package com.ubergeek42.WeechatAndroid.service;

import android.content.Context;
import android.os.Build;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.ubergeek42.WeechatAndroid.utils.Utils;
import com.ubergeek42.cats.Kitty;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class SSLHandler {
    public KeyManager[] cachedKeyManagers = null;
    public File keystoreFile;
    public KeyStore sslKeystore;
    public static final Kitty kitty = Kitty.make();
    public static final Pattern RDN_PATTERN = Pattern.compile("CN\\s*=\\s*((?:\"[^\"]*\")|(?:[^\",]*))");
    public static SSLHandler sslHandler = null;

    /* loaded from: classes.dex */
    public static class Result {
        public final X509Certificate[] certificateChain;
        public final Exception exception;

        public Result(Exception exc, X509Certificate[] x509CertificateArr) {
            this.exception = exc;
            this.certificateChain = x509CertificateArr;
        }
    }

    /* loaded from: classes.dex */
    public static class UserTrustManager implements X509TrustManager {
        public static final X509TrustManager systemTrustManager = buildTrustManger(null);
        public final X509TrustManager userTrustManager;

        public UserTrustManager(KeyStore keyStore) {
            this.userTrustManager = buildTrustManger(keyStore);
        }

        public static X509TrustManager buildTrustManger(KeyStore keyStore) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            } catch (KeyStoreException | NoSuchAlgorithmException unused) {
                return null;
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                systemTrustManager.checkClientTrusted(x509CertificateArr, str);
                SSLHandler.kitty.debug("Client is trusted by system");
            } catch (CertificateException unused) {
                Kitty kitty = SSLHandler.kitty;
                kitty.debug("Client is NOT trusted by system, trying user");
                this.userTrustManager.checkClientTrusted(x509CertificateArr, str);
                kitty.debug("Client is trusted by user");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                this.userTrustManager.checkServerTrusted(x509CertificateArr, str);
                SSLHandler.kitty.debug("Server is trusted by user");
            } catch (CertificateException e) {
                Kitty kitty = SSLHandler.kitty;
                StringBuilder outline27 = GeneratedOutlineSupport.outline27("Server is NOT trusted by user; pin ");
                outline27.append(P.pinRequired ? "REQUIRED -- failing" : "not required -- trying system");
                kitty.debug(outline27.toString());
                if (P.pinRequired) {
                    throw e;
                }
                systemTrustManager.checkServerTrusted(x509CertificateArr, str);
                kitty.debug("Server is trusted by system");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            X509Certificate[] acceptedIssuers = systemTrustManager.getAcceptedIssuers();
            X509Certificate[] acceptedIssuers2 = this.userTrustManager.getAcceptedIssuers();
            X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(acceptedIssuers, acceptedIssuers.length + acceptedIssuers2.length);
            System.arraycopy(acceptedIssuers2, 0, x509CertificateArr, acceptedIssuers.length, acceptedIssuers2.length);
            return x509CertificateArr;
        }
    }

    public SSLHandler(File file) {
        this.keystoreFile = file;
        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            this.sslKeystore = keyStore;
            keyStore.load(new FileInputStream(this.keystoreFile), "weechat-android".toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            if (!(e instanceof FileNotFoundException)) {
                kitty.log(6, "loadKeystore()", e);
                return;
            }
            try {
                this.sslKeystore.load(null, null);
            } catch (Exception e2) {
                kitty.log(6, "createKeystore()", e2);
            }
            saveKeystore();
        }
    }

    public static Set<String> getCertificateHosts(X509Certificate x509Certificate) throws Exception {
        HashSet hashSet = new HashSet();
        Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
        if (subjectAlternativeNames != null) {
            for (List<?> list : subjectAlternativeNames) {
                if (Utils.isAnyOf(((Integer) list.get(0)).intValue(), 2, 7)) {
                    hashSet.add(list.get(1).toString());
                }
            }
        } else if (Build.VERSION.SDK_INT < 28) {
            Matcher matcher = RDN_PATTERN.matcher(x509Certificate.getSubjectDN().getName());
            if (matcher.find()) {
                hashSet.add(matcher.group(1));
            }
        }
        return hashSet;
    }

    public static SSLHandler getInstance(Context context) {
        if (sslHandler == null) {
            sslHandler = new SSLHandler(new File(context.getDir("sslDir", 0), "keystore.jks"));
        }
        return sslHandler;
    }

    public final void saveKeystore() {
        try {
            this.sslKeystore.store(new FileOutputStream(this.keystoreFile), "weechat-android".toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            kitty.log(6, "saveKeystore()", e);
        }
    }
}
