package com.heytap.omas.a.d;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import androidx.annotation.NonNull;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import com.heytap.omas.a.e.e;
import com.heytap.omas.a.e.i;
import com.heytap.omas.omkms.data.h;
import com.heytap.omas.omkms.security.CertException;
import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;

/* loaded from: classes4.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    public static final String f22643a = "X509CertManager";

    /* renamed from: b, reason: collision with root package name */
    public static final String f22644b = "x.509";

    /* renamed from: c, reason: collision with root package name */
    private static final String f22645c = "certificate-pool";

    /* renamed from: d, reason: collision with root package name */
    private static final String f22646d = "kms_cert_alias";

    /* renamed from: e, reason: collision with root package name */
    private static final String f22647e = "kms_certs_alias_info";

    /* renamed from: f, reason: collision with root package name */
    private static final String f22648f = "kms_cert_";

    /* renamed from: g, reason: collision with root package name */
    private static KeyStore f22649g;

    /* loaded from: classes4.dex */
    public static class a extends TypeToken<List<String>> {
    }

    static {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f22649g = keyStore;
            keyStore.load(null);
        } catch (Exception e10) {
            i.b(f22643a, "keyStore get instance exception:" + e10.getMessage());
        }
    }

    private b() {
    }

    public static X509Certificate a(String str) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance(f22644b).generateCertificate(new ByteArrayInputStream(str.getBytes()));
    }

    /* JADX WARN: Not initialized variable reg: 8, insn: 0x00a4: MOVE (r2 I:??[OBJECT, ARRAY]) = (r8 I:??[OBJECT, ARRAY]), block:B:30:0x00a4 */
    /* JADX WARN: Removed duplicated region for block: B:33:0x00a7 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    @androidx.annotation.NonNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.List<java.security.cert.X509Certificate> a(android.content.Context r12) throws com.heytap.omas.omkms.security.CertException.LoadEccCertException {
        /*
            java.lang.String r0 = "X509CertManager"
            java.util.ArrayList r1 = new java.util.ArrayList
            r1.<init>()
            r2 = 0
            java.lang.String r3 = "x.509"
            java.security.cert.CertificateFactory r3 = java.security.cert.CertificateFactory.getInstance(r3)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            android.content.res.AssetManager r4 = r12.getAssets()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r5 = "certificate-pool"
            java.lang.String[] r4 = r4.list(r5)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            if (r4 == 0) goto L5d
            int r5 = r4.length     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            if (r5 == 0) goto L5d
            int r5 = r4.length     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r6 = 0
        L1f:
            if (r6 >= r5) goto L52
            r7 = r4[r6]     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.io.BufferedInputStream r8 = new java.io.BufferedInputStream     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            android.content.res.AssetManager r9 = r12.getAssets()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.StringBuilder r10 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r10.<init>()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r11 = "certificate-pool/"
            r10.append(r11)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r10.append(r7)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r7 = r10.toString()     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.io.InputStream r7 = r9.open(r7)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            r8.<init>(r7)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.security.cert.Certificate r2 = r3.generateCertificate(r8)     // Catch: java.security.cert.CertificateException -> L4e java.io.IOException -> L50 java.lang.Throwable -> La3
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2     // Catch: java.security.cert.CertificateException -> L4e java.io.IOException -> L50 java.lang.Throwable -> La3
            r1.add(r2)     // Catch: java.security.cert.CertificateException -> L4e java.io.IOException -> L50 java.lang.Throwable -> La3
            int r6 = r6 + 1
            r2 = r8
            goto L1f
        L4e:
            r12 = move-exception
            goto L70
        L50:
            r12 = move-exception
            goto L70
        L52:
            if (r2 == 0) goto L5c
            r2.close()     // Catch: java.io.IOException -> L58
            goto L5c
        L58:
            r12 = move-exception
            com.heytap.omas.a.e.i.a(r12)
        L5c:
            return r1
        L5d:
            java.lang.String r12 = "loadRootCertsFromFile,cannot found root certs."
            com.heytap.omas.a.e.i.b(r0, r12)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            com.heytap.omas.omkms.security.CertException$LoadEccCertException r12 = new com.heytap.omas.omkms.security.CertException$LoadEccCertException     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            java.lang.String r1 = "loadCertsFromFile,cannot found root certs"
            r12.<init>(r1)     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
            throw r12     // Catch: java.lang.Throwable -> L6a java.security.cert.CertificateException -> L6c java.io.IOException -> L6e
        L6a:
            r12 = move-exception
            goto La5
        L6c:
            r12 = move-exception
            goto L6f
        L6e:
            r12 = move-exception
        L6f:
            r8 = r2
        L70:
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> La3
            r1.<init>()     // Catch: java.lang.Throwable -> La3
            java.lang.String r2 = "loadRootCertFromFile,IO exception occur.detail: "
            r1.append(r2)     // Catch: java.lang.Throwable -> La3
            java.lang.String r2 = r12.getMessage()     // Catch: java.lang.Throwable -> La3
            r1.append(r2)     // Catch: java.lang.Throwable -> La3
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> La3
            com.heytap.omas.a.e.i.b(r0, r1)     // Catch: java.lang.Throwable -> La3
            com.heytap.omas.omkms.security.CertException$LoadEccCertException r0 = new com.heytap.omas.omkms.security.CertException$LoadEccCertException     // Catch: java.lang.Throwable -> La3
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> La3
            r1.<init>()     // Catch: java.lang.Throwable -> La3
            java.lang.String r2 = "loadCertsFromFile exception:"
            r1.append(r2)     // Catch: java.lang.Throwable -> La3
            java.lang.String r12 = r12.getMessage()     // Catch: java.lang.Throwable -> La3
            r1.append(r12)     // Catch: java.lang.Throwable -> La3
            java.lang.String r12 = r1.toString()     // Catch: java.lang.Throwable -> La3
            r0.<init>(r12)     // Catch: java.lang.Throwable -> La3
            throw r0     // Catch: java.lang.Throwable -> La3
        La3:
            r12 = move-exception
            r2 = r8
        La5:
            if (r2 == 0) goto Laf
            r2.close()     // Catch: java.io.IOException -> Lab
            goto Laf
        Lab:
            r0 = move-exception
            com.heytap.omas.a.e.i.a(r0)
        Laf:
            throw r12
        */
        throw new UnsupportedOperationException("Method not decompiled: com.heytap.omas.a.d.b.a(android.content.Context):java.util.List");
    }

    public static List<String> a(Context context, h hVar) {
        try {
            try {
                if (f22649g == null) {
                    i.b(f22643a, "checkCertChainStatus: key store is null,should always take place here.");
                    return null;
                }
                List<String> c10 = c(context, hVar);
                if (c10 != null && c10.size() != 0) {
                    c10.toString();
                    ArrayList arrayList = new ArrayList();
                    for (String str : c10) {
                        if (!f22649g.containsAlias(str)) {
                            i.b(f22643a, "checkCertChainStatus: key store not contains alias:" + str);
                            return null;
                        }
                        arrayList.add(f22649g.getCertificate(str).getEncoded());
                    }
                    List<String> a10 = e.a(arrayList);
                    if (a10 != null && a10.size() != 0) {
                        CertificateFactory certificateFactory = CertificateFactory.getInstance(f22644b);
                        ArrayList arrayList2 = new ArrayList();
                        try {
                            Iterator<String> it = a10.iterator();
                            while (it.hasNext()) {
                                arrayList2.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next().getBytes())));
                            }
                            a(context, a(context), arrayList2);
                            return a10;
                        } catch (CertificateException e10) {
                            i.b(f22643a, "checkCertChainStatus: format pem cert to x509 cert, exception:" + e10.getMessage());
                            b(context, hVar);
                            return null;
                        }
                    }
                    i.c(f22643a, "checkCertChainStatus: der certs to pem format fail.");
                    return null;
                }
                i.c(f22643a, "checkCertChainStatus: kms cert chain alias info mot found.");
                return null;
            } catch (CertificateException e11) {
                e = e11;
                i.c(f22643a, "checkCertChainStatus: " + e);
                b(context, hVar);
                return null;
            }
        } catch (CertException.CertChainException e12) {
            e = e12;
            i.c(f22643a, "checkCertChainStatus: " + e);
            b(context, hVar);
            return null;
        } catch (CertException.CertChainVerifyException e13) {
            e = e13;
            i.c(f22643a, "checkCertChainStatus: " + e);
            b(context, hVar);
            return null;
        } catch (CertException.LoadEccCertException e14) {
            e = e14;
            i.c(f22643a, "checkCertChainStatus: " + e);
            b(context, hVar);
            return null;
        } catch (KeyStoreException e15) {
            e = e15;
            i.c(f22643a, "checkCertChainStatus: " + e);
            b(context, hVar);
            return null;
        }
    }

    @SuppressLint({"RestrictedApi"})
    public static List<X509Certificate> a(@NonNull Context context, @NonNull List<X509Certificate> list, @NonNull List<X509Certificate> list2) throws CertException.CertChainVerifyException, CertException.CertChainException {
        int size;
        if (list != null) {
            boolean z10 = true;
            if (list.size() >= 1) {
                if (list2 == null || (size = list2.size()) < 1) {
                    i.b(f22643a, "checkCertChainTrusted:parameter error,certChainList must not be null or < 1.");
                    throw new IllegalArgumentException("parameter invalid.certChainLen must not be null or <1");
                }
                boolean z11 = false;
                int i10 = 0;
                while (true) {
                    int i11 = size - 1;
                    if (i10 == i11) {
                        X509Certificate x509Certificate = null;
                        Iterator<X509Certificate> it = list.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                z10 = z11;
                                break;
                            }
                            X509Certificate next = it.next();
                            Objects.toString(next.getSubjectDN());
                            Objects.toString(next.getIssuerDN());
                            list.lastIndexOf(next);
                            if (list2.get(i11).getIssuerDN().equals(next.getSubjectDN())) {
                                try {
                                    list2.get(i11).verify(next.getPublicKey());
                                } catch (Exception unused) {
                                }
                                try {
                                    list.lastIndexOf(next);
                                    x509Certificate = next;
                                    break;
                                } catch (Exception unused2) {
                                    x509Certificate = next;
                                    z11 = true;
                                    i.c(f22643a, "checkCertChainTrusted: verify exception while use public key,index of anchorCertList[" + list.lastIndexOf(next) + "]");
                                    list.lastIndexOf(next);
                                }
                            }
                        }
                        if (!z10) {
                            i.b(f22643a, "checkCertChainTrusted,not signed by root cert.");
                            throw new CertException.CertChainException("checkCertChainTrusted,cannot found root cert of certChainLis.");
                        }
                        if (x509Certificate != null) {
                            list2.add(x509Certificate);
                        }
                        if (!a(list2)) {
                            throw new CertException.CertChainException("certChain invalidity.");
                        }
                        list2.remove(x509Certificate);
                        i.c(f22643a, "checkCertChainTrusted: success");
                        return list2;
                    }
                    try {
                        X509Certificate x509Certificate2 = list2.get(i10);
                        Objects.toString(x509Certificate2.getSubjectDN());
                        Objects.toString(x509Certificate2.getIssuerDN());
                        if (x509Certificate2.getIssuerDN().equals(x509Certificate2.getSubjectDN())) {
                            i.b(f22643a, "checkCertChainTrusted: certChain[" + i10 + "] cannot be self sign.");
                            throw new CertException.CertChainVerifyException("checkCertChainTrusted:certChain[\"" + i10 + " \"] cannot be self sign.");
                        }
                        int i12 = i10 + 1;
                        Principal subjectDN = list2.get(i12).getSubjectDN();
                        Principal issuerDN = x509Certificate2.getIssuerDN();
                        PublicKey publicKey = list2.get(i12).getPublicKey();
                        Objects.toString(issuerDN);
                        Objects.toString(subjectDN);
                        if (!issuerDN.equals(subjectDN)) {
                            i.b(f22643a, "checkCertChainTrusted: Issuer not match upper cert,index{" + i10 + "].");
                            throw new CertException.CertChainVerifyException("checkCertChainTrusted: Issuer not match upper cert,index{" + i10 + "].");
                        }
                        x509Certificate2.verify(publicKey);
                        i10 = i12;
                    } catch (InvalidKeyException e10) {
                        i.a("checkCertChainTrusted: InvalidKeyException.detail: " + e10.getMessage());
                        throw new CertException.CertChainVerifyException("InvalidKeyException.detail:" + e10.getMessage());
                    } catch (NoSuchAlgorithmException e11) {
                        i.a("checkCertChainTrusted: NoSuchAlgorithmException.detail: " + e11.getMessage());
                        throw new CertException.CertChainVerifyException("NoSuchAlgorithmException.detail:" + e11.getMessage());
                    } catch (NoSuchProviderException e12) {
                        i.a("checkCertChainTrusted: NoSuchProviderException.detail: " + e12.getMessage());
                        throw new CertException.CertChainVerifyException("NoSuchProviderException.detail:" + e12.getMessage());
                    } catch (SignatureException e13) {
                        i.a("checkCertChainTrusted: SignatureException.detail: " + e13.getMessage());
                        throw new CertException.CertChainVerifyException("SignatureException.detail:" + e13.getMessage());
                    } catch (CertificateException e14) {
                        i.a("checkCertChainTrusted.detail: " + e14.getMessage());
                        throw new CertException.CertChainVerifyException("CertificateException.detail:" + e14.getMessage());
                    }
                }
            }
        }
        i.b(f22643a, "checkCertChainTrusted:parameter error,anchorCertList must not be null or < 1.");
        throw new IllegalArgumentException("parameter invalid.anchorCertList must not be null or < 1 .");
    }

    private static void a(Context context, h hVar, List<String> list) {
        String str;
        if (context == null || list == null || list.isEmpty()) {
            str = "saveCertChainAlias: parameter invalid.";
        } else {
            SharedPreferences.Editor edit = context.getSharedPreferences(f22646d, 0).edit();
            edit.putString(hVar.getEnvConfig().getEnvName() + "_" + f22647e, new Gson().toJson(list));
            str = "saveCertChainAlias,commitResult:" + edit.commit();
        }
        i.c(f22643a, str);
    }

    private static boolean a(List<X509Certificate> list) {
        try {
            for (X509Certificate x509Certificate : list) {
                x509Certificate.checkValidity();
                Objects.toString(x509Certificate.getNotBefore());
                Objects.toString(x509Certificate.getNotAfter());
            }
            return true;
        } catch (Exception e10) {
            e10.getMessage();
            return false;
        }
    }

    public static List<String> b(Context context, h hVar, List<X509Certificate> list) {
        try {
            if (f22649g == null) {
                i.b(f22643a, "saveTrustedCertChain: android key store can not use,should not take place always,and cert chain would not be persistent storage.");
                return null;
            }
            if (list != null && list.size() != 0) {
                ArrayList arrayList = new ArrayList();
                for (X509Certificate x509Certificate : list) {
                    arrayList.add(hVar.getEnvConfig().getEnvName() + "_" + f22648f + list.indexOf(x509Certificate));
                    i.c(f22643a, "saveTrustedCertChain: " + hVar.getEnvConfig().getEnvName() + "_" + f22648f + list.indexOf(x509Certificate) + " had save into android key store.");
                    KeyStore keyStore = f22649g;
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append(hVar.getEnvConfig().getEnvName());
                    sb2.append("_");
                    sb2.append(f22648f);
                    sb2.append(list.indexOf(x509Certificate));
                    keyStore.setCertificateEntry(sb2.toString(), x509Certificate);
                }
                a(context, hVar, arrayList);
                return arrayList;
            }
            i.b(f22643a, "saveTrustedCertChain: cert chain is empty,would not save anythings.");
            return null;
        } catch (Exception e10) {
            i.b(f22643a, "saveTrustedCertChain: exception:" + e10.getMessage());
            return null;
        }
    }

    public static void b(Context context, h hVar) {
        try {
            if (context == null) {
                i.b(f22643a, "deleteKmsCertChain: parameter invalid,context must not be null.");
                return;
            }
            SharedPreferences.Editor edit = context.getSharedPreferences(f22646d, 0).edit();
            List<String> c10 = c(context, hVar);
            if (c10 == null) {
                i.c(f22643a, "deleteKmsCertChain: no any kms cert aliases found.");
                edit.clear();
                return;
            }
            for (String str : c10) {
                if (f22649g.containsAlias(str)) {
                    f22649g.deleteEntry(str);
                } else {
                    i.c(f22643a, "deleteKmsCertChain: key store not contains alias:" + str);
                }
            }
            i.c(f22643a, "deleteKmsCertChain: commitResult:" + edit.clear().commit());
        } catch (KeyStoreException e10) {
            i.c(f22643a, "deleteKmsCertChain: exception:" + e10.getMessage());
        }
    }

    private static List<String> c(Context context, h hVar) {
        try {
            if (context == null) {
                i.c(f22643a, "getInterCertAlias,parameter invalid.");
                return null;
            }
            String string = context.getSharedPreferences(f22646d, 0).getString(hVar.getEnvConfig().getEnvName() + "_" + f22647e, null);
            if (string == null) {
                i.c(f22643a, "getCertChainAliasList: not found aliases info.");
                return null;
            }
            List<String> list = (List) new Gson().fromJson(string, new a().getType());
            list.toString();
            return list;
        } catch (Exception e10) {
            i.c(f22643a, "getCertChainAliasList: fail." + e10.getMessage());
            return null;
        }
    }
}
