package com.bochklaunchflow;

import android.content.Context;
import android.os.AsyncTask;
import com.bochklaunchflow.base.CertPinType;
import com.bochklaunchflow.http.AppRequest;
import com.bochklaunchflow.http.bean.CertificatePinning;
import com.bochklaunchflow.http.bean.CertificatePinningPath;
import com.bochklaunchflow.okhttp.https.TrustedKeyStoreConfig;
import com.bochklaunchflow.utils.BOCLFLogUtil;
import com.bochklaunchflow.utils.BOCLFUtils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: classes.dex */
public class DownloadCertManager {

    /* renamed from: a, reason: collision with root package name */
    private static final String f3264a = "DownloadCertManager";

    /* renamed from: b, reason: collision with root package name */
    private static Context f3265b;

    /* renamed from: c, reason: collision with root package name */
    private static HashMap<String, Boolean> f3266c;

    /* renamed from: d, reason: collision with root package name */
    private static Set<String> f3267d;

    /* renamed from: e, reason: collision with root package name */
    private static CertificatePinning f3268e;

    /* renamed from: f, reason: collision with root package name */
    private static b f3269f;

    /* renamed from: g, reason: collision with root package name */
    private static c f3270g;

    /* renamed from: h, reason: collision with root package name */
    private static a f3271h;

    /* renamed from: i, reason: collision with root package name */
    private static Map<String, X509Certificate> f3272i;

    /* loaded from: classes.dex */
    public interface a {
        void a();

        void b();

        void c(Exception exc);

        void d(Exception exc);

        void e();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class b extends AsyncTask<Void, Void, CertificatePinning> {

        /* renamed from: a, reason: collision with root package name */
        private boolean f3273a = true;

        /* renamed from: b, reason: collision with root package name */
        private boolean f3274b = false;

        public b(a aVar) {
            a unused = DownloadCertManager.f3271h = aVar;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public CertificatePinning doInBackground(Void... voidArr) {
            try {
                return AppRequest.getCertificatesListJson(DownloadCertManager.f3265b);
            } catch (SSLHandshakeException unused) {
                this.f3273a = false;
                return null;
            } catch (SSLPeerUnverifiedException unused2) {
                this.f3273a = false;
                return null;
            } catch (Exception unused3) {
                BOCLFLogUtil.e(DownloadCertManager.f3264a, "get cert list failed!");
                this.f3274b = true;
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public void onPostExecute(CertificatePinning certificatePinning) {
            super.onPostExecute(certificatePinning);
            if (!this.f3273a) {
                DownloadCertManager.f3271h.e();
                return;
            }
            if (certificatePinning == null || this.f3274b) {
                BOCLFLogUtil.e(DownloadCertManager.f3264a, "cannot download cert list; fail to download cert / cert list is null");
                DownloadCertManager.f3271h.d(new Exception("failed in downloading cert list"));
                return;
            }
            CertificatePinning unused = DownloadCertManager.f3268e = certificatePinning;
            if (DownloadCertManager.f3266c == null) {
                HashMap unused2 = DownloadCertManager.f3266c = new HashMap();
            }
            if (DownloadCertManager.f3268e.getResult() == null) {
                BOCLFLogUtil.w(DownloadCertManager.f3264a, "cert list is empty");
                Set unused3 = DownloadCertManager.f3267d = new HashSet();
                DownloadCertManager.f3271h.c(new Exception("cert list is empty"));
                return;
            }
            Set unused4 = DownloadCertManager.f3267d = new HashSet();
            for (CertificatePinningPath certificatePinningPath : DownloadCertManager.f3268e.getResult()) {
                if (certificatePinningPath != null && certificatePinningPath.getDomain() != null) {
                    DownloadCertManager.f3267d.add(certificatePinningPath.getDomain());
                    DownloadCertManager.f3266c.put(certificatePinningPath.getDomain(), Boolean.FALSE);
                    BOCLFLogUtil.i(DownloadCertManager.f3264a, "DownloadCertListTask DownloadCertListTask: validDomainSet & domainToIsDownloadSucceededHM added->" + certificatePinningPath.getDomain());
                }
            }
            if (TrustedKeyStoreConfig.getCNFromLocalCerts() != null) {
                for (String str : TrustedKeyStoreConfig.getCNFromLocalCerts()) {
                    if (str != null) {
                        DownloadCertManager.f3267d.add(str);
                        BOCLFLogUtil.i(DownloadCertManager.f3264a, "DownloadCertListTask DownloadCertListTask: validDomainSet added local cert cn->" + str);
                    }
                }
            }
            DownloadCertManager.s(DownloadCertManager.f3271h);
        }

        @Override // android.os.AsyncTask
        protected void onCancelled() {
            super.onCancelled();
        }

        @Override // android.os.AsyncTask
        protected void onPreExecute() {
            super.onPreExecute();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class c extends AsyncTask<Void, Void, Map<String, X509Certificate>> {

        /* renamed from: a, reason: collision with root package name */
        private boolean f3275a = true;

        /* renamed from: b, reason: collision with root package name */
        private List<CertificatePinningPath> f3276b;

        public c(String str, a aVar) {
            String domainFromValidUrl;
            a unused = DownloadCertManager.f3271h = aVar;
            this.f3276b = null;
            if (str != null) {
                try {
                    if (DownloadCertManager.f3268e == null || DownloadCertManager.f3268e.getResult() == null || (domainFromValidUrl = BOCLFUtils.getDomainFromValidUrl(str)) == null || DownloadCertManager.f3268e.getResult().size() <= 0) {
                        return;
                    }
                    for (CertificatePinningPath certificatePinningPath : DownloadCertManager.f3268e.getResult()) {
                        String wildcardToRegex = BOCLFUtils.wildcardToRegex(certificatePinningPath.getDomain());
                        if (domainFromValidUrl.matches(wildcardToRegex)) {
                            BOCLFLogUtil.i(DownloadCertManager.f3264a, "DownloadCertsTask: domain \"" + domainFromValidUrl + "\" matches wildcard \"" + wildcardToRegex + "\"; add to download map");
                            if (this.f3276b == null) {
                                this.f3276b = new ArrayList();
                            }
                            this.f3276b.add(certificatePinningPath);
                        } else {
                            BOCLFLogUtil.d(DownloadCertManager.f3264a, "DownloadCertsTask: domain \"" + domainFromValidUrl + "\" does not match wildcard \"" + wildcardToRegex + "\"");
                        }
                    }
                } catch (Exception unused2) {
                    BOCLFLogUtil.e(DownloadCertManager.f3264a, "cannot get cert address to download; download all instead");
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Code restructure failed: missing block: B:13:0x007c, code lost:
        
            if ("".equals(r8) == false) goto L22;
         */
        /* JADX WARN: Code restructure failed: missing block: B:9:0x0035, code lost:
        
            if (r7 == null) goto L13;
         */
        /* JADX WARN: Removed duplicated region for block: B:19:0x00cc  */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public java.util.Map<java.lang.String, java.security.cert.X509Certificate> doInBackground(java.lang.Void... r15) {
            /*
                Method dump skipped, instructions count: 751
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: com.bochklaunchflow.DownloadCertManager.c.doInBackground(java.lang.Void[]):java.util.Map");
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public void onPostExecute(Map<String, X509Certificate> map) {
            super.onPostExecute(map);
            if (!this.f3275a) {
                DownloadCertManager.f3271h.e();
                return;
            }
            Map unused = DownloadCertManager.f3272i = map;
            if (map != null) {
                DownloadCertManager.v(map);
                DownloadCertManager.f3271h.a();
            } else {
                BOCLFLogUtil.d(DownloadCertManager.f3264a, "DownloadCertsTask onPostExecute: resultMap returned is empty;");
                DownloadCertManager.f3271h.d(new Exception("failed in downloading certs"));
            }
        }

        @Override // android.os.AsyncTask
        protected void onCancelled() {
            super.onCancelled();
        }

        @Override // android.os.AsyncTask
        protected void onPreExecute() {
            super.onPreExecute();
        }
    }

    public static void cancelDownloadCertListTask() {
        b bVar = f3269f;
        if (bVar == null || bVar.getStatus() == AsyncTask.Status.FINISHED) {
            return;
        }
        f3269f.cancel(true);
    }

    public static void cancelTask() {
        n();
    }

    public static final boolean checkDomainValid(String str) {
        Set<String> set = f3267d;
        if (set == null) {
            BOCLFLogUtil.w(f3264a, "checkDomainValid: validDomainSet cannot be null");
            return false;
        }
        if (str == null) {
            BOCLFLogUtil.e(f3264a, "checkDomainValid: domain is null");
            return false;
        }
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            String wildcardToRegex = BOCLFUtils.wildcardToRegex(it.next());
            if (str.matches(wildcardToRegex)) {
                BOCLFLogUtil.i(f3264a, "checkDomainValid: domain \"" + str + "\" matches wildcard \"" + wildcardToRegex + "\"");
                return true;
            }
            BOCLFLogUtil.d(f3264a, "checkDomainValid: domain \"" + str + "\" does not match wildcard \"" + wildcardToRegex + "\"");
        }
        BOCLFLogUtil.e(f3264a, "checkDomainValid: domain \"" + str + "\" is invalid");
        return false;
    }

    public static Map<String, X509Certificate> getCertsMap() {
        return f3272i;
    }

    public static void init(Context context) {
        f3265b = context.getApplicationContext();
    }

    public static final boolean isCertListDownloaded() {
        return f3268e != null;
    }

    private static void n() {
        cancelDownloadCertListTask();
        o();
        f3271h = null;
    }

    private static void o() {
        c cVar = f3270g;
        if (cVar == null || cVar.getStatus() == AsyncTask.Status.FINISHED) {
            return;
        }
        f3270g.cancel(true);
    }

    private static final boolean p(String str) {
        return u(str, false);
    }

    private static final boolean q(String str) {
        if (TrustedKeyStoreConfig.getCNFromLocalCerts() == null) {
            BOCLFLogUtil.w(f3264a, "isUrlDomainIncludedInLocalCertList: No certs in local (TrustedKeyStoreConfig.getCNFromLocalCerts() is null)");
            return false;
        }
        if (str == null) {
            BOCLFLogUtil.e(f3264a, "isUrlDomainIncludedInLocalCertList: url is null.so download all certs");
            return false;
        }
        String domainFromValidUrl = BOCLFUtils.getDomainFromValidUrl(str);
        Set<String> cNFromLocalCerts = TrustedKeyStoreConfig.getCNFromLocalCerts();
        if (domainFromValidUrl == null) {
            BOCLFLogUtil.e(f3264a, "isUrlDomainIncludedInLocalCertList: domain is invalid; url->" + str);
            return false;
        }
        Iterator<String> it = cNFromLocalCerts.iterator();
        while (it.hasNext()) {
            String wildcardToRegex = BOCLFUtils.wildcardToRegex(it.next());
            if (domainFromValidUrl.matches(wildcardToRegex)) {
                BOCLFLogUtil.i(f3264a, "isUrlDomainIncludedInLocalCertList: domain \"" + domainFromValidUrl + "\" matches wildcard \"" + wildcardToRegex + "\"");
                return true;
            }
            BOCLFLogUtil.d(f3264a, "isUrlDomainIncludedInLocalCertList: domain \"" + domainFromValidUrl + "\" does not match wildcard \"" + wildcardToRegex + "\"");
        }
        BOCLFLogUtil.e(f3264a, "isUrlDomainIncludedInLocalCertList: domain \"" + domainFromValidUrl + "\" is not included in local cert list");
        return false;
    }

    private static final boolean r(String str) {
        return u(str, true);
    }

    public static void runTask(a aVar) {
        BOCLFLogUtil.d(f3264a, "redirect to no specific domain runTask...");
        runTask(null, aVar);
    }

    public static void runTask(String str, a aVar) {
        if (q(str)) {
            String str2 = f3264a;
            BOCLFLogUtil.v(str2, "=================================================");
            BOCLFLogUtil.v(str2, "url matches local cert domain; no need to call download cert list & certs");
            BOCLFLogUtil.v(str2, "=================================================");
            aVar.a();
            return;
        }
        if (!isCertListDownloaded()) {
            String str3 = f3264a;
            BOCLFLogUtil.v(str3, "=================================================");
            BOCLFLogUtil.v(str3, "downloading cert list...");
            BOCLFLogUtil.v(str3, "=================================================");
            cancelDownloadCertListTask();
            b bVar = new b(aVar);
            f3269f = bVar;
            bVar.execute(new Void[0]);
            return;
        }
        if (str != null && !r(str)) {
            BOCLFLogUtil.i(f3264a, "url [" + str + "] domain is not valid -> showing Data Not Received dialog; ");
            aVar.b();
            return;
        }
        if (p(str)) {
            String str4 = f3264a;
            BOCLFLogUtil.v(str4, "=================================================");
            BOCLFLogUtil.v(str4, "Cert list and certs have already been downloaded");
            BOCLFLogUtil.v(str4, "=================================================");
            aVar.a();
            return;
        }
        if (p(str)) {
            return;
        }
        String str5 = f3264a;
        BOCLFLogUtil.v(str5, "=================================================");
        if (str == null) {
            BOCLFLogUtil.v(str5, "downloading ALL certs from cert list...");
        } else {
            BOCLFLogUtil.v(str5, "downloading cert matching url:[" + str + "] from cert list...");
        }
        BOCLFLogUtil.v(str5, "=================================================");
        o();
        c cVar = new c(str, aVar);
        f3270g = cVar;
        cVar.execute(new Void[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void s(a aVar) {
        if (!isCertListDownloaded()) {
            BOCLFLogUtil.e(f3264a, "runDownloadAllCertsTask: certificatesList cannot be null; calling runDownloadCertListTask to get certificatesList");
            t(aVar);
        } else {
            o();
            c cVar = new c(null, aVar);
            f3270g = cVar;
            cVar.execute(new Void[0]);
        }
    }

    private static void t(a aVar) {
        cancelDownloadCertListTask();
        b bVar = new b(aVar);
        f3269f = bVar;
        bVar.execute(new Void[0]);
    }

    private static final boolean u(String str, boolean z9) {
        StringBuilder sb = new StringBuilder();
        sb.append("scanUrlDomainIncludedInServerCertList#");
        sb.append(z9 ? "1" : "0");
        String sb2 = sb.toString();
        if (f3266c == null) {
            BOCLFLogUtil.w(f3264a, sb2 + ": domainToIsDownloadSucceededHM cannot be null");
            return false;
        }
        if (str == null) {
            BOCLFLogUtil.e(f3264a, sb2 + ": url is null");
            return false;
        }
        String domainFromValidUrl = BOCLFUtils.getDomainFromValidUrl(str);
        if (domainFromValidUrl == null) {
            BOCLFLogUtil.e(f3264a, sb2 + ": domain is invalid; url->" + str);
            return false;
        }
        for (String str2 : f3266c.keySet()) {
            String wildcardToRegex = BOCLFUtils.wildcardToRegex(str2);
            if (domainFromValidUrl.matches(wildcardToRegex)) {
                BOCLFLogUtil.i(f3264a, sb2 + ": domain \"" + domainFromValidUrl + "\" matches wildcard \"" + wildcardToRegex + "\"");
                if (z9) {
                    return true;
                }
                return f3266c.get(str2).booleanValue();
            }
            BOCLFLogUtil.d(f3264a, sb2 + ": domain \"" + domainFromValidUrl + "\" does not match wildcard \"" + wildcardToRegex + "\"");
        }
        BOCLFLogUtil.e(f3264a, sb2 + ": domain \"" + domainFromValidUrl + "\" is not included in cert list");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean v(Map<String, X509Certificate> map) {
        CertPinType certPinType = BOCHKLaunchFlow.getInstance().getCertPinType();
        if (CertPinType.TrustAllCerts.getValue().equals(certPinType != null ? certPinType.getValue() : null)) {
            BOCLFLogUtil.d(f3264a, "you trust all certs.so you don't need to update keystore");
            return false;
        }
        if (map == null || map.size() <= 0) {
            BOCLFLogUtil.e(f3264a, "updateKeystores: certNameToCertMap cannot be null");
        } else if (TrustedKeyStoreConfig.insert(f3265b, map)) {
            OkHttpUtils.getInstance().b(TrustedKeyStoreConfig.getTrustedKeyStore());
        }
        return false;
    }
}
