package defpackage;

import android.content.Context;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class et7 implements X509TrustManager {
    public static int a;
    public KeyStore b;
    public X509TrustManager c;
    public int d;
    public X509TrustManager e;
    public File f;
    public a g;

    /* loaded from: classes.dex */
    public interface a {
        void a(c cVar);

        void b(boolean z);
    }

    /* loaded from: classes.dex */
    public static class b extends Exception {
        public b(String str) {
            super("TrustMan: " + str);
        }
    }

    /* loaded from: classes.dex */
    public static class c {
        public String a;
        public X509Certificate[] b;
        public CertificateException c;

        public String toString() {
            return "TrustContext chain=" + this.b + " authType=" + this.a + " excep=" + this.c;
        }
    }

    /* loaded from: classes.dex */
    public static class d extends CertificateException {
        public d(CertificateException certificateException) {
            super(certificateException);
        }
    }

    public et7(Context context) {
        this.f = new File(context.getFilesDir() + File.separator + "trusted-certs.keystore");
        i();
    }

    /* JADX WARN: Code restructure failed: missing block: B:0:?, code lost:
    
        r1 = r1;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean g(java.lang.Exception r1) {
        /*
        L0:
            if (r1 == 0) goto Ld
            boolean r0 = r1 instanceof et7.d
            if (r0 == 0) goto L8
            r1 = 1
            return r1
        L8:
            java.lang.Throwable r1 = r1.getCause()
            goto L0
        Ld:
            r1 = 0
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: defpackage.et7.g(java.lang.Exception):boolean");
    }

    public final void a(boolean z) {
        a aVar = this.g;
        if (aVar != null) {
            aVar.b(z);
        }
    }

    public final void b(X509Certificate[] x509CertificateArr, String str, boolean z) {
        String str2;
        Log.d("TrustMan", "checkCertTrusted(" + x509CertificateArr + ", " + str + ", " + z + ")");
        c();
        try {
            Log.d("TrustMan", "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.c.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.c.checkClientTrusted(x509CertificateArr, str);
            }
            a(true);
        } catch (CertificateException e) {
            if (f(e)) {
                str2 = "checkCertTrusted: accepting expired certificate from keystore";
            } else {
                if (!e(x509CertificateArr[0])) {
                    try {
                        Log.d("TrustMan", "checkCertTrusted: trying defaultTrustManager");
                        if (z) {
                            this.e.checkServerTrusted(x509CertificateArr, str);
                        } else {
                            this.e.checkClientTrusted(x509CertificateArr, str);
                        }
                        a(false);
                        return;
                    } catch (CertificateException e2) {
                        c cVar = new c();
                        cVar.b = x509CertificateArr;
                        cVar.a = str;
                        cVar.c = e2;
                        a aVar = this.g;
                        if (aVar != null) {
                            aVar.a(cVar);
                        }
                        throw new d(e2);
                    }
                }
                str2 = "checkCertTrusted: accepting cert already stored in keystore";
            }
            Log.d("TrustMan", str2);
            a(true);
        }
    }

    public final void c() {
        try {
            if (this.d != a) {
                i();
            }
        } catch (b e) {
            Log.e("TrustMan", "check_reload", e);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, true);
    }

    public final X509TrustManager d(KeyStore keyStore, String str) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception e) {
            Log.e("TrustMan", "getTrustManager(" + keyStore + "," + str + ")", e);
            return null;
        }
    }

    public final boolean e(X509Certificate x509Certificate) {
        try {
            return this.b.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    public final boolean f(Throwable th) {
        while (!(th instanceof CertificateExpiredException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        c();
        return this.e.getAcceptedIssuers();
    }

    public final KeyStore h() {
        KeyStore keyStore = null;
        try {
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                try {
                    try {
                        keyStore2.load(null, null);
                        keyStore2.load(new FileInputStream(this.f), "OpenVPN".toCharArray());
                    } catch (KeyStoreException e) {
                        e = e;
                        keyStore = keyStore2;
                        Log.e("TrustMan", "loadAppKeyStore()", e);
                        return keyStore;
                    }
                } catch (FileNotFoundException unused) {
                    Log.d("TrustMan", "loadAppKeyStore(" + this.f + ") - file does not exist");
                }
            } catch (Exception e2) {
                Log.e("TrustMan", "loadAppKeyStore(" + this.f + ")", e2);
            }
            return keyStore2;
        } catch (KeyStoreException e3) {
            e = e3;
        }
    }

    public final void i() {
        Log.d("TrustMan", String.format("reload certs: gen=%d/%d", Integer.valueOf(this.d), Integer.valueOf(a)));
        KeyStore h = h();
        if (h == null) {
            throw new b("could not load appKeyStore");
        }
        X509TrustManager d2 = d(null, "default");
        if (d2 == null) {
            throw new b("could not load defaultTrustManager");
        }
        X509TrustManager d3 = d(h, "app-init");
        if (d3 == null) {
            throw new b("could not load appTrustManager");
        }
        this.d = a;
        this.b = h;
        this.e = d2;
        this.c = d3;
    }

    public void j(a aVar) {
        this.g = aVar;
    }

    public void k(c cVar) {
        Log.d("TrustMan", "trust cert: " + cVar.toString());
        try {
            this.b.setCertificateEntry(cVar.b[0].getSubjectDN().toString(), cVar.b[0]);
            X509TrustManager d2 = d(this.b, "app-reload");
            if (d2 != null) {
                this.c = d2;
            }
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(this.f);
                this.b.store(fileOutputStream, "OpenVPN".toCharArray());
                fileOutputStream.close();
            } catch (Exception e) {
                Log.e("TrustMan", "trustCert(" + this.f + ")", e);
            }
        } catch (KeyStoreException e2) {
            Log.e("TrustMan", "trustCert(" + cVar.b + ")", e2);
        }
    }
}
