package com.heytap.omas.a.c;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import androidx.annotation.NonNull;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.a.d.d;
import com.heytap.omas.a.d.h;
import com.heytap.omas.omkms.data.c;
import com.heytap.omas.omkms.security.CertException$CertChainException;
import com.heytap.omas.omkms.security.CertException$CertChainVerifyException;
import com.heytap.omas.omkms.security.CertException$LoadEccCertException;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes3.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static KeyStore f5913a;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class a extends TypeToken<List<String>> {
        a() {
        }
    }

    static {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f5913a = keyStore;
            keyStore.load(null);
        } catch (Exception e2) {
            h.e("X509CertManager", "keyStore get instance exception:" + e2.getMessage());
        }
    }

    public static X509Certificate a(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("x.509").generateCertificate(new ByteArrayInputStream(str.getBytes()));
    }

    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00a4: MOVE (r2 I:??[OBJECT, ARRAY]) = (r8 I:??[OBJECT, ARRAY]), block:B:30:0x00a4 */
    /* JADX WARN: Removed duplicated region for block: B:33:0x00a7 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @androidx.annotation.NonNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.List<java.security.cert.X509Certificate> b(android.content.Context r12) throws com.heytap.omas.omkms.security.CertException$LoadEccCertException {
        /*
            java.lang.String r0 = "X509CertManager"
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            r2 = 0
            java.lang.String r3 = "x.509"
            java.security.cert.CertificateFactory r3 = java.security.cert.CertificateFactory.getInstance(r3)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            android.content.res.AssetManager r4 = r12.getAssets()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r5 = "certificate-pool"
            java.lang.String[] r4 = r4.list(r5)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            if (r4 == 0) goto L5d
            int r5 = r4.length     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            if (r5 == 0) goto L5d
            int r5 = r4.length     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r6 = 0
        L1f:
            if (r6 >= r5) goto L52
            r7 = r4[r6]     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.io.BufferedInputStream r8 = new java.io.BufferedInputStream     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            android.content.res.AssetManager r9 = r12.getAssets()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.StringBuilder r10 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r10.<init>()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r11 = "certificate-pool/"
            r10.append(r11)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r10.append(r7)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r7 = r10.toString()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.io.InputStream r7 = r9.open(r7)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r8.<init>(r7)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.security.cert.Certificate r2 = r3.generateCertificate(r8)     // Catch: java.security.cert.CertificateException -> L4e java.io.IOException -> L50 java.lang.Throwable -> La3
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2     // Catch: java.security.cert.CertificateException -> L4e java.io.IOException -> L50 java.lang.Throwable -> La3
            r1.add(r2)     // Catch: java.security.cert.CertificateException -> L4e java.io.IOException -> L50 java.lang.Throwable -> La3
            int r6 = r6 + 1
            r2 = r8
            goto L1f
        L4e:
            r12 = move-exception
            goto L70
        L50:
            r12 = move-exception
            goto L70
        L52:
            if (r2 == 0) goto L5c
            r2.close()     // Catch: java.io.IOException -> L58
            goto L5c
        L58:
            r12 = move-exception
            com.heytap.omas.a.d.h.b(r12)
        L5c:
            return r1
        L5d:
            java.lang.String r12 = "loadRootCertsFromFile,cannot found root certs."
            com.heytap.omas.a.d.h.e(r0, r12)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            com.heytap.omas.omkms.security.CertException$LoadEccCertException r12 = new com.heytap.omas.omkms.security.CertException$LoadEccCertException     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r1 = "loadCertsFromFile,cannot found root certs"
            r12.<init>(r1)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            throw r12     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
        L6a:
            r12 = move-exception
            goto La5
        L6c:
            r12 = move-exception
            goto L6f
        L6e:
            r12 = move-exception
        L6f:
            r8 = r2
        L70:
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> La3
            r1.<init>()     // Catch: java.lang.Throwable -> La3
            java.lang.String r2 = "loadRootCertFromFile,IO exception occur.detail: "
            r1.append(r2)     // Catch: java.lang.Throwable -> La3
            java.lang.String r2 = r12.getMessage()     // Catch: java.lang.Throwable -> La3
            r1.append(r2)     // Catch: java.lang.Throwable -> La3
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> La3
            com.heytap.omas.a.d.h.e(r0, r1)     // Catch: java.lang.Throwable -> La3
            com.heytap.omas.omkms.security.CertException$LoadEccCertException r0 = new com.heytap.omas.omkms.security.CertException$LoadEccCertException     // Catch: java.lang.Throwable -> La3
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> La3
            r1.<init>()     // Catch: java.lang.Throwable -> La3
            java.lang.String r2 = "loadCertsFromFile exception:"
            r1.append(r2)     // Catch: java.lang.Throwable -> La3
            java.lang.String r12 = r12.getMessage()     // Catch: java.lang.Throwable -> La3
            r1.append(r12)     // Catch: java.lang.Throwable -> La3
            java.lang.String r12 = r1.toString()     // Catch: java.lang.Throwable -> La3
            r0.<init>(r12)     // Catch: java.lang.Throwable -> La3
            throw r0     // Catch: java.lang.Throwable -> La3
        La3:
            r12 = move-exception
            r2 = r8
        La5:
            if (r2 == 0) goto Laf
            r2.close()     // Catch: java.io.IOException -> Lab
            goto Laf
        Lab:
            r0 = move-exception
            com.heytap.omas.a.d.h.b(r0)
        Laf:
            throw r12
        */
        throw new UnsupportedOperationException("Method not decompiled: com.heytap.omas.a.c.b.b(android.content.Context):java.util.List");
    }

    public static List<String> c(Context context, c cVar) {
        try {
            try {
                if (f5913a == null) {
                    h.e("X509CertManager", "checkCertChainStatus: key store is null,should always take place here.");
                    return null;
                }
                List<String> i = i(context, cVar);
                if (i != null && i.size() != 0) {
                    String str = "checkCertChainStatus: alias info:" + i;
                    ArrayList arrayList = new ArrayList();
                    for (String str2 : i) {
                        if (!f5913a.containsAlias(str2)) {
                            h.e("X509CertManager", "checkCertChainStatus: key store not contains alias:" + str2);
                            return null;
                        }
                        String str3 = "checkCertChainStatus: key store contains alias:" + str2;
                        arrayList.add(f5913a.getCertificate(str2).getEncoded());
                    }
                    List<String> a2 = d.a(arrayList);
                    if (a2 != null && a2.size() != 0) {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance("x.509");
                        ArrayList arrayList2 = new ArrayList();
                        try {
                            Iterator<String> it = a2.iterator();
                            while (it.hasNext()) {
                                arrayList2.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next().getBytes())));
                            }
                            d(context, b(context), arrayList2);
                            return a2;
                        } catch (CertificateException e2) {
                            h.e("X509CertManager", "checkCertChainStatus: format pem cert to x509 cert, exception:" + e2.getMessage());
                            h(context, cVar);
                            return null;
                        }
                    }
                    h.g("X509CertManager", "checkCertChainStatus: der certs to pem format fail.");
                    return null;
                }
                h.g("X509CertManager", "checkCertChainStatus: kms cert chain alias info mot found.");
                return null;
            } catch (CertificateException e3) {
                e = e3;
                h.g("X509CertManager", "checkCertChainStatus: " + e);
                h(context, cVar);
                return null;
            }
        } catch (CertException$CertChainException e4) {
            e = e4;
            h.g("X509CertManager", "checkCertChainStatus: " + e);
            h(context, cVar);
            return null;
        } catch (CertException$CertChainVerifyException e5) {
            e = e5;
            h.g("X509CertManager", "checkCertChainStatus: " + e);
            h(context, cVar);
            return null;
        } catch (CertException$LoadEccCertException e6) {
            e = e6;
            h.g("X509CertManager", "checkCertChainStatus: " + e);
            h(context, cVar);
            return null;
        } catch (KeyStoreException e7) {
            e = e7;
            h.g("X509CertManager", "checkCertChainStatus: " + e);
            h(context, cVar);
            return null;
        }
    }

    @SuppressLint({"RestrictedApi"})
    public static List<X509Certificate> d(@NonNull Context context, @NonNull List<X509Certificate> list, @NonNull List<X509Certificate> list2) throws CertException$CertChainVerifyException, CertException$CertChainException {
        int size;
        boolean z;
        if (list == null || list.size() < 1) {
            h.e("X509CertManager", "checkCertChainTrusted:parameter error,anchorCertList must not be null or < 1.");
            throw new IllegalArgumentException("parameter invalid.anchorCertList must not be null or < 1 .");
        }
        if (list2 == null || (size = list2.size()) < 1) {
            h.e("X509CertManager", "checkCertChainTrusted:parameter error,certChainList must not be null or < 1.");
            throw new IllegalArgumentException("parameter invalid.certChainLen must not be null or <1");
        }
        int i = 0;
        while (true) {
            int i2 = size - 1;
            if (i == i2) {
                X509Certificate x509Certificate = null;
                Iterator<X509Certificate> it = list.iterator();
                boolean z2 = false;
                while (true) {
                    if (!it.hasNext()) {
                        z = z2;
                        break;
                    }
                    X509Certificate next = it.next();
                    String str = "checkCertChainTrusted: subject : " + next.getSubjectDN() + "issuer: " + next.getIssuerDN() + ",index of anchorCertList[" + list.lastIndexOf(next) + "]";
                    if (list2.get(i2).getIssuerDN().equals(next.getSubjectDN())) {
                        try {
                            list2.get(i2).verify(next.getPublicKey());
                        } catch (Exception unused) {
                        }
                        try {
                            String str2 = "checkCertChainTrusted: verify success when use public key,index of anchorCertList[" + list.lastIndexOf(next) + "]";
                            x509Certificate = next;
                            z = true;
                            break;
                        } catch (Exception unused2) {
                            x509Certificate = next;
                            z2 = true;
                            h.g("X509CertManager", "checkCertChainTrusted: verify exception while use public key,index of anchorCertList[" + list.lastIndexOf(next) + "]");
                            String str3 = "checkCertChainTrusted: verify exception while use public key,index of anchorCertList[" + list.lastIndexOf(next) + "]";
                        }
                    }
                }
                if (!z) {
                    h.e("X509CertManager", "checkCertChainTrusted,not signed by root cert.");
                    final String str4 = "checkCertChainTrusted,cannot found root cert of certChainLis.";
                    throw new Exception(str4) { // from class: com.heytap.omas.omkms.security.CertException$CertChainException
                    };
                }
                if (x509Certificate != null) {
                    list2.add(x509Certificate);
                }
                if (!f(list2)) {
                    final String str5 = "certChain invalidity.";
                    throw new Exception(str5) { // from class: com.heytap.omas.omkms.security.CertException$CertChainException
                    };
                }
                list2.remove(x509Certificate);
                h.g("X509CertManager", "checkCertChainTrusted: success");
                return list2;
            }
            try {
                X509Certificate x509Certificate2 = list2.get(i);
                String str6 = "checkCertChainTrusted: certChain[" + i + "]:subject:" + x509Certificate2.getSubjectDN() + ",issuer:" + x509Certificate2.getIssuerDN();
                if (x509Certificate2.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                    h.e("X509CertManager", "checkCertChainTrusted: certChain[" + i + "] cannot be self sign.");
                    final String str7 = "checkCertChainTrusted:certChain[\"" + i + " \"] cannot be self sign.";
                    throw new Exception(str7) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                    };
                }
                int i3 = i + 1;
                Principal subjectDN = list2.get(i3).getSubjectDN();
                Principal issuerDN = x509Certificate2.getIssuerDN();
                PublicKey publicKey = list2.get(i3).getPublicKey();
                String str8 = "checkCertChainTrusted: certChain[" + i + "]'Issuer:" + issuerDN + ",upper'subject:" + subjectDN;
                if (!issuerDN.equals(subjectDN)) {
                    h.e("X509CertManager", "checkCertChainTrusted: Issuer not match upper cert,index{" + i + "].");
                    final String str9 = "checkCertChainTrusted: Issuer not match upper cert,index{" + i + "].";
                    throw new Exception(str9) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                    };
                }
                String str10 = "checkCertChainTrusted,certChain[" + i + "] verify with upper cert'publick key now";
                x509Certificate2.verify(publicKey);
                String str11 = "checkCertChainTrusted,certChain[" + i + "] verify with upper cert'publick key, success: ";
                i = i3;
            } catch (InvalidKeyException e2) {
                h.c("checkCertChainTrusted: InvalidKeyException.detail: " + e2.getMessage());
                final String str12 = "InvalidKeyException.detail:" + e2.getMessage();
                throw new Exception(str12) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                };
            } catch (NoSuchAlgorithmException e3) {
                h.c("checkCertChainTrusted: NoSuchAlgorithmException.detail: " + e3.getMessage());
                final String str13 = "NoSuchAlgorithmException.detail:" + e3.getMessage();
                throw new Exception(str13) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                };
            } catch (NoSuchProviderException e4) {
                h.c("checkCertChainTrusted: NoSuchProviderException.detail: " + e4.getMessage());
                final String str14 = "NoSuchProviderException.detail:" + e4.getMessage();
                throw new Exception(str14) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                };
            } catch (SignatureException e5) {
                h.c("checkCertChainTrusted: SignatureException.detail: " + e5.getMessage());
                final String str15 = "SignatureException.detail:" + e5.getMessage();
                throw new Exception(str15) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                };
            } catch (CertificateException e6) {
                h.c("checkCertChainTrusted.detail: " + e6.getMessage());
                final String str16 = "CertificateException.detail:" + e6.getMessage();
                throw new Exception(str16) { // from class: com.heytap.omas.omkms.security.CertException$CertChainVerifyException
                };
            }
        }
    }

    private static void e(Context context, c cVar, List<String> list) {
        String str;
        if (context == null || list == null || list.isEmpty()) {
            str = "saveCertChainAlias: parameter invalid.";
        } else {
            SharedPreferences.Editor edit = context.getSharedPreferences("kms_cert_alias", 0).edit();
            String json = new Gson().toJson(list);
            String str2 = "saveCertChainAlias: aliases strJson:" + json;
            edit.putString(cVar.getEnvConfig().getEnvName() + "_kms_certs_alias_info", json);
            str = "saveCertChainAlias,commitResult:" + edit.commit();
        }
        h.g("X509CertManager", str);
    }

    private static boolean f(List<X509Certificate> list) {
        int i;
        try {
            i = 0;
            for (X509Certificate x509Certificate : list) {
                try {
                    x509Certificate.checkValidity();
                    String str = "checkCertChainValidity,certChain[" + i + "],not before:" + x509Certificate.getNotBefore() + ". not after: " + x509Certificate.getNotAfter();
                    i++;
                } catch (Exception e2) {
                    e = e2;
                    String str2 = "checkCertChainValidity,certList[" + i + "],detail: " + e.getMessage();
                    return false;
                }
            }
            return true;
        } catch (Exception e3) {
            e = e3;
            i = 0;
        }
    }

    public static List<String> g(Context context, c cVar, List<X509Certificate> list) {
        try {
            if (f5913a == null) {
                h.e("X509CertManager", "saveTrustedCertChain: android key store can not use,should not take place always,and cert chain would not be persistent storage.");
                return null;
            }
            if (list != null && list.size() != 0) {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : list) {
                    arrayList.add(cVar.getEnvConfig().getEnvName() + "_kms_cert_" + list.indexOf(x509Certificate));
                    h.g("X509CertManager", "saveTrustedCertChain: " + cVar.getEnvConfig().getEnvName() + "_kms_cert_" + list.indexOf(x509Certificate) + " had save into android key store.");
                    KeyStore keyStore = f5913a;
                    StringBuilder sb = new StringBuilder();
                    sb.append(cVar.getEnvConfig().getEnvName());
                    sb.append("_");
                    sb.append("kms_cert_");
                    sb.append(list.indexOf(x509Certificate));
                    keyStore.setCertificateEntry(sb.toString(), x509Certificate);
                }
                e(context, cVar, arrayList);
                return arrayList;
            }
            h.e("X509CertManager", "saveTrustedCertChain: cert chain is empty,would not save anythings.");
            return null;
        } catch (Exception e2) {
            h.e("X509CertManager", "saveTrustedCertChain: exception:" + e2.getMessage());
            return null;
        }
    }

    public static void h(Context context, c cVar) {
        try {
            if (context == null) {
                h.e("X509CertManager", "deleteKmsCertChain: parameter invalid,context must not be null.");
                return;
            }
            SharedPreferences.Editor edit = context.getSharedPreferences("kms_cert_alias", 0).edit();
            List<String> i = i(context, cVar);
            if (i == null) {
                h.g("X509CertManager", "deleteKmsCertChain: no any kms cert aliases found.");
                edit.clear();
                return;
            }
            for (String str : i) {
                if (f5913a.containsAlias(str)) {
                    String str2 = "deleteKmsCertChain: alias:" + str;
                    f5913a.deleteEntry(str);
                } else {
                    h.g("X509CertManager", "deleteKmsCertChain: key store not contains alias:" + str);
                }
            }
            h.g("X509CertManager", "deleteKmsCertChain: commitResult:" + edit.clear().commit());
        } catch (KeyStoreException e2) {
            h.g("X509CertManager", "deleteKmsCertChain: exception:" + e2.getMessage());
        }
    }

    private static List<String> i(Context context, c cVar) {
        try {
            if (context == null) {
                h.g("X509CertManager", "getInterCertAlias,parameter invalid.");
                return null;
            }
            String string = context.getSharedPreferences("kms_cert_alias", 0).getString(cVar.getEnvConfig().getEnvName() + "_kms_certs_alias_info", null);
            if (string == null) {
                h.g("X509CertManager", "getCertChainAliasList: not found aliases info.");
                return null;
            }
            List<String> list = (List) new Gson().fromJson(string, new a().getType());
            String str = "getCertChainAliasList,certAliasList:" + list.toString();
            return list;
        } catch (Exception e2) {
            h.g("X509CertManager", "getCertChainAliasList: fail." + e2.getMessage());
            return null;
        }
    }
}
