package com.microsoft.scmx.network.protection;

import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.scmx.libraries.diagnostics.log.MDLog;
import com.microsoft.scmx.libraries.diagnostics.telemetry.MDAppTelemetry;
import com.microsoft.scmx.libraries.sharedpref.SharedPrefManager;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.ConcurrentHashMap;
import kotlin.Pair;
import kotlin.collections.CollectionsKt___CollectionsKt;

/* loaded from: classes2.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    public LinkedHashSet f18411a;

    /* renamed from: b, reason: collision with root package name */
    public wl.b f18412b;

    public static X509Certificate d(File file) {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file));
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        } catch (Exception e10) {
            MDLog.c("CACertDetectionHandler", "Exception while parsing cert. filePath:" + file.getAbsolutePath(), e10);
            return null;
        }
    }

    public static int e(com.microsoft.scmx.network.protection.model.b bVar, boolean z6) {
        int i10 = bVar.f18511b;
        if (i10 == 0 || i10 == 1) {
            return 2;
        }
        return (z6 && i10 != 2 && i10 == 3) ? 2 : 1;
    }

    public static boolean g(int i10, String str, X509Certificate x509Certificate, int i11, int i12, boolean z6) {
        com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32921c.I()), new vr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779")));
        String c10 = com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1");
        String str2 = a10.f18554b;
        String str3 = a10.f18553a;
        boolean e10 = gk.k.c().e(new gk.a(a10.f18557e, str2, str, str3, c10, i11, i10, false, false), true);
        if (e10 && i10 == 2) {
            m(x509Certificate, str2, a10.f18557e, a10.f18555c, str3, i11, str, true, z6, i12);
        }
        return e10;
    }

    public static boolean h(com.microsoft.scmx.network.protection.utils.b bVar, com.microsoft.scmx.network.protection.utils.b bVar2) {
        String str;
        String str2 = bVar2.f18557e;
        return str2 == null || (str = bVar.f18557e) == null || (str.equals(str2) && bVar.f18554b.equals(bVar2.f18554b));
    }

    public static boolean i(X509Certificate x509Certificate) {
        return h(com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32921c.I()), new vr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779"))), com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32924k.I()), new vr.c(x509Certificate.getIssuerX500Principal().getName("RFC1779"))));
    }

    public static void k(int i10, String str) {
        com.microsoft.scmx.libraries.diagnostics.telemetry.e eVar = new com.microsoft.scmx.libraries.diagnostics.telemetry.e();
        if (SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && sl.a.B()) {
            eVar.c(i10, "CertType");
            eVar.e("CertIdentifier", str);
        }
        sl.a.o();
        MDAppTelemetry.n("SuspiciousCACertDeletion", eVar, 1, true);
    }

    public static void l(String str, X509Certificate x509Certificate, int i10, int i11, boolean z6) {
        com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32921c.I()), new vr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779")));
        m(x509Certificate, a10.f18554b, a10.f18557e, a10.f18555c, a10.f18553a, i10, str, true, z6, i11);
    }

    public static void m(X509Certificate x509Certificate, String str, String str2, String str3, String str4, int i10, String str5, boolean z6, boolean z10, int i11) {
        if (rj.a.d().a(0, "DefenderCertificateDetection") != 0) {
            com.microsoft.scmx.libraries.diagnostics.telemetry.e eVar = new com.microsoft.scmx.libraries.diagnostics.telemetry.e();
            if (SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && sl.a.B()) {
                com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32924k.I()), new vr.c(x509Certificate.getIssuerX500Principal().getName("RFC1779")));
                Date notBefore = x509Certificate.getNotBefore();
                boolean b10 = eVar.b("ValidFrom");
                ConcurrentHashMap concurrentHashMap = eVar.f17928a;
                if (b10) {
                    if (notBefore == null) {
                        MDLog.b("Telemetry EventProperties", "Property value cannot be null");
                    } else {
                        concurrentHashMap.put("ValidFrom", new com.microsoft.scmx.libraries.diagnostics.telemetry.n());
                    }
                }
                Date notAfter = x509Certificate.getNotAfter();
                if (eVar.b("ValidTo")) {
                    if (notAfter == null) {
                        MDLog.b("Telemetry EventProperties", "Property value cannot be null");
                    } else {
                        concurrentHashMap.put("ValidTo", new com.microsoft.scmx.libraries.diagnostics.telemetry.n());
                    }
                }
                eVar.e("SubjectKeyIdentifier", str2);
                eVar.e("SubjectCommonName", str);
                eVar.e("SubjectOrganisationName", str4);
                eVar.e("SubjectOrganisationUnit", str3);
                String str6 = a10.f18557e;
                if (str6 == null) {
                    str6 = "";
                }
                eVar.e("IssuerKeyIdentifier", str6);
                eVar.e("IssuerCommonName", a10.f18554b);
                eVar.e("IssuerOrganisationName", a10.f18553a);
                eVar.e("IssuerOrganisationUnit", a10.f18555c);
                eVar.e("Sha1Thumbprint", com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1"));
                eVar.e("Sha256Thumbprint", com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, KeyUtil.HMAC_KEY_HASH_ALGORITHM));
                eVar.e("CertIdentifier", str5);
                eVar.e("CaCertAllowedList", rj.a.d().c("DefenderAllowlistedCACertificates"));
            }
            eVar.f("PrivacyDataAllowed", SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && sl.a.B());
            eVar.f("IsCloudDetection", z6);
            eVar.f("IsSelfSigned", z10);
            if (i11 != -1) {
                eVar.c(i11, "CloudDetectionVerdict");
            }
            eVar.c(i10, "CertType");
            sl.a.o();
            MDAppTelemetry.n("SuspiciousCACert", eVar, 1, true);
        }
        if (!SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) || !sl.a.B()) {
            MDLog.a("SuspiciousCACert", "Suspecious CA detected");
            return;
        }
        MDLog.a("SuspiciousCACert", "Suspecious CA detected " + com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1"));
        MDLog.a("SuspiciousCACert", "Allowed Cert list ".concat(rj.a.d().c("DefenderAllowlistedCACertificates")));
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x0031, code lost:
    
        r0 = ((java.util.ArrayList) r0).iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x003b, code lost:
    
        if (r0.hasNext() == false) goto L24;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x003d, code lost:
    
        r2.add(new com.microsoft.scmx.network.protection.model.a((gk.a) r0.next()));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void n() {
        /*
            java.lang.String r0 = "CACertDetectionHandler"
            java.lang.String r1 = "Updating Rogue CA model"
            com.microsoft.scmx.libraries.diagnostics.log.MDLog.a(r0, r1)
            gk.k r0 = gk.k.c()
            java.util.List r0 = r0.a()
            com.microsoft.scmx.network.protection.model.d r1 = com.microsoft.scmx.network.protection.model.d.f18518a
            monitor-enter(r1)
            java.util.ArrayList r2 = new java.util.ArrayList     // Catch: java.lang.Throwable -> L4c
            r2.<init>()     // Catch: java.lang.Throwable -> L4c
            java.lang.String r3 = "NetworkProtection/detectionTechniques/rogueCA"
            r4 = 1
            int r3 = sj.b.e(r4, r3)     // Catch: java.lang.Throwable -> L4c
            if (r3 != r4) goto L2f
            rj.a r3 = rj.a.d()     // Catch: java.lang.Throwable -> L4c
            java.lang.String r5 = "DefenderCertificateDetection"
            r6 = 0
            int r3 = r3.a(r6, r5)     // Catch: java.lang.Throwable -> L4c
            if (r3 != 0) goto L2e
            goto L2f
        L2e:
            r4 = r6
        L2f:
            if (r4 != 0) goto L4e
            java.util.ArrayList r0 = (java.util.ArrayList) r0     // Catch: java.lang.Throwable -> L4c
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Throwable -> L4c
        L37:
            boolean r3 = r0.hasNext()     // Catch: java.lang.Throwable -> L4c
            if (r3 == 0) goto L4e
            java.lang.Object r3 = r0.next()     // Catch: java.lang.Throwable -> L4c
            gk.a r3 = (gk.a) r3     // Catch: java.lang.Throwable -> L4c
            com.microsoft.scmx.network.protection.model.a r4 = new com.microsoft.scmx.network.protection.model.a     // Catch: java.lang.Throwable -> L4c
            r4.<init>(r3)     // Catch: java.lang.Throwable -> L4c
            r2.add(r4)     // Catch: java.lang.Throwable -> L4c
            goto L37
        L4c:
            r0 = move-exception
            goto L56
        L4e:
            r1.i(r2)     // Catch: java.lang.Throwable -> L4c
            r1.a()     // Catch: java.lang.Throwable -> L4c
            monitor-exit(r1)
            return
        L56:
            monitor-exit(r1)     // Catch: java.lang.Throwable -> L4c
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.scmx.network.protection.a.n():void");
    }

    public final void a(File file, boolean z6) {
        MDLog.f("CACertDetectionHandler", "Detecting rogue Downloaded CA Cert. filePath:" + file.getAbsolutePath());
        X509Certificate d10 = d(file);
        if (d10 == null) {
            com.microsoft.defender.application.p.a("Unable to convert file to X509Certificate. filePath:", file.getAbsolutePath(), "CACertDetectionHandler");
            return;
        }
        com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(d10.getExtensionValue(xr.e.f32921c.I()), new vr.c(d10.getSubjectX500Principal().getName("RFC1779")));
        if (h(a10, com.microsoft.scmx.network.protection.utils.c.a(d10.getExtensionValue(xr.e.f32924k.I()), new vr.c(d10.getIssuerX500Principal().getName("RFC1779"))))) {
            String c10 = com.microsoft.scmx.network.protection.utils.c.c(d10, "SHA1");
            if (c10 == null) {
                c10 = "None";
            }
            String str = c10;
            MDLog.a("CACertDetectionHandler", "Suspicious CA Cert is detected. FilePath: " + file.getAbsolutePath());
            String certIdentifier = file.getAbsolutePath();
            String str2 = a10.f18554b;
            String str3 = a10.f18553a;
            String str4 = a10.f18557e;
            if (gk.k.c().e(new gk.a(str4, str2, certIdentifier, str3, str, 2, 2, false, false), false)) {
                MDLog.d("CACertDetectionHandler", "Added suspicious CA Cert to dB. CertType: 2, FilePath: " + file.getAbsolutePath());
                kotlin.jvm.internal.p.f(certIdentifier, "certIdentifier");
                m(d10, str2, str4, a10.f18555c, str3, 2, certIdentifier, false, true, -1);
            } else {
                MDLog.f("CACertDetectionHandler", "Failed to insert suspicious caCert. failureReason : already existing entry / DB exception. FilePath: " + file.getAbsolutePath());
            }
        }
        j();
        o(z6);
        MDLog.f("CACertDetectionHandler", "Completed Detecting rogue Downloaded CA Cert. filePath:" + file.getAbsolutePath());
    }

    public final void b(boolean z6) {
        if (sj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") != 2) {
            KeyStore a10 = com.microsoft.scmx.network.protection.utils.d.f18558a.a();
            Enumeration<String> aliases = a10 != null ? a10.aliases() : null;
            if (aliases == null) {
                MDLog.b("CACertDetectionHandler", "KeyStore is null");
            } else {
                ArrayList arrayList = new ArrayList();
                HashMap hashMap = new HashMap();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    kotlin.jvm.internal.p.f(alias, "alias");
                    if (kotlin.text.o.p(alias, "user:", false)) {
                        Certificate certificate = a10.getCertificate(alias);
                        X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
                        if (x509Certificate != null) {
                            arrayList.add(x509Certificate);
                            String c10 = com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1");
                            if (c10 != null && c10.length() != 0) {
                                hashMap.put(c10, new Pair(alias, x509Certificate));
                            }
                        }
                    }
                }
                if (arrayList.size() > 0) {
                    ArrayList f10 = f(arrayList);
                    if (sj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 0) {
                        Iterator it = f10.iterator();
                        while (it.hasNext()) {
                            com.microsoft.scmx.network.protection.model.b bVar = (com.microsoft.scmx.network.protection.model.b) it.next();
                            Object obj = hashMap.get(bVar.f18510a);
                            kotlin.jvm.internal.p.d(obj);
                            Pair pair = (Pair) obj;
                            String str = (String) pair.getFirst();
                            X509Certificate x509Certificate2 = (X509Certificate) pair.getSecond();
                            boolean i10 = i(x509Certificate2);
                            if (e(bVar, i10) == 2 && ((ArrayList) gk.k.c().d(1, str)).size() == 0) {
                                l(str, x509Certificate2, 1, bVar.f18511b, i10);
                            }
                        }
                    } else if (arrayList.size() == f10.size()) {
                        List<String> b10 = gk.k.c().b();
                        Iterator it2 = f10.iterator();
                        while (it2.hasNext()) {
                            com.microsoft.scmx.network.protection.model.b bVar2 = (com.microsoft.scmx.network.protection.model.b) it2.next();
                            Object obj2 = hashMap.get(bVar2.f18510a);
                            kotlin.jvm.internal.p.d(obj2);
                            Pair pair2 = (Pair) obj2;
                            String str2 = (String) pair2.getFirst();
                            X509Certificate x509Certificate3 = (X509Certificate) pair2.getSecond();
                            boolean i11 = i(x509Certificate3);
                            int i12 = bVar2.f18511b;
                            if (i12 == 0 || i12 == 1 || i11) {
                                CollectionsKt___CollectionsKt.S(b10, str2);
                                if (g(e(bVar2, i11), str2, x509Certificate3, 1, bVar2.f18511b, i11)) {
                                    MDLog.d("CACertDetectionHandler", "Added suspicious CA Cert to dB. CertType: 1, alias: " + str2);
                                } else {
                                    MDLog.f("CACertDetectionHandler", "Failed to insert suspicious caCert. failureReason : already existing entry / DB exception. Alias: " + str2);
                                }
                            }
                        }
                        gk.k c11 = gk.k.c();
                        c11.getClass();
                        try {
                            MDLog.d("CACertRepository", "Deleting CACerts.");
                            c11.f21068a.h(b10);
                        } catch (Exception e10) {
                            MDLog.c("CACertRepository", "Deleting CACerts from RogueCACert table failed with exception", e10);
                        }
                    } else {
                        c(false);
                    }
                } else if (sj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 1) {
                    gk.k c12 = gk.k.c();
                    c12.getClass();
                    try {
                        MDLog.d("CACertRepository", "Deleting CACerts.");
                        c12.f21068a.k();
                    } catch (Exception e11) {
                        MDLog.c("CACertRepository", "Deleting CACerts from RogueCACert table failed with exception", e11);
                    }
                }
                j();
                o(z6);
            }
        }
        if (sj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 1) {
            return;
        }
        c(z6);
    }

    public final void c(boolean z6) {
        KeyStore a10 = com.microsoft.scmx.network.protection.utils.d.f18558a.a();
        Enumeration<String> aliases = a10 != null ? a10.aliases() : null;
        if (aliases == null) {
            MDLog.b("CACertDetectionHandler", "KeyStore is null");
            return;
        }
        List<String> b10 = gk.k.c().b();
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            kotlin.jvm.internal.p.f(alias, "alias");
            if (kotlin.text.o.p(alias, "user:", false)) {
                Certificate certificate = a10.getCertificate(alias);
                X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
                if (x509Certificate != null) {
                    com.microsoft.scmx.network.protection.utils.b a11 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32921c.I()), new vr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779")));
                    if (h(a11, com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(xr.e.f32924k.I()), new vr.c(x509Certificate.getIssuerX500Principal().getName("RFC1779"))))) {
                        String c10 = com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1");
                        if (c10 == null) {
                            c10 = "None";
                        }
                        arrayList.add(alias);
                        String str = a11.f18554b;
                        String str2 = a11.f18553a;
                        String str3 = a11.f18557e;
                        X509Certificate x509Certificate2 = x509Certificate;
                        if (gk.k.c().e(new gk.a(str3, str, alias, str2, c10, 1, 2, false, false), false)) {
                            MDLog.d("CACertDetectionHandler", "Added suspicious CA Cert to dB. CertType: 1, alias: ".concat(alias));
                            m(x509Certificate2, str, str3, a11.f18555c, str2, 1, alias, false, true, -1);
                        } else {
                            MDLog.f("CACertDetectionHandler", "Failed to insert suspicious caCert. failureReason : already existing entry / DB exception. Alias: ".concat(alias));
                        }
                    }
                }
            }
        }
        List<String> T = CollectionsKt___CollectionsKt.T(b10, arrayList);
        if (!T.isEmpty()) {
            MDLog.d("CACertDetectionHandler", "Deleting installed CACerts. certs: " + T);
            gk.k c11 = gk.k.c();
            c11.getClass();
            try {
                MDLog.d("CACertRepository", "Deleting CACerts.");
                c11.f21068a.h(T);
            } catch (Exception e10) {
                MDLog.c("CACertRepository", "Deleting CACerts from RogueCACert table failed with exception", e10);
            }
            for (String certIdentifier : T) {
                kotlin.jvm.internal.p.f(certIdentifier, "certIdentifier");
                k(1, certIdentifier);
            }
        }
        j();
        o(z6);
    }

    /* JADX WARN: Code restructure failed: missing block: B:59:0x010b, code lost:
    
        if (r15.equals("") == false) goto L56;
     */
    /* JADX WARN: Removed duplicated region for block: B:11:0x007f  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x0087  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x00be  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x01a1  */
    /* JADX WARN: Removed duplicated region for block: B:41:0x01b0  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x01a8  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x008e  */
    /* JADX WARN: Removed duplicated region for block: B:72:0x0084  */
    /* JADX WARN: Type inference failed for: r0v0, types: [in.a, wl.a] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.ArrayList f(java.util.ArrayList r15) {
        /*
            Method dump skipped, instructions count: 605
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.scmx.network.protection.a.f(java.util.ArrayList):java.util.ArrayList");
    }

    public final void j() {
        String c10 = rj.a.d().c("DefenderAllowlistedCACertificates");
        LinkedHashSet linkedHashSet = this.f18411a;
        linkedHashSet.clear();
        for (String str : kotlin.text.q.J(c10, new String[]{","})) {
            if (str.length() > 0 && !str.equals("NONE")) {
                StringBuilder sb2 = new StringBuilder();
                int length = str.length();
                for (int i10 = 0; i10 < length; i10++) {
                    char charAt = str.charAt(i10);
                    if (!kotlin.text.b.b(charAt)) {
                        sb2.append(charAt);
                    }
                }
                String sb3 = sb2.toString();
                kotlin.jvm.internal.p.f(sb3, "filterTo(StringBuilder(), predicate).toString()");
                String lowerCase = sb3.toLowerCase(Locale.ROOT);
                kotlin.jvm.internal.p.f(lowerCase, "this as java.lang.String).toLowerCase(Locale.ROOT)");
                linkedHashSet.add(lowerCase);
            }
        }
    }

    public final void o(boolean z6) {
        Iterator it = ((ArrayList) gk.k.c().a()).iterator();
        while (it.hasNext()) {
            gk.a aVar = (gk.a) it.next();
            boolean contains = this.f18411a.contains(aVar.f21054g);
            if (contains != aVar.f21058k) {
                gk.k c10 = gk.k.c();
                long j10 = aVar.f21048a;
                c10.getClass();
                try {
                    MDLog.d("CACertRepository", "Updating Self signed allow status in RogueCACert table. certId:" + j10 + " isAllowed:" + Boolean.toString(contains));
                    c10.f21068a.l(j10, contains);
                } catch (Exception e10) {
                    MDLog.c("CACertRepository", "Updating Self signed allow status in RogueCACert table failed with exception", e10);
                }
            }
        }
        if (z6) {
            n();
        }
    }
}
