package io.mrarm.irc.config;

import android.content.Context;
import android.text.SpannableString;
import android.text.TextUtils;
import android.text.style.StyleSpan;
import android.util.Log;
import io.mrarm.irc.util.ColoredTextBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.ref.WeakReference;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes2.dex */
public class ServerCertificateManager {
    private static final String TAG = "CertificateManager";
    private static final Map<String, WeakReference<ServerCertificateManager>> mInstances = new HashMap();
    private KeyStore mKeyStore;
    private File mKeyStoreFile;
    private X509TrustManager mKeyStoreTrustManager;

    private ServerCertificateManager(File file) {
        this.mKeyStoreFile = file;
        if (file == null || !file.exists()) {
            return;
        }
        try {
            loadKeyStore(new FileInputStream(this.mKeyStoreFile));
        } catch (Exception e) {
            Log.w(TAG, "Failed to load keystore");
            this.mKeyStore = null;
        }
    }

    public static String buildCertAppliesToString(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    Integer num = (Integer) list.get(0);
                    if (num.intValue() == 2 || num.intValue() == 7) {
                        arrayList.add((String) list.get(1));
                    }
                }
            }
        } catch (CertificateParsingException e) {
        }
        return arrayList.size() == 0 ? "none" : TextUtils.join(",", arrayList.toArray());
    }

    public static SpannableString buildCertOverviewString(X509Certificate x509Certificate) {
        try {
            StringBuilder sb = new StringBuilder();
            for (byte b : MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(x509Certificate.getEncoded())) {
                sb.append(String.format("%02x ", Byte.valueOf(b)));
            }
            String sb2 = sb.toString();
            ColoredTextBuilder coloredTextBuilder = new ColoredTextBuilder();
            coloredTextBuilder.append("Subject: ", new StyleSpan(1));
            coloredTextBuilder.append(x509Certificate.getSubjectX500Principal().getName().replace(",", ",\u200b"), new Object[0]);
            coloredTextBuilder.append("\nApplies to: ", new StyleSpan(1));
            coloredTextBuilder.append(buildCertAppliesToString(x509Certificate), new Object[0]);
            coloredTextBuilder.append("\nIssuer: ", new StyleSpan(1));
            coloredTextBuilder.append(x509Certificate.getIssuerDN().toString().replace(",", ",\u200b"), new Object[0]);
            coloredTextBuilder.append("\nSHA1 fingerprint:\n", new StyleSpan(1));
            coloredTextBuilder.append(sb2, new Object[0]);
            return SpannableString.valueOf(coloredTextBuilder.getSpannable());
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private void createKeyStoreIfNull() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        synchronized (this) {
            if (this.mKeyStore == null) {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.mKeyStore = keyStore;
                keyStore.load(null, null);
            }
        }
    }

    public static X509TrustManager createKeyStoreTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public static ServerCertificateManager get(Context context, UUID uuid) {
        return get(ServerConfigManager.getInstance(context).getServerSSLCertsFile(uuid));
    }

    public static ServerCertificateManager get(File file) {
        ServerCertificateManager serverCertificateManager;
        Map<String, WeakReference<ServerCertificateManager>> map = mInstances;
        synchronized (map) {
            WeakReference<ServerCertificateManager> weakReference = map.get(file.getAbsolutePath());
            if (weakReference != null && (serverCertificateManager = weakReference.get()) != null) {
                return serverCertificateManager;
            }
            ServerCertificateManager serverCertificateManager2 = new ServerCertificateManager(file);
            map.put(file.getAbsolutePath(), new WeakReference<>(serverCertificateManager2));
            return serverCertificateManager2;
        }
    }

    public void addCertificateException(X509Certificate x509Certificate) {
        synchronized (this) {
            try {
                createKeyStoreIfNull();
                this.mKeyStore.setCertificateEntry("cert-" + UUID.randomUUID(), x509Certificate);
                if (this.mKeyStoreFile != null) {
                    saveKeyStore();
                }
            } catch (Exception e) {
                Log.e(TAG, "Failed to add certificate exception");
                e.printStackTrace();
            }
        }
    }

    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        KeyStore keyStore;
        synchronized (this) {
            if (this.mKeyStoreTrustManager == null && (keyStore = this.mKeyStore) != null) {
                this.mKeyStoreTrustManager = createKeyStoreTrustManager(keyStore);
            }
            X509TrustManager x509TrustManager = this.mKeyStoreTrustManager;
            if (x509TrustManager == null) {
                throw new CertificateException("Key store is null");
            }
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
        }
    }

    protected void finalize() throws Throwable {
        Map<String, WeakReference<ServerCertificateManager>> map = mInstances;
        synchronized (map) {
            String absolutePath = this.mKeyStoreFile.getAbsolutePath();
            if (map.containsKey(absolutePath) && map.get(absolutePath).get() == this) {
                map.remove(absolutePath);
            }
        }
        super.finalize();
    }

    public X509Certificate getCertificate(String str) {
        X509Certificate x509Certificate;
        synchronized (this) {
            try {
                try {
                    x509Certificate = (X509Certificate) this.mKeyStore.getCertificate(str);
                } catch (KeyStoreException e) {
                    return null;
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return x509Certificate;
    }

    public List<String> getCertificateAliases() {
        synchronized (this) {
            KeyStore keyStore = this.mKeyStore;
            if (keyStore == null) {
                return null;
            }
            try {
                return Collections.list(keyStore.aliases());
            } catch (KeyStoreException e) {
                return null;
            }
        }
    }

    public boolean hasCertificate(Certificate certificate) throws KeyStoreException {
        boolean z;
        synchronized (this) {
            z = this.mKeyStore.getCertificateAlias(certificate) != null;
        }
        return z;
    }

    public void loadKeyStore(InputStream inputStream) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        synchronized (this) {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.mKeyStore = keyStore;
            keyStore.load(inputStream, null);
        }
    }

    public void removeCertificate(String str) {
        synchronized (this) {
            KeyStore keyStore = this.mKeyStore;
            if (keyStore == null) {
                return;
            }
            try {
                keyStore.deleteEntry(str);
                if (this.mKeyStoreFile != null) {
                    saveKeyStore();
                }
            } catch (Exception e) {
                Log.e(TAG, "Failed to remove certificate");
                e.printStackTrace();
            }
        }
    }

    public void saveKeyStore() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        saveKeyStore(new FileOutputStream(this.mKeyStoreFile));
    }

    public void saveKeyStore(OutputStream outputStream) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        synchronized (this) {
            createKeyStoreIfNull();
            this.mKeyStore.store(outputStream, null);
        }
    }
}
