package com.owncloud.android.lib.common.network;

import android.R;
import android.app.Notification;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.net.Uri;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.util.SparseArray;
import androidx.core.app.NotificationCompat;
import androidx.core.app.NotificationManagerCompat;
import androidx.core.content.ContextCompat;
import com.owncloud.android.lib.R$string;
import com.owncloud.android.lib.common.utils.Log_OC;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Objects;
import java.util.Set;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.httpclient.cookie.CookieSpec;

/* loaded from: classes.dex */
public class AdvancedX509KeyManager extends X509ExtendedKeyManager implements X509KeyManager {
    private static final String DECISION_INTENT;
    static final String DECISION_INTENT_HOSTNAME;
    static final String DECISION_INTENT_ID;
    static final String DECISION_INTENT_PORT;
    private static final String NOTIFICATION_CHANNEL_ID;
    private static final String TAG = "com.owncloud.android.lib.common.network.AdvancedX509KeyManager";
    private static int decisionId;
    private static final SparseArray<AKMDecision> openDecisions;
    private final Context context;
    private SharedPreferences sharedPreferences;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class AKMAlias {
        private static final String TAG = "com.owncloud.android.lib.common.network.AdvancedX509KeyManager.AKMAlias";
        private final String alias;
        private final String hostname;
        private final Integer port;
        private final Type type;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: classes.dex */
        public enum Type {
            KEYCHAIN("KC_"),
            KEYSTORE("KS_");

            private final String prefix;

            Type(String str) {
                this.prefix = str;
            }

            @SuppressFBWarnings({"DRE"})
            public static Type parse(String str) throws IllegalArgumentException {
                for (Type type : values()) {
                    if (type.getPrefix().equals(str)) {
                        return type;
                    }
                }
                throw new IllegalArgumentException("unknown prefix");
            }

            public String getPrefix() {
                return this.prefix;
            }
        }

        public AKMAlias(Type type, String str, String str2, Integer num) {
            this.type = type;
            this.alias = str;
            this.hostname = str2;
            this.port = num;
        }

        public AKMAlias(String str) throws IllegalArgumentException {
            String[] split = str.split(":");
            if (split.length > 3 || split[0].length() < 4) {
                throw new IllegalArgumentException("alias was not returned by AKMAlias.toString(): " + str);
            }
            this.type = Type.parse(split[0].substring(0, 3));
            this.alias = split[0].substring(3);
            this.hostname = split.length > 1 ? split[1] : null;
            this.port = split.length > 2 ? Integer.valueOf(split[2]) : null;
        }

        private InetAddress getInetAddressByName(String str) {
            try {
                return InetAddress.getByName(str);
            } catch (UnknownHostException unused) {
                Log_OC.w(TAG, "matches: error resolving " + str);
                return null;
            }
        }

        private boolean isNullOrEqual(Object obj, Object obj2, String str) {
            if (obj == null || obj.equals(obj2)) {
                return true;
            }
            Log_OC.d(TAG, str);
            return false;
        }

        public boolean equals(Object obj) {
            if (obj instanceof AKMAlias) {
                AKMAlias aKMAlias = (AKMAlias) obj;
                if (Objects.equals(this.type, aKMAlias.type) && Objects.equals(this.alias, aKMAlias.alias) && Objects.equals(this.hostname, aKMAlias.hostname) && Objects.equals(this.port, aKMAlias.port)) {
                    return true;
                }
            }
            return false;
        }

        public String getAlias() {
            return this.alias;
        }

        public Type getType() {
            return this.type;
        }

        public int hashCode() {
            return Objects.hash(this.type, this.alias, this.hostname, this.port);
        }

        public boolean matches(AKMAlias aKMAlias) {
            String str;
            String str2;
            boolean isNullOrEqual = isNullOrEqual(aKMAlias.type, this.type, "matches: alias " + this + " does not match type " + aKMAlias.type) & isNullOrEqual(aKMAlias.alias, this.alias, "matches: alias " + this + " does not match original alias " + aKMAlias.alias);
            if (isNullOrEqual && (str = this.hostname) != null && (str2 = aKMAlias.hostname) != null && !str2.equals(str)) {
                InetAddress inetAddressByName = getInetAddressByName(this.hostname);
                InetAddress inetAddressByName2 = getInetAddressByName(aKMAlias.hostname);
                if (inetAddressByName == null || !inetAddressByName.equals(inetAddressByName2)) {
                    Log_OC.d(TAG, "matches: alias " + this + " (address=" + inetAddressByName + ") does not match hostname " + aKMAlias.hostname + " (address=" + inetAddressByName2 + ")");
                    isNullOrEqual = false;
                }
            }
            return isNullOrEqual(aKMAlias.port, this.port, "matches: alias " + this + " does not match port " + aKMAlias.port) & isNullOrEqual;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append(this.type.getPrefix());
            sb.append(this.alias);
            if (this.hostname != null) {
                sb.append(':');
                sb.append(this.hostname);
                if (this.port != null) {
                    sb.append(':');
                    sb.append(this.port);
                }
            }
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class AKMDecision {
        public String hostname;
        public String param;
        public Integer port;
        public int state = 0;

        AKMDecision() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum KeyType {
        RSA("RSA"),
        EC("EC", "ECDSA");

        private final Set<String> names;

        KeyType(String... strArr) {
            this.names = new HashSet(Arrays.asList(strArr));
        }

        public static KeyType parse(String str) {
            for (KeyType keyType : values()) {
                if (keyType.getNames().contains(str)) {
                    return keyType;
                }
            }
            throw new IllegalArgumentException("unknown prefix");
        }

        public static Set<KeyType> parse(Iterable<String> iterable) {
            EnumSet noneOf = EnumSet.noneOf(KeyType.class);
            if (iterable != null) {
                Iterator<String> it = iterable.iterator();
                while (it.hasNext()) {
                    noneOf.add(parse(it.next()));
                }
            }
            return noneOf;
        }

        public Set<String> getNames() {
            return this.names;
        }
    }

    static {
        String name = AdvancedX509KeyManager.class.getName();
        NOTIFICATION_CHANNEL_ID = name + ".notifications";
        String str = name + ".DECISION";
        DECISION_INTENT = str;
        DECISION_INTENT_ID = str + ".decisionId";
        DECISION_INTENT_PORT = str + ".port";
        DECISION_INTENT_HOSTNAME = str + ".hostname";
        decisionId = 0;
        openDecisions = new SparseArray<>();
    }

    public AdvancedX509KeyManager(Context context) {
        this.context = context.getApplicationContext();
        init();
    }

    private String chooseAlias(String[] strArr, Principal[] principalArr, String str, int i) {
        synchronized (AdvancedX509KeyManager.class) {
            try {
                String[] aliases = getAliases(KeyType.parse(Arrays.asList(strArr)), principalArr, str, Integer.valueOf(i));
                if (aliases.length > 0) {
                    Log_OC.d(TAG, "chooseAlias(keyTypes=" + Arrays.toString(strArr) + ", issuers=" + Arrays.toString(principalArr) + ", hostname=" + str + ", port=" + i + ") = " + aliases[0]);
                    return aliases[0];
                }
                String str2 = TAG;
                Log_OC.d(str2, "chooseAlias(keyTypes=" + Arrays.toString(strArr) + ", issuers=" + Arrays.toString(principalArr) + ", hostname=" + str + ", port=" + i + "): no matching alias found, prompting user...");
                AKMDecision interactClientCert = interactClientCert(str, i);
                int i2 = interactClientCert.state;
                if (i2 == 1) {
                    Log_OC.w(str2, "chooseAlias(keyTypes=" + Arrays.toString(strArr) + ", issuers=" + Arrays.toString(principalArr) + ", hostname=" + str + ", port=" + i + ") - no alias selected");
                    return null;
                }
                if (i2 != 2) {
                    throw new IllegalArgumentException("Unknown decision state " + interactClientCert.state);
                }
                String addKeyChain = addKeyChain(interactClientCert.param, interactClientCert.hostname, interactClientCert.port);
                Log_OC.d(str2, "chooseAlias(keyTypes=" + Arrays.toString(strArr) + ", issuers=" + Arrays.toString(principalArr) + ", hostname=" + str + ", port=" + i + "): Use alias " + addKeyChain);
                return addKeyChain;
            } catch (Throwable th) {
                throw th;
            }
        }
    }

    private String chooseAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        return chooseAlias(strArr, principalArr, socket.getInetAddress().getHostName(), socket.getPort());
    }

    private static int createDecisionId(AKMDecision aKMDecision) {
        int i;
        SparseArray<AKMDecision> sparseArray = openDecisions;
        synchronized (sparseArray) {
            i = decisionId;
            sparseArray.put(i, aKMDecision);
            decisionId++;
        }
        return i;
    }

    private static <T> Collection<String> filterAliases(Collection<T> collection, AKMAlias aKMAlias) {
        LinkedList linkedList = new LinkedList();
        for (T t : collection) {
            if (new AKMAlias(t.toString()).matches(aKMAlias)) {
                linkedList.add((String) t);
            }
        }
        return linkedList;
    }

    private String[] getAliases(Set<KeyType> set, Principal[] principalArr, String str, Integer num) {
        LinkedList linkedList = new LinkedList(filterAliases(this.sharedPreferences.getStringSet("KeyChainAliases", new HashSet()), new AKMAlias(AKMAlias.Type.KEYCHAIN, null, str, num)));
        String str2 = TAG;
        StringBuilder sb = new StringBuilder();
        sb.append("getAliases(keyTypes=");
        sb.append(set != null ? Arrays.toString(set.toArray()) : null);
        sb.append(", issuers=");
        sb.append(Arrays.toString(principalArr));
        sb.append(", hostname=");
        sb.append(str);
        sb.append(", port=");
        sb.append(num);
        sb.append(") = ");
        sb.append(Arrays.toString(linkedList.toArray()));
        Log_OC.d(str2, sb.toString());
        return (String[]) linkedList.toArray(new String[0]);
    }

    private void init() {
        if (this.context == null) {
            throw new IllegalStateException("AdvancedX509KeyManager context is null, which is not allowed!");
        }
        String str = TAG;
        Log_OC.d(str, "init(): Loading SharedPreferences named " + this.context.getPackageName() + ".AdvancedX509KeyManager");
        this.sharedPreferences = this.context.getSharedPreferences(this.context.getPackageName() + ".AdvancedX509KeyManager", 0);
        Log_OC.d(str, "init(): keychain aliases = " + Arrays.toString(this.sharedPreferences.getStringSet("KeyChainAliases", new HashSet()).toArray()));
    }

    @SuppressFBWarnings({"UW", "WA"})
    private AKMDecision interactClientCert(String str, int i) {
        Log_OC.d(TAG, "interactClientCert(hostname=" + str + ", port=" + i + ")");
        AKMDecision aKMDecision = new AKMDecision();
        int createDecisionId = createDecisionId(aKMDecision);
        Intent intent = new Intent(this.context, (Class<?>) SelectClientCertificateHelperActivity.class);
        intent.setFlags(268435456);
        intent.setData(Uri.parse(SelectClientCertificateHelperActivity.class.getName() + CookieSpec.PATH_DELIM + createDecisionId));
        intent.putExtra(DECISION_INTENT_ID, createDecisionId);
        intent.putExtra(DECISION_INTENT_HOSTNAME, str);
        intent.putExtra(DECISION_INTENT_PORT, i);
        try {
            this.context.startActivity(intent);
        } catch (Exception e) {
            Log_OC.d(TAG, "interactClientCert: startActivity(SelectClientCertificateHelperActivity)", e);
            startActivityNotification(intent, createDecisionId, this.context.getString(R$string.notification_message_select_client_cert, str, Integer.valueOf(i)));
        }
        try {
            synchronized (aKMDecision) {
                aKMDecision.wait();
            }
        } catch (InterruptedException e2) {
            Log_OC.d(TAG, "interactClientCert: InterruptedException", e2);
            Thread.currentThread().interrupt();
        }
        return aKMDecision;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void interactResult(int i, int i2, String str, String str2, Integer num) {
        AKMDecision aKMDecision;
        String str3 = TAG;
        Log_OC.d(str3, "interactResult(decisionId=" + i + ", state=" + i2 + ", param=" + str + ", hostname=" + str2 + ", port=" + num);
        SparseArray<AKMDecision> sparseArray = openDecisions;
        synchronized (sparseArray) {
            aKMDecision = sparseArray.get(i);
            sparseArray.remove(i);
        }
        if (aKMDecision == null) {
            Log_OC.e(str3, "interactResult: aborting due to stale decision reference!");
            return;
        }
        synchronized (aKMDecision) {
            aKMDecision.state = i2;
            aKMDecision.param = str;
            aKMDecision.hostname = str2;
            aKMDecision.port = num;
            aKMDecision.notify();
        }
    }

    private void removeKeyChain(AKMAlias aKMAlias) throws IllegalArgumentException {
        HashSet hashSet = new HashSet();
        for (String str : this.sharedPreferences.getStringSet("KeyChainAliases", new HashSet())) {
            if (!new AKMAlias(str).matches(aKMAlias)) {
                hashSet.add(str);
            }
        }
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.putStringSet("KeyChainAliases", hashSet);
        if (!edit.commit()) {
            Log_OC.e(TAG, "removeKeyChain(filter=" + aKMAlias + "): Could not save preferences");
            return;
        }
        Log_OC.d(TAG, "removeKeyChain(filter=" + aKMAlias + "): keychain aliases = " + Arrays.toString(hashSet.toArray()));
    }

    private void removeKeyChain(AKMAlias aKMAlias, KeyChainException keyChainException) throws IllegalArgumentException {
        String message = keyChainException.getMessage();
        Objects.requireNonNull(message);
        if (message.contains("keystore is LOCKED")) {
            return;
        }
        removeKeyChain(aKMAlias);
    }

    private void removeKeys(String str, Integer num) {
        try {
            removeKeyChain(new AKMAlias(AKMAlias.Type.KEYCHAIN, null, str, num));
        } catch (IllegalArgumentException e) {
            Log_OC.e(TAG, "removeKeys(hostname=" + str + ", port=" + num + ")", e);
        }
    }

    private void startActivityNotification(Intent intent, int i, String str) {
        int i2 = Build.VERSION.SDK_INT;
        PendingIntent activity = PendingIntent.getActivity(this.context, 0, intent, 67108864);
        NotificationManagerCompat from = NotificationManagerCompat.from(this.context);
        if (i2 >= 26) {
            AdvancedX509KeyManager$$ExternalSyntheticApiModelOutline1.m();
            from.createNotificationChannel(AdvancedX509KeyManager$$ExternalSyntheticApiModelOutline0.m(NOTIFICATION_CHANNEL_ID, this.context.getString(R$string.notification_channel_name), 3));
        }
        Notification build = new NotificationCompat.Builder(this.context, NOTIFICATION_CHANNEL_ID).setContentTitle(this.context.getString(R$string.notification_title_select_client_cert)).setContentText(str).setTicker(str).setSmallIcon(R.drawable.ic_lock_lock).setWhen(System.currentTimeMillis()).setContentIntent(activity).setAutoCancel(true).build();
        if (ContextCompat.checkSelfPermission(this.context, "android.permission.POST_NOTIFICATIONS") == 0) {
            from.notify(i + 23120, build);
        } else {
            Log_OC.w(TAG, "Cannot send notification due to missing permission.");
        }
    }

    public String addKeyChain(String str, String str2, Integer num) {
        String aKMAlias = new AKMAlias(AKMAlias.Type.KEYCHAIN, str, str2, num).toString();
        HashSet hashSet = new HashSet(this.sharedPreferences.getStringSet("KeyChainAliases", new HashSet()));
        hashSet.add(aKMAlias);
        SharedPreferences.Editor edit = this.sharedPreferences.edit();
        edit.putStringSet("KeyChainAliases", hashSet);
        if (!edit.commit()) {
            Log_OC.e(TAG, "addKeyChain(keyChainAlias=" + str + ", hostname=" + str2 + ", port=" + num + "): Could not save preferences");
            return aKMAlias;
        }
        Log_OC.d(TAG, "addKeyChain(keyChainAlias=" + str + ", hostname=" + str2 + ", port=" + num + "): keychain aliases = " + Arrays.toString(hashSet.toArray()));
        return aKMAlias;
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
        Log_OC.d(TAG, "chooseClientAlias(keyTypes=" + Arrays.toString(strArr) + ", issuers=" + Arrays.toString(principalArr) + ")");
        try {
            return chooseAlias(strArr, principalArr, socket);
        } catch (Throwable th) {
            Log_OC.e(TAG, "chooseClientAlias", th);
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
        Log_OC.d(TAG, "chooseServerAlias(keyType=" + str + ", issuers=" + Arrays.toString(principalArr) + ")");
        return chooseAlias(new String[]{str}, principalArr, socket);
    }

    @Override // javax.net.ssl.X509KeyManager
    public X509Certificate[] getCertificateChain(String str) {
        Log_OC.d(TAG, "getCertificateChain(alias=" + str + ")");
        AKMAlias aKMAlias = new AKMAlias(str);
        if (aKMAlias.getType() != AKMAlias.Type.KEYCHAIN) {
            throw new IllegalArgumentException("Invalid alias");
        }
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(this.context, aKMAlias.getAlias());
            if (certificateChain != null) {
                return certificateChain;
            }
            throw new KeyChainException("could not retrieve certificate chain for alias " + aKMAlias.getAlias());
        } catch (KeyChainException e) {
            Log_OC.e(TAG, "getCertificateChain(alias=" + str + ") - keychain alias=" + aKMAlias.getAlias(), e);
            removeKeyChain(aKMAlias, e);
            return null;
        } catch (InterruptedException e2) {
            Log_OC.d(TAG, "getCertificateChain(alias=" + str + ")", e2);
            Thread.currentThread().interrupt();
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getClientAliases(String str, Principal[] principalArr) {
        Log_OC.d(TAG, "getClientAliases(keyType=" + str + ", issuers=" + Arrays.toString(principalArr) + ")");
        return getAliases(KeyType.parse(Collections.singletonList(str)), principalArr, null, null);
    }

    @Override // javax.net.ssl.X509KeyManager
    public PrivateKey getPrivateKey(String str) {
        Log_OC.d(TAG, "getPrivateKey(alias=" + str + ")");
        AKMAlias aKMAlias = new AKMAlias(str);
        if (aKMAlias.getType() != AKMAlias.Type.KEYCHAIN) {
            throw new IllegalArgumentException("Invalid alias");
        }
        try {
            PrivateKey privateKey = KeyChain.getPrivateKey(this.context, aKMAlias.getAlias());
            if (privateKey != null) {
                return privateKey;
            }
            throw new KeyChainException("could not retrieve private key for alias " + aKMAlias.getAlias());
        } catch (KeyChainException e) {
            Log_OC.e(TAG, "getPrivateKey(alias=" + str + ")", e);
            removeKeyChain(aKMAlias, e);
            return null;
        } catch (InterruptedException e2) {
            Log_OC.d(TAG, "getPrivateKey(alias=" + str + ")", e2);
            Thread.currentThread().interrupt();
            return null;
        }
    }

    @Override // javax.net.ssl.X509KeyManager
    public String[] getServerAliases(String str, Principal[] principalArr) {
        Log_OC.d(TAG, "getServerAliases(keyType=" + str + ", issuers=" + Arrays.toString(principalArr) + ")");
        return getAliases(KeyType.parse(Collections.singletonList(str)), principalArr, null, null);
    }

    public void removeKeys(String str) {
        try {
            removeKeys(new URL(str));
        } catch (MalformedURLException e) {
            Log_OC.e(TAG, "Tried to remove keys for malformed URL " + str, e);
        }
    }

    public void removeKeys(URL url) {
        removeKeys(url.getHost(), Integer.valueOf(url.getPort() != -1 ? url.getPort() : url.getDefaultPort()));
    }

    public void removeKeys(URI uri) {
        try {
            removeKeys(uri.getURI());
        } catch (URIException e) {
            Log_OC.e(TAG, "Tried to remove keys for a malformed URI", e);
        }
    }
}
