package cz.seznam.ads.request.cert;

import android.content.Context;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes4.dex */
public class TrustCaManagerPlainJava implements X509TrustManager {
    static X509TrustManager originalTrustManager;
    private final String SERVER_CERTIFICATE_STORE = "ServerKeyStore.keystore";
    private final String SERVER_KS_PASSWORD = "keystore_pass";
    WeakReference<Context> contextRef;
    KeyManagerFactory keyManagerFactory;
    KeyStore keyStore;
    public SSLContext sslContext;
    private TrustManagerFactory trustManagerFactory;
    ArrayList<X509Certificate> trustedIssuers;

    public TrustCaManagerPlainJava(Context context, int[] iArr) {
        this.contextRef = new WeakReference<>(context);
        this.trustedIssuers = createInitTrustIssuers(context, iArr);
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyManagerFactory keyManagerFactory = null;
            trustManagerFactory.init((KeyStore) null);
            originalTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            this.keyStore = readKeyStore(this);
            try {
                keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(this.keyStore, "keystore_pass".toCharArray());
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                e.printStackTrace();
            }
            this.keyManagerFactory = keyManagerFactory;
            this.sslContext = createSslContext(this);
            this.trustManagerFactory = createTrustManagerFactory();
        } catch (KeyStoreException | NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
    }

    private ArrayList<X509Certificate> createInitTrustIssuers(Context context, int[] iArr) {
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        for (int i : iArr) {
            try {
                arrayList.add(readCert(context, i));
            } catch (CertificateException e) {
                e.printStackTrace();
            }
        }
        return arrayList;
    }

    private SSLContext createSslContext(TrustCaManagerPlainJava trustCaManagerPlainJava) {
        SSLContext sSLContext = null;
        try {
            sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(trustCaManagerPlainJava.keyManagerFactory.getKeyManagers(), new TrustManager[]{trustCaManagerPlainJava}, new SecureRandom());
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            e.printStackTrace();
            return sSLContext;
        }
    }

    private TrustManagerFactory createTrustManagerFactory() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(readKeyStore(this));
            return trustManagerFactory;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    private X509Certificate readCert(Context context, int i) {
        InputStream openRawResource = context.getResources().openRawResource(i);
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(openRawResource);
        } finally {
            try {
                openRawResource.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    private KeyStore readKeyStore(TrustCaManagerPlainJava trustCaManagerPlainJava) {
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        try {
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            Context context = this.contextRef.get();
            if (context == null) {
                return null;
            }
            try {
                try {
                    keyStore2.load(context.openFileInput("ServerKeyStore.keystore"), "keystore_pass".toCharArray());
                    Iterator<TrustAnchor> it = new PKIXParameters(keyStore2).getTrustAnchors().iterator();
                    while (it.hasNext()) {
                        this.trustedIssuers.add(it.next().getTrustedCert());
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
                return keyStore2;
            } catch (Exception unused) {
                keyStore2.load(null, null);
                Iterator<X509Certificate> it2 = this.trustedIssuers.iterator();
                while (it2.hasNext()) {
                    X509Certificate next = it2.next();
                    if (next != null) {
                        keyStore2.setCertificateEntry(String.valueOf(next.hashCode()), next);
                    }
                }
                saveKeyStore(keyStore2);
                return keyStore2;
            }
        } catch (KeyStoreException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:27:0x0021 -> B:10:0x002e). Please report as a decompilation issue!!! */
    private void saveKeyStore(KeyStore keyStore) {
        Context context = this.contextRef.get();
        if (context == null) {
            return;
        }
        FileOutputStream fileOutputStream = null;
        try {
            try {
                try {
                    fileOutputStream = context.openFileOutput("ServerKeyStore.keystore", 0);
                    keyStore.store(fileOutputStream, "keystore_pass".toCharArray());
                    fileOutputStream.close();
                } catch (Throwable th) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                    throw th;
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                fileOutputStream.close();
            }
        } catch (IOException e3) {
            e3.printStackTrace();
        }
    }

    public void addValidCertificateToKeyStore(X509Certificate x509Certificate) {
        if (this.keyStore == null) {
            return;
        }
        this.trustedIssuers.add(x509Certificate);
        try {
            this.keyStore.setCertificateEntry(String.valueOf(x509Certificate.hashCode()), x509Certificate);
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
        saveKeyStore(this.keyStore);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        try {
            originalTrustManager.checkClientTrusted(x509CertificateArr, str);
        } catch (CertificateException unused) {
            TrustManagerFactory trustManagerFactory = this.trustManagerFactory;
            int i = 0;
            CertificateException certificateException = null;
            if (trustManagerFactory != null && trustManagerFactory.getTrustManagers() != null) {
                TrustManager[] trustManagers = this.trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                CertificateException e = null;
                int i2 = 0;
                while (i < length) {
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        try {
                            ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                            i2 = 1;
                        } catch (CertificateException e2) {
                            e = e2;
                        }
                    }
                    i++;
                }
                i = i2;
                certificateException = e;
            }
            if (certificateException != null && i == 0) {
                throw certificateException;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        try {
            originalTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException unused) {
            TrustManagerFactory trustManagerFactory = this.trustManagerFactory;
            int i = 0;
            CertificateException certificateException = null;
            if (trustManagerFactory != null && trustManagerFactory.getTrustManagers() != null) {
                TrustManager[] trustManagers = this.trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                CertificateException e = null;
                int i2 = 0;
                while (i < length) {
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        try {
                            ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                            i2 = 1;
                        } catch (CertificateException e2) {
                            e = e2;
                        }
                    }
                    i++;
                }
                i = i2;
                certificateException = e;
            }
            if (certificateException != null && i == 0) {
                throw certificateException;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = originalTrustManager;
        int i = 0;
        X509Certificate[] acceptedIssuers = (x509TrustManager == null || x509TrustManager.getAcceptedIssuers() == null) ? new X509Certificate[0] : originalTrustManager.getAcceptedIssuers();
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it = this.trustedIssuers.iterator();
        while (it.hasNext()) {
            X509Certificate next = it.next();
            if (next != null) {
                hashSet.add(next);
            }
        }
        for (X509Certificate x509Certificate : acceptedIssuers) {
            if (x509Certificate != null) {
                hashSet.add(x509Certificate);
            }
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[hashSet.size()];
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            X509Certificate x509Certificate2 = (X509Certificate) it2.next();
            if (x509Certificate2 != null) {
                x509CertificateArr[i] = x509Certificate2;
                i++;
            }
        }
        return x509CertificateArr;
    }
}
