package mitm.common.security.crl;

import android.util.Log;
import java.io.IOException;
import java.net.URI;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import mitm.common.security.NoSuchProviderRuntimeException;
import mitm.common.security.SecurityFactoryFactoryException;
import mitm.common.security.certificate.X509CertificateInspector;
import mitm.common.security.certificate.X509ExtensionInspector;
import mitm.common.security.certpath.CertificatePathBuilder;
import mitm.common.security.certstore.BasicCertStore;
import mitm.common.security.certstore.CertStoreUtils;
import mitm.common.security.crlstore.CRLStoreException;
import mitm.common.util.CloseableIterator;
import mitm.common.util.CloseableIteratorException;
import mitm.common.util.CollectionUtils;
import org.apache.commons.lang.SystemUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class CRLStoreUpdaterImpl implements CRLStoreUpdater {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CRLStoreUpdaterImpl.class);
    private final String TAG = "CRLStoreUpdaterImpl";
    private final CRLStoreUpdaterParameters updaterParameters;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class AbortException extends Exception {
        private AbortException() {
        }
    }

    public CRLStoreUpdaterImpl(CRLStoreUpdaterParameters cRLStoreUpdaterParameters) {
        this.updaterParameters = cRLStoreUpdaterParameters;
    }

    private void addURIsFromCRLDistPoint(X509Extension x509Extension, CRLDistPoint cRLDistPoint, Set<URI> set, CRLStoreUpdaterEvent cRLStoreUpdaterEvent) throws NoSuchProviderException, CRLException, AbortException {
        if (cRLDistPoint != null) {
            for (URI uri : CRLUtils.getAllDistributionPointURIs(cRLDistPoint)) {
                if (!set.contains(uri)) {
                    if (cRLStoreUpdaterEvent.beforeAddURI(uri)) {
                        throw new AbortException();
                    }
                    if (!this.updaterParameters.checkTrust() || isTrusted(x509Extension)) {
                        set.add(uri);
                        if (cRLStoreUpdaterEvent.addURI(uri)) {
                            throw new AbortException();
                        }
                    } else {
                        Log.d(this.TAG, "Certificate or CRL is not trusted so CRL will not be downloaded. URI: " + uri);
                    }
                }
            }
        }
    }

    private void addURIsFromCRLs(CloseableIterator<? extends CRL> closeableIterator, Set<URI> set, CRLStoreUpdaterEvent cRLStoreUpdaterEvent) throws NoSuchProviderException, CloseableIteratorException {
        while (closeableIterator.hasNext()) {
            try {
                Object obj = (CRL) closeableIterator.next();
                if (obj instanceof X509Extension) {
                    addURIsFromExtension((X509Extension) obj, set, cRLStoreUpdaterEvent);
                } else {
                    logger.warn("CRL is not a X509Extension.");
                }
            } catch (Exception e) {
                logger.error("Error getting URIs from CRL. Skipping CRL.", (Throwable) e);
            }
        }
    }

    private void addURIsFromCertificates(CloseableIterator<? extends Certificate> closeableIterator, Set<URI> set, CRLStoreUpdaterEvent cRLStoreUpdaterEvent) throws NoSuchProviderException, CloseableIteratorException, AbortException {
        while (closeableIterator.hasNext()) {
            try {
                Object obj = (Certificate) closeableIterator.next();
                if (obj instanceof X509Extension) {
                    addURIsFromExtension((X509Extension) obj, set, cRLStoreUpdaterEvent);
                } else {
                    logger.warn("Certificate is not a X509Extension.");
                }
            } catch (AbortException e) {
                throw e;
            } catch (Exception e2) {
                logger.error("Error getting URIs from certificate. Skipping certificate.", (Throwable) e2);
            }
        }
    }

    private void addURIsFromExtension(X509Extension x509Extension, Set<URI> set, CRLStoreUpdaterEvent cRLStoreUpdaterEvent) throws NoSuchProviderException, CRLException, AbortException {
        try {
            addURIsFromCRLDistPoint(x509Extension, X509ExtensionInspector.getCRLDistibutionPoints(x509Extension), set, cRLStoreUpdaterEvent);
        } catch (IOException e) {
            logger.error("Error getting CRL Distibution Points for:" + SystemUtils.LINE_SEPARATOR + x509Extension, (Throwable) e);
        }
        try {
            addURIsFromCRLDistPoint(x509Extension, X509ExtensionInspector.getFreshestCRL(x509Extension), set, cRLStoreUpdaterEvent);
        } catch (IOException e2) {
            logger.error("Error getting Freshest CRL distibution Points for:" + SystemUtils.LINE_SEPARATOR + x509Extension, (Throwable) e2);
        }
    }

    private int downloadCRLs(Set<URI> set, CRLStoreUpdaterEvent cRLStoreUpdaterEvent) throws AbortException {
        int i = 0;
        for (URI uri : set) {
            Log.d(this.TAG, "uri " + uri.toString());
            if (uri == null) {
                logger.warn("URL is null.");
            } else {
                if (uri.getScheme() == null) {
                    logger.warn("Missing scheme. " + uri);
                }
                try {
                    CRLDownloader cRLDownloader = this.updaterParameters.getCRLDownloader();
                    if (cRLDownloader.canHandleURI(uri)) {
                        Log.d(this.TAG, "Downloading CRL from: " + uri);
                        if (cRLStoreUpdaterEvent.downloadingCRL(uri)) {
                            throw new AbortException();
                        }
                        Collection<? extends CRL> downloadCRLs = cRLDownloader.downloadCRLs(uri);
                        Log.d(this.TAG, "Successfully downloaded CRLs from: " + uri);
                        if (CollectionUtils.isNotEmpty(downloadCRLs) && cRLStoreUpdaterEvent.downloadedCRL(uri)) {
                            throw new AbortException();
                        }
                        i += this.updaterParameters.getCRLStoreMaintainer().addCRLs(downloadCRLs, null);
                    }
                } catch (IOException e) {
                    Logger logger2 = logger;
                    logger2.warn("IO Exception downloading CRL. URI: " + uri + ". Message: " + e.getMessage());
                    logger2.info("testing");
                    Log.d(this.TAG, "IO Exception downloading CRL. URI: " + uri + ". Message: " + e.getMessage());
                    if (logger2.isDebugEnabled()) {
                        Log.d(this.TAG, "More info.", e);
                    }
                } catch (CRLException e2) {
                    logger.error("Error handling CRL. URI: " + uri, (Throwable) e2);
                } catch (AbortException e3) {
                    throw e3;
                } catch (Exception e4) {
                    logger.error("Error while downloading CRL.  URI: " + uri, (Throwable) e4);
                }
            }
        }
        return i;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v1, types: [java.lang.Throwable] */
    private boolean isTrusted(X509CRL x509crl) throws NoSuchProviderException {
        try {
            this.updaterParameters.getCRLPathBuilderFactory().createCRLPathBuilder().buildPath(x509crl);
            return true;
        } catch (CertPathBuilderException e) {
            e = e;
            ?? rootCause = ExceptionUtils.getRootCause(e);
            if (rootCause != 0) {
                e = rootCause;
            }
            if (e instanceof CertificateExpiredException) {
                logger.warn("CRL is expired. CRL: " + X509CRLInspector.toString(x509crl) + ". Message: " + e.getMessage());
            } else {
                String str = "Error while building path for CRL. CRL: " + X509CRLInspector.toString(x509crl);
                Logger logger2 = logger;
                if (logger2.isDebugEnabled()) {
                    logger2.warn(str, (Throwable) e);
                } else {
                    logger2.warn(str + ". Message: " + e.getMessage());
                }
            }
            return false;
        } catch (CRLStoreException e2) {
            logger.error("Error while building path for CRL.", (Throwable) e2);
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v0, types: [java.lang.Throwable] */
    private boolean isTrusted(X509Certificate x509Certificate) throws NoSuchProviderException {
        try {
            CertificatePathBuilder createCertificatePathBuilder = this.updaterParameters.getCertificatePathBuilderFactory().createCertificatePathBuilder();
            try {
                try {
                    try {
                        createCertificatePathBuilder.addCertStore(CertStoreUtils.createCertStore(x509Certificate));
                        if (createCertificatePathBuilder.buildPath(x509Certificate) != null) {
                            return true;
                        }
                        throw new CertPathBuilderException("No valid CertPath found.");
                    } catch (InvalidAlgorithmParameterException e) {
                        throw new CertPathBuilderException(e);
                    }
                } catch (NoSuchAlgorithmException e2) {
                    throw new CertPathBuilderException(e2);
                }
            } catch (SecurityFactoryFactoryException e3) {
                throw new CertPathBuilderException(e3);
            }
        } catch (CertPathBuilderException e4) {
            e = e4;
            ?? rootCause = ExceptionUtils.getRootCause(e);
            if (rootCause != 0) {
                e = rootCause;
            }
            if (e instanceof CertificateExpiredException) {
                logger.warn("Certificate is expired. Certificate: " + X509CertificateInspector.toString(x509Certificate) + ". Message: " + e.getMessage());
            } else {
                String str = "Error while building path for certificate. Certificate: " + X509CertificateInspector.toString(x509Certificate);
                Logger logger2 = logger;
                if (logger2.isDebugEnabled()) {
                    logger2.warn(str, (Throwable) e);
                } else {
                    logger2.warn(str + ". Message: " + e.getMessage());
                }
            }
            return false;
        }
    }

    private boolean isTrusted(X509Extension x509Extension) throws NoSuchProviderException {
        if (x509Extension instanceof X509Certificate) {
            return isTrusted((X509Certificate) x509Extension);
        }
        if (x509Extension instanceof X509CRL) {
            return isTrusted((X509CRL) x509Extension);
        }
        throw new IllegalArgumentException("Unsupported extension.");
    }

    @Override // mitm.common.security.crl.CRLStoreUpdater
    public void update(CRLStoreUpdaterEvent cRLStoreUpdaterEvent) throws CRLStoreException {
        HashSet hashSet = new HashSet();
        try {
            try {
                try {
                    Iterator<? extends BasicCertStore> it = this.updaterParameters.getCertStores().iterator();
                    while (it.hasNext()) {
                        CloseableIterator<? extends Certificate> certificateIterator = it.next().getCertificateIterator(null);
                        try {
                            addURIsFromCertificates(certificateIterator, hashSet, cRLStoreUpdaterEvent);
                            certificateIterator.close();
                            CloseableIterator<X509CRL> cRLIterator = this.updaterParameters.getCRLStore().getCRLIterator(null);
                            try {
                                addURIsFromCRLs(cRLIterator, hashSet, cRLStoreUpdaterEvent);
                                cRLIterator.close();
                            } catch (Throwable th) {
                                cRLIterator.close();
                                throw th;
                            }
                        } catch (Throwable th2) {
                            certificateIterator.close();
                            throw th2;
                        }
                    }
                    Logger logger2 = logger;
                    logger2.info(hashSet.size() + " CRL distibution points found.");
                    logger2.info(downloadCRLs(hashSet, cRLStoreUpdaterEvent) + " new CRLs added to the CRL store.");
                } catch (AbortException unused) {
                    logger.warn("Downloading CRLs was aborted.");
                }
            } catch (CloseableIteratorException e) {
                throw new CRLStoreException(e);
            }
        } catch (NoSuchProviderException e2) {
            throw new NoSuchProviderRuntimeException(e2);
        } catch (CertStoreException e3) {
            throw new CRLStoreException(e3);
        }
    }
}
