package com.seafile.seadroid2.ssl;

import android.util.Log;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import com.seafile.seadroid2.account.Account;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;

/* loaded from: classes.dex */
public final class SSLTrustManager {
    private static final String DEBUG_TAG = "SSLTrustManager";
    private static SSLTrustManager instance;
    private X509TrustManager defaultTrustManager;
    private Map<Account, SecureX509TrustManager> managers = Maps.newHashMap();
    private Map<Account, SSLSocketFactory> cachedFactories = Maps.newHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class SecureX509TrustManager implements X509TrustManager {
        private Account account;
        private volatile List<X509Certificate> certsChain = ImmutableList.of();
        private SslFailureReason reason;

        public SecureX509TrustManager(Account account) {
            this.account = account;
            Log.d(SSLTrustManager.DEBUG_TAG, "a SecureX509TrustManager is created:" + hashCode());
        }

        private void customCheck(List<X509Certificate> list, String str) {
            this.certsChain = ImmutableList.copyOf((Collection) list);
            try {
                X509Certificate x509Certificate = list.get(0);
                X509Certificate certificate = CertsManager.instance().getCertificate(this.account);
                if (certificate == null) {
                    Log.d(SSLTrustManager.DEBUG_TAG, "no saved cert for " + this.account.server);
                    this.reason = SslFailureReason.CERT_NOT_TRUSTED;
                    throw new CertificateException();
                }
                if (certificate.equals(x509Certificate)) {
                    Log.d(SSLTrustManager.DEBUG_TAG, "the cert of " + this.account.server + " is trusted");
                    return;
                }
                Log.d(SSLTrustManager.DEBUG_TAG, "the cert of " + this.account.server + " has changed");
                this.reason = SslFailureReason.CERT_CHANGED;
                throw new CertificateException();
            } catch (CertificateException e) {
                throw new RuntimeException(e);
            }
        }

        private void validateHostName(List<X509Certificate> list) {
            X509Certificate x509Certificate = list.get(0);
            try {
                new BrowserCompatHostnameVerifier().verify(this.account.getServerDomainName(), x509Certificate);
            } catch (SSLException unused) {
                throw new CertificateException();
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            SSLTrustManager.this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                SSLTrustManager.this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                return;
            }
            List<X509Certificate> orderCerts = SSLTrustManager.this.orderCerts(x509CertificateArr);
            try {
                SSLTrustManager.this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                validateHostName(orderCerts);
            } catch (CertificateException unused) {
                customCheck(orderCerts, str);
            }
        }

        protected void finalize() {
            Log.d(SSLTrustManager.DEBUG_TAG, "a SecureX509TrustManager is finalized:" + hashCode());
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return SSLTrustManager.this.defaultTrustManager.getAcceptedIssuers();
        }

        public SslFailureReason getReason() {
            return this.reason;
        }

        public List<X509Certificate> getServerCertsChain() {
            return this.certsChain;
        }
    }

    /* loaded from: classes.dex */
    public enum SslFailureReason {
        CERT_NOT_TRUSTED,
        CERT_CHANGED
    }

    private SSLTrustManager() {
    }

    private void init() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        this.defaultTrustManager = (X509TrustManager) trustManager;
                        return;
                    }
                }
            }
        } catch (KeyStoreException e) {
            Log.e(DEBUG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
        } catch (NoSuchAlgorithmException e2) {
            Log.e(DEBUG_TAG, "Unable to get X509 Trust Manager ", e2);
        }
    }

    public static synchronized SSLTrustManager instance() {
        SSLTrustManager sSLTrustManager;
        synchronized (SSLTrustManager.class) {
            try {
                if (instance == null) {
                    SSLTrustManager sSLTrustManager2 = new SSLTrustManager();
                    instance = sSLTrustManager2;
                    sSLTrustManager2.init();
                }
                sSLTrustManager = instance;
            } catch (Throwable th) {
                throw th;
            }
        }
        return sSLTrustManager;
    }

    public Map<Account, SSLSocketFactory> getCachedFactories() {
        return this.cachedFactories;
    }

    public X509Certificate getCertificateInfo(Account account) {
        List<X509Certificate> certsChainForAccount = getCertsChainForAccount(account);
        if (certsChainForAccount == null || certsChainForAccount.size() == 0) {
            return null;
        }
        return certsChainForAccount.get(0);
    }

    public List<X509Certificate> getCertsChainForAccount(Account account) {
        SecureX509TrustManager secureX509TrustManager = this.managers.get(account);
        if (secureX509TrustManager == null) {
            return null;
        }
        return secureX509TrustManager.getServerCertsChain();
    }

    public X509TrustManager getDefaultTrustManager() {
        return this.defaultTrustManager;
    }

    public SslFailureReason getFailureReason(Account account) {
        SecureX509TrustManager secureX509TrustManager = this.managers.get(account);
        SslFailureReason reason = secureX509TrustManager != null ? secureX509TrustManager.getReason() : null;
        return reason != null ? reason : SslFailureReason.CERT_NOT_TRUSTED;
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x0043 A[Catch: all -> 0x0033, TRY_LEAVE, TryCatch #0 {, blocks: (B:3:0x0001, B:9:0x000d, B:12:0x001c, B:14:0x0043, B:20:0x003a), top: B:2:0x0001 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized javax.net.ssl.SSLSocketFactory getSSLSocketFactory(com.seafile.seadroid2.account.Account r6) {
        /*
            r5 = this;
            monitor-enter(r5)
            java.util.Map<com.seafile.seadroid2.account.Account, javax.net.ssl.SSLSocketFactory> r0 = r5.cachedFactories     // Catch: java.lang.Throwable -> L33
            java.lang.Object r0 = r0.get(r6)     // Catch: java.lang.Throwable -> L33
            javax.net.ssl.SSLSocketFactory r0 = (javax.net.ssl.SSLSocketFactory) r0     // Catch: java.lang.Throwable -> L33
            if (r0 == 0) goto Ld
            monitor-exit(r5)
            return r0
        Ld:
            javax.net.ssl.TrustManager[] r1 = r5.getTrustManagers(r6)     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L37
            com.seafile.seadroid2.ssl.SSLSeafileSocketFactory r2 = new com.seafile.seadroid2.ssl.SSLSeafileSocketFactory     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L37
            java.security.SecureRandom r3 = new java.security.SecureRandom     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L37
            r3.<init>()     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L37
            r4 = 0
            r2.<init>(r4, r1, r3)     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L37
            java.lang.String r0 = "SSLTrustManager"
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L35
            r1.<init>()     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L35
            java.lang.String r3 = "a SSLSocketFactory is created:"
            r1.append(r3)     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L35
            r1.append(r2)     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L35
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L35
            android.util.Log.d(r0, r1)     // Catch: java.lang.Throwable -> L33 java.lang.Exception -> L35
            goto L41
        L33:
            r6 = move-exception
            goto L4a
        L35:
            r0 = move-exception
            goto L3a
        L37:
            r1 = move-exception
            r2 = r0
            r0 = r1
        L3a:
            java.lang.String r1 = "SSLTrustManager"
            java.lang.String r3 = "error when create SSLSocketFactory"
            android.util.Log.e(r1, r3, r0)     // Catch: java.lang.Throwable -> L33
        L41:
            if (r2 == 0) goto L48
            java.util.Map<com.seafile.seadroid2.account.Account, javax.net.ssl.SSLSocketFactory> r0 = r5.cachedFactories     // Catch: java.lang.Throwable -> L33
            r0.put(r6, r2)     // Catch: java.lang.Throwable -> L33
        L48:
            monitor-exit(r5)
            return r2
        L4a:
            monitor-exit(r5)     // Catch: java.lang.Throwable -> L33
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.seafile.seadroid2.ssl.SSLTrustManager.getSSLSocketFactory(com.seafile.seadroid2.account.Account):javax.net.ssl.SSLSocketFactory");
    }

    public synchronized TrustManager[] getTrustManagers(Account account) {
        SecureX509TrustManager secureX509TrustManager;
        try {
            secureX509TrustManager = this.managers.get(account);
            if (secureX509TrustManager == null) {
                secureX509TrustManager = new SecureX509TrustManager(account);
                this.managers.put(account, secureX509TrustManager);
            }
        } catch (Throwable th) {
            throw th;
        }
        return new TrustManager[]{secureX509TrustManager};
    }

    public List<X509Certificate> orderCerts(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return ImmutableList.of();
        }
        ArrayList newArrayList = Lists.newArrayList(Sets.newHashSet(x509CertificateArr));
        X509Certificate x509Certificate = (X509Certificate) newArrayList.get(0);
        newArrayList.remove(x509Certificate);
        LinkedList newLinkedList = Lists.newLinkedList();
        newLinkedList.add(x509Certificate);
        Principal issuerDN = x509Certificate.getIssuerDN();
        Principal subjectDN = x509Certificate.getSubjectDN();
        for (int size = newArrayList.size(); !newArrayList.isEmpty() && size > 0; size--) {
            for (X509Certificate x509Certificate2 : ImmutableList.copyOf((Collection) newArrayList)) {
                if (x509Certificate2.getIssuerDN().equals(subjectDN)) {
                    newLinkedList.addFirst(x509Certificate2);
                    subjectDN = x509Certificate2.getSubjectDN();
                    newArrayList.remove(x509Certificate2);
                } else if (x509Certificate2.getSubjectDN().equals(issuerDN)) {
                    newLinkedList.addLast(x509Certificate2);
                    issuerDN = x509Certificate2.getIssuerDN();
                    newArrayList.remove(x509Certificate2);
                }
            }
        }
        return newLinkedList;
    }
}
