package com.commonsware.cwac.netsecurity;

import android.util.LruCache;
import androidx.annotation.NonNull;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class MemorizingTrustManager implements X509Extensions {
    private final DomainMatchRule domainMatchRule;
    private final boolean noTOFU;
    private final boolean onlySingleItemChains;
    private final char[] storePassword;
    private final String storeType;
    private final LruCache<String, MemorizingStore> stores;
    private final File workingDir;

    /* loaded from: classes2.dex */
    public static class Builder {
        private DomainMatchRule domainMatchRule;
        private char[] storePassword;
        private String storeType;
        private File workingDir = null;
        private boolean noTOFU = false;
        private int cacheSize = 128;
        private boolean onlySingleItemChains = false;

        public MemorizingTrustManager build() {
            File file = this.workingDir;
            if (file == null) {
                throw new IllegalStateException("You have not configured this builder!");
            }
            file.mkdirs();
            return new MemorizingTrustManager(this.workingDir, this.storePassword, this.storeType, this.noTOFU, this.cacheSize, this.domainMatchRule, this.onlySingleItemChains);
        }

        public Builder cacheSize(int i) {
            if (i <= 0) {
                throw new IllegalArgumentException("Please provide a sensible cache size");
            }
            this.cacheSize = i;
            return this;
        }

        public Builder forDomains(DomainMatchRule domainMatchRule) {
            this.domainMatchRule = domainMatchRule;
            return this;
        }

        public Builder noTOFU() {
            this.noTOFU = true;
            return this;
        }

        public Builder onlySingleItemChains() {
            this.onlySingleItemChains = true;
            return this;
        }

        public Builder saveTo(File file, char[] cArr) {
            return saveTo(file, cArr, KeyStore.getDefaultType());
        }

        public Builder saveTo(File file, char[] cArr, String str) {
            this.workingDir = file;
            this.storePassword = cArr;
            this.storeType = str;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class MemorizingStore {
        private final String host;
        private KeyStore keyStore;
        private final boolean noTOFU;
        private final File store;
        private final char[] storePassword;
        private X509TrustManager storeTrustManager;
        private final String storeType;
        private KeyStore transientKeyStore;
        private X509TrustManager transientTrustManager;

        MemorizingStore(String str, File file, char[] cArr, String str2, boolean z) throws Exception {
            this.host = str;
            this.store = new File(file, str);
            this.storePassword = cArr;
            this.storeType = str2;
            this.noTOFU = z;
            init();
        }

        private X509TrustManager findX509TrustManager(TrustManagerFactory trustManagerFactory) {
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        }

        private void init() throws Exception {
            this.transientKeyStore = KeyStore.getInstance(this.storeType);
            this.transientKeyStore.load(null, null);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(this.transientKeyStore);
            this.transientTrustManager = findX509TrustManager(trustManagerFactory);
            this.keyStore = KeyStore.getInstance(this.storeType);
            if (this.store.exists()) {
                this.keyStore.load(new FileInputStream(this.store), this.storePassword);
            } else {
                this.keyStore.load(null, this.storePassword);
            }
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance("X509");
            trustManagerFactory2.init(this.keyStore);
            this.storeTrustManager = findX509TrustManager(trustManagerFactory2);
        }

        synchronized void checkServerTrusted(@NonNull X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                try {
                    this.storeTrustManager.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException unused) {
                    this.transientTrustManager.checkServerTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e) {
                try {
                    if (this.keyStore.size() == 0 && this.transientKeyStore.size() == 0) {
                        if (this.noTOFU) {
                            throw new CertificateNotMemorizedException(x509CertificateArr, this.host);
                        }
                        try {
                            memorize(x509CertificateArr);
                            return;
                        } catch (Exception e2) {
                            throw new CertificateException("Problem while memorizing", e2);
                        }
                    }
                } catch (KeyStoreException unused2) {
                }
                throw new MemorizationMismatchException(x509CertificateArr, this.host, e);
            }
        }

        synchronized void clear(boolean z) throws Exception {
            if (z) {
                this.store.delete();
            }
            init();
        }

        synchronized void memorize(@NonNull X509Certificate[] x509CertificateArr) throws Exception {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                this.keyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(this.keyStore);
            this.storeTrustManager = findX509TrustManager(trustManagerFactory);
            FileOutputStream fileOutputStream = new FileOutputStream(this.store);
            this.keyStore.store(fileOutputStream, this.storePassword);
            fileOutputStream.flush();
            fileOutputStream.close();
        }

        synchronized void memorizeForNow(@NonNull X509Certificate[] x509CertificateArr) throws Exception {
            for (X509Certificate x509Certificate : x509CertificateArr) {
                this.transientKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(this.transientKeyStore);
            this.transientTrustManager = findX509TrustManager(trustManagerFactory);
        }
    }

    private MemorizingTrustManager(File file, char[] cArr, String str, boolean z, int i, DomainMatchRule domainMatchRule, boolean z2) {
        this.workingDir = file;
        this.storePassword = cArr;
        this.storeType = str;
        this.noTOFU = z;
        this.stores = new LruCache<>(i);
        this.domainMatchRule = domainMatchRule;
        this.onlySingleItemChains = z2;
    }

    private MemorizingStore getStoreForHost(String str) throws Exception {
        MemorizingStore memorizingStore;
        synchronized (this) {
            memorizingStore = this.stores.get(str);
            if (memorizingStore == null) {
                memorizingStore = new MemorizingStore(str, this.workingDir, this.storePassword, this.storeType, this.noTOFU);
                this.stores.put(str, memorizingStore);
            }
        }
        return memorizingStore;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(@NonNull X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException("Client checks not supported");
    }

    @Override // com.commonsware.cwac.netsecurity.X509Extensions
    public List<X509Certificate> checkServerTrusted(@NonNull X509Certificate[] x509CertificateArr, String str, String str2) throws CertificateException {
        DomainMatchRule domainMatchRule;
        if ((!this.onlySingleItemChains || x509CertificateArr.length == 1) && ((domainMatchRule = this.domainMatchRule) == null || domainMatchRule.matches(str2))) {
            try {
                getStoreForHost(str2).checkServerTrusted(x509CertificateArr, str);
            } catch (Exception e) {
                if ((e instanceof CertificateNotMemorizedException) || (e instanceof MemorizationMismatchException)) {
                    throw ((CertificateException) e);
                }
                throw new CertificateException("Exception setting up memoization", e);
            }
        }
        return Arrays.asList(x509CertificateArr);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(@NonNull X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new IllegalStateException("Must use three-parameter checkServerTrusted()");
    }

    public void clear(String str, boolean z) throws Exception {
        getStoreForHost(str).clear(z);
    }

    public synchronized void clearAll(boolean z) throws Exception {
        Iterator<String> it = this.stores.snapshot().keySet().iterator();
        while (it.hasNext()) {
            clear(it.next(), z);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    @Override // com.commonsware.cwac.netsecurity.X509Extensions
    public boolean isUserAddedCertificate(X509Certificate x509Certificate) {
        return false;
    }

    public void memorize(@NonNull MemorizationException memorizationException) throws Exception {
        getStoreForHost(memorizationException.host).memorize(memorizationException.chain);
    }

    public synchronized void memorizeForNow(@NonNull MemorizationException memorizationException) throws Exception {
        getStoreForHost(memorizationException.host).memorizeForNow(memorizationException.chain);
    }
}
