package atak.core;

import com.atakmap.coremap.filesystem.FileSystemUtils;
import com.atakmap.coremap.log.Log;
import gov.tak.api.engine.net.c;
import gov.tak.api.engine.net.d;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.Provider;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class amx {
    public static final String a = "CertificateManagerBase";
    private X509TrustManager d;
    private gov.tak.api.engine.net.c e;
    private gov.tak.api.engine.net.d f;
    private final List<X509Certificate> b = new ArrayList();
    private final List<X509Certificate> g = new ArrayList();
    private X509TrustManager c = null;
    private X509TrustManager h = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x003a, code lost:
    
        r4.d = (javax.net.ssl.X509TrustManager) r2;
        com.atakmap.coremap.log.Log.d(atak.core.amx.a, "found the system X509TrustManager: " + r2);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public amx(gov.tak.api.engine.net.c r5, gov.tak.api.engine.net.d r6, atak.core.aiq r7) {
        /*
            r4 = this;
            java.lang.String r0 = "CertificateManagerBase"
            r4.<init>()
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            r4.b = r1
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            r4.g = r1
            r1 = 0
            r4.c = r1
            r4.h = r1
            r4.d = r1
            r4.e = r5     // Catch: java.lang.Exception -> L57
            r4.f = r6     // Catch: java.lang.Exception -> L57
            java.lang.String r5 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.lang.Exception -> L57
            javax.net.ssl.TrustManagerFactory r5 = javax.net.ssl.TrustManagerFactory.getInstance(r5)     // Catch: java.lang.Exception -> L57
            r6 = r1
            java.security.KeyStore r6 = (java.security.KeyStore) r6     // Catch: java.lang.Exception -> L57
            r5.init(r1)     // Catch: java.lang.Exception -> L57
            javax.net.ssl.TrustManager[] r5 = r5.getTrustManagers()     // Catch: java.lang.Exception -> L57
            int r6 = r5.length     // Catch: java.lang.Exception -> L57
            r1 = 0
        L32:
            if (r1 >= r6) goto L5d
            r2 = r5[r1]     // Catch: java.lang.Exception -> L57
            boolean r3 = r2 instanceof javax.net.ssl.X509TrustManager     // Catch: java.lang.Exception -> L57
            if (r3 == 0) goto L54
            r5 = r2
            javax.net.ssl.X509TrustManager r5 = (javax.net.ssl.X509TrustManager) r5     // Catch: java.lang.Exception -> L57
            r4.d = r5     // Catch: java.lang.Exception -> L57
            java.lang.StringBuilder r5 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L57
            r5.<init>()     // Catch: java.lang.Exception -> L57
            java.lang.String r6 = "found the system X509TrustManager: "
            r5.append(r6)     // Catch: java.lang.Exception -> L57
            r5.append(r2)     // Catch: java.lang.Exception -> L57
            java.lang.String r5 = r5.toString()     // Catch: java.lang.Exception -> L57
            com.atakmap.coremap.log.Log.d(r0, r5)     // Catch: java.lang.Exception -> L57
            goto L5d
        L54:
            int r1 = r1 + 1
            goto L32
        L57:
            r5 = move-exception
            java.lang.String r6 = "unable to initialize X509TrustManager"
            com.atakmap.coremap.log.Log.d(r0, r6, r5)
        L5d:
            java.util.List<java.security.cert.X509Certificate> r5 = r4.b
            java.lang.String r6 = "certs/DODSWCA-61.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.b
            java.lang.String r6 = "certs/DODSWCA-54.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.b
            java.lang.String r6 = "certs/DODIDSWCA-38.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.b
            java.lang.String r6 = "certs/DoDRootCA3.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.b
            java.lang.String r6 = "certs/DoDRootCA5.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.g
            java.lang.String r6 = "certs/DigiCertHighAssuranceEVRootCA.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.g
            java.lang.String r6 = "certs/DigiCertGlobalRootCA.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.g
            java.lang.String r6 = "certs/DigiCertGlobalRootG2.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.g
            java.lang.String r6 = "certs/DigiCertEVRSACAG2.crt"
            a(r5, r7, r6)
            java.util.List<java.security.cert.X509Certificate> r5 = r4.g
            java.lang.String r6 = "certs/isrgrootx1.crt"
            a(r5, r7, r6)
            r4.c()
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: atak.core.amx.<init>(gov.tak.api.engine.net.c, gov.tak.api.engine.net.d, atak.core.aiq):void");
    }

    public static List<X509Certificate> a(gov.tak.api.engine.net.c cVar, gov.tak.api.engine.net.d dVar) {
        List<X509Certificate> a2;
        List<X509Certificate> a3;
        List<X509Certificate> a4;
        List<X509Certificate> a5;
        ArrayList arrayList = new ArrayList();
        try {
            byte[] a6 = c.CC.a(cVar, "TRUST_STORE_CA", null, -1) ? cVar.a("TRUST_STORE_CA", null, -1) : null;
            d.a a7 = dVar.a(d.a.TYPE_caPassword);
            if (a6 != null && a7 != null && !FileSystemUtils.isEmpty(a7.password) && (a5 = amw.a(a6, a7.password)) != null) {
                arrayList.addAll(a5);
            }
            byte[] a8 = c.CC.a(cVar, "UPDATE_SERVER_TRUST_STORE_CA", null, -1) ? cVar.a("UPDATE_SERVER_TRUST_STORE_CA", null, -1) : null;
            d.a a9 = dVar.a(d.a.TYPE_updateServerCaPassword);
            if (a8 != null && a9 != null && !FileSystemUtils.isEmpty(a9.password) && (a4 = amw.a(a8, a9.password)) != null) {
                arrayList.addAll(a4);
            }
            String[] a10 = cVar.a("TRUST_STORE_CA");
            if (a10 != null) {
                for (String str : a10) {
                    byte[] a11 = c.CC.a(cVar, "TRUST_STORE_CA", str, -1) ? cVar.a("TRUST_STORE_CA", str, -1) : null;
                    d.a a12 = dVar.a(d.a.TYPE_caPassword, str);
                    if (a11 != null && a12 != null && !FileSystemUtils.isEmpty(a12.password) && (a3 = amw.a(a11, a12.password)) != null) {
                        arrayList.addAll(a3);
                    }
                }
            }
            URI[] b = cVar.b("TRUST_STORE_CA");
            if (b != null) {
                for (URI uri : b) {
                    byte[] a13 = c.CC.a(cVar, "TRUST_STORE_CA", uri.getHost(), uri.getPort()) ? cVar.a("TRUST_STORE_CA", uri.getHost(), uri.getPort()) : null;
                    d.a a14 = dVar.a(d.a.TYPE_caPassword, uri.getHost());
                    if (a13 != null && a14 != null && !FileSystemUtils.isEmpty(a14.password) && (a2 = amw.a(a13, a14.password)) != null) {
                        arrayList.addAll(a2);
                    }
                }
            }
            Log.d(a, "getCACerts found " + arrayList.size() + " certs");
            return arrayList;
        } catch (Exception e) {
            Log.e(a, "exception in getCACerts!", e);
            return null;
        }
    }

    public static List<X509Certificate> a(byte[] bArr, String str, Provider provider, Throwable[] thArr) {
        try {
            LinkedList linkedList = new LinkedList();
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            KeyStore keyStore = provider != null ? KeyStore.getInstance("PKCS12", provider) : KeyStore.getInstance("PKCS12");
            keyStore.load(byteArrayInputStream, str.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                linkedList.add((X509Certificate) keyStore.getCertificate(aliases.nextElement()));
            }
            Log.d(a, "loadCertificate found " + linkedList.size() + " certs");
            return linkedList;
        } catch (Exception e) {
            if (thArr == null) {
                return null;
            }
            thArr[0] = e;
            return null;
        }
    }

    private static void a(List<X509Certificate> list, aiq aiqVar, String str) {
        try {
            X509Certificate b = b(aiqVar, str);
            if (b != null) {
                list.add(b);
            }
        } catch (Exception unused) {
            Log.d(a, "error initializing: " + str);
        }
    }

    private static X509Certificate b(aiq aiqVar, String str) throws Exception {
        Throwable th;
        BufferedInputStream bufferedInputStream;
        X509Certificate x509Certificate;
        BufferedInputStream bufferedInputStream2 = null;
        try {
            InputStream a2 = aiqVar.a(str);
            if (a2 != null) {
                try {
                    bufferedInputStream = new BufferedInputStream(a2);
                    try {
                        bufferedInputStream2 = bufferedInputStream;
                        x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(bufferedInputStream);
                    } catch (Throwable th2) {
                        th = th2;
                        if (bufferedInputStream != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (IOException unused) {
                            }
                        }
                        if (a2 == null) {
                            throw th;
                        }
                        try {
                            a2.close();
                            throw th;
                        } catch (IOException unused2) {
                            throw th;
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    bufferedInputStream = null;
                }
            } else {
                x509Certificate = null;
            }
            if (bufferedInputStream2 != null) {
                try {
                    bufferedInputStream2.close();
                } catch (IOException unused3) {
                }
            }
            if (a2 != null) {
                try {
                    a2.close();
                } catch (IOException unused4) {
                }
            }
            return x509Certificate;
        } catch (IOException e) {
            Log.d(a, "error occured loading cert", e);
            return null;
        }
    }

    private List<X509Certificate> f() {
        LinkedList linkedList = new LinkedList(this.b);
        List<X509Certificate> a2 = a(this.e, this.f);
        if (a2 != null) {
            linkedList.addAll(a2);
        }
        return linkedList;
    }

    private List<X509Certificate> g() {
        LinkedList linkedList = new LinkedList(this.g);
        linkedList.addAll(this.b);
        return linkedList;
    }

    public X509TrustManager a() {
        return this.d;
    }

    public X509TrustManager a(boolean z) {
        return z ? this.c : this.h;
    }

    public synchronized void a(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return;
        }
        Log.d(a, "removed: " + x509Certificate);
        this.b.remove(x509Certificate);
        c();
    }

    public X509Certificate[] a(X509TrustManager x509TrustManager) {
        X509Certificate[] acceptedIssuers = x509TrustManager == null ? new X509Certificate[0] : x509TrustManager.getAcceptedIssuers();
        if (acceptedIssuers == null) {
            acceptedIssuers = new X509Certificate[0];
        }
        List<X509Certificate> f = f();
        X509Certificate[] x509CertificateArr = new X509Certificate[acceptedIssuers.length + f.size()];
        System.arraycopy(acceptedIssuers, 0, x509CertificateArr, 0, acceptedIssuers.length);
        for (int i = 0; i < f.size(); i++) {
            Log.d(a, "added: " + f.get(i));
            x509CertificateArr[acceptedIssuers.length + i] = f.get(i);
        }
        return x509CertificateArr;
    }

    @Deprecated
    public X509TrustManager b() {
        return a(false);
    }

    public synchronized void b(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return;
        }
        Log.d(a, "added: " + x509Certificate);
        this.b.add(x509Certificate);
        c();
    }

    public void c() {
        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(null, null);
            for (X509Certificate x509Certificate : f()) {
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().hashCode() + "", x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            this.c = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
            Log.d(a, "obtained localized trust manager");
        } catch (Exception e) {
            Log.d(a, "error obtaining localized trust manager", e);
        }
        try {
            KeyStore keyStore2 = KeyStore.getInstance("BKS");
            keyStore2.load(null, null);
            for (X509Certificate x509Certificate2 : g()) {
                keyStore2.setCertificateEntry(x509Certificate2.getSubjectX500Principal().hashCode() + "", x509Certificate2);
            }
            TrustManagerFactory trustManagerFactory2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory2.init(keyStore2);
            this.h = (X509TrustManager) trustManagerFactory2.getTrustManagers()[0];
            Log.d(a, "obtained public trust manager");
        } catch (Exception e2) {
            Log.d(a, "error obtaining public trust manager", e2);
        }
    }

    public gov.tak.api.engine.net.d d() {
        return this.f;
    }

    public gov.tak.api.engine.net.c e() {
        return this.e;
    }
}
