue());
    }

    private boolean isServerTrustedByStandardTrustManager(X509Certificate[] x509CertificateArr, String str) {
        try {
            this.mAndroidStandardTrustManager.checkServerTrusted(x509CertificateArr, str);
            return true;
        } catch (CertificateException unused) {
            Trace.v(TAG, String.format("Certificate NOT trusted by the standard OS trust manager: %s", new X509CertificateInfo(x509CertificateArr[0])));
            return false;
        }
    }

    private boolean isServerTrustedByUser(X509CertificateInfo x509CertificateInfo) {
        return this.mUserCertificateApprovalManager.getUserApproval(x509CertificateInfo, null, IUserCertificateApprovalManager.Trigger.UntrustedCertificate).isTrusted();
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Http, ErrorMessage.CheckClientTrustedWasCalled, new Object[0]);
        try {
            ThreadHostCertificateMapper.updateCertificateCheckedOnThisThread(x509CertificateArr);
            if (this.mIsRunning.get()) {
                this.mAndroidStandardTrustManager.checkClientTrusted(x509CertificateArr, str);
            } else {
                Trace.v(TAG, String.format("Not trusting certificate as the engine is stopped: %s", new X509CertificateInfo(x509CertificateArr[0])));
                throw new CertificateException();
            }
        } catch (NoHostNameMappedForThreadId unused) {
            throw new CertificateException();
        }
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!this.mIsRunning.get()) {
            Trace.i(TAG, String.format("Not trusting certificate as the engine is stopped: %s", new X509CertificateInfo(x509CertificateArr[0])));
            throw new CertificateException();
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Http, ErrorMessage.CheckServerTrustedNullOrEmptyCertificatesChain, String.format("%s.%s", SfbCertificateTrustEngine.class.getSimpleName(), "checkServerTrusted"), x509CertificateArr);
            throw new CertificateException();
        }
        try {
            ThreadHostCertificateMapper.updateCertificateCheckedOnThisThread(x509CertificateArr);
            if (isServerTrustedByStandardTrustManager(x509CertificateArr, str)) {
                Trace.d(TAG, String.format("Certificate trusted by the standard OS trust manager: %s", new X509CertificateInfo(x509CertificateArr[0])));
                return;
            }
            X509CertificateInfo x509CertificateInfo = new X509CertificateInfo(x509CertificateArr[0]);
            if (isServerTrustedByUser(x509CertificateInfo)) {
                Trace.d(TAG, String.format("Certificate trusted by the user. %s", x509CertificateInfo));
            } else {
                Trace.w(TAG, String.format("Certificate NOT trusted: %s", x509CertificateInfo));
                throw new CertificateException();
            }
        } catch (NoHostNameMappedForThreadId e) {
            Trace.i(TAG, String.format("Not trusting certificate as ThreadHostCertificateMapper.updateCertificateCheckedOnThisThread failed with %s. Certificate: %s", e.getMessage(), new X509CertificateInfo(x509CertificateArr[0])));
            throw new CertificateException();
        }
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public X509Certificate[] getAcceptedIssuers() {
        return this.mAndroidStandardTrustManager.getAcceptedIssuers();
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public void impersonalize() {
        this.mUserCertificateApprovalManager.impersonalize();
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.IUcmpTrustModelManagerEventHandler
    public void onUcmpTrustModelManagerEvent(final CTrustModelManagerEvent.Type type, final IUcmpTrustModel iUcmpTrustModel) {
        Trace.v(TAG, String.format("Received UcmpTrustModelManagerEvent. eventType = %s trustModel = %s", type, iUcmpTrustModel));
        if (type == CTrustModelManagerEvent.Type.QueryTrustModel) {
            this.mUcmpEventHandlerThreadPoolExecutor.execute(new Runnable() { // from class: com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.SfbCertificateTrustEngine.1
                @Override // java.lang.Runnable
                public void run() {
                    Trace.v(SfbCertificateTrustEngine.TAG, String.format("Starting to handle onUcmpTrustModelManagerEvent. eventType = %s trustModel = %s", type, iUcmpTrustModel));
                    UserCertificateApprovalResponse userApproval = SfbCertificateTrustEngine.this.mUserCertificateApprovalManager.getUserApproval(iUcmpTrustModel.getX509CertificateInfo(), iUcmpTrustModel, IUserCertificateApprovalManager.Trigger.CTrustModelManagerEvent);
                    if (!userApproval.getCorrespondingRequest().getTrustModel().equals(iUcmpTrustModel)) {
                        ErrorUtils.getInstance().crashIfConfigured(ErrorUtils.Category.Http, ErrorMessage.MismatchingTrustModelBetweenRequestAndResponse, iUcmpTrustModel, userApproval);
                    }
                    Trace.v(SfbCertificateTrustEngine.TAG, String.format("Updating UcmpTrustModelManager in response to UcmpTrustModelManagerEvent. eventType = %s trustModel = %s userApproval = %s", type, iUcmpTrustModel, userApproval));
                    SfbCertificateTrustEngine.this.mUcmpTrustModelManager.updateTrustModel(userApproval);
                }
            });
        }
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public void setUcmpTrustModelManager(IUcmpTrustModelManager iUcmpTrustModelManager) {
        this.mUcmpTrustModelManager = iUcmpTrustModelManager;
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public void start(ICertificateNotificationUiManager iCertificateNotificationUiManager) {
        Trace.i(TAG, String.format("%s is starting.", SfbCertificateTrustEngine.class.getSimpleName()));
        this.mIsRunning.set(true);
        this.mUserCertificateApprovalManager.start(iCertificateNotificationUiManager);
    }

    @Override // com.microsoft.office.lync.platform.http.NetworkSecurity.CertificatesTrust.ISfbCertificateTrustEngine
    public void stop() {
        Trace.i(TAG, String.format("%s is stopping.", SfbCertificateTrustEngine.class.getSimpleName()));
        this.mIsRunning.set(false);
        this.mUserCertificateApprovalManager.stop();
    }
}
