package com.blackberry.security.cr.svc;

import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.os.IBinder;
import android.util.Log;
import com.blackberry.concierge.c;
import com.blackberry.security.b;
import com.blackberry.security.cr.ICRAidlInterface;
import com.blackberry.security.cr.ParcelableCertificate;
import com.google.common.net.HttpHeaders;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;

/* loaded from: classes3.dex */
public class CertificateRevocationService extends Service {
    private static final String BOGUS_PERMISSION = "com_blackberry_security_certrevsvc_permission_BOGUS";
    public static final String LOG_TAG = "certmgr:certRevSvc:CertificateRevocationService";
    public static final int STATUS_GOOD = 0;
    public static final int STATUS_REVOKED = 1;
    public static final int STATUS_UNKNOWN = 2;
    public static final int STATUS_UNSUPPORTED = 3;
    Context mContext;
    private b mControlledApi;
    private CertRevocationNative mCrNative;
    private final ICRAidlInterface.Stub mCrServiceBinder = new ICRAidlInterface.Stub() { // from class: com.blackberry.security.cr.svc.CertificateRevocationService.1
        private void addCertStatusToDb(CertStatus certStatus, long j) {
            int i;
            try {
                i = CertificateRevocationService.this.mOCSPDbHelper.addCertStatusToDb(certStatus, j);
            } catch (Exception e) {
                e.printStackTrace();
                i = 65535;
            }
            if (i != 0) {
                Log.e(CertificateRevocationService.LOG_TAG, "AddCertStatusToDb fails" + i);
            } else {
                Log.d(CertificateRevocationService.LOG_TAG, "AddCertStatusToDb Success");
            }
        }

        private long calculateExpTime(CertStatus certStatus) {
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            if (certStatus.getNextUpdate() <= 0) {
                return 60 + currentTimeMillis;
            }
            long nextUpdate = certStatus.getNextUpdate() - currentTimeMillis;
            if (nextUpdate >= 86400) {
                return currentTimeMillis + 86400;
            }
            if (nextUpdate < 86400) {
                return certStatus.getNextUpdate();
            }
            return 0L;
        }

        private int callOcspResponder(CertId certId, Cert cert, EncodedRequest encodedRequest, String str) {
            int i = ErrorCodes.INTERNAL_ERROR;
            try {
                Log.i(CertificateRevocationService.LOG_TAG, "Contacting URL " + str);
                HttpResponseData postRequestToResponder = postRequestToResponder(new URL(str), encodedRequest.getByteArray());
                if (postRequestToResponder.getErrCode() != 0) {
                    i = postRequestToResponder.getErrCode();
                } else {
                    byte[] respData = postRequestToResponder.getRespData();
                    Cert cert2 = new Cert(respData, respData.length);
                    i = decodeOcspRespMsg(cert, encodedRequest, cert2);
                    if (i == 0) {
                        i = getCertStatusFromServRespMsg(certId, cert2);
                    }
                }
                return i;
            } catch (MalformedURLException e) {
                Log.e(CertificateRevocationService.LOG_TAG, "MalformedURLException: " + e.getMessage());
                return ErrorCodes.MALFORMED_OCSP_URL;
            } catch (IOException e2) {
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:IOException: " + e2.getMessage());
                e2.printStackTrace();
                return i;
            } catch (Exception e3) {
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:Exception: " + e3.getMessage());
                e3.printStackTrace();
                return i;
            }
        }

        private int checkCertStatusInDb(CertId certId) {
            try {
                CertStatus certStatusFromDb = CertificateRevocationService.this.mOCSPDbHelper.getCertStatusFromDb(certId);
                if (certStatusFromDb == null) {
                    Log.i(CertificateRevocationService.LOG_TAG, "checkCertStatusInDb certStatus null STATUS_NOT_FOUND_IN_DB");
                    return ErrorCodes.STATUS_NOT_FOUND_IN_DB;
                }
                Log.i(CertificateRevocationService.LOG_TAG, "Status found in Db = " + certStatusFromDb.getStatus());
                return certStatusFromDb.getStatus();
            } catch (Exception e) {
                e.printStackTrace();
                return ErrorCodes.STATUS_NOT_FOUND_IN_DB;
            }
        }

        private boolean checkPermissions() {
            try {
                CertificateRevocationService.this.mControlledApi.No();
                if (c.fJ().aA(CertificateRevocationService.this.getApplicationContext()).fQ()) {
                    return true;
                }
                Log.e(CertificateRevocationService.LOG_TAG, "Missing BBCI essential permissions");
                return false;
            } catch (SecurityException e) {
                Log.e(CertificateRevocationService.LOG_TAG, "Client access not authorized");
                return false;
            }
        }

        private byte[] convertInputStreamToByteArray(InputStream inputStream) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int read = inputStream.read();
            while (read != -1) {
                byteArrayOutputStream.write(read);
                read = inputStream.read();
            }
            return byteArrayOutputStream.toByteArray();
        }

        private int decodeOcspRespMsg(Cert cert, EncodedRequest encodedRequest, Cert cert2) {
            try {
                return CertificateRevocationService.this.mCrNative.ocspDecodeResponse(cert, encodedRequest, cert2);
            } catch (Exception e) {
                e.printStackTrace();
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:mCrNative.ocspDecodeResponse : " + e.getMessage());
                return ErrorCodes.INTERNAL_ERROR;
            }
        }

        private int getCertStatusFromServRespMsg(CertId certId, Cert cert) {
            int i = 0;
            int i2 = 65535;
            int i3 = ErrorCodes.STATUS_NOT_FOUND_RESP_MESSAGE;
            while (i2 != 20483) {
                try {
                    CertStatus ocspGetCertStatus = CertificateRevocationService.this.mCrNative.ocspGetCertStatus(i, cert);
                    if (ocspGetCertStatus == null) {
                        Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR: crStatus is null");
                        return ErrorCodes.INTERNAL_ERROR;
                    }
                    i2 = ocspGetCertStatus.getReturnCode();
                    if (i2 == 20483) {
                        Log.d(CertificateRevocationService.LOG_TAG, "returnCode==TP_ERR_INVALID_INDEX");
                        return i3;
                    }
                    i++;
                    if (certId.equals(ocspGetCertStatus.getCertId())) {
                        i3 = i2 != 0 ? i2 : ocspGetCertStatus.getStatus();
                        Log.i(CertificateRevocationService.LOG_TAG, "Got the required Cert status  " + i3);
                    }
                    if (i2 == 0) {
                        addCertStatusToDb(ocspGetCertStatus, calculateExpTime(ocspGetCertStatus));
                    }
                } catch (Exception e) {
                    Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:mCrNative.ocspGetCertStatus: " + e.getMessage());
                    e.printStackTrace();
                    return ErrorCodes.INTERNAL_ERROR;
                }
            }
            return i3;
        }

        private int getOnlineCertStatus(CertId certId, Cert cert, Cert cert2) {
            boolean z;
            int i;
            try {
                EncodedRequest ocspEncodeRequest = CertificateRevocationService.this.mCrNative.ocspEncodeRequest(new Cert[]{cert}, cert2);
                if (ocspEncodeRequest == null) {
                    Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR: encodeReq==null");
                    return ErrorCodes.INTERNAL_ERROR;
                }
                if (ocspEncodeRequest.getRetCode() != 0) {
                    return ocspEncodeRequest.getRetCode();
                }
                if (cert.getResponderUrl().length() == 0) {
                    i = 49551;
                    z = false;
                } else {
                    z = false;
                    i = 0;
                    for (String str : cert.getResponderUrl().trim().split("[\\s]+")) {
                        if (str.length() != 0) {
                            int callOcspResponder = callOcspResponder(certId, cert2, ocspEncodeRequest, str);
                            if ((callOcspResponder == 1) || (callOcspResponder == 0)) {
                                return callOcspResponder;
                            }
                            if (callOcspResponder == 2) {
                                z = true;
                            } else {
                                i = callOcspResponder;
                            }
                        }
                    }
                }
                for (String str2 : CertificateRevocationService.this.mOCSPServiceURL) {
                    if (str2.length() != 0) {
                        int callOcspResponder2 = callOcspResponder(certId, cert2, ocspEncodeRequest, str2);
                        if ((callOcspResponder2 == 1) || (callOcspResponder2 == 0)) {
                            return callOcspResponder2;
                        }
                        if (callOcspResponder2 == 2) {
                            z = true;
                        } else if (i == 0) {
                            i = callOcspResponder2;
                        }
                    }
                }
                if (z) {
                    return 2;
                }
                return i;
            } catch (Exception e) {
                e.printStackTrace();
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:Native Exception: " + e.getMessage());
                return ErrorCodes.INTERNAL_ERROR;
            }
        }

        private HttpResponseData postRequestToResponder(URL url, byte[] bArr) {
            HttpURLConnection httpURLConnection;
            DataOutputStream dataOutputStream;
            HttpURLConnection httpURLConnection2;
            InputStream inputStream = null;
            HttpResponseData httpResponseData = new HttpResponseData();
            httpResponseData.setErrCode(65535);
            try {
                try {
                    httpURLConnection2 = (HttpURLConnection) url.openConnection();
                    try {
                        Log.i(CertificateRevocationService.LOG_TAG, "postRequestToResponder open connection success");
                        httpURLConnection2.setDoInput(true);
                        httpURLConnection2.setDoOutput(true);
                        httpURLConnection2.setDefaultUseCaches(false);
                        httpURLConnection2.setRequestMethod("POST");
                        httpURLConnection2.setRequestProperty("Content-Type", "application/ocsp-request");
                        httpURLConnection2.setRequestProperty("Content-Length", Integer.toString(bArr.length));
                        httpURLConnection2.setRequestProperty(HttpHeaders.PRAGMA, "no-cache");
                        httpURLConnection2.setRequestProperty("Cache-Control", "no-cache, no-store");
                        httpURLConnection2.setRequestProperty("Accept", "application/octet-stream, text/html,text/plain");
                        httpURLConnection2.setConnectTimeout(CertificateRevocationService.this.mOcspTimeout);
                        dataOutputStream = new DataOutputStream(httpURLConnection2.getOutputStream());
                    } catch (SocketTimeoutException e) {
                        dataOutputStream = null;
                        e = e;
                        httpURLConnection = httpURLConnection2;
                    } catch (UnknownHostException e2) {
                        dataOutputStream = null;
                        e = e2;
                        httpURLConnection = httpURLConnection2;
                    } catch (IOException e3) {
                        dataOutputStream = null;
                        e = e3;
                        httpURLConnection = httpURLConnection2;
                    } catch (Throwable th) {
                        dataOutputStream = null;
                        th = th;
                        httpURLConnection = httpURLConnection2;
                    }
                } catch (Throwable th2) {
                    th = th2;
                }
                try {
                    dataOutputStream.write(bArr, 0, bArr.length);
                    dataOutputStream.flush();
                    int responseCode = httpURLConnection2.getResponseCode();
                    if (responseCode == 200) {
                        Log.i(CertificateRevocationService.LOG_TAG, "postRequestToResponder resp len " + httpURLConnection2.getContentLength());
                        String contentType = httpURLConnection2.getContentType();
                        if (contentType == null || !contentType.equals("application/ocsp-response")) {
                            httpURLConnection2.disconnect();
                            Log.e(CertificateRevocationService.LOG_TAG, "Not Expected content type");
                            throw new IOException("Not Expected content type");
                        }
                        inputStream = httpURLConnection2.getInputStream();
                        byte[] convertInputStreamToByteArray = convertInputStreamToByteArray(inputStream);
                        if (convertInputStreamToByteArray.length == 0) {
                            Log.e(CertificateRevocationService.LOG_TAG, "postRequestToResponder content len is 0");
                            throw new IOException("postRequestToResponder Content Length is 0");
                        }
                        httpResponseData.setErrCode(0);
                        httpResponseData.setRespData(convertInputStreamToByteArray);
                    } else {
                        Log.e(CertificateRevocationService.LOG_TAG, "postRequestToResponder http resp code not ok" + httpURLConnection2.getResponseCode());
                        httpResponseData.setErrCode(responseCode);
                        httpResponseData.setRespData(null);
                    }
                    dataOutputStream.close();
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    if (httpURLConnection2 != null) {
                        httpURLConnection2.disconnect();
                    }
                } catch (SocketTimeoutException e4) {
                    httpURLConnection = httpURLConnection2;
                    e = e4;
                    Log.e(CertificateRevocationService.LOG_TAG, "SocketTimeoutException:" + e.getMessage());
                    httpResponseData.setErrCode(600004);
                    httpResponseData.setRespData(null);
                    if (dataOutputStream != null) {
                        dataOutputStream.close();
                    }
                    if (0 != 0) {
                        inputStream.close();
                    }
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return httpResponseData;
                } catch (UnknownHostException e5) {
                    httpURLConnection = httpURLConnection2;
                    e = e5;
                    Log.e(CertificateRevocationService.LOG_TAG, "UnknownHostException:" + e.getMessage());
                    httpResponseData.setErrCode(600004);
                    httpResponseData.setRespData(null);
                    if (dataOutputStream != null) {
                        dataOutputStream.close();
                    }
                    if (0 != 0) {
                        inputStream.close();
                    }
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return httpResponseData;
                } catch (IOException e6) {
                    httpURLConnection = httpURLConnection2;
                    e = e6;
                    Log.e(CertificateRevocationService.LOG_TAG, "IOException:" + e.getMessage());
                    httpResponseData.setErrCode(600004);
                    httpResponseData.setRespData(null);
                    if (dataOutputStream != null) {
                        dataOutputStream.close();
                    }
                    if (0 != 0) {
                        inputStream.close();
                    }
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return httpResponseData;
                } catch (Throwable th3) {
                    httpURLConnection = httpURLConnection2;
                    th = th3;
                    if (dataOutputStream != null) {
                        dataOutputStream.close();
                    }
                    if (0 != 0) {
                        inputStream.close();
                    }
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    throw th;
                }
            } catch (SocketTimeoutException e7) {
                e = e7;
                httpURLConnection = null;
                dataOutputStream = null;
            } catch (UnknownHostException e8) {
                e = e8;
                httpURLConnection = null;
                dataOutputStream = null;
            } catch (IOException e9) {
                e = e9;
                httpURLConnection = null;
                dataOutputStream = null;
            } catch (Throwable th4) {
                th = th4;
                httpURLConnection = null;
                dataOutputStream = null;
            }
            return httpResponseData;
        }

        @Override // com.blackberry.security.cr.ICRAidlInterface
        public void clearCache() {
            if (checkPermissions()) {
                CertificateRevocationService.this.mOCSPDbHelper.deleteDb();
                CertificateRevocationProxyCRL proxyCRL = CertificateRevocationService.this.getProxyCRL();
                if (proxyCRL != null) {
                    proxyCRL.clearCache();
                }
            }
        }

        @Override // com.blackberry.security.cr.ICRAidlInterface
        public int[] getOCSPCertChainStatus(ParcelableCertificate[] parcelableCertificateArr) {
            if (!checkPermissions()) {
                return null;
            }
            com.blackberry.security.restriction.c fY = com.blackberry.security.restriction.c.fY(CertificateRevocationService.this.mContext);
            CertificateRevocationService.this.mOcspTimeout = fY.Pc() * 1000;
            if (CertificateRevocationService.this.mOCSPServiceURL == null) {
                CertificateRevocationService.this.mOCSPServiceURL = fY.Pb().trim().split("[\r\n\\s]+");
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < parcelableCertificateArr.length; i++) {
                arrayList.add(new Cert(parcelableCertificateArr[i].getCertBytes(), parcelableCertificateArr[i].getCertBytes().length));
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            int[] iArr = new int[parcelableCertificateArr.length - 1];
            int length = parcelableCertificateArr.length - 1;
            Log.i(CertificateRevocationService.LOG_TAG, "getOCSPCertChainStatus No of Certs =  " + parcelableCertificateArr.length);
            for (int i2 = 0; i2 < length; i2++) {
                Cert cert = (Cert) arrayList.get(i2);
                Cert cert2 = (Cert) arrayList.get(i2 + 1);
                if (cert2 == null || cert == null) {
                    Log.e(CertificateRevocationService.LOG_TAG, "Error while extracting Certificate");
                } else {
                    linkedHashMap.put(cert, cert2);
                }
            }
            int i3 = -1;
            for (Map.Entry entry : linkedHashMap.entrySet()) {
                int i4 = i3 + 1;
                Cert cert3 = (Cert) entry.getKey();
                Cert cert4 = (Cert) entry.getValue();
                Log.i(CertificateRevocationService.LOG_TAG, "targetCert " + cert4.getByteArray().length);
                Log.i(CertificateRevocationService.LOG_TAG, "issuerCert " + cert3.getByteArray().length);
                try {
                    CertId certId = CertificateRevocationService.this.mCrNative.getCertId(cert4, cert3);
                    if (certId == null) {
                        Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR: CertId is null");
                        iArr[i4] = 600000;
                        i3 = i4;
                    } else {
                        Log.i(CertificateRevocationService.LOG_TAG, "getCertId return code = " + String.format("%x", Integer.valueOf(certId.getReturnCode())));
                        if (certId.getReturnCode() != 0) {
                            iArr[i4] = certId.getReturnCode();
                            i3 = i4;
                        } else {
                            int checkCertStatusInDb = checkCertStatusInDb(certId);
                            Log.i(CertificateRevocationService.LOG_TAG, "status of Cert in DB = " + String.format("%x", Integer.valueOf(checkCertStatusInDb)));
                            if (checkCertStatusInDb != 600001) {
                                iArr[i4] = checkCertStatusInDb;
                                i3 = i4;
                            } else {
                                int onlineCertStatus = getOnlineCertStatus(certId, cert4, cert3);
                                Log.i(CertificateRevocationService.LOG_TAG, "OCSP status of Cert = " + String.format("%x", Integer.valueOf(onlineCertStatus)));
                                iArr[i4] = onlineCertStatus;
                                i3 = i4;
                            }
                        }
                    }
                } catch (Exception e) {
                    Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:Exception calling getCertId: " + e.getMessage());
                    e.printStackTrace();
                    iArr[i4] = 600000;
                    i3 = i4;
                }
            }
            return iArr;
        }

        @Override // com.blackberry.security.cr.ICRAidlInterface
        public int[] getProxyCRLCertChainStatus(ParcelableCertificate[] parcelableCertificateArr) {
            CertificateRevocationProxyCRL proxyCRL;
            if (checkPermissions() && (proxyCRL = CertificateRevocationService.this.getProxyCRL()) != null) {
                return proxyCRL.getProxyCRLCertChainStatus(parcelableCertificateArr);
            }
            return null;
        }
    };
    private Thread mDelExpRecordThread;
    private OCSPDbHelper mOCSPDbHelper;
    private String[] mOCSPServiceURL;
    private int mOcspTimeout;
    private CertificateRevocationProxyCRL mProxyCRL;

    private void deleteExpiredRecordsFromDb() {
        this.mDelExpRecordThread = new Thread("DeleteExpRecThread") { // from class: com.blackberry.security.cr.svc.CertificateRevocationService.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                Log.i(CertificateRevocationService.LOG_TAG, "no of expired records deleted is " + CertificateRevocationService.this.mOCSPDbHelper.deleteAllExpiredRecord());
            }
        };
        this.mDelExpRecordThread.start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized CertificateRevocationProxyCRL getProxyCRL() {
        if (this.mProxyCRL == null) {
            Log.d(LOG_TAG, "CertificateRevocationService getProxyCRLCertChainStatus() no crl proxy, calling restrictions to get service details");
            com.blackberry.security.restriction.c fY = com.blackberry.security.restriction.c.fY(this.mContext);
            String Pe = fY.Pe();
            String Pf = fY.Pf();
            int Pd = fY.Pd() * 1000;
            if (Pe.isEmpty() || Pf.isEmpty()) {
                Log.w(LOG_TAG, "CertificateRevocationService getProxyCRLCertChainStatus() cannot create crl proxy, crlPackageID or crlClass is empty String");
            } else {
                Log.d(LOG_TAG, "CertificateRevocationService getProxyCRLCertChainStatus() creating crl proxy, crlPackageID = " + Pe + ", crlClass = " + Pf + ", timeout(ms) = " + Pd);
                this.mProxyCRL = new CertificateRevocationProxyCRL(this.mContext, Pe, Pf, Pd);
                this.mProxyCRL.initialize();
            }
        }
        return this.mProxyCRL;
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        return this.mCrServiceBinder;
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        this.mCrNative = new CertRevocationNative();
        this.mOCSPDbHelper = new OCSPDbHelper(getApplicationContext());
        this.mControlledApi = new b(getApplicationContext(), BOGUS_PERMISSION, true);
        this.mContext = this;
    }

    @Override // android.app.Service
    public void onDestroy() {
        deleteExpiredRecordsFromDb();
        try {
            this.mDelExpRecordThread.join();
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        Log.i(LOG_TAG, "del thread joined");
        this.mOCSPDbHelper.close();
        if (this.mControlledApi != null) {
            this.mControlledApi.destroy();
            this.mControlledApi = null;
        }
        if (this.mProxyCRL != null) {
            this.mProxyCRL.close();
        }
        super.onDestroy();
    }
}
