package com.cisco.jabber.app.cert;

import android.content.Context;
import android.net.http.SslError;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.Message;
import android.util.Base64;
import com.cisco.jabber.guest.sdk.util.Log;
import com.fingerchat.api.util.crypto.RSAUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.StrictHostnameVerifier;

/* loaded from: classes2.dex */
public final class CertValidation {
    public static final int INVALID = 1;
    private static final int LOAD_CERTIFICATES_MSG = 1001;
    private static final String LOCAL_CERT_STORE = "store.bks";
    private static final int STORE_CERTIFICATES_MSG = 1002;
    private static final String TAG = "CertValidation";
    public static final int VALID = 0;
    private static Handler.Callback sCallback = new Handler.Callback() { // from class: com.cisco.jabber.app.cert.CertValidation.1
        @Override // android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            int i = message.what;
            if (i == 1001) {
                CertValidation.loadApplicationCertificates();
                return true;
            }
            if (i != 1002) {
                return false;
            }
            CertValidation.syncKeyStore();
            return true;
        }
    };
    private static Context sContext;
    private static volatile Handler sHandler;
    private static HandlerThread sHandlerThread;
    private static KeyStore sStore;

    private CertValidation() {
    }

    private static X509TrustManager createDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            return findX509TrustManager(trustManagerFactory.getTrustManagers());
        } catch (KeyStoreException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        }
    }

    public static void destroy() {
        HandlerThread handlerThread = sHandlerThread;
        if (handlerThread != null) {
            handlerThread.quit();
            sHandlerThread = null;
        }
        sHandler = null;
    }

    private static X509TrustManager findX509TrustManager(TrustManager[] trustManagerArr) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public static void initialise(Context context) {
        sContext = context;
        sHandlerThread = new HandlerThread(TAG);
        sHandlerThread.start();
        sHandler = new Handler(sHandlerThread.getLooper(), sCallback);
        sHandler.sendEmptyMessage(1001);
    }

    public static void installCertificate(X509Certificate x509Certificate, String str) {
        if (x509Certificate != null) {
            try {
                synchronized (CertValidation.class) {
                    sStore.setCertificateEntry(str, x509Certificate);
                }
                Log.d(TAG, "installCertificate(), install cert:" + str);
                sHandler.sendEmptyMessageDelayed(1002, 15000L);
            } catch (KeyStoreException e) {
                Log.e(TAG, "installCertificate(), KeyStoreException: ", e);
            }
        }
    }

    public static boolean isCertExpired(X509Certificate x509Certificate) {
        try {
            x509Certificate.checkValidity();
            return false;
        } catch (CertificateExpiredException e) {
            return true;
        } catch (CertificateNotYetValidException e2) {
            return false;
        }
    }

    public static boolean isTrustedByApplication(X509Certificate x509Certificate, String str) {
        try {
            synchronized (CertValidation.class) {
                X509Certificate x509Certificate2 = (X509Certificate) sStore.getCertificate(str);
                if (x509Certificate2 == null) {
                    Log.d(TAG, "isTrustedByApplication(), fail not exist hash: " + str);
                    return false;
                }
                if (!x509Certificate2.equals(x509Certificate)) {
                    Log.d(TAG, "isTrustedByApplication(), fail not equal hash: " + str);
                    return false;
                }
                if (isCertExpired(x509Certificate)) {
                    Log.d(TAG, "isTrustedByApplication(), Certificate has expired, removing from trust");
                    sStore.deleteEntry(str);
                    return false;
                }
                Log.d(TAG, "isTrustedByApplication(), success: " + str);
                return true;
            }
        } catch (KeyStoreException e) {
            Log.d(TAG, "isTrustedByApplication(), fail exception: ", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void loadApplicationCertificates() {
        String str;
        String str2;
        synchronized (CertValidation.class) {
            FileInputStream fileInputStream = null;
            if (sStore == null) {
                try {
                    try {
                        try {
                            try {
                                sStore = KeyStore.getInstance(KeyStore.getDefaultType());
                                File file = new File(sContext.getFilesDir(), LOCAL_CERT_STORE);
                                if (file.exists()) {
                                    try {
                                        fileInputStream = new FileInputStream(file);
                                        sStore.load(fileInputStream, "".toCharArray());
                                        Log.d(TAG, "loadApplicationCertificates(), finished");
                                    } catch (Exception e) {
                                        Log.d(TAG, "loadApplicationCertificates(), Exception: ", e);
                                        file.delete();
                                        sStore.load(null, "".toCharArray());
                                    }
                                } else {
                                    sStore.load(null, "".toCharArray());
                                }
                                if (fileInputStream != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (IOException e2) {
                                        e = e2;
                                        str = TAG;
                                        str2 = "loadApplicationCertificates(), finally: IOException: ";
                                        Log.d(str, str2, e);
                                    }
                                }
                            } catch (FileNotFoundException e3) {
                                Log.d(TAG, "loadApplicationCertificates(), FileNotFoundException: ", e3);
                                if (0 != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (IOException e4) {
                                        e = e4;
                                        str = TAG;
                                        str2 = "loadApplicationCertificates(), finally: IOException: ";
                                        Log.d(str, str2, e);
                                    }
                                }
                            }
                        } finally {
                        }
                    } catch (KeyStoreException e5) {
                        Log.d(TAG, "loadApplicationCertificates(), KeyStoreException: ", e5);
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e6) {
                                e = e6;
                                str = TAG;
                                str2 = "loadApplicationCertificates(), finally: IOException: ";
                                Log.d(str, str2, e);
                            }
                        }
                    } catch (CertificateException e7) {
                        Log.d(TAG, "loadApplicationCertificates(), CertificateException: ", e7);
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e8) {
                                e = e8;
                                str = TAG;
                                str2 = "loadApplicationCertificates(), finally: IOException: ";
                                Log.d(str, str2, e);
                            }
                        }
                    }
                } catch (IOException e9) {
                    Log.d(TAG, "loadApplicationCertificates(), IOException: ", e9);
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e10) {
                            e = e10;
                            str = TAG;
                            str2 = "loadApplicationCertificates(), finally: IOException: ";
                            Log.d(str, str2, e);
                        }
                    }
                } catch (NoSuchAlgorithmException e11) {
                    Log.d(TAG, "loadApplicationCertificates(), NoSuchAlgorithmException: ", e11);
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e12) {
                            e = e12;
                            str = TAG;
                            str2 = "loadApplicationCertificates(), finally: IOException: ";
                            Log.d(str, str2, e);
                        }
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void syncKeyStore() {
        String str;
        String str2;
        synchronized (CertValidation.class) {
            File file = new File(sContext.getFilesDir(), LOCAL_CERT_STORE);
            if (!file.exists()) {
                try {
                    file.createNewFile();
                } catch (IOException e) {
                    Log.e(TAG, "syncKeyStore(), IOException: ", e);
                    return;
                }
            }
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    try {
                        try {
                            try {
                                fileOutputStream = new FileOutputStream(file);
                                sStore.store(fileOutputStream, "".toCharArray());
                            } finally {
                            }
                        } catch (NoSuchAlgorithmException e2) {
                            Log.e(TAG, "syncKeyStore(), NoSuchAlgorithmException: ", e2);
                            if (fileOutputStream != null) {
                                try {
                                    fileOutputStream.close();
                                } catch (IOException e3) {
                                    e = e3;
                                    str = TAG;
                                    str2 = "syncKeyStore(), finally, IOException: ";
                                    Log.e(str, str2, e);
                                }
                            }
                        }
                    } catch (IOException e4) {
                        Log.e(TAG, "syncKeyStore(), IOException: ", e4);
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e5) {
                                e = e5;
                                str = TAG;
                                str2 = "syncKeyStore(), finally, IOException: ";
                                Log.e(str, str2, e);
                            }
                        }
                    }
                } catch (CertificateException e6) {
                    Log.e(TAG, "syncKeyStore(), CertificateException: ", e6);
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e7) {
                            e = e7;
                            str = TAG;
                            str2 = "syncKeyStore(), finally, IOException: ";
                            Log.e(str, str2, e);
                        }
                    }
                }
                try {
                    fileOutputStream.close();
                } catch (IOException e8) {
                    e = e8;
                    str = TAG;
                    str2 = "syncKeyStore(), finally, IOException: ";
                    Log.e(str, str2, e);
                }
            } catch (FileNotFoundException e9) {
                Log.e(TAG, "syncKeyStore(), FileNotFoundException: ", e9);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e10) {
                        e = e10;
                        str = TAG;
                        str2 = "syncKeyStore(), finally, IOException: ";
                        Log.e(str, str2, e);
                    }
                }
            } catch (KeyStoreException e11) {
                Log.e(TAG, "syncKeyStore(), KeyStoreException: ", e11);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e12) {
                        e = e12;
                        str = TAG;
                        str2 = "syncKeyStore(), finally, IOException: ";
                        Log.e(str, str2, e);
                    }
                }
            }
        }
    }

    public static X509Certificate translatePEMtoCertificate(String str) {
        return translatePEMtoCertificate(str.getBytes(Charset.forName("UTF-8")));
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:27:0x001d -> B:7:0x002d). Please report as a decompilation issue!!! */
    private static X509Certificate translatePEMtoCertificate(byte[] bArr) {
        X509Certificate x509Certificate = null;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                try {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    byteArrayInputStream = new ByteArrayInputStream(bArr);
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                } catch (Throwable th) {
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                    throw th;
                }
            } catch (CertificateException e2) {
                e2.printStackTrace();
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
            }
        } catch (IOException e3) {
            e3.printStackTrace();
        }
        return x509Certificate;
    }

    public static int verifyCertificate(String[] strArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            arrayList.add(Base64.decode(str2.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""), 0));
        }
        return verifyCertificate((byte[][]) arrayList.toArray(new byte[0]), str);
    }

    public static int verifyCertificate(byte[][] bArr) {
        Log.d(TAG, "verifyCertificate(), leng:" + bArr.length);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != null) {
                arrayList.add(translatePEMtoCertificate(bArr[i]));
            }
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        if (verifyCertificates(x509CertificateArr, RSAUtils.KEY_ALGORITHM) == null) {
            Log.d(TAG, "verifyCertificate(), RSA trust");
            return 0;
        }
        SslError verifyCertificates = verifyCertificates(x509CertificateArr, "ECDSA");
        if (verifyCertificates == null) {
            return 0;
        }
        Log.d(TAG, "verifyCertificate(), ECDSA Untrusted error = " + verifyCertificates.toString());
        return 1;
    }

    public static int verifyCertificate(byte[][] bArr, String str) {
        Log.d(TAG, "leng:" + bArr.length);
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] != null) {
                arrayList.add(translatePEMtoCertificate(bArr[i]));
            }
        }
        try {
            new StrictHostnameVerifier().verify(str, (X509Certificate) arrayList.get(0));
            if (verifyCertificates((X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]), RSAUtils.KEY_ALGORITHM) == null) {
                Log.d(TAG, "trust");
                return 0;
            }
            Log.d(TAG, "untrust");
            return 1;
        } catch (Exception e) {
            Log.w(TAG, "Certificate hostname mismatch. " + str + " not in cert names", e);
            return 1;
        }
    }

    public static SslError verifyCertificates(X509Certificate[] x509CertificateArr, String str) {
        try {
            X509TrustManager createDefaultTrustManager = createDefaultTrustManager();
            if (createDefaultTrustManager == null) {
                return null;
            }
            createDefaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            return null;
        } catch (CertificateException e) {
            return new SslError(3, x509CertificateArr[0]);
        }
    }
}
