package de.duenndns.ssl;

import android.app.Activity;
import android.app.Application;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.app.Service;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.Uri;
import android.os.Handler;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import net.sqlcipher.database.SQLiteDatabase;
import org.jivesoftware.smackx.entitycaps.EntityCapsManager;

/* loaded from: classes.dex */
public class MemorizingTrustManager implements X509TrustManager {
    static final String DECISION_INTENT = "de.duenndns.ssl.DECISION";
    static final String DECISION_INTENT_APP = "de.duenndns.ssl.DECISION.app";
    static final String DECISION_INTENT_CERT = "de.duenndns.ssl.DECISION.cert";
    static final String DECISION_INTENT_CHOICE = "de.duenndns.ssl.DECISION.decisionChoice";
    static final String DECISION_INTENT_ID = "de.duenndns.ssl.DECISION.decisionId";
    private static final int NOTIFICATION_ID = 100509;
    static final String TAG = "MemorizingTrustManager";
    private KeyStore appKeyStore;
    private X509TrustManager appTrustManager;
    private X509TrustManager defaultTrustManager;
    Activity foregroundAct;
    private File keyStoreFile;
    Context master;
    Handler masterHandler;
    NotificationManager notificationManager;
    static String KEYSTORE_DIR = "KeyStore";
    static String KEYSTORE_FILE = "KeyStore.bks";
    private static int decisionId = 0;
    private static HashMap<Integer, MTMDecision> openDecisions = new HashMap<>();

    public MemorizingTrustManager(Context context) {
        init(context);
        this.appTrustManager = getTrustManager(this.appKeyStore);
        this.defaultTrustManager = getTrustManager(null);
    }

    public MemorizingTrustManager(Context context, X509TrustManager x509TrustManager, X509TrustManager x509TrustManager2) {
        init(context);
        this.appTrustManager = x509TrustManager;
        this.defaultTrustManager = x509TrustManager2;
    }

    private String certChainMessage(X509Certificate[] x509CertificateArr, CertificateException certificateException) {
        Log.d(TAG, "certChainMessage for " + certificateException);
        StringBuffer stringBuffer = new StringBuffer();
        if (certificateException.getCause() != null) {
            stringBuffer.append(certificateException.getCause().getLocalizedMessage());
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            stringBuffer.append("\n\n");
            stringBuffer.append(x509Certificate.getSubjectDN().toString());
            stringBuffer.append("\nMD5: ");
            stringBuffer.append(certHash(x509Certificate, "MD5"));
            stringBuffer.append("\nSHA1: ");
            stringBuffer.append(certHash(x509Certificate, EntityCapsManager.HASH_METHOD_CAPS));
            stringBuffer.append("\nSigned by: ");
            stringBuffer.append(x509Certificate.getIssuerDN().toString());
        }
        return stringBuffer.toString();
    }

    private static String certHash(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return e.getMessage();
        } catch (CertificateEncodingException e2) {
            return e2.getMessage();
        }
    }

    private int createDecisionId(MTMDecision mTMDecision) {
        int i;
        synchronized (openDecisions) {
            i = decisionId;
            openDecisions.put(Integer.valueOf(i), mTMDecision);
            decisionId++;
        }
        return i;
    }

    public static X509TrustManager[] getInstanceList(Context context) {
        return new X509TrustManager[]{new MemorizingTrustManager(context)};
    }

    private static String hexString(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(String.format("%02x", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                stringBuffer.append(":");
            }
        }
        return stringBuffer.toString();
    }

    public static void interactResult(Intent intent) {
        MTMDecision mTMDecision;
        int intExtra = intent.getIntExtra(DECISION_INTENT_ID, 0);
        int intExtra2 = intent.getIntExtra(DECISION_INTENT_CHOICE, 0);
        Log.d(TAG, "interactResult: " + intExtra + " chose " + intExtra2);
        Log.d(TAG, "openDecisions: " + openDecisions);
        synchronized (openDecisions) {
            mTMDecision = openDecisions.get(Integer.valueOf(intExtra));
            openDecisions.remove(Integer.valueOf(intExtra));
        }
        if (mTMDecision == null) {
            Log.e(TAG, "interactResult: aborting due to stale decision reference!");
            return;
        }
        synchronized (mTMDecision) {
            mTMDecision.state = intExtra2;
            mTMDecision.notify();
        }
    }

    private boolean isCertKnown(X509Certificate x509Certificate) {
        try {
            return this.appKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    private boolean isExpiredException(Throwable th) {
        while (!(th instanceof CertificateExpiredException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    public static void setKeyStoreFile(String str, String str2) {
        KEYSTORE_DIR = str;
        KEYSTORE_FILE = str2;
    }

    public void bindDisplayActivity(Activity activity) {
        this.foregroundAct = activity;
    }

    public void checkCertTrusted(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
        Log.d(TAG, "checkCertTrusted(" + x509CertificateArr + ", " + str + ", " + z + ")");
        try {
            Log.d(TAG, "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.appTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.appTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            e.printStackTrace();
            if (isExpiredException(e)) {
                Log.i(TAG, "checkCertTrusted: accepting expired certificate from keystore");
                return;
            }
            if (isCertKnown(x509CertificateArr[0])) {
                Log.i(TAG, "checkCertTrusted: accepting cert already stored in keystore");
                return;
            }
            try {
                if (this.defaultTrustManager == null) {
                    throw new CertificateException();
                }
                Log.d(TAG, "checkCertTrusted: trying defaultTrustManager");
                if (z) {
                    this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                } else {
                    this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e2) {
                e2.printStackTrace();
                interact(x509CertificateArr, str, e2);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        Log.d(TAG, "getAcceptedIssuers()");
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    X509TrustManager getTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
        } catch (Exception e) {
            Log.e(TAG, "getTrustManager(" + keyStore + ")", e);
        }
        return null;
    }

    Context getUI() {
        return this.foregroundAct != null ? this.foregroundAct : this.master;
    }

    void init(Context context) {
        Application application;
        this.master = context;
        this.masterHandler = new Handler(context.getMainLooper());
        this.notificationManager = (NotificationManager) this.master.getSystemService("notification");
        if (context instanceof Application) {
            application = (Application) context;
        } else if (context instanceof Service) {
            application = ((Service) context).getApplication();
        } else {
            if (!(context instanceof Activity)) {
                throw new ClassCastException("MemorizingTrustManager context must be either Activity or Service!");
            }
            application = ((Activity) context).getApplication();
        }
        this.keyStoreFile = new File(application.getDir(KEYSTORE_DIR, 0) + File.separator + KEYSTORE_FILE);
        this.appKeyStore = loadAppKeyStore();
    }

    void interact(X509Certificate[] x509CertificateArr, String str, CertificateException certificateException) throws CertificateException {
        MTMDecision mTMDecision = new MTMDecision();
        final int createDecisionId = createDecisionId(mTMDecision);
        final String certChainMessage = certChainMessage(x509CertificateArr, certificateException);
        BroadcastReceiver broadcastReceiver = new BroadcastReceiver() { // from class: de.duenndns.ssl.MemorizingTrustManager.1
            @Override // android.content.BroadcastReceiver
            public void onReceive(Context context, Intent intent) {
                MemorizingTrustManager.interactResult(intent);
            }
        };
        this.master.registerReceiver(broadcastReceiver, new IntentFilter("de.duenndns.ssl.DECISION/" + this.master.getPackageName()));
        this.masterHandler.post(new Runnable() { // from class: de.duenndns.ssl.MemorizingTrustManager.2
            @Override // java.lang.Runnable
            public void run() {
                Intent intent = new Intent(MemorizingTrustManager.this.master, (Class<?>) MemorizingActivity.class);
                intent.setFlags(SQLiteDatabase.CREATE_IF_NECESSARY);
                intent.setData(Uri.parse(String.valueOf(MemorizingTrustManager.class.getName()) + "/" + createDecisionId));
                intent.putExtra(MemorizingTrustManager.DECISION_INTENT_APP, MemorizingTrustManager.this.master.getPackageName());
                intent.putExtra(MemorizingTrustManager.DECISION_INTENT_ID, createDecisionId);
                intent.putExtra(MemorizingTrustManager.DECISION_INTENT_CERT, certChainMessage);
                try {
                    MemorizingTrustManager.this.getUI().startActivity(intent);
                } catch (Exception e) {
                    Log.e(MemorizingTrustManager.TAG, "startActivity: " + e);
                    MemorizingTrustManager.this.startActivityNotification(intent, certChainMessage);
                }
            }
        });
        Log.d(TAG, "openDecisions: " + openDecisions);
        Log.d(TAG, "waiting on " + createDecisionId);
        try {
            synchronized (mTMDecision) {
                mTMDecision.wait();
            }
        } catch (InterruptedException e) {
            e.printStackTrace();
        }
        this.master.unregisterReceiver(broadcastReceiver);
        Log.d(TAG, "finished wait on " + createDecisionId + ": " + mTMDecision.state);
        switch (mTMDecision.state) {
            case 2:
                return;
            case 3:
                storeCert(x509CertificateArr);
                return;
            default:
                throw certificateException;
        }
    }

    KeyStore loadAppKeyStore() {
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
                keyStore.load(new FileInputStream(this.keyStoreFile), "MTM".toCharArray());
            } catch (FileNotFoundException e) {
                Log.i(TAG, "getAppKeyStore(" + this.keyStoreFile + ") - file does not exist");
            } catch (Exception e2) {
                Log.e(TAG, "getAppKeyStore(" + this.keyStoreFile + ")", e2);
            }
        } catch (KeyStoreException e3) {
            Log.e(TAG, "getAppKeyStore()", e3);
        }
        return keyStore;
    }

    void startActivityNotification(Intent intent, String str) {
        Notification notification = new Notification(android.R.drawable.ic_lock_lock, this.master.getString(R.string.mtm_notification), System.currentTimeMillis());
        notification.setLatestEventInfo(this.master.getApplicationContext(), this.master.getString(R.string.mtm_notification), str, PendingIntent.getActivity(this.master, 0, intent, 0));
        notification.flags |= 16;
        this.notificationManager.notify(NOTIFICATION_ID, notification);
    }

    void storeCert(X509Certificate[] x509CertificateArr) {
        try {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                this.appKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().toString(), x509Certificate);
            }
            this.appTrustManager = getTrustManager(this.appKeyStore);
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
                this.appKeyStore.store(fileOutputStream, "MTM".toCharArray());
                fileOutputStream.close();
            } catch (Exception e) {
                Log.e(TAG, "storeCert(" + this.keyStoreFile + ")", e);
            }
        } catch (KeyStoreException e2) {
            Log.e(TAG, "storeCert(" + x509CertificateArr + ")", e2);
        }
    }

    public void unbindDisplayActivity(Activity activity) {
        if (this.foregroundAct == activity) {
            this.foregroundAct = null;
        }
    }
}
