package com.f5.edge.client.ssl;

import android.content.Context;
import android.util.Log;
import com.f5.edge.Logger;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import javax.net.ssl.SSLException;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

/* loaded from: classes.dex */
public class SSLCertCache {
    private static final int ISSUERS_CACHE_TIMEOUT = 10000;
    private Context mContext;
    private X509HostnameVerifier mHostnameVerifier = null;
    private X509TrustManager trustManager = null;
    private HashMap<Principal, X509Certificate> mAcceptedIssuers = null;
    private long mAcceptedIssuersCacheExpiry = 0;
    private HashMap<String, List<SSLCacheEntry>> mSSLCache = new HashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class SSLCacheEntry {
        byte[] mHash;
        SSLResultEnum mResult;
        private String mServer;

        public SSLCacheEntry(String str, byte[] bArr) {
            this.mServer = str;
            this.mHash = bArr;
        }

        public SSLResultEnum getResult() {
            return this.mResult;
        }

        public String getServer() {
            return this.mServer;
        }

        public boolean hasValidHash(byte[] bArr) {
            byte[] bArr2 = this.mHash;
            if (bArr2 == null) {
                return true;
            }
            if (bArr == null || bArr.length != bArr2.length || bArr2.length <= 0) {
                return false;
            }
            int i = 0;
            boolean z = false;
            while (true) {
                byte[] bArr3 = this.mHash;
                if (i >= bArr3.length) {
                    return z;
                }
                if (bArr3[i] != bArr[i]) {
                    return false;
                }
                i++;
                z = true;
            }
        }

        public void setResult(SSLResultEnum sSLResultEnum) {
            this.mResult = sSLResultEnum;
        }
    }

    /* loaded from: classes.dex */
    public enum SSLResultEnum {
        TRUSTED,
        UNTRUSTED_APPROVED,
        UNTRUSTED_REJECTED,
        UNTRUSTED;

        private SSLError mError = null;

        SSLResultEnum() {
        }

        public SSLError getSSLError() {
            return this.mError;
        }

        public boolean isRejected() {
            return equals(UNTRUSTED_REJECTED);
        }

        public boolean isTrusted() {
            return equals(TRUSTED) || equals(UNTRUSTED_APPROVED);
        }

        public void setSSLError(SSLError sSLError) {
            this.mError = sSLError;
        }
    }

    public SSLCertCache(Context context) {
        this.mContext = context;
    }

    private synchronized Map<Principal, X509Certificate> getAcceptedIssuers() {
        long currentTimeMillis = System.currentTimeMillis();
        if (this.mAcceptedIssuers == null || currentTimeMillis > this.mAcceptedIssuersCacheExpiry) {
            this.mAcceptedIssuers = new HashMap<>();
            X509Certificate[] acceptedIssuers = getTrustManager().getAcceptedIssuers();
            if (acceptedIssuers != null) {
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    this.mAcceptedIssuers.put(x509Certificate.getSubjectDN(), x509Certificate);
                }
                this.mAcceptedIssuersCacheExpiry = currentTimeMillis + 10000;
            }
        }
        return this.mAcceptedIssuers;
    }

    private synchronized SSLCacheEntry getCached(String str, byte[] bArr) {
        if (str == null || bArr == null) {
            return null;
        }
        List<SSLCacheEntry> list = this.mSSLCache.get(str);
        if (list == null) {
            return null;
        }
        for (SSLCacheEntry sSLCacheEntry : list) {
            if (sSLCacheEntry.hasValidHash(bArr)) {
                return sSLCacheEntry;
            }
        }
        return null;
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x0022, code lost:
    
        r6.trustManager = (javax.net.ssl.X509TrustManager) r4;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private javax.net.ssl.X509TrustManager getDefaultTrustManager() {
        /*
            r6 = this;
            javax.net.ssl.X509TrustManager r0 = r6.trustManager
            if (r0 == 0) goto L5
            return r0
        L5:
            r0 = 0
            java.lang.String r1 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.lang.Exception -> L2d
            javax.net.ssl.TrustManagerFactory r1 = javax.net.ssl.TrustManagerFactory.getInstance(r1)     // Catch: java.lang.Exception -> L2d
            r2 = r0
            java.security.KeyStore r2 = (java.security.KeyStore) r2     // Catch: java.lang.Exception -> L2d
            r1.init(r2)     // Catch: java.lang.Exception -> L2d
            javax.net.ssl.TrustManager[] r1 = r1.getTrustManagers()     // Catch: java.lang.Exception -> L2d
            int r2 = r1.length     // Catch: java.lang.Exception -> L2d
            r3 = 0
        L1a:
            if (r3 >= r2) goto L2a
            r4 = r1[r3]     // Catch: java.lang.Exception -> L2d
            boolean r5 = r4 instanceof javax.net.ssl.X509TrustManager     // Catch: java.lang.Exception -> L2d
            if (r5 == 0) goto L27
            javax.net.ssl.X509TrustManager r4 = (javax.net.ssl.X509TrustManager) r4     // Catch: java.lang.Exception -> L2d
            r6.trustManager = r4     // Catch: java.lang.Exception -> L2d
            goto L2a
        L27:
            int r3 = r3 + 1
            goto L1a
        L2a:
            javax.net.ssl.X509TrustManager r0 = r6.trustManager
            return r0
        L2d:
            r1 = move-exception
            java.lang.String r2 = com.f5.edge.Logger.TAG
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "EXCEPTION: SSLCertCache::getTrustManager()"
            r3.append(r4)
            java.lang.String r1 = r1.toString()
            r3.append(r1)
            java.lang.String r1 = r3.toString()
            android.util.Log.e(r2, r1)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.f5.edge.client.ssl.SSLCertCache.getDefaultTrustManager():javax.net.ssl.X509TrustManager");
    }

    protected boolean checkServer(String str, X509Certificate[] x509CertificateArr) {
        Log.d(Logger.TAG, "SSLCertCache::checkServer():" + str);
        try {
            getHostnameVerifier().verify(str, x509CertificateArr[0]);
            return true;
        } catch (SSLException e) {
            Log.e(Logger.TAG, "SSLCertCache::checkServer(): Hostname verification failed. " + e.getMessage());
            return false;
        }
    }

    protected X509HostnameVerifier getHostnameVerifier() {
        if (this.mHostnameVerifier == null) {
            this.mHostnameVerifier = new BrowserCompatHostnameVerifier();
        }
        return this.mHostnameVerifier;
    }

    protected X509TrustManager getTrustManager() {
        return getDefaultTrustManager();
    }

    public synchronized boolean isHostTrusted(String str) {
        List<SSLCacheEntry> list = this.mSSLCache.get(str);
        if (list == null) {
            return false;
        }
        Iterator<SSLCacheEntry> it = list.iterator();
        while (it.hasNext()) {
            if (!it.next().getResult().isTrusted()) {
                return false;
            }
        }
        return true;
    }

    public synchronized void reset() {
        if (this.mSSLCache.isEmpty()) {
            return;
        }
        Iterator<List<SSLCacheEntry>> it = this.mSSLCache.values().iterator();
        while (it.hasNext()) {
            ListIterator<SSLCacheEntry> listIterator = it.next().listIterator();
            while (listIterator.hasNext()) {
                if (!listIterator.next().getResult().isTrusted()) {
                    listIterator.remove();
                }
            }
        }
        this.mAcceptedIssuers = null;
    }

    public synchronized void setResult(String str, byte[] bArr, SSLResultEnum sSLResultEnum) {
        SSLCacheEntry cached = getCached(str, bArr);
        if (cached != null) {
            cached.setResult(sSLResultEnum);
            return;
        }
        SSLCacheEntry sSLCacheEntry = new SSLCacheEntry(str, bArr);
        sSLCacheEntry.setResult(sSLResultEnum);
        List<SSLCacheEntry> list = this.mSSLCache.get(str);
        if (list == null) {
            list = new ArrayList<>();
        }
        list.add(sSLCacheEntry);
        this.mSSLCache.put(str, list);
    }

    protected boolean validateChain(X509Certificate[] x509CertificateArr, int i, X509Certificate x509Certificate) {
        int i2 = 0;
        while (true) {
            int i3 = i - 1;
            if (i2 >= i3) {
                try {
                    x509CertificateArr[i3].verify(x509Certificate.getPublicKey());
                    return true;
                } catch (Exception e) {
                    Log.e(Logger.TAG, x509CertificateArr[i3].getSubjectDN().toString() + " is not signed by trust anchor" + x509Certificate.toString() + " error: " + e.getMessage());
                    return false;
                }
            }
            try {
                int i4 = i2 + 1;
                x509CertificateArr[i2].verify(x509CertificateArr[i4].getPublicKey());
                i2 = i4;
            } catch (Exception e2) {
                Log.e(Logger.TAG, x509CertificateArr[i2].getSubjectDN().toString() + " are not signed by " + x509CertificateArr[i2 + 1].toString() + " error: " + e2.getMessage());
                return false;
            }
        }
    }

    public SSLResultEnum verifyCertChain(String str, PEMCertificateChain pEMCertificateChain) {
        boolean z;
        boolean z2;
        SSLCacheEntry cached;
        byte[] calculateHash = pEMCertificateChain.calculateHash();
        SSLResultEnum sSLResultEnum = SSLResultEnum.UNTRUSTED;
        if (calculateHash != null && (cached = getCached(str, calculateHash)) != null) {
            SSLResultEnum result = cached.getResult();
            if (result.isTrusted() || result.isRejected()) {
                return result;
            }
        }
        X509Certificate[] certificates = pEMCertificateChain.getCertificates();
        if (certificates == null) {
            throw new NullPointerException();
        }
        SSLError sSLError = new SSLError(certificates[0]);
        if (checkServer(str, certificates)) {
            z = false;
        } else {
            sSLError.addError(2);
            z = true;
        }
        try {
            getTrustManager().checkServerTrusted(certificates, "RSA");
        } catch (CertificateException e) {
            Log.e(Logger.TAG, e.getMessage());
            z = true;
        }
        if (z) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(certificates, certificates.length + 1);
            int i = 0;
            while (i < certificates.length) {
                int i2 = i + 1;
                int i3 = i2;
                while (true) {
                    if (i3 >= certificates.length) {
                        z2 = false;
                        break;
                    }
                    if (x509CertificateArr[i].getIssuerDN().equals(x509CertificateArr[i3].getSubjectDN())) {
                        if (i3 != i2) {
                            X509Certificate x509Certificate = x509CertificateArr[i3];
                            x509CertificateArr[i3] = x509CertificateArr[i2];
                            x509CertificateArr[i2] = x509Certificate;
                        }
                        z2 = true;
                    } else {
                        i3++;
                    }
                }
                if (!z2) {
                    break;
                }
                i = i2;
            }
            int i4 = i + 1;
            X509Certificate x509Certificate2 = null;
            Map<Principal, X509Certificate> acceptedIssuers = getAcceptedIssuers();
            if (this.mAcceptedIssuers != null) {
                while (true) {
                    if (i4 <= 0) {
                        break;
                    }
                    int i5 = i4 - 1;
                    try {
                        X509Certificate x509Certificate3 = acceptedIssuers.get(x509CertificateArr[i5].getIssuerDN());
                        if (x509Certificate3 != null && x509CertificateArr[i5].getIssuerDN().equals(x509Certificate3.getSubjectDN())) {
                            x509Certificate2 = x509Certificate3;
                            break;
                        }
                    } catch (Throwable th) {
                        Log.e(Logger.TAG, "Unexpected exception", th);
                    }
                    i4--;
                }
            }
            if (x509Certificate2 == null) {
                i4 = certificates.length;
            }
            if (x509Certificate2 == null || !validateChain(x509CertificateArr, i4, x509Certificate2)) {
                sSLError.addError(3);
            }
            for (int i6 = 0; i6 < i4; i6++) {
                try {
                    certificates[i6].checkValidity();
                } catch (CertificateExpiredException unused) {
                    sSLError.addError(1);
                } catch (CertificateNotYetValidException unused2) {
                    sSLError.addError(0);
                }
            }
            if (!sSLError.hasError()) {
                sSLError.addError(5);
            }
        }
        if (!z) {
            return SSLResultEnum.TRUSTED;
        }
        if (str != null && calculateHash != null) {
            setResult(str, calculateHash, SSLResultEnum.UNTRUSTED);
        }
        if (!sSLError.hasError()) {
            return sSLResultEnum;
        }
        sSLResultEnum.setSSLError(sSLError);
        return sSLResultEnum;
    }
}
