package com.fourjs.gma.client.ssl;

import android.content.ContentValues;
import android.content.Context;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import com.fourjs.gma.core.android.Log;
import com.fourjs.gma.core.db.contracts.AllowedCertificateContract;
import com.fourjs.gma.core.db.helpers.SettingsDbHelper;
import com.fourjs.gma.vm.KeyStoreScanner;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class FX509TrustManager implements X509TrustManager {
    private final Context mContext;
    private final OnResponseCallback mOnResponseCallback;
    private final ArrayList<AllowedCertificate> mSessionAllowedCertificates;
    private final X509TrustManager mStandardTrustManager;
    private final URL mUrl;

    /* loaded from: classes.dex */
    public interface OnResponseCallback {
        void onResponse(X509Certificate[] x509CertificateArr, Response response);
    }

    /* loaded from: classes.dex */
    public enum Response {
        YES,
        YES_TO_ALL,
        NO
    }

    public FX509TrustManager(Context context, URL url, ArrayList<AllowedCertificate> arrayList, OnResponseCallback onResponseCallback) throws NoSuchAlgorithmException, KeyStoreException {
        Log.v("public FX509TrustManager(context='", context, "', url='", url, "', sessionAllowedCertificates='", arrayList, "', onResponseCallback='", onResponseCallback, "')");
        this.mContext = context;
        this.mOnResponseCallback = onResponseCallback;
        this.mSessionAllowedCertificates = arrayList;
        this.mUrl = url;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found");
        }
        this.mStandardTrustManager = (X509TrustManager) trustManagers[0];
    }

    private boolean areCertificatesAllowed(X509Certificate[] x509CertificateArr) {
        Log.v("private boolean areCertificatesAllowed(chain='", x509CertificateArr, "')");
        ArrayList<AllowedCertificate> arrayList = this.mSessionAllowedCertificates;
        if (arrayList != null && !arrayList.isEmpty()) {
            synchronized (this.mSessionAllowedCertificates) {
                Iterator<AllowedCertificate> it = this.mSessionAllowedCertificates.iterator();
                while (it.hasNext()) {
                    AllowedCertificate next = it.next();
                    for (X509Certificate x509Certificate : x509CertificateArr) {
                        if (next.compare(new AllowedCertificate(x509Certificate.getSubjectX500Principal().getName(), this.mUrl.getHost()))) {
                            return true;
                        }
                    }
                }
            }
        }
        SettingsDbHelper settingsDbHelper = new SettingsDbHelper(this.mContext);
        SQLiteDatabase readableDatabase = settingsDbHelper.getReadableDatabase();
        String[] strArr = {"_id", AllowedCertificateContract.AllowedCertificateEntry.COLUMN_NAME_NAME, AllowedCertificateContract.AllowedCertificateEntry.COLUMN_NAME_DOMAIN};
        int length = x509CertificateArr.length;
        int i = 0;
        while (i < length) {
            int i2 = i;
            int i3 = length;
            Cursor query = readableDatabase.query(AllowedCertificateContract.AllowedCertificateEntry.TABLE_NAME, strArr, "name = ? AND domain = ?", new String[]{x509CertificateArr[i].getSubjectX500Principal().getName(), this.mUrl.getHost()}, null, null, null);
            if (query.getCount() != 0) {
                query.close();
                settingsDbHelper.close();
                return true;
            }
            query.close();
            i = i2 + 1;
            length = i3;
        }
        settingsDbHelper.close();
        return false;
    }

    private boolean checkCertificatesAuthorityInstalledOnDevice(X509Certificate[] x509CertificateArr) {
        Log.v("private boolean checkCertificatesAuthorityInstalledOnDevice(chain='", x509CertificateArr, "')");
        KeyStoreScanner keyStoreScanner = new KeyStoreScanner();
        boolean z = false;
        if (!keyStoreScanner.init()) {
            return false;
        }
        try {
            Iterator<X509Certificate> it = keyStoreScanner.getX509CertificatesFromKeyStore().iterator();
            boolean z2 = false;
            while (it.hasNext()) {
                try {
                    X509Certificate next = it.next();
                    try {
                        int length = x509CertificateArr.length;
                        int i = 0;
                        while (i < length) {
                            x509CertificateArr[i].verify(next.getPublicKey());
                            i++;
                            z2 = true;
                        }
                    } catch (Exception e) {
                        Log.d("Exception received with message :" + e.getMessage());
                    }
                } catch (KeyStoreException e2) {
                    e = e2;
                    z = z2;
                    Log.d("KeyStoreException with message :" + e.getMessage());
                    return z;
                }
            }
            return z2;
        } catch (KeyStoreException e3) {
            e = e3;
        }
    }

    private String formatCertificates(X509Certificate[] x509CertificateArr) {
        Log.v("private String formatCertificates(chain='", x509CertificateArr, "')");
        StringBuilder sb = new StringBuilder();
        for (X509Certificate x509Certificate : x509CertificateArr) {
            sb.append(x509Certificate.toString());
            if (x509CertificateArr[x509CertificateArr.length - 1] != x509Certificate) {
                sb.append("\n\n------------------------\n\n");
            }
        }
        return sb.toString();
    }

    private void registerAllowedCertificates(X509Certificate[] x509CertificateArr) {
        Log.v("private void registerAllowedCertificates(chain='", x509CertificateArr, "')");
        SettingsDbHelper settingsDbHelper = new SettingsDbHelper(this.mContext);
        SQLiteDatabase readableDatabase = settingsDbHelper.getReadableDatabase();
        SQLiteDatabase readableDatabase2 = settingsDbHelper.getReadableDatabase();
        String[] strArr = {"_id", AllowedCertificateContract.AllowedCertificateEntry.COLUMN_NAME_NAME, AllowedCertificateContract.AllowedCertificateEntry.COLUMN_NAME_DOMAIN};
        int length = x509CertificateArr.length;
        int i = 0;
        while (i < length) {
            String name = x509CertificateArr[i].getSubjectX500Principal().getName();
            String host = this.mUrl.getHost();
            int i2 = i;
            int i3 = length;
            Cursor query = readableDatabase.query(AllowedCertificateContract.AllowedCertificateEntry.TABLE_NAME, strArr, "name = ? AND domain = ?", new String[]{name, host}, null, null, null);
            if (query.getCount() == 0) {
                query.close();
                ContentValues contentValues = new ContentValues();
                contentValues.put(AllowedCertificateContract.AllowedCertificateEntry.COLUMN_NAME_NAME, name);
                contentValues.put(AllowedCertificateContract.AllowedCertificateEntry.COLUMN_NAME_DOMAIN, host);
                if (readableDatabase2.insert(AllowedCertificateContract.AllowedCertificateEntry.TABLE_NAME, null, contentValues) != -1) {
                    Log.d("[CLIENT] Registered in shared preferences certificate '", name, "' for domain ", host);
                }
            }
            i = i2 + 1;
            length = i3;
        }
        readableDatabase.close();
        readableDatabase2.close();
    }

    private void registerAllowedCertificatesInSession(X509Certificate[] x509CertificateArr) {
        Log.v("private void registerAllowedCertificatesInSession(chain='", x509CertificateArr, "')");
        ArrayList<AllowedCertificate> arrayList = this.mSessionAllowedCertificates;
        if (arrayList == null) {
            Log.e("[CLIENT] Couldn't record session allowed certificate: record shared object is null");
            return;
        }
        synchronized (arrayList) {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                AllowedCertificate allowedCertificate = new AllowedCertificate(x509Certificate.getSubjectX500Principal().getName(), this.mUrl.getHost());
                Iterator<AllowedCertificate> it = this.mSessionAllowedCertificates.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (allowedCertificate.compare(it.next())) {
                            break;
                        }
                    } else {
                        Log.d("[CLIENT] Registered in session certificate '", allowedCertificate.getName(), "' for domain ", allowedCertificate.getDomain());
                        this.mSessionAllowedCertificates.add(allowedCertificate);
                        break;
                    }
                }
            }
        }
    }

    public static Response stringToResponse(String str) {
        Log.v("public Response stringToResponse(answer='", str, "')");
        if (str == null) {
            str = AllowCertificatePopupActivity.NO;
        }
        str.hashCode();
        return !str.equals(AllowCertificatePopupActivity.YES_TO_ALL) ? !str.equals(AllowCertificatePopupActivity.YES) ? Response.NO : Response.YES : Response.YES_TO_ALL;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Log.v("public void checkClientTrusted(chain='", x509CertificateArr, "', authType='", str, "')");
        Log.d("[CLIENT] Check client trusted:  authType: ", str);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            Log.d("[CLIENT] Check server certificate CA=", x509Certificate.getSubjectDN());
        }
        this.mStandardTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        Log.v("public void checkServerTrusted(chain='", x509CertificateArr, "', authType='", str, "')");
        Log.d("[CLIENT] Check server trusted:  authType: ", str);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            Log.d("[CLIENT] Check server certificate CA=", x509Certificate.getSubjectDN());
        }
        try {
            this.mStandardTrustManager.checkServerTrusted(x509CertificateArr, str);
        } catch (CertificateException e) {
            if (!checkCertificatesAuthorityInstalledOnDevice(x509CertificateArr)) {
                throw e;
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mStandardTrustManager.getAcceptedIssuers();
    }
}
