package at.bitfire.cert4android;

import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.os.Bundle;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
import android.util.SparseArray;
import java.io.Closeable;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CustomCertManager implements X509TrustManager, Closeable {
    public static final int MSG_CERTIFICATE_DECISION = 0;
    public static int SERVICE_TIMEOUT = 300000;
    public static final Object decisionLock;
    public static final SparseArray<Boolean> decisions;
    public static final Messenger messenger;
    public static final HandlerThread messengerThread;
    public static final AtomicInteger nextDecisionID;
    public boolean appInForeground;
    public final Context context;
    public Messenger service;
    public ServiceConnection serviceConnection;
    public final X509TrustManager systemTrustManager;

    /* loaded from: classes.dex */
    public class CustomHostnameVerifier implements HostnameVerifier {
        public final HostnameVerifier defaultVerifier;

        public CustomHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultVerifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            Constants.log.fine("Verifying certificate for " + str);
            HostnameVerifier hostnameVerifier = this.defaultVerifier;
            if (hostnameVerifier != null && hostnameVerifier.verify(str, sSLSession)) {
                return true;
            }
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if ((peerCertificates instanceof X509Certificate[]) && peerCertificates.length > 0) {
                    CustomCertManager.this.checkCustomTrusted((X509Certificate) peerCertificates[0]);
                    Constants.log.fine("Certificate is in custom trust store, accepting");
                    return true;
                }
            } catch (CertificateException unused) {
            } catch (SSLPeerUnverifiedException e) {
                Constants.log.log(Level.WARNING, "Couldn't get certificate for host name verification", (Throwable) e);
            }
            return false;
        }
    }

    /* loaded from: classes.dex */
    public static class MessageHandler implements Handler.Callback {
        public MessageHandler() {
        }

        @Override // android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            Constants.log.fine("Received reply from CustomCertificateService: " + message);
            if (message.what != 0) {
                return false;
            }
            synchronized (CustomCertManager.decisionLock) {
                CustomCertManager.decisions.put(message.arg1, Boolean.valueOf(message.arg2 != 0));
                CustomCertManager.decisionLock.notifyAll();
            }
            return true;
        }
    }

    static {
        HandlerThread handlerThread = new HandlerThread("CustomCertificateManager.Messenger");
        messengerThread = handlerThread;
        handlerThread.start();
        messenger = new Messenger(new Handler(messengerThread.getLooper(), new MessageHandler()));
        nextDecisionID = new AtomicInteger();
        decisions = new SparseArray<>();
        decisionLock = new Object();
    }

    public CustomCertManager(Context context, boolean z) {
        this(context, z, null);
    }

    public CustomCertManager(Context context, boolean z, Messenger messenger2) {
        this.appInForeground = false;
        this.serviceConnection = new ServiceConnection() { // from class: at.bitfire.cert4android.CustomCertManager.1
            @Override // android.content.ServiceConnection
            public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
                Constants.log.fine("Connected to service");
                CustomCertManager.this.service = new Messenger(iBinder);
            }

            @Override // android.content.ServiceConnection
            public void onServiceDisconnected(ComponentName componentName) {
                CustomCertManager.this.service = null;
            }
        };
        this.context = context;
        this.systemTrustManager = z ? CertUtils.getTrustManager(null) : null;
        if (messenger2 != null) {
            this.service = messenger2;
            this.serviceConnection = null;
        } else {
            if (context.bindService(new Intent(context, (Class<?>) CustomCertService.class), this.serviceConnection, 1)) {
                return;
            }
            Constants.log.severe("Couldn't bind CustomCertService to context");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("cert4android doesn't validate client certificates");
    }

    public void checkCustomTrusted(X509Certificate x509Certificate) throws CertificateException {
        Constants.log.fine("Querying custom certificate trustworthiness");
        if (this.service == null) {
            throw new CertificateException("Custom certificate service not available");
        }
        Message obtain = Message.obtain();
        obtain.what = 1;
        int andIncrement = nextDecisionID.getAndIncrement();
        obtain.arg1 = andIncrement;
        obtain.replyTo = messenger;
        Bundle bundle = new Bundle();
        bundle.putSerializable("certificate", x509Certificate);
        bundle.putBoolean(CustomCertService.MSG_DATA_APP_IN_FOREGROUND, this.appInForeground);
        obtain.setData(bundle);
        try {
            this.service.send(obtain);
            long currentTimeMillis = System.currentTimeMillis();
            synchronized (decisionLock) {
                while (System.currentTimeMillis() < SERVICE_TIMEOUT + currentTimeMillis) {
                    try {
                        decisionLock.wait(SERVICE_TIMEOUT);
                        Boolean bool = decisions.get(andIncrement);
                        if (bool != null) {
                            decisions.delete(andIncrement);
                            if (!bool.booleanValue()) {
                                throw new CertificateException("Certificate not trusted");
                            }
                        }
                    } catch (InterruptedException e) {
                        throw new CertificateException("Trustworthiness check interrupted", e);
                    }
                }
                Message obtain2 = Message.obtain();
                obtain2.what = 2;
                obtain2.arg1 = andIncrement;
                obtain2.replyTo = messenger;
                Bundle bundle2 = new Bundle();
                bundle2.putSerializable("certificate", x509Certificate);
                obtain2.setData(bundle2);
                try {
                    this.service.send(obtain2);
                } catch (RemoteException e2) {
                    Constants.log.log(Level.WARNING, "Couldn't abort trustworthiness check", (Throwable) e2);
                }
                throw new CertificateException("Timeout when waiting for certificate trustworthiness decision");
            }
        } catch (RemoteException e3) {
            throw new CertificateException("Couldn't query custom certificate trustworthiness", e3);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x0014  */
    /* JADX WARN: Removed duplicated region for block: B:8:? A[RETURN, SYNTHETIC] */
    @Override // javax.net.ssl.X509TrustManager
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void checkServerTrusted(java.security.cert.X509Certificate[] r3, java.lang.String r4) throws java.security.cert.CertificateException {
        /*
            r2 = this;
            javax.net.ssl.X509TrustManager r0 = r2.systemTrustManager
            r1 = 0
            if (r0 == 0) goto L11
            r0.checkServerTrusted(r3, r4)     // Catch: java.security.cert.CertificateException -> La
            r4 = 1
            goto L12
        La:
            java.util.logging.Logger r4 = at.bitfire.cert4android.Constants.log
            java.lang.String r0 = "Certificate not trusted by system"
            r4.fine(r0)
        L11:
            r4 = 0
        L12:
            if (r4 != 0) goto L19
            r3 = r3[r1]
            r2.checkCustomTrusted(r3)
        L19:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: at.bitfire.cert4android.CustomCertManager.checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String):void");
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        ServiceConnection serviceConnection = this.serviceConnection;
        if (serviceConnection != null) {
            this.context.unbindService(serviceConnection);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public HostnameVerifier hostnameVerifier(HostnameVerifier hostnameVerifier) {
        return new CustomHostnameVerifier(hostnameVerifier);
    }

    public void resetCertificates() {
        Intent intent = new Intent(this.context, (Class<?>) CustomCertService.class);
        intent.setAction(CustomCertService.CMD_RESET_CERTIFICATES);
        this.context.startService(intent);
    }
}
