package info.guardianproject.otr.app.im.plugin.xmpp;

import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
import info.guardianproject.bouncycastle.asn1.ASN1Object;
import info.guardianproject.bouncycastle.asn1.ASN1OctetString;
import info.guardianproject.bouncycastle.asn1.DERSequence;
import info.guardianproject.bouncycastle.asn1.DERString;
import info.guardianproject.bouncycastle.asn1.x509.GeneralName;
import info.guardianproject.bouncycastle.asn1.x509.X509Extensions;
import info.guardianproject.otr.app.im.R;
import info.guardianproject.otr.app.im.app.CertDisplayActivity;
import info.guardianproject.otr.app.im.service.RemoteImService;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import net.java.otr4j.io.SerializationConstants;
import org.jivesoftware.smack.ConnectionConfiguration;

/* loaded from: classes.dex */
class ServerTrustManager implements X509TrustManager {
    private static final String TAG = "GB.SSL";
    private static final Pattern cnPattern = Pattern.compile("(?i)(cn=)([^,]*)");
    private int DEFAULT_NOTIFY_ID = 10;
    private ConnectionConfiguration configuration;
    private Context context;
    private String domain;
    private String server;
    private KeyStore trustStore;

    public ServerTrustManager(Context context, String str, String str2, ConnectionConfiguration connectionConfiguration) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.context = context;
        this.configuration = connectionConfiguration;
        this.domain = str;
        this.server = str2;
        if (this.server == null) {
            this.server = str;
        }
        this.trustStore = KeyStore.getInstance(connectionConfiguration.getTruststoreType());
        this.trustStore.load(context.getResources().openRawResource(R.raw.cacerts), connectionConfiguration.getTruststorePassword().toCharArray());
    }

    static boolean checkMatchingDomain(String str, String str2, Collection<String> collection) {
        for (String str3 : collection) {
            if (str3.startsWith("*.")) {
                String substring = str3.substring(1);
                if (str2.replaceFirst("[^.]+", "").equalsIgnoreCase(substring) || str.replaceFirst("[^.]+", "").equalsIgnoreCase(substring)) {
                    return true;
                }
            } else if (str2.equalsIgnoreCase(str3) || str.equalsIgnoreCase(str3)) {
                return true;
            }
        }
        return false;
    }

    private void checkStrongCrypto(X509Certificate x509Certificate) throws CertificateException {
        String lowerCase = x509Certificate.getSigAlgName().toLowerCase();
        if (!lowerCase.contains("sha1") || lowerCase.contains("sha256")) {
            debug("cert uses weak crypto: " + lowerCase);
            showCertMessage("cert uses weak crypto: " + lowerCase, x509Certificate.getIssuerDN().getName(), x509Certificate, null);
            throw new CertificateException("issuer uses weak crypto: " + lowerCase);
        }
    }

    private boolean checkSubjectMatchesIssuer(X500Principal x500Principal, X500Principal x500Principal2) {
        return Arrays.equals(x500Principal.getEncoded(), x500Principal2.getEncoded()) && x500Principal.getName("RFC1779").equals(x500Principal2.getName("RFC1779"));
    }

    private void debug(String str) {
    }

    private X509Certificate findCertIssuerInStore(X509Certificate x509Certificate) throws CertificateException {
        debug("searching CA ROOT store for issuer: " + x509Certificate.getIssuerDN());
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate2 = (X509Certificate) this.trustStore.getCertificate(aliases.nextElement());
                if (checkSubjectMatchesIssuer(x509Certificate2.getSubjectX500Principal(), x509Certificate.getIssuerX500Principal())) {
                    debug("found issuer for current cert in chain in ROOT CA store: " + x509Certificate2.getSubjectDN());
                    return x509Certificate2;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            Log.e(TAG, "problem access local ROOT CA store", e);
            throw new CertificateException("problem access local ROOT CA store");
        }
    }

    public static Collection<String> getPeerIdentity(X509Certificate x509Certificate) {
        Collection<String> subjectAlternativeNames = getSubjectAlternativeNames(x509Certificate);
        if (!subjectAlternativeNames.isEmpty()) {
            return subjectAlternativeNames;
        }
        String name = x509Certificate.getSubjectDN().getName();
        Matcher matcher = cnPattern.matcher(name);
        if (matcher.find()) {
            name = matcher.group(2);
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(name);
        return arrayList;
    }

    static Collection<String> getSubjectAlternativeNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue(X509Extensions.SubjectAlternativeName.getId());
            if (extensionValue == null) {
                return Collections.emptyList();
            }
            Enumeration objects = DERSequence.getInstance(ASN1Object.fromByteArray(((ASN1OctetString) ASN1Object.fromByteArray(extensionValue)).getOctets())).getObjects();
            while (objects.hasMoreElements()) {
                GeneralName generalName = GeneralName.getInstance(objects.nextElement());
                switch (generalName.getTagNo()) {
                    case 2:
                        arrayList.add(((DERString) generalName.getName()).getString());
                        break;
                }
            }
            return Collections.unmodifiableCollection(arrayList);
        } catch (IOException e) {
            Log.w(TAG, e.getMessage(), e);
            return arrayList;
        } catch (Exception e2) {
            Log.e(TAG, e2.getMessage(), e2);
            return arrayList;
        }
    }

    private String join(Collection<String> collection) {
        boolean z = true;
        StringBuffer stringBuffer = new StringBuffer();
        for (String str : collection) {
            if (!z) {
                stringBuffer.append(SerializationConstants.HEAD_ENCODED);
            }
            z = false;
            stringBuffer.append(str);
        }
        return stringBuffer.toString();
    }

    private void showCertMessage(String str, String str2, X509Certificate x509Certificate, String str3) {
        Intent intent = new Intent(this.context, (Class<?>) CertDisplayActivity.class);
        intent.putExtra("issuer", x509Certificate.getIssuerDN().getName());
        intent.putExtra("subject", x509Certificate.getSubjectDN().getName());
        if (str3 != null) {
            intent.putExtra("fingerprint", str3);
        }
        intent.putExtra("issued", x509Certificate.getNotBefore().toGMTString());
        intent.putExtra("expires", x509Certificate.getNotAfter().toGMTString());
        intent.putExtra("msg", str + ": " + str2);
        showMessage(str, str2, intent);
    }

    private void showMessage(String str, String str2, Intent intent) {
        RemoteImService.debug(str2);
        try {
            showToolbarNotification(str, str2, this.DEFAULT_NOTIFY_ID, R.drawable.ic_menu_key, 16, intent);
        } catch (Exception e) {
            RemoteImService.debug("could not show notification", e);
        }
    }

    private void showToolbarNotification(String str, String str2, int i, int i2, int i3, Intent intent) throws Exception {
        NotificationManager notificationManager = (NotificationManager) this.context.getSystemService("notification");
        notificationManager.cancel(this.DEFAULT_NOTIFY_ID);
        Notification notification = new Notification(i2, str2, System.currentTimeMillis());
        if (i3 > 0) {
            notification.flags |= i3;
        }
        notification.setLatestEventInfo(this.context, this.context.getString(R.string.app_name) + ": " + str, str2, PendingIntent.getActivity(this.context, 0, intent, 0));
        notificationManager.notify(i, notification);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
    }

    /* JADX WARN: Code restructure failed: missing block: B:54:0x0272, code lost:
    
        debug("found issuer for current cert in chain: " + r21.getSubjectDN());
        r21.checkValidity();
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x0295, code lost:
    
        r18.verify(r21.getPublicKey());
     */
    /* JADX WARN: Code restructure failed: missing block: B:57:0x02a0, code lost:
    
        r9 = true;
        debug("SUCCESS: verified issuer: " + r18.getIssuerDN());
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x02c3, code lost:
    
        r10 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:62:0x02c4, code lost:
    
        android.util.Log.e(info.guardianproject.otr.app.im.plugin.xmpp.ServerTrustManager.TAG, "ERROR: unverified issuer: " + r18.getIssuerDN());
        showCertMessage("signature chain verification failed: " + r10.getMessage(), r21.getIssuerDN().getName(), r21, null);
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x033c, code lost:
    
        throw new java.security.cert.CertificateException("signature chain verification failed of " + r21.getIssuerDN().getName() + ": " + r10.getMessage());
     */
    @Override // javax.net.ssl.X509TrustManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkServerTrusted(java.security.cert.X509Certificate[] r27, java.lang.String r28) throws java.security.cert.CertificateException {
        /*
            Method dump skipped, instructions count: 1029
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: info.guardianproject.otr.app.im.plugin.xmpp.ServerTrustManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public String getFingerprint(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, CertificateEncodingException {
        byte[] digest = MessageDigest.getInstance(str).digest(x509Certificate.getEncoded());
        StringBuffer stringBuffer = new StringBuffer();
        for (byte b : digest) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                stringBuffer.append("0");
            }
            stringBuffer.append(hexString);
            stringBuffer.append(SerializationConstants.HEAD_MESSAGE);
        }
        return stringBuffer.toString();
    }
}
