package l4;

import android.net.http.SslCertificate;
import com.citrix.client.Receiver.contracts.PromptContract$RequestType;
import com.citrix.client.Receiver.exceptions.CertStorageException;
import com.citrix.client.Receiver.params.AMParams;
import com.citrix.client.Receiver.params.PromptParams$PromptResponseType;
import com.citrix.client.Receiver.repository.storage.k;
import com.citrix.client.Receiver.ui.activities.DialogActivity;
import com.citrix.client.Receiver.util.t;
import java.net.Socket;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.X509TrustManager;
import u3.u;

/* compiled from: ServerCertValidator.java */
/* loaded from: classes.dex */
public class b implements AMParams.g {

    /* renamed from: a, reason: collision with root package name */
    private final k f28315a;

    /* renamed from: b, reason: collision with root package name */
    private final String f28316b;

    /* renamed from: c, reason: collision with root package name */
    private X509TrustManager f28317c;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: ServerCertValidator.java */
    /* loaded from: classes.dex */
    public static /* synthetic */ class a {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f28318a;

        static {
            int[] iArr = new int[PromptParams$PromptResponseType.values().length];
            f28318a = iArr;
            try {
                iArr[PromptParams$PromptResponseType.USER_OK.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f28318a[PromptParams$PromptResponseType.USER_CANCEL.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f28318a[PromptParams$PromptResponseType.EXCEPTION_THROWN.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                f28318a[PromptParams$PromptResponseType.APPLICATION_ERROR_OCCURRED.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                f28318a[PromptParams$PromptResponseType.INVALID_REQUEST.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                f28318a[PromptParams$PromptResponseType.TIMEOUT_OCCURRED.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:10:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x002c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public b(java.lang.String r5, com.citrix.client.Receiver.repository.storage.k r6) {
        /*
            r4 = this;
            r4.<init>()
            r4.f28315a = r6
            r4.f28316b = r5
            r5 = 0
            r6 = 0
            java.lang.String r0 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.security.KeyStoreException -> L19 java.security.NoSuchAlgorithmException -> L1b
            javax.net.ssl.TrustManagerFactory r0 = javax.net.ssl.TrustManagerFactory.getInstance(r0)     // Catch: java.security.KeyStoreException -> L19 java.security.NoSuchAlgorithmException -> L1b
            r0.init(r6)     // Catch: java.security.KeyStoreException -> L15 java.security.NoSuchAlgorithmException -> L17
            goto L2a
        L15:
            r6 = move-exception
            goto L1f
        L17:
            r6 = move-exception
            goto L1f
        L19:
            r0 = move-exception
            goto L1c
        L1b:
            r0 = move-exception
        L1c:
            r3 = r0
            r0 = r6
            r6 = r3
        L1f:
            java.lang.String r6 = com.citrix.client.Receiver.util.t.h(r6)
            java.lang.String[] r1 = new java.lang.String[r5]
            java.lang.String r2 = "SCertValidator"
            com.citrix.client.Receiver.util.t.g(r2, r6, r1)
        L2a:
            if (r0 == 0) goto L36
            javax.net.ssl.TrustManager[] r6 = r0.getTrustManagers()
            r5 = r6[r5]
            javax.net.ssl.X509TrustManager r5 = (javax.net.ssl.X509TrustManager) r5
            r4.f28317c = r5
        L36:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: l4.b.<init>(java.lang.String, com.citrix.client.Receiver.repository.storage.k):void");
    }

    private X509Certificate e(String str, X509Certificate[] x509CertificateArr) throws CertificateParsingException {
        if (x509CertificateArr.length <= 0) {
            return null;
        }
        return x509CertificateArr[0];
    }

    private X509Certificate[] f() throws CertificateException {
        try {
            return this.f28315a.getCertificateChain(this.f28316b);
        } catch (CertStorageException e10) {
            t.g("SCertValidator", t.h(e10), new String[0]);
            throw new CertificateException("Cannot get cert chain from keystore");
        }
    }

    private boolean g(String str, SslCertificate sslCertificate) throws CertificateException {
        return i(new u3.t(str, null, sslCertificate));
    }

    private boolean h(String str, X509Certificate[] x509CertificateArr) throws CertificateException {
        return i(new u3.t(str, x509CertificateArr, null));
    }

    private boolean i(u3.t tVar) throws CertificateException {
        u uVar = (u) DialogActivity.U0(PromptContract$RequestType.CERT_WARNING, tVar);
        t.i("SCertValidator", "Response received for promptUser:" + uVar.toString(), new String[0]);
        switch (a.f28318a[uVar.b().ordinal()]) {
            case 1:
                return true;
            case 2:
                t.g("SCertValidator", "User did not accept the cert chain for:" + tVar.c(), new String[0]);
                return false;
            case 3:
                throw new CertificateException("EXCEPTION_THROWN:" + uVar.a());
            case 4:
                throw new CertificateException("APPLICATION_ERROR_OCCURRED");
            case 5:
                throw new CertificateException("INVALID_REQUEST");
            case 6:
                throw new CertificateException("MAX_TIMEOUT_OCCURRED");
            default:
                throw new CertificateException("Unknown Result:" + uVar.b());
        }
    }

    private void j(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            this.f28315a.c(this.f28316b, x509Certificate.getPublicKey().getEncoded(), x509CertificateArr);
        } catch (CertStorageException e10) {
            t.g("SCertValidator", t.h(e10), new String[0]);
            throw new CertificateException("Cannot Store certificates");
        }
    }

    private void k(String str, String str2, X509Certificate[] x509CertificateArr) throws CertificateException {
        t.i("SCertValidator", "Validating for store:" + this.f28316b + " Host:" + str + " authType:" + str2, new String[0]);
        if (!this.f28316b.toLowerCase().contains(str.toLowerCase())) {
            t.i("SCertValidator", "store id differs from Host:" + this.f28316b + " Host:" + str, new String[0]);
            this.f28315a.d(x509CertificateArr);
        }
        X509Certificate[] f10 = f();
        if (f10 == null || f10.length <= 0 || !Arrays.deepEquals(f10, x509CertificateArr)) {
            if (!h(str, x509CertificateArr)) {
                throw new CertificateException("User did not trust the cert chain for Host " + str);
            }
            X509Certificate e10 = e(str, x509CertificateArr);
            if (e10 != null) {
                j(e10, x509CertificateArr);
                return;
            }
            throw new CertificateException("Cannot get primary certificate for Host" + str);
        }
    }

    @Override // com.citrix.client.Receiver.params.AMParams.g
    public void a(String str, SslCertificate sslCertificate) throws CertificateException {
        t.i("SCertValidator", "Validating for store:" + this.f28316b + " Host:" + str + " :" + sslCertificate, new String[0]);
        if (!this.f28316b.toLowerCase().contains(str.toLowerCase())) {
            t.i("SCertValidator", "store id differs from Host name:" + this.f28316b + " Host:" + str, new String[0]);
        }
        SslCertificate b10 = this.f28315a.b(this.f28316b);
        if (b10 == null || !c.a(sslCertificate, b10)) {
            if (g(str, sslCertificate)) {
                this.f28315a.a(this.f28316b, sslCertificate);
                return;
            }
            throw new CertificateException("User did not trust the cert chain for Host " + str);
        }
    }

    @Override // com.citrix.auth.i
    public void b(String str, int i10, X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
        try {
            X509TrustManager x509TrustManager = this.f28317c;
            if (x509TrustManager == null) {
                throw new CertificateException("no Default TrustManager");
            }
            x509TrustManager.checkServerTrusted(x509CertificateArr, str2);
        } catch (CertificateException e10) {
            t.g("SCertValidator", t.h(e10), new String[0]);
            k(str, str2, x509CertificateArr);
        }
    }

    @Override // com.citrix.auth.i
    public void c(String str, X509Certificate[] x509CertificateArr, String str2, Socket socket) throws CertificateException {
        try {
            X509TrustManager x509TrustManager = this.f28317c;
            if (x509TrustManager == null) {
                throw new CertificateException("no Default TrustManager");
            }
            x509TrustManager.checkServerTrusted(x509CertificateArr, str2);
        } catch (CertificateException e10) {
            t.g("SCertValidator", t.h(e10), new String[0]);
            k(str, str2, x509CertificateArr);
        }
    }

    @Override // com.citrix.client.Receiver.params.AMParams.g
    public X509TrustManager d() {
        return this.f28317c;
    }
}
