package com.paloaltonetworks.globalprotect.ph;

import android.util.Base64;
import com.paloaltonetworks.globalprotect.G;
import com.paloaltonetworks.globalprotect.util.Log;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class PanX509TrustManager implements X509TrustManager {
    private static final int d = 0;
    private static final int e = 1;
    private static final int f = 2;
    private static final int g = 3;
    private static final int h = 4;
    private static final int i = 5;
    private static final int j = 6;
    private static final int k = 7;
    private static final int l = 8;

    /* renamed from: a, reason: collision with root package name */
    private d f1824a;

    /* renamed from: b, reason: collision with root package name */
    private String f1825b;
    public int c;

    public PanX509TrustManager(d dVar) {
        k(dVar);
    }

    private static boolean a(String str, String str2, String str3) {
        String f2;
        String c = c(str2);
        if (c != null) {
            if (G.reg.j("VerifiedserverCert_" + c).equals("yes") && (f2 = e.f(str)) != null) {
                if (!G.reg.j("VerifiedCaFile_" + f2).equals("yes")) {
                    return false;
                }
                String d2 = d();
                if (G.reg.j("ca_" + f2 + "_cert_" + c + "_addr_" + str3 + d2).equals("yes")) {
                    Log.DEBUG("Verifier cache, cert from " + str3 + " already verified before\n");
                    return true;
                }
                Log.DEBUG("Verifier cache, cert from " + str3 + " not verified, verify it now " + d2 + "\n");
            }
        }
        return false;
    }

    private String[] b(String str) throws IOException, FileNotFoundException {
        int i2;
        String[] strArr = new String[20];
        for (int i3 = 0; i3 < 20; i3++) {
            strArr[i3] = "";
        }
        try {
            try {
                BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
                i2 = 0;
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        Log.DEBUG(readLine);
                        strArr[i2] = strArr[i2] + readLine + "\n";
                        if (readLine.contains("END CERTIFICATE")) {
                            i2++;
                        } else if (readLine.contains("END RSA PRIVATE KEY")) {
                            strArr[i2] = "";
                        }
                    } catch (IOException unused) {
                    }
                }
            } catch (FileNotFoundException e2) {
                throw e2;
            }
        } catch (IOException unused2) {
            i2 = 0;
        }
        if (i2 <= 0) {
            return null;
        }
        String[] strArr2 = new String[i2];
        System.arraycopy(strArr, 0, strArr2, 0, i2);
        return strArr2;
    }

    private static String c(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(str.getBytes(), 0, str.length());
            return new BigInteger(1, messageDigest.digest()).toString(16);
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    private static String d() {
        return new SimpleDateFormat("MMddyyyy").format(new Date());
    }

    private static String e(X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            return j(messageDigest.digest());
        } catch (Exception e2) {
            e2.printStackTrace();
            return "";
        }
    }

    private static void f(String str, String str2, String str3) {
        String f2 = e.f(str);
        if (f2 != null) {
            G.reg.w("VerifiedCaFile_" + f2, "yes");
            String c = c(str2);
            if (c != null) {
                G.reg.w("VerifiedserverCert_" + c, "yes");
                String d2 = d();
                G.reg.w("ca_" + f2 + "_cert_" + c + "_addr_" + str3 + d2, "yes");
                StringBuilder sb = new StringBuilder();
                sb.append("Verifier cache, cert from ");
                sb.append(str3);
                sb.append(" verified, remember it now ");
                sb.append(d2);
                Log.DEBUG(sb.toString());
            }
        }
    }

    public static String g(X509Certificate x509Certificate) {
        StringWriter stringWriter = new StringWriter();
        try {
            stringWriter.write("-----BEGIN CERTIFICATE-----\n");
            stringWriter.write(Base64.encodeToString(x509Certificate.getEncoded(), 2));
            stringWriter.write("\n-----END CERTIFICATE-----\n");
        } catch (CertificateEncodingException e2) {
            e2.printStackTrace();
            Log.ERROR("certToString");
            Log.ERROR(e2.toString());
        }
        return stringWriter.toString();
    }

    /* JADX WARN: Code restructure failed: missing block: B:139:0x04d5, code lost:
    
        if (r1 == false) goto L176;
     */
    /* JADX WARN: Code restructure failed: missing block: B:142:0x04ee, code lost:
    
        throw new java.security.SignatureException("cert not verified" + r14);
     */
    /* JADX WARN: Removed duplicated region for block: B:194:? A[LOOP:2: B:54:0x01a3->B:194:?, LOOP_END, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:68:0x0278 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void h(java.security.cert.X509Certificate[] r13, java.lang.String r14, java.lang.String r15) throws java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 1419
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.paloaltonetworks.globalprotect.ph.PanX509TrustManager.h(java.security.cert.X509Certificate[], java.lang.String, java.lang.String):void");
    }

    private void i(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String exc;
        Log.DEBUG("verify it again cert store ");
        try {
            boolean z = false;
            if (this.f1824a.j) {
                Log.DEBUG("verify it for revoke now, cert=" + x509CertificateArr[0].toString());
                x509CertificateArr[0].checkValidity();
                if (x509CertificateArr[0].toString().contains("expired")) {
                    throw new CertificateException("Certificate expired");
                }
            }
            if (this.f1824a.i) {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                Exception e2 = null;
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int i2 = 0;
                while (true) {
                    if (i2 >= trustManagers.length) {
                        break;
                    }
                    if (trustManagers[i2] instanceof X509TrustManager) {
                        Log.DEBUG("verify cert " + trustManagers[i2].toString() + "\n chain is: " + x509CertificateArr.toString());
                        StringBuilder sb = new StringBuilder();
                        sb.append("cert: ");
                        sb.append(x509CertificateArr[0].toString());
                        Log.DEBUG(sb.toString());
                        try {
                            ((X509TrustManager) trustManagers[i2]).checkServerTrusted(x509CertificateArr, str);
                            Log.DEBUG("verify cert success!");
                            z = true;
                            break;
                        } catch (Exception e3) {
                            e2 = e3;
                            Log.ERROR("error 1207, index=" + i2);
                            Log.ERROR(e2.toString());
                        }
                    }
                    i2++;
                }
                if (!z && e2 != null) {
                    throw e2;
                }
            }
        } catch (KeyStoreException e4) {
            e4.printStackTrace();
            Log.ERROR("error 1048");
            exc = e4.toString();
            Log.ERROR(exc);
        } catch (NoSuchAlgorithmException e5) {
            e5.printStackTrace();
            Log.ERROR("error 1043");
            exc = e5.toString();
            Log.ERROR(exc);
        } catch (CertificateException e6) {
            e6.printStackTrace();
            Log.ERROR("error 893");
            Log.ERROR(e6.toString());
            throw e6;
        } catch (Exception e7) {
            e7.printStackTrace();
            Log.ERROR("error 1237");
            exc = e7.toString();
            Log.ERROR(exc);
        }
    }

    private static String j(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (int i2 = 0; i2 < bArr.length; i2++) {
            sb.append(cArr[(bArr[i2] & 240) >> 4]);
            sb.append(cArr[bArr[i2] & 15]);
            if (i2 < bArr.length - 1) {
                sb.append(':');
            }
        }
        return sb.toString();
    }

    private static boolean l(String str, String str2) {
        String[] split = str2.split("\\*");
        if (split.length == 1) {
            return str.equals(str2);
        }
        if (split.length > 2) {
            return false;
        }
        if (str.endsWith(split[1])) {
            return !str.substring(0, str.indexOf(r5)).contains(".");
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        Log.DEBUG("checkClientTrusted, verify client cert");
        try {
            TrustManager[] trustManagers = TrustManagerFactory.getInstance("X509").getTrustManagers();
            for (int i2 = 0; i2 < trustManagers.length; i2++) {
                if (trustManagers[i2] instanceof X509TrustManager) {
                    ((X509TrustManager) trustManagers[i2]).checkClientTrusted(x509CertificateArr, str);
                }
            }
            if (G.reg.N().equals("yes")) {
                String str2 = "";
                for (int i3 = 0; i3 < x509CertificateArr.length; i3++) {
                    str2 = str2 + g(x509CertificateArr[i3]);
                    Log.DEBUG("checkClientTrusted: index " + i3);
                }
                String checkFips = G.panJni.checkFips(str2, 3);
                Log.DEBUG("checkClientTrusted: checkFips chain.length " + x509CertificateArr.length + ", ret " + checkFips);
                int parseInt = Integer.parseInt(checkFips);
                this.c = parseInt;
                if (parseInt != 4) {
                    Log.DEBUG("checkClientTrusted: checkFips failed");
                    throw new CertificateException("FIPS check failed");
                }
                Log.DEBUG("checkClientTrusted: checkFips successful");
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            Log.ERROR("checkClientTrusted error:");
            Log.ERROR(e2.toString());
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        String str2;
        String str3;
        StringBuilder sb = new StringBuilder();
        sb.append(x509CertificateArr[0].toString());
        sb.append("\nfingerprint=");
        sb.append(e(x509CertificateArr[0]));
        String sb2 = sb.toString();
        Log.DEBUG("checkServerTrusted: m_lastServerCertString =  " + sb2);
        StringBuilder sb3 = new StringBuilder();
        sb3.append("checkServerTrusted: bVerifyServerCert  ");
        sb3.append(this.f1824a.i ? "true" : "false");
        Log.DEBUG(sb3.toString());
        G.reg.m0(sb2);
        boolean equals = G.reg.N().equals("yes");
        if (this.f1824a.i) {
            Log.DEBUG("checkServerTrusted: verify server cert now! certFilename=" + this.f1824a.c + ", pass=xxx, revoke=" + this.f1824a.j);
            d dVar = this.f1824a;
            if (!dVar.j && dVar.p && (dVar.c == null || (str3 = dVar.d) == null || str3.equals("NULL"))) {
                i(x509CertificateArr, str);
            } else {
                h(x509CertificateArr, str, sb2);
            }
            if (!equals) {
                return;
            }
            String str4 = "";
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                str4 = str4 + g(x509CertificateArr[i2]);
                Log.DEBUG("checkServerTrusted: index " + i2);
            }
            String checkFips = G.panJni.checkFips(str4, 1);
            Log.DEBUG("checkServerTrusted: checkFips chain.length " + x509CertificateArr.length + ", ret " + checkFips);
            int parseInt = Integer.parseInt(checkFips);
            this.c = parseInt;
            if (parseInt != 4) {
                Log.DEBUG("checkServerTrusted: checkFips failed");
                throw new CertificateException("FIPS check failed");
            }
            str2 = "checkServerTrusted: checkFips successful";
        } else {
            str2 = "checkServerTrusted: not need to verify server cert!";
        }
        Log.DEBUG(str2);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public void k(d dVar) {
        this.f1824a = dVar;
        this.f1825b = dVar.f1835a;
    }
}
