package com.microsoft.a3rdc.cert;

import android.content.Context;
import com.microsoft.a3rdc.storage.Database;
import com.microsoft.a3rdc.util.Closeables;
import e.a.a.k0.u.c;
import g.a.a;
import g.a.b;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;

/* loaded from: classes.dex */
public class CertManagerImpl implements CertManager {
    public static final String FOLDER_ASSET_CERT = "certificates";
    private static final String TAG = "CertManagerImpl";
    private CertificateFactory mCertFactory;
    private final Context mContext;
    private final Database mDatabase;
    private final List<X509Certificate> mProvidedCerts;
    private final TrustManager[] mTrustManagers;
    private final List<CertHostname> mTrustOnceCertificates = new ArrayList();
    private final c mHostnameVerifier = new c();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class CertHostname {
        public final X509Certificate mCertificate;
        public final String mHostname;

        public CertHostname(X509Certificate x509Certificate, String str) {
            this.mCertificate = x509Certificate;
            this.mHostname = str;
        }
    }

    @a
    public CertManagerImpl(@b("application") Context context, Database database, TrustManager[] trustManagerArr) {
        this.mContext = context;
        this.mDatabase = database;
        this.mTrustManagers = trustManagerArr;
        try {
            this.mCertFactory = CertificateFactory.getInstance("X.509");
            this.mProvidedCerts = new ArrayList();
            readProvidedCerts();
        } catch (CertificateException e2) {
            throw new RuntimeException("Cannot get CertificateFactory instance", e2);
        }
    }

    private boolean isProvidedCert(X509Certificate x509Certificate) {
        Iterator<X509Certificate> it = this.mProvidedCerts.iterator();
        while (it.hasNext()) {
            if (it.next().equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    private void readProvidedCerts() {
        if (this.mCertFactory == null) {
            return;
        }
        String[] strArr = new String[0];
        try {
            strArr = this.mContext.getResources().getAssets().list(FOLDER_ASSET_CERT);
        } catch (IOException unused) {
        }
        for (String str : strArr) {
            InputStream inputStream = null;
            try {
                inputStream = this.mContext.getResources().getAssets().open(FOLDER_ASSET_CERT + File.separator + str);
                this.mProvidedCerts.add((X509Certificate) this.mCertFactory.generateCertificate(inputStream));
            } catch (IOException | CertificateException unused2) {
            } catch (Throwable th) {
                Closeables.closeReadQuietly(inputStream);
                throw th;
            }
            Closeables.closeReadQuietly(inputStream);
        }
    }

    @Override // com.microsoft.a3rdc.cert.CertManager
    public void addNoTLSTrust(String str) {
        this.mDatabase.addNoTLSTrust(str);
    }

    @Override // com.microsoft.a3rdc.cert.CertManager
    public void addTrustForProcess(X509Certificate x509Certificate, String str) {
        if (trustedOnce(x509Certificate, str)) {
            return;
        }
        this.mTrustOnceCertificates.add(new CertHostname(x509Certificate, str));
    }

    @Override // com.microsoft.a3rdc.cert.CertManager
    public boolean checkTrustedWithProvidedCerts(List<X509Certificate> list) {
        if (list.isEmpty()) {
            return false;
        }
        return isProvidedCert(list.get(0));
    }

    @Override // com.microsoft.a3rdc.cert.CertManager
    public X509Certificate createCertificateFromPEM(InputStream inputStream) throws CertificateException {
        Certificate generateCertificate = this.mCertFactory.generateCertificate(inputStream);
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new CertificateException(String.format("No X.509 certificate created, instead created %s", generateCertificate.getClass().getSimpleName()));
    }

    @Override // com.microsoft.a3rdc.cert.CertManager
    public List<X509Certificate> createCertificatesFromDER(byte[] bArr) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : this.mCertFactory.generateCertificates(new ByteArrayInputStream(bArr))) {
            if (!(certificate instanceof X509Certificate)) {
                throw new CertificateException(String.format("No X.509 certificate created, instead created %s", certificate.getClass().getSimpleName()));
            }
            arrayList.add((X509Certificate) certificate);
        }
        return arrayList;
    }

    @Override // com.microsoft.a3rdc.cert.CertManager
    public boolean hasNoTLSTrust(String str) {
        return this.mDatabase.containsNoTLSTrust(str);
    }

    protected boolean trustedOnce(X509Certificate x509Certificate, String str) {
        for (CertHostname certHostname : this.mTrustOnceCertificates) {
            if (certHostname.mHostname.equalsIgnoreCase(str) && certHostname.mCertificate.equals(x509Certificate)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Can't wrap try/catch for region: R(8:(3:16|17|18)|19|(3:21|(1:33)(3:23|24|26)|27)|34|(1:36)|37|38|39) */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x0085, code lost:
    
        r0.add(com.microsoft.a3rdc.cert.CertManager.ValidationResult.NAME_MISMATCH);
     */
    /* JADX WARN: Removed duplicated region for block: B:21:0x0054  */
    /* JADX WARN: Removed duplicated region for block: B:36:0x007a  */
    @Override // com.microsoft.a3rdc.cert.CertManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.util.Set<com.microsoft.a3rdc.cert.CertManager.ValidationResult> validateCertificateChain(java.util.List<java.security.cert.X509Certificate> r9, java.lang.String r10) {
        /*
            r8 = this;
            java.util.HashSet r0 = new java.util.HashSet
            r0.<init>()
            if (r9 == 0) goto L8b
            int r1 = r9.size()
            if (r1 != 0) goto Lf
            goto L8b
        Lf:
            r1 = 0
            java.lang.Object r2 = r9.get(r1)
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2
            boolean r3 = r8.isProvidedCert(r2)
            if (r3 == 0) goto L1d
            return r0
        L1d:
            com.microsoft.a3rdc.storage.Database r3 = r8.mDatabase     // Catch: java.security.cert.CertificateEncodingException -> L2a
            byte[] r4 = r2.getEncoded()     // Catch: java.security.cert.CertificateEncodingException -> L2a
            boolean r3 = r3.containsTrust(r4, r10)     // Catch: java.security.cert.CertificateEncodingException -> L2a
            if (r3 == 0) goto L2a
            return r0
        L2a:
            boolean r3 = r8.trustedOnce(r2, r10)
            if (r3 == 0) goto L31
            return r0
        L31:
            r2.checkValidity()     // Catch: java.security.cert.CertificateExpiredException -> L36 java.security.cert.CertificateNotYetValidException -> L3c
            r2 = 1
            goto L42
        L36:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r2 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.EXPIRED
            r0.add(r2)
            goto L41
        L3c:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r2 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.EXPIRED
            r0.add(r2)
        L41:
            r2 = r1
        L42:
            int r3 = r9.size()
            java.security.cert.X509Certificate[] r3 = new java.security.cert.X509Certificate[r3]
            java.lang.Object[] r9 = r9.toArray(r3)
            java.security.cert.X509Certificate[] r9 = (java.security.cert.X509Certificate[]) r9
            javax.net.ssl.TrustManager[] r3 = r8.mTrustManagers
            int r4 = r3.length
            r5 = r1
        L52:
            if (r5 >= r4) goto L78
            r6 = r3[r5]
            boolean r7 = r6 instanceof javax.net.ssl.X509TrustManager
            if (r7 != 0) goto L5b
            goto L75
        L5b:
            javax.net.ssl.X509TrustManager r6 = (javax.net.ssl.X509TrustManager) r6     // Catch: java.security.cert.CertificateException -> L63 java.security.cert.CertificateExpiredException -> L69 java.security.cert.CertificateNotYetValidException -> L6f
            java.lang.String r7 = "https"
            r6.checkServerTrusted(r9, r7)     // Catch: java.security.cert.CertificateException -> L63 java.security.cert.CertificateExpiredException -> L69 java.security.cert.CertificateNotYetValidException -> L6f
            goto L75
        L63:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r2 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.UNTRUSTED_ROOT
            r0.add(r2)
            goto L74
        L69:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r2 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.EXPIRED
            r0.add(r2)
            goto L74
        L6f:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r2 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.EXPIRED
            r0.add(r2)
        L74:
            r2 = r1
        L75:
            int r5 = r5 + 1
            goto L52
        L78:
            if (r2 == 0) goto L7d
            r0.clear()
        L7d:
            e.a.a.k0.u.c r2 = r8.mHostnameVerifier     // Catch: javax.net.ssl.SSLException -> L85
            r9 = r9[r1]     // Catch: javax.net.ssl.SSLException -> L85
            r2.verify(r10, r9)     // Catch: javax.net.ssl.SSLException -> L85
            goto L8a
        L85:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r9 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.NAME_MISMATCH
            r0.add(r9)
        L8a:
            return r0
        L8b:
            com.microsoft.a3rdc.cert.CertManager$ValidationResult r9 = com.microsoft.a3rdc.cert.CertManager.ValidationResult.CERT_OR_CHAIN_INVALID
            r0.add(r9)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.a3rdc.cert.CertManagerImpl.validateCertificateChain(java.util.List, java.lang.String):java.util.Set");
    }
}
