package xyz.zedler.patrick.grocy.ssl.mtm;

import android.annotation.SuppressLint;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Build;
import android.os.Handler;
import android.util.Log;
import android.util.SparseArray;
import androidx.core.app.NotificationCompat$Builder;
import j$.util.DesugarArrays;
import j$.util.stream.Collectors;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.IDN;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.conscrypt.R;

@SuppressLint({"CustomX509TrustManager"})
/* loaded from: classes.dex */
public final class MemorizingTrustManager implements X509TrustManager {
    public static int decisionId;
    public static final SparseArray<Decision> openDecisions = new SparseArray<>();
    public final KeyStore appKeyStore;
    public X509TrustManager appTrustManager;
    public final Context context;
    public final X509TrustManager defaultTrustManager;
    public final File keyStoreFile;
    public final Handler masterHandler;
    public final NotificationManager notificationManager;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:32:0x0133 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:45:0x0140 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Type inference failed for: r6v0, types: [java.lang.Throwable, java.security.cert.CertificateException] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public MemorizingTrustManager(android.content.Context r10) {
        /*
            Method dump skipped, instructions count: 380
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager.<init>(android.content.Context):void");
    }

    public static String certHash(String str, X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            return e.getMessage();
        }
    }

    public static int createDecisionId(Decision decision) {
        int i;
        SparseArray<Decision> sparseArray = openDecisions;
        synchronized (sparseArray) {
            i = decisionId;
            sparseArray.put(i, decision);
            decisionId++;
        }
        return i;
    }

    public static X509TrustManager getTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception e) {
            Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "getTrustManager: " + keyStore, e);
            return null;
        }
    }

    public static String hexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            sb.append(String.format("%02x", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                sb.append(":");
            }
        }
        return sb.toString();
    }

    public final void checkCertTrusted(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
        IOException iOException;
        StringBuilder sb;
        FileOutputStream fileOutputStream;
        StringBuilder sb2 = new StringBuilder("checkCertTrusted: ");
        sb2.append(x509CertificateArr == null ? "null" : (String) DesugarArrays.stream(x509CertificateArr).map(new Object()).map(new Object()).collect(Collectors.joining(";")));
        sb2.append(", ");
        sb2.append(str);
        sb2.append(", ");
        sb2.append(z);
        Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", sb2.toString());
        try {
            Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.appTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.appTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            Log.w("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "checkCertTrusted: appTrustManager did not verify certificate. Will fall back to secondary verification mechanisms (if any).", e);
            if (x509CertificateArr != null && x509CertificateArr.length >= 1) {
                try {
                    if (this.appKeyStore.getCertificateAlias(x509CertificateArr[0]) != null) {
                        Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "checkCertTrusted: accepting cert already stored in keystore");
                        return;
                    }
                } catch (KeyStoreException unused) {
                }
            }
            try {
                if (this.defaultTrustManager == null) {
                    Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "checkCertTrusted: No defaultTrustManager set. Verification failed, throwing " + e);
                    throw e;
                }
                Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "checkCertTrusted: trying defaultTrustManager");
                if (z) {
                    this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                } else {
                    this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e2) {
                Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "checkCertTrusted: defaultTrustManager failed", e2);
                Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "certChainMessage: for " + e2);
                StringBuilder sb3 = new StringBuilder();
                Throwable th = e2;
                while (true) {
                    if (th instanceof CertPathValidatorException) {
                        sb3.append(this.context.getString(R.string.mtm_trust_anchor));
                        break;
                    }
                    th = th.getCause();
                    if (th == null) {
                        Throwable th2 = e2;
                        while (true) {
                            if (th2 instanceof CertificateExpiredException) {
                                sb3.append(this.context.getString(R.string.mtm_cert_expired));
                                break;
                            }
                            th2 = th2.getCause();
                            if (th2 == null) {
                                Throwable th3 = e2;
                                while (th3.getCause() != null) {
                                    th3 = th3.getCause();
                                }
                                sb3.append(th3.getLocalizedMessage());
                            }
                        }
                    }
                }
                sb3.append("\n\n");
                sb3.append(this.context.getString(R.string.mtm_trust_certificate));
                sb3.append("\n\n");
                if (x509CertificateArr != null) {
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd", Locale.ENGLISH);
                        sb3.append("\n");
                        sb3.append(this.context.getString(R.string.mtm_valid_for));
                        sb3.append("\n");
                        try {
                            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                            if (subjectAlternativeNames == null) {
                                sb3.append(x509Certificate.getSubjectDN());
                                sb3.append("\n");
                            } else {
                                for (List<?> list : subjectAlternativeNames) {
                                    Object obj = list.get(1);
                                    if (obj instanceof String) {
                                        sb3.append("[");
                                        sb3.append(list.get(0));
                                        sb3.append("] ");
                                        sb3.append(obj);
                                        String unicode = IDN.toUnicode((String) obj, 1);
                                        if (!obj.equals(unicode)) {
                                            sb3.append(" (");
                                            sb3.append(unicode);
                                            sb3.append(")");
                                        }
                                        sb3.append("\n");
                                    }
                                }
                            }
                        } catch (CertificateParsingException e3) {
                            Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "certDetails: ", e3);
                            sb3.append("<Parsing error: ");
                            sb3.append(e3.getLocalizedMessage());
                            sb3.append(">\n");
                        }
                        sb3.append("\n");
                        sb3.append(this.context.getString(R.string.mtm_cert_details));
                        sb3.append("\n");
                        sb3.append(simpleDateFormat.format(x509Certificate.getNotBefore()));
                        sb3.append(" - ");
                        sb3.append(simpleDateFormat.format(x509Certificate.getNotAfter()));
                        sb3.append("\nSHA-256: ");
                        sb3.append(certHash("SHA-256", x509Certificate));
                        sb3.append("\nSHA-1: ");
                        sb3.append(certHash("SHA-1", x509Certificate));
                        sb3.append("\nSigned by: ");
                        sb3.append(x509Certificate.getIssuerDN().toString());
                        sb3.append("\n");
                    }
                }
                final String sb4 = sb3.toString();
                Decision decision = new Decision();
                final int createDecisionId = createDecisionId(decision);
                this.masterHandler.post(new Runnable() { // from class: xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager$$ExternalSyntheticLambda8
                    @Override // java.lang.Runnable
                    public final void run() {
                        MemorizingTrustManager memorizingTrustManager = MemorizingTrustManager.this;
                        memorizingTrustManager.getClass();
                        Intent intent = new Intent(memorizingTrustManager.context, (Class<?>) MemorizingActivity.class);
                        intent.setFlags(268435456);
                        StringBuilder sb5 = new StringBuilder();
                        sb5.append(MemorizingTrustManager.class.getName());
                        sb5.append("/");
                        int i = createDecisionId;
                        sb5.append(i);
                        intent.setData(Uri.parse(sb5.toString()));
                        intent.putExtra("de.duenndns.ssl.DECISION.decisionId", i);
                        String str2 = sb4;
                        intent.putExtra("de.duenndns.ssl.DECISION.cert", str2);
                        intent.putExtra("de.duenndns.ssl.DECISION.titleId", R.string.mtm_security_risk);
                        try {
                            memorizingTrustManager.context.startActivity(intent);
                        } catch (Exception e4) {
                            Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "interact: startActivity(MemorizingActivity)", e4);
                            PendingIntent activity = Build.VERSION.SDK_INT >= 31 ? PendingIntent.getActivity(memorizingTrustManager.context, 0, intent, 33554432) : PendingIntent.getActivity(memorizingTrustManager.context, 0, intent, 0);
                            String string = memorizingTrustManager.context.getString(R.string.mtm_notification);
                            long currentTimeMillis = System.currentTimeMillis();
                            NotificationCompat$Builder notificationCompat$Builder = new NotificationCompat$Builder(memorizingTrustManager.context, "memorizingtrustmanager");
                            notificationCompat$Builder.mContentTitle = NotificationCompat$Builder.limitCharSequenceLength(string);
                            notificationCompat$Builder.mContentText = NotificationCompat$Builder.limitCharSequenceLength(str2);
                            notificationCompat$Builder.mNotification.tickerText = NotificationCompat$Builder.limitCharSequenceLength(str2);
                            Notification notification = notificationCompat$Builder.mNotification;
                            notification.icon = android.R.drawable.ic_lock_lock;
                            notification.when = currentTimeMillis;
                            notificationCompat$Builder.mContentIntent = activity;
                            notification.flags |= 16;
                            memorizingTrustManager.notificationManager.notify(i + 100509, notificationCompat$Builder.build());
                        }
                    }
                });
                Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "interact: openDecisions: " + openDecisions + ", waiting on " + createDecisionId);
                try {
                } catch (InterruptedException e4) {
                    Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "interact: ", e4);
                }
                synchronized (decision) {
                    decision.wait();
                    Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "interact: finished wait on " + createDecisionId + ": " + decision.state);
                    int i = decision.state;
                    if (i != 2) {
                        if (i != 3) {
                            throw e2;
                        }
                        X509Certificate x509Certificate2 = x509CertificateArr[0];
                        String principal = x509Certificate2.getSubjectDN().toString();
                        try {
                            this.appKeyStore.setCertificateEntry(principal, x509Certificate2);
                            Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "storeCert: " + principal);
                            this.appTrustManager = getTrustManager(this.appKeyStore);
                            FileOutputStream fileOutputStream2 = null;
                            try {
                                try {
                                    fileOutputStream = new FileOutputStream(this.keyStoreFile);
                                } catch (Exception e5) {
                                    e = e5;
                                }
                            } catch (Throwable th4) {
                                th = th4;
                            }
                            try {
                                this.appKeyStore.store(fileOutputStream, "MTM".toCharArray());
                                try {
                                    fileOutputStream.close();
                                } catch (IOException e6) {
                                    iOException = e6;
                                    sb = new StringBuilder("keyStoreUpdated: ");
                                    sb.append(this.keyStoreFile);
                                    Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", sb.toString(), iOException);
                                }
                            } catch (Exception e7) {
                                e = e7;
                                fileOutputStream2 = fileOutputStream;
                                Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "keyStoreUpdated: " + this.keyStoreFile, e);
                                if (fileOutputStream2 != null) {
                                    try {
                                        fileOutputStream2.close();
                                    } catch (IOException e8) {
                                        iOException = e8;
                                        sb = new StringBuilder("keyStoreUpdated: ");
                                        sb.append(this.keyStoreFile);
                                        Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", sb.toString(), iOException);
                                    }
                                }
                            } catch (Throwable th5) {
                                th = th5;
                                fileOutputStream2 = fileOutputStream;
                                Throwable th6 = th;
                                if (fileOutputStream2 == null) {
                                    throw th6;
                                }
                                try {
                                    fileOutputStream2.close();
                                    throw th6;
                                } catch (IOException e9) {
                                    Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "keyStoreUpdated: " + this.keyStoreFile, e9);
                                    throw th6;
                                }
                            }
                        } catch (KeyStoreException e10) {
                            Log.e("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "storeCert: " + x509Certificate2, e10);
                        }
                    }
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, true);
    }

    @Override // javax.net.ssl.X509TrustManager
    public final X509Certificate[] getAcceptedIssuers() {
        Log.i("xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager", "getAcceptedIssuers");
        return this.defaultTrustManager.getAcceptedIssuers();
    }
}
