package com.citrix.client.Receiver.repository.validators;

import android.net.http.SslCertificate;
import android.support.annotation.NonNull;
import android.util.Log;
import com.citrix.client.Receiver.contracts.PromptContract;
import com.citrix.client.Receiver.exceptions.CertStorageException;
import com.citrix.client.Receiver.params.AMParams;
import com.citrix.client.Receiver.params.PromptParams;
import com.citrix.client.Receiver.repository.storage.ICertStorage;
import com.citrix.client.Receiver.ui.activities.DialogActivity;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class ServerCertValidator implements AMParams.IServerCertValidator {
    private static final String TAG = "SCertValidator";

    @NonNull
    private X509TrustManager mDefaultTM;

    @NonNull
    private final ICertStorage mStorage;

    @NonNull
    private final String mStoreId;

    public ServerCertValidator(@NonNull String str, @NonNull ICertStorage iCertStorage) {
        this.mStorage = iCertStorage;
        this.mStoreId = str;
        TrustManagerFactory trustManagerFactory = null;
        try {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        if (trustManagerFactory != null) {
            this.mDefaultTM = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        }
    }

    private X509Certificate getPrimaryCert(String str, X509Certificate[] x509CertificateArr) throws CertificateParsingException {
        if (x509CertificateArr.length <= 0) {
            return null;
        }
        return x509CertificateArr[0];
    }

    private X509Certificate[] getStoredChain() throws CertificateException {
        try {
            return this.mStorage.getCertificateChain(this.mStoreId);
        } catch (CertStorageException e) {
            e.printStackTrace();
            throw new CertificateException("Cannot get cert chain from keystore");
        }
    }

    private boolean promptUser(PromptParams.CertRequest certRequest) throws CertificateException {
        PromptParams.CertResponse certResponse = (PromptParams.CertResponse) DialogActivity.promptUser(PromptContract.RequestType.CERT_WARNING, certRequest);
        Log.i(TAG, "Response received for promptUser:" + certResponse.toString());
        switch (certResponse.getResult()) {
            case USER_OK:
                return true;
            case USER_CANCEL:
                throw new CertificateException("User did not accept the cert chain for:" + certRequest.getHostName());
            case EXCEPTION_THROWN:
                throw new CertificateException("EXCEPTION_THROWN:" + certResponse.getException());
            case APPLICATION_ERROR_OCCURRED:
                throw new CertificateException("APPLICATION_ERROR_OCCURRED");
            case INVALID_REQUEST:
                throw new CertificateException("INVALID_REQUEST");
            case TIMEOUT_OCCURRED:
                throw new CertificateException("MAX_TIMEOUT_OCCURRED");
            default:
                throw new CertificateException("Unknown Result:" + certResponse.getResult());
        }
    }

    private boolean promptUser(@NonNull String str, @NonNull SslCertificate sslCertificate) throws CertificateException {
        return promptUser(new PromptParams.CertRequest(str, null, sslCertificate));
    }

    private boolean promptUser(@NonNull String str, @NonNull X509Certificate[] x509CertificateArr) throws CertificateException {
        return promptUser(new PromptParams.CertRequest(str, x509CertificateArr, null));
    }

    private void storeCertChain(X509Certificate x509Certificate, X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            this.mStorage.setKeyEntry(this.mStoreId, x509Certificate.getPublicKey().getEncoded(), x509CertificateArr);
        } catch (CertStorageException e) {
            e.printStackTrace();
            throw new CertificateException("Cannot Store certificates");
        }
    }

    private void validate(String str, String str2, X509Certificate[] x509CertificateArr) throws CertificateException {
        Log.i(TAG, "Validating for store:" + this.mStoreId + " hostname:" + str + " authType:" + str2);
        if (!this.mStoreId.toLowerCase().contains(str.toLowerCase())) {
            Log.i(TAG, "store id differs from host name:" + this.mStoreId + " hostname:" + str);
            this.mStorage.dumpChain(x509CertificateArr);
        }
        X509Certificate[] storedChain = getStoredChain();
        if (storedChain == null || storedChain.length <= 0 || !Arrays.deepEquals(storedChain, x509CertificateArr)) {
            if (!promptUser(str, x509CertificateArr)) {
                throw new CertificateException("User did not trust the cert chain for hostname " + str);
            }
            X509Certificate primaryCert = getPrimaryCert(str, x509CertificateArr);
            if (primaryCert == null) {
                throw new CertificateException("Cannot get primary certificate for host name " + str);
            }
            storeCertChain(primaryCert, x509CertificateArr);
        }
    }

    @Override // com.citrix.client.Receiver.params.AMParams.IServerCertValidator
    public String getAlias() {
        return this.mStoreId;
    }

    @Override // com.citrix.auth.ServerCertValidator
    public void validate(String str, int i, X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
        try {
            if (this.mDefaultTM == null) {
                throw new CertificateException("no Default TrustManager");
            }
            this.mDefaultTM.checkServerTrusted(x509CertificateArr, str2);
        } catch (CertificateException e) {
            e.printStackTrace();
            validate(str, str2, x509CertificateArr);
        }
    }

    @Override // com.citrix.client.Receiver.params.AMParams.IServerCertValidator
    public void validate(@NonNull String str, @NonNull SslCertificate sslCertificate) throws CertificateException {
        Log.i(TAG, "Validating for store:" + this.mStoreId + " hostname:" + str + " :" + sslCertificate);
        if (!this.mStoreId.toLowerCase().contains(str.toLowerCase())) {
            Log.i(TAG, "store id differs from host name:" + this.mStoreId + " hostname:" + str);
        }
        SslCertificate sslCertificate2 = this.mStorage.getSslCertificate(this.mStoreId);
        if (sslCertificate2 == null || !SslCertificateValidator.certificateEquals(sslCertificate, sslCertificate2)) {
            if (!promptUser(str, sslCertificate)) {
                throw new CertificateException("User did not trust the cert chain for hostname " + str);
            }
            this.mStorage.setSslEntry(this.mStoreId, sslCertificate);
        }
    }

    @Override // com.citrix.auth.ServerCertValidator
    public void validate(String str, X509Certificate[] x509CertificateArr, String str2, Socket socket) throws CertificateException {
        try {
            if (this.mDefaultTM == null) {
                throw new CertificateException("no Default TrustManager");
            }
            this.mDefaultTM.checkServerTrusted(x509CertificateArr, str2);
        } catch (CertificateException e) {
            e.printStackTrace();
            validate(str, str2, x509CertificateArr);
        }
    }
}
