package mitm.common.security.crl;

import com.djigzo.android.common.properties.NamedBlobCategories;
import com.djigzo.android.common.security.crlstore.X509CRLStoreEntryEntity;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRL;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.util.Collection;
import java.util.Collections;
import mitm.common.security.CRLEvent;
import mitm.common.security.crlstore.CRLStoreException;
import mitm.common.security.crlstore.X509CRLStoreExt;
import mitm.common.util.Check;
import mitm.common.util.CloseableIterator;
import mitm.common.util.CloseableIteratorException;
import mitm.common.util.MissingDateException;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class CRLStoreMaintainerImpl implements CRLStoreMaintainer {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CRLStoreMaintainerImpl.class);
    private final boolean checktrust;
    private final X509CRLStoreExt crlStore;
    private final CRLPathBuilderFactory pathBuilderFactory;

    public CRLStoreMaintainerImpl(X509CRLStoreExt x509CRLStoreExt, CRLPathBuilderFactory cRLPathBuilderFactory) {
        Check.notNull(x509CRLStoreExt, NamedBlobCategories.CRL_STORE_CATEGORY);
        Check.notNull(cRLPathBuilderFactory, "pathBuilderFactory");
        this.crlStore = x509CRLStoreExt;
        this.pathBuilderFactory = cRLPathBuilderFactory;
        this.checktrust = true;
    }

    public CRLStoreMaintainerImpl(X509CRLStoreExt x509CRLStoreExt, CRLPathBuilderFactory cRLPathBuilderFactory, boolean z) {
        Check.notNull(x509CRLStoreExt, NamedBlobCategories.CRL_STORE_CATEGORY);
        Check.notNull(cRLPathBuilderFactory, "pathBuilderFactory");
        this.crlStore = x509CRLStoreExt;
        this.pathBuilderFactory = cRLPathBuilderFactory;
        this.checktrust = z;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v0, types: [java.lang.Throwable] */
    private CertPath getCRLCertPath(X509CRL x509crl) {
        try {
            try {
                CertPathBuilderResult buildPath = this.pathBuilderFactory.createCRLPathBuilder().buildPath(x509crl);
                if (buildPath != null) {
                    return buildPath.getCertPath();
                }
                return null;
            } catch (CertPathBuilderException e) {
                e = e;
                ?? rootCause = ExceptionUtils.getRootCause(e);
                if (rootCause != 0) {
                    e = rootCause;
                }
                String str = e instanceof CertificateExpiredException ? "Certificate in the CRL path is expired. CRL: " + X509CRLInspector.toString(x509crl) + ". Message: " + e.getMessage() : "Error while building path for CRL. CRL: " + X509CRLInspector.toString(x509crl);
                Logger logger2 = logger;
                if (logger2.isDebugEnabled()) {
                    logger2.error(str, (Throwable) e);
                    return null;
                }
                logger2.error(str + ". Message: " + e.getMessage());
                return null;
            }
        } catch (CRLStoreException e2) {
            logger.error("error creating CRLPathBuilder", (Throwable) e2);
            return null;
        }
    }

    private CloseableIterator<X509CRL> getCRLsWithSameIssuer(X509CRL x509crl) throws CRLStoreException {
        Check.notNull(x509crl, X509CRLStoreEntryEntity.CRL_COLUMN);
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        x509CRLSelector.setIssuers(Collections.singletonList(x509crl.getIssuerX500Principal()));
        return this.crlStore.getCRLIterator(x509CRLSelector);
    }

    private boolean internalAddCRL(CRL crl) throws CRLStoreException, NoX509CRLException {
        CertPath certPath;
        if (!(crl instanceof X509CRL)) {
            throw new NoX509CRLException("Only X509CRLs are supported.");
        }
        X509CRL x509crl = (X509CRL) crl;
        if (this.crlStore.contains(x509crl)) {
            logger.debug("CRL is already in the store.");
            return false;
        }
        try {
            boolean z = true;
            if (this.checktrust) {
                certPath = getCRLCertPath(x509crl);
                if (certPath == null) {
                    logger.debug("CRL is not trusted and therefore not added.");
                    z = false;
                }
            } else {
                certPath = null;
            }
            if (z) {
                return internalAddX509CRL(x509crl, certPath);
            }
            return false;
        } catch (IOException e) {
            throw new CRLStoreException(e);
        } catch (CloseableIteratorException e2) {
            throw new CRLStoreException(e2);
        } catch (Throwable th) {
            throw new CRLStoreException(th);
        }
    }

    private boolean internalAddX509CRL(X509CRL x509crl, CertPath certPath) throws CRLStoreException, CloseableIteratorException, IOException {
        CloseableIterator<X509CRL> cRLsWithSameIssuer = getCRLsWithSameIssuer(x509crl);
        try {
            IssuingDistributionPoint issuingDistributionPoint = X509CRLInspector.getIssuingDistributionPoint(x509crl);
            boolean isDeltaCRL = X509CRLInspector.isDeltaCRL(x509crl);
            BigInteger cRLNumber = X509CRLInspector.getCRLNumber(x509crl);
            boolean z = true;
            boolean z2 = true;
            boolean z3 = false;
            while (cRLsWithSameIssuer.hasNext()) {
                try {
                    try {
                        X509CRL next = cRLsWithSameIssuer.next();
                        if (next == null) {
                            logger.warn("CRL is null");
                        } else {
                            if (this.checktrust) {
                                CertPath cRLCertPath = getCRLCertPath(next);
                                if (cRLCertPath == null) {
                                    logger.debug("Old CRL is not trusted. Skip old CRL.");
                                } else if (!cRLCertPath.equals(certPath)) {
                                    logger.debug("new CRL has a different issuer than old CRL even though subjects are equal.");
                                }
                            }
                            if (isSameIDP(issuingDistributionPoint, X509CRLInspector.getIssuingDistributionPoint(next)) && isDeltaCRL == X509CRLInspector.isDeltaCRL(next)) {
                                if ((cRLNumber != null) == (X509CRLInspector.getCRLNumber(next) != null)) {
                                    try {
                                        if (CRLUtils.isNewer(x509crl, next)) {
                                            logger.info("Replacing " + X509CRLInspector.toString(next) + " with " + X509CRLInspector.toString(x509crl));
                                            this.crlStore.replace(next, x509crl);
                                            z3 = true;
                                        } else {
                                            logger.debug("The CRL is older than the CRL in the store.");
                                        }
                                        z2 = false;
                                    } catch (MissingDateException e) {
                                        logger.error("Error reading CRL. Skipping CRL.", (Throwable) e);
                                    }
                                }
                            }
                        }
                    } catch (CloseableIteratorException e2) {
                        logger.error("Error reading CRL. Skipping CRL.", (Throwable) e2);
                    }
                } catch (IOException e3) {
                    logger.error("Error reading CRL. Skipping CRL.", (Throwable) e3);
                }
            }
            if (z2) {
                this.crlStore.addCRL(x509crl);
            } else {
                z = z3;
            }
            return z;
        } finally {
            cRLsWithSameIssuer.close();
        }
    }

    private boolean isSameIDP(IssuingDistributionPoint issuingDistributionPoint, IssuingDistributionPoint issuingDistributionPoint2) {
        if (issuingDistributionPoint == issuingDistributionPoint2) {
            return true;
        }
        if (issuingDistributionPoint == null || !issuingDistributionPoint.equals(issuingDistributionPoint2)) {
            return issuingDistributionPoint2 != null && issuingDistributionPoint2.equals(issuingDistributionPoint);
        }
        return true;
    }

    @Override // mitm.common.security.crl.CRLStoreMaintainer
    public boolean addCRL(CRL crl) throws CRLStoreException {
        try {
            return internalAddCRL(crl);
        } catch (NoX509CRLException e) {
            throw new CRLStoreException(e);
        }
    }

    @Override // mitm.common.security.crl.CRLStoreMaintainer
    public int addCRLs(Collection<? extends CRL> collection, CRLEvent cRLEvent) {
        int i = 0;
        for (CRL crl : collection) {
            if (cRLEvent != null) {
                try {
                    if (cRLEvent.event(crl)) {
                        logger.warn("Adding CRLs canceled.");
                        break;
                    }
                } catch (NoX509CRLException unused) {
                    logger.warn("CRL skipped because it is not a X509CRL.");
                } catch (CRLStoreException e) {
                    logger.error("Error reading CRL. Skipping CRL", (Throwable) e);
                }
            }
            if (internalAddCRL(crl)) {
                i++;
            }
        }
        return i;
    }
}
