package org.chromium.net;

import J.N;
import android.content.IntentFilter;
import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Pair;
import defpackage.avxw;
import defpackage.avzg;
import defpackage.avzj;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* compiled from: PG */
/* loaded from: classes2.dex */
public class X509Util {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String OID_ANY_EKU = "2.5.29.37.0";
    private static final String OID_SERVER_GATED_MICROSOFT = "1.3.6.1.4.1.311.10.3.3";
    private static final String OID_SERVER_GATED_NETSCAPE = "2.16.840.1.113730.4.1";
    private static final String OID_TLS_SERVER_AUTH = "1.3.6.1.5.5.7.3.1";
    private static final String TAG = "X509Util";
    private static CertificateFactory sCertificateFactory;
    private static X509TrustManagerExtensions sDefaultTrustManager;
    private static boolean sLoadedSystemKeyStore;
    private static File sSystemCertificateDirectory;
    private static KeyStore sSystemKeyStore;
    private static Set sSystemTrustAnchorCache;
    private static KeyStore sTestKeyStore;
    private static X509TrustManagerExtensions sTestTrustManager;
    private static avzj sTrustStorageListener;
    private static final Object sLock = new Object();
    private static final char[] HEX_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public static void addTestRootCertificate(byte[] bArr) {
        X509Certificate createCertificateFromBytes = createCertificateFromBytes(bArr);
        synchronized (sLock) {
            ensureTestInitializedLocked();
            KeyStore keyStore = sTestKeyStore;
            keyStore.setCertificateEntry("root_cert_" + Integer.toString(keyStore.size()), createCertificateFromBytes);
            reloadTestTrustManager();
        }
    }

    private static List checkServerTrustedIgnoringRuntimeException(X509TrustManagerExtensions x509TrustManagerExtensions, X509Certificate[] x509CertificateArr, String str, String str2) {
        try {
            return x509TrustManagerExtensions.checkServerTrusted(x509CertificateArr, str, str2);
        } catch (RuntimeException e) {
            throw new CertificateException(e);
        }
    }

    public static void clearTestRootCertificates() {
        synchronized (sLock) {
            ensureTestInitializedLocked();
            try {
                sTestKeyStore.load(null);
                reloadTestTrustManager();
            } catch (IOException unused) {
            }
        }
    }

    public static X509Certificate createCertificateFromBytes(byte[] bArr) {
        ensureInitialized();
        return (X509Certificate) sCertificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
    }

    private static X509TrustManagerExtensions createTrustManager(KeyStore keyStore) {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        try {
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    try {
                        return new X509TrustManagerExtensions((X509TrustManager) trustManager);
                    } catch (IllegalArgumentException e) {
                        trustManager.getClass().getName();
                        e.toString();
                    }
                }
            }
            return null;
        } catch (RuntimeException e2) {
            throw new KeyStoreException(e2);
        }
    }

    private static void ensureInitialized() {
        synchronized (sLock) {
            ensureInitializedLocked();
        }
    }

    private static void ensureInitializedLocked() {
        if (sCertificateFactory == null) {
            sCertificateFactory = CertificateFactory.getInstance("X.509");
        }
        if (sDefaultTrustManager == null) {
            sDefaultTrustManager = createTrustManager(null);
        }
        if (!sLoadedSystemKeyStore) {
            try {
                KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
                sSystemKeyStore = keyStore;
                try {
                    keyStore.load(null);
                } catch (IOException unused) {
                }
                sSystemCertificateDirectory = new File(System.getenv("ANDROID_ROOT") + "/etc/security/cacerts");
            } catch (KeyStoreException unused2) {
            }
            sLoadedSystemKeyStore = true;
        }
        if (sSystemTrustAnchorCache == null) {
            sSystemTrustAnchorCache = new HashSet();
        }
        if (sTrustStorageListener == null) {
            sTrustStorageListener = new avzj();
            IntentFilter intentFilter = new IntentFilter();
            if (Build.VERSION.SDK_INT >= 26) {
                intentFilter.addAction("android.security.action.KEYCHAIN_CHANGED");
                intentFilter.addAction("android.security.action.KEY_ACCESS_CHANGED");
                intentFilter.addAction("android.security.action.TRUST_STORE_CHANGED");
            } else {
                intentFilter.addAction("android.security.STORAGE_CHANGED");
            }
            avzg.n(avzg.b, sTrustStorageListener, intentFilter);
        }
    }

    private static void ensureTestInitializedLocked() {
        if (sTestKeyStore == null) {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            sTestKeyStore = keyStore;
            try {
                keyStore.load(null);
            } catch (IOException unused) {
            }
        }
        if (sTestTrustManager == null) {
            sTestTrustManager = createTrustManager(sTestKeyStore);
        }
    }

    public static byte[][] getUserAddedRoots() {
        ArrayList arrayList = new ArrayList();
        synchronized (sLock) {
            try {
                try {
                    ensureInitialized();
                    KeyStore keyStore = sSystemKeyStore;
                    if (keyStore == null) {
                        return new byte[0];
                    }
                    try {
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            if (nextElement.startsWith("user:")) {
                                try {
                                    Certificate certificate = sSystemKeyStore.getCertificate(nextElement);
                                    if (certificate instanceof X509Certificate) {
                                        arrayList.add(((X509Certificate) certificate).getEncoded());
                                    }
                                } catch (KeyStoreException e) {
                                    avxw.b(TAG, "Error reading cert with alias %s, error: %s", nextElement, e);
                                } catch (CertificateEncodingException e2) {
                                    avxw.b(TAG, "Error encoding cert with alias %s, error: %s", nextElement, e2);
                                }
                            }
                        }
                        return (byte[][]) arrayList.toArray(new byte[0]);
                    } catch (KeyStoreException unused) {
                        return new byte[0];
                    }
                } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException unused2) {
                    return new byte[0];
                }
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    private static String hashPrincipal(X500Principal x500Principal) {
        byte[] digest = MessageDigest.getInstance("MD5").digest(x500Principal.getEncoded());
        char[] cArr = new char[8];
        for (int i = 0; i < 4; i++) {
            char[] cArr2 = HEX_DIGITS;
            byte b = digest[3 - i];
            int i2 = i + i;
            cArr[i2] = cArr2[(b >> 4) & 15];
            cArr[i2 + 1] = cArr2[b & 15];
        }
        return new String(cArr);
    }

    private static boolean isKnownRoot(X509Certificate x509Certificate) {
        if (sSystemKeyStore == null) {
            return false;
        }
        Pair pair = new Pair(x509Certificate.getSubjectX500Principal(), x509Certificate.getPublicKey());
        if (sSystemTrustAnchorCache.contains(pair)) {
            return true;
        }
        String hashPrincipal = hashPrincipal(x509Certificate.getSubjectX500Principal());
        int i = 0;
        while (true) {
            String str = hashPrincipal + "." + i;
            if (!new File(sSystemCertificateDirectory, str).exists()) {
                return false;
            }
            Certificate certificate = sSystemKeyStore.getCertificate("system:".concat(str));
            if (certificate != null) {
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate2 = (X509Certificate) certificate;
                    if (x509Certificate.getSubjectX500Principal().equals(x509Certificate2.getSubjectX500Principal()) && x509Certificate.getPublicKey().equals(x509Certificate2.getPublicKey())) {
                        sSystemTrustAnchorCache.add(pair);
                        return true;
                    }
                } else {
                    certificate.getClass().getName();
                }
            }
            i++;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void reloadDefaultTrustManager() {
        synchronized (sLock) {
            sDefaultTrustManager = null;
            sSystemTrustAnchorCache = null;
            ensureInitializedLocked();
        }
        N.MGVAvp19();
    }

    private static void reloadTestTrustManager() {
        ensureTestInitializedLocked();
        sTestTrustManager = createTrustManager(sTestKeyStore);
    }

    static boolean verifyKeyUsage(X509Certificate x509Certificate) {
        List<String> extendedKeyUsage;
        try {
            extendedKeyUsage = x509Certificate.getExtendedKeyUsage();
        } catch (NullPointerException unused) {
        }
        if (extendedKeyUsage == null) {
            return true;
        }
        for (String str : extendedKeyUsage) {
            if (str.equals(OID_TLS_SERVER_AUTH) || str.equals(OID_ANY_EKU) || str.equals(OID_SERVER_GATED_NETSCAPE) || str.equals(OID_SERVER_GATED_MICROSOFT)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:42:0x007f A[Catch: all -> 0x0097, TryCatch #3 {, blocks: (B:33:0x004f, B:35:0x0053, B:36:0x0058, B:39:0x005a, B:40:0x0079, B:42:0x007f, B:43:0x0090, B:44:0x0095, B:49:0x0060, B:58:0x0065, B:54:0x006e, B:55:0x0077), top: B:32:0x004f, inners: #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x008f  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x006e A[Catch: all -> 0x0097, TRY_ENTER, TryCatch #3 {, blocks: (B:33:0x004f, B:35:0x0053, B:36:0x0058, B:39:0x005a, B:40:0x0079, B:42:0x007f, B:43:0x0090, B:44:0x0095, B:49:0x0060, B:58:0x0065, B:54:0x006e, B:55:0x0077), top: B:32:0x004f, inners: #4 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static org.chromium.net.AndroidCertVerifyResult verifyServerCertificates(byte[][] r6, java.lang.String r7, java.lang.String r8) {
        /*
            if (r6 == 0) goto Lbb
            int r0 = r6.length
            if (r0 == 0) goto Lbb
            r0 = 0
            r1 = r6[r0]
            if (r1 == 0) goto Lbb
            r1 = -1
            ensureInitialized()     // Catch: java.security.cert.CertificateException -> Lb5
            java.util.ArrayList r2 = new java.util.ArrayList
            r2.<init>()
            r3 = r6[r0]     // Catch: java.security.cert.CertificateException -> Lae
            java.security.cert.X509Certificate r3 = createCertificateFromBytes(r3)     // Catch: java.security.cert.CertificateException -> Lae
            r2.add(r3)     // Catch: java.security.cert.CertificateException -> Lae
            r3 = 1
        L1d:
            int r4 = r6.length
            if (r3 >= r4) goto L2c
            r4 = r6[r3]     // Catch: java.security.cert.CertificateException -> L29
            java.security.cert.X509Certificate r4 = createCertificateFromBytes(r4)     // Catch: java.security.cert.CertificateException -> L29
            r2.add(r4)     // Catch: java.security.cert.CertificateException -> L29
        L29:
            int r3 = r3 + 1
            goto L1d
        L2c:
            int r6 = r2.size()
            java.security.cert.X509Certificate[] r6 = new java.security.cert.X509Certificate[r6]
            java.lang.Object[] r6 = r2.toArray(r6)
            java.security.cert.X509Certificate[] r6 = (java.security.cert.X509Certificate[]) r6
            r2 = r6[r0]     // Catch: java.security.cert.CertificateException -> L9a java.security.cert.CertificateNotYetValidException -> La0 java.security.cert.CertificateExpiredException -> La7
            r2.checkValidity()     // Catch: java.security.cert.CertificateException -> L9a java.security.cert.CertificateNotYetValidException -> La0 java.security.cert.CertificateExpiredException -> La7
            r2 = r6[r0]     // Catch: java.security.cert.CertificateException -> L9a java.security.cert.CertificateNotYetValidException -> La0 java.security.cert.CertificateExpiredException -> La7
            boolean r2 = verifyKeyUsage(r2)     // Catch: java.security.cert.CertificateException -> L9a java.security.cert.CertificateNotYetValidException -> La0 java.security.cert.CertificateExpiredException -> La7
            if (r2 != 0) goto L4c
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult     // Catch: java.security.cert.CertificateException -> L9a java.security.cert.CertificateNotYetValidException -> La0 java.security.cert.CertificateExpiredException -> La7
            r7 = -6
            r6.<init>(r7)     // Catch: java.security.cert.CertificateException -> L9a java.security.cert.CertificateNotYetValidException -> La0 java.security.cert.CertificateExpiredException -> La7
            return r6
        L4c:
            java.lang.Object r2 = org.chromium.net.X509Util.sLock
            monitor-enter(r2)
            android.net.http.X509TrustManagerExtensions r3 = org.chromium.net.X509Util.sDefaultTrustManager     // Catch: java.lang.Throwable -> L97
            if (r3 != 0) goto L5a
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult     // Catch: java.lang.Throwable -> L97
            r6.<init>(r1)     // Catch: java.lang.Throwable -> L97
            monitor-exit(r2)     // Catch: java.lang.Throwable -> L97
            return r6
        L5a:
            java.util.List r6 = checkServerTrustedIgnoringRuntimeException(r3, r6, r7, r8)     // Catch: java.security.cert.CertificateException -> L5f java.lang.Throwable -> L97
            goto L79
        L5f:
            r3 = move-exception
            android.net.http.X509TrustManagerExtensions r4 = org.chromium.net.X509Util.sTestTrustManager     // Catch: java.lang.Throwable -> L97
            r5 = 0
            if (r4 == 0) goto L6b
            java.util.List r6 = checkServerTrustedIgnoringRuntimeException(r4, r6, r7, r8)     // Catch: java.security.cert.CertificateException -> L6a java.lang.Throwable -> L97
            goto L6c
        L6a:
        L6b:
            r6 = r5
        L6c:
            if (r6 != 0) goto L79
            r3.getMessage()     // Catch: java.lang.Throwable -> L97
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult     // Catch: java.lang.Throwable -> L97
            r7 = -2
            r6.<init>(r7)     // Catch: java.lang.Throwable -> L97
            monitor-exit(r2)     // Catch: java.lang.Throwable -> L97
            return r6
        L79:
            int r7 = r6.size()     // Catch: java.lang.Throwable -> L97
            if (r7 <= 0) goto L8f
            int r7 = r6.size()     // Catch: java.lang.Throwable -> L97
            int r7 = r7 + r1
            java.lang.Object r7 = r6.get(r7)     // Catch: java.lang.Throwable -> L97
            java.security.cert.X509Certificate r7 = (java.security.cert.X509Certificate) r7     // Catch: java.lang.Throwable -> L97
            boolean r7 = isKnownRoot(r7)     // Catch: java.lang.Throwable -> L97
            goto L90
        L8f:
            r7 = 0
        L90:
            org.chromium.net.AndroidCertVerifyResult r8 = new org.chromium.net.AndroidCertVerifyResult     // Catch: java.lang.Throwable -> L97
            r8.<init>(r0, r7, r6)     // Catch: java.lang.Throwable -> L97
            monitor-exit(r2)     // Catch: java.lang.Throwable -> L97
            return r8
        L97:
            r6 = move-exception
            monitor-exit(r2)     // Catch: java.lang.Throwable -> L97
            throw r6
        L9a:
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult
            r6.<init>(r1)
            return r6
        La0:
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult
            r7 = -4
            r6.<init>(r7)
            return r6
        La7:
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult
            r7 = -3
            r6.<init>(r7)
            return r6
        Lae:
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult
            r7 = -5
            r6.<init>(r7)
            return r6
        Lb5:
            org.chromium.net.AndroidCertVerifyResult r6 = new org.chromium.net.AndroidCertVerifyResult
            r6.<init>(r1)
            return r6
        Lbb:
            java.lang.IllegalArgumentException r7 = new java.lang.IllegalArgumentException
            java.lang.String r6 = java.util.Arrays.deepToString(r6)
            java.lang.String r6 = java.lang.String.valueOf(r6)
            java.lang.String r8 = "Expected non-null and non-empty certificate chain passed as |certChain|. |certChain|="
            java.lang.String r6 = r8.concat(r6)
            r7.<init>(r6)
            throw r7
        */
        throw new UnsupportedOperationException("Method not decompiled: org.chromium.net.X509Util.verifyServerCertificates(byte[][], java.lang.String, java.lang.String):org.chromium.net.AndroidCertVerifyResult");
    }
}
