package nya.miku.wishmaster.http.client;

import android.app.Activity;
import android.app.AlertDialog;
import android.content.Context;
import android.content.DialogInterface;
import cz.msebera.android.httpclient.conn.ssl.X509HostnameVerifier;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
import java.util.Locale;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import nya.miku.wishmaster.R;
import nya.miku.wishmaster.common.Logger;
import nya.miku.wishmaster.ui.tabs.TabModel;

/* loaded from: classes.dex */
public class ExtendedTrustManager implements X509TrustManager {
    public static final int DECISION_ABORT = 1;
    public static final int DECISION_ALWAYS = 3;
    public static final int DECISION_INVALID = 0;
    public static final int DECISION_ONCE = 2;
    private static final String KEYSTORE_DIR = "trusted_keystore";
    private static final String KEYSTORE_FILE = "trusted_keystore.bks";
    private static final String KEYSTORE_PASSWORD = "password";
    private static final String TAG = "ExtendedTrustManager";
    private static Activity foregroundAct;
    private static Context staticContext;
    private KeyStore appKeyStore;
    private File appKeyStoreFile;
    private X509TrustManager appTrustManager;
    private Context context;
    private X509TrustManager defaultTrustManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: nya.miku.wishmaster.http.client.ExtendedTrustManager$1Decision, reason: invalid class name */
    /* loaded from: classes.dex */
    public class C1Decision {
        int state = 0;

        C1Decision() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: nya.miku.wishmaster.http.client.ExtendedTrustManager$1DlgRunnable, reason: invalid class name */
    /* loaded from: classes.dex */
    public class C1DlgRunnable implements DialogInterface.OnCancelListener, DialogInterface.OnClickListener, Runnable {
        final /* synthetic */ Activity val$activity;
        final /* synthetic */ C1Decision val$decision;
        final /* synthetic */ String val$message;
        final /* synthetic */ int val$titleId;

        C1DlgRunnable(Activity activity, int i, String str, C1Decision c1Decision) {
            this.val$activity = activity;
            this.val$titleId = i;
            this.val$message = str;
            this.val$decision = c1Decision;
        }

        @Override // android.content.DialogInterface.OnCancelListener
        public void onCancel(DialogInterface dialogInterface) {
            sendDecision(1);
        }

        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            int i2;
            dialogInterface.dismiss();
            switch (i) {
                case TabModel.POSITION_HISTORY /* -3 */:
                    i2 = 2;
                    break;
                case -2:
                default:
                    i2 = 1;
                    break;
                case -1:
                    i2 = 3;
                    break;
            }
            sendDecision(i2);
        }

        @Override // java.lang.Runnable
        public void run() {
            new AlertDialog.Builder(this.val$activity).setTitle(this.val$titleId).setMessage(this.val$message).setPositiveButton(R.string.ssl_decision_always, this).setNeutralButton(R.string.ssl_decision_once, this).setNegativeButton(R.string.ssl_decision_abort, this).setOnCancelListener(this).create().show();
        }

        void sendDecision(int i) {
            Logger.d(ExtendedTrustManager.TAG, "notify dicision " + i + "on " + this.val$decision);
            synchronized (this.val$decision) {
                this.val$decision.state = i;
                this.val$decision.notify();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExtendedTrustManager() {
        if (staticContext == null) {
            throw new IllegalStateException("set app context (call ExtendedTrustManager.setAppContext() in onCreate() of the application)");
        }
        this.context = staticContext;
        this.appKeyStoreFile = new File(this.context.getDir(KEYSTORE_DIR, 0), KEYSTORE_FILE);
        this.appKeyStore = loadAppKeyStore(this.appKeyStoreFile);
        this.appTrustManager = getTrustManager(this.appKeyStore);
        this.defaultTrustManager = getTrustManager(null);
    }

    public static void bindActivity(Activity activity) {
        foregroundAct = activity;
    }

    private String certChainMessage(X509Certificate[] x509CertificateArr, CertificateException certificateException) {
        Throwable th = certificateException;
        while (th.getCause() != null) {
            th = th.getCause();
        }
        StringBuilder sb = new StringBuilder();
        if (th instanceof CertPathValidatorException) {
            sb.append(this.context.getString(R.string.ssl_trust_anchor));
        } else if (th instanceof CertificateExpiredException) {
            sb.append(this.context.getString(R.string.ssl_cert_expired));
        } else {
            sb.append(th.getLocalizedMessage() != null ? th.getLocalizedMessage() : th.getClass().getSimpleName());
        }
        sb.append("\n\n");
        sb.append(this.context.getString(R.string.ssl_connect_anyway));
        sb.append("\n\n");
        sb.append(this.context.getString(R.string.ssl_cert_details));
        sb.append("\n");
        certDetails(sb, x509CertificateArr[0]);
        return sb.toString();
    }

    public static void certDetails(StringBuilder sb, X509Certificate x509Certificate) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd", Locale.US);
        sb.append(x509Certificate.getSubjectDN().toString());
        sb.append("\n");
        sb.append(simpleDateFormat.format(x509Certificate.getNotBefore()));
        sb.append(" - ");
        sb.append(simpleDateFormat.format(x509Certificate.getNotAfter()));
        sb.append("\nSHA-256: ");
        sb.append(certHash(x509Certificate, "SHA-256"));
        sb.append("\nSHA-1: ");
        sb.append(certHash(x509Certificate, "SHA-1"));
        sb.append("\nSigned by: ");
        sb.append(x509Certificate.getIssuerDN().toString());
    }

    private static String certHash(X509Certificate x509Certificate, String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(x509Certificate.getEncoded());
            return hexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return e.getMessage();
        } catch (CertificateEncodingException e2) {
            return e2.getMessage();
        }
    }

    private void checkCertTrusted(X509Certificate[] x509CertificateArr, String str, boolean z) throws CertificateException {
        try {
            Logger.d(TAG, "checkCertTrusted: trying appTrustManager");
            if (z) {
                this.appTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.appTrustManager.checkClientTrusted(x509CertificateArr, str);
            }
        } catch (CertificateException e) {
            Logger.d(TAG, "checkCertTrusted: appTrustManager did not verify certificate. Will fall back to secondary verification mechanisms (if any). " + e);
            if (isExpiredException(e)) {
                Logger.d(TAG, "checkCertTrusted: accepting expired certificate from keystore");
                return;
            }
            if (isCertKnown(x509CertificateArr[0])) {
                Logger.d(TAG, "checkCertTrusted: accepting cert already stored in keystore");
                return;
            }
            try {
                if (this.defaultTrustManager == null) {
                    throw e;
                }
                Logger.d(TAG, "checkCertTrusted: trying defaultTrustManager");
                if (z) {
                    this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
                } else {
                    this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
                }
            } catch (CertificateException e2) {
                Logger.e(TAG, "checkCertTrusted: defaultTrustManager failed", e2);
                interactCert(x509CertificateArr, str, e2);
            }
        }
    }

    private static X509TrustManager getTrustManager(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
        } catch (Exception e) {
            Logger.e(TAG, "getTrustManager(" + keyStore + ")", e);
        }
        return null;
    }

    private static String hexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            sb.append(String.format("%02X", Byte.valueOf(bArr[i])));
            if (i < bArr.length - 1) {
                sb.append(":");
            }
        }
        return sb.toString();
    }

    private String hostNameMessage(X509Certificate x509Certificate, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(this.context.getString(R.string.ssl_hostname_mismatch, str));
        sb.append("\n\n");
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                sb.append(x509Certificate.getSubjectDN());
                sb.append("\n");
            } else {
                for (List<?> list : subjectAlternativeNames) {
                    Object obj = list.get(1);
                    if (obj instanceof String) {
                        sb.append("[");
                        sb.append(list.get(0));
                        sb.append("] ");
                        sb.append(obj);
                        sb.append("\n");
                    }
                }
            }
        } catch (CertificateParsingException e) {
            Logger.e(TAG, e);
            sb.append("<Parsing error: ");
            sb.append(e.getLocalizedMessage());
            sb.append(">\n");
        }
        sb.append("\n");
        sb.append(this.context.getString(R.string.ssl_connect_anyway));
        sb.append("\n\n");
        sb.append(this.context.getString(R.string.ssl_cert_details));
        sb.append("\n");
        certDetails(sb, x509Certificate);
        return sb.toString();
    }

    private int interact(String str, int i) {
        Activity activity = foregroundAct;
        if (activity == null) {
            return 1;
        }
        C1Decision c1Decision = new C1Decision();
        activity.runOnUiThread(new C1DlgRunnable(activity, i, str, c1Decision));
        Logger.d(TAG, "waiting on decision " + c1Decision);
        try {
            synchronized (c1Decision) {
                c1Decision.wait();
            }
        } catch (InterruptedException e) {
            Logger.e(TAG, "InterruptedException", e);
        }
        Logger.d(TAG, "finished wait on " + c1Decision);
        return c1Decision.state;
    }

    private void interactCert(X509Certificate[] x509CertificateArr, String str, CertificateException certificateException) throws CertificateException {
        switch (interact(certChainMessage(x509CertificateArr, certificateException), R.string.ssl_accept_cert)) {
            case 2:
                return;
            case 3:
                storeCert(x509CertificateArr[0]);
                return;
            default:
                throw certificateException;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean interactHostname(X509Certificate x509Certificate, String str) {
        switch (interact(hostNameMessage(x509Certificate, str), R.string.ssl_accept_servername)) {
            case 3:
                storeCert(str, x509Certificate);
            case 2:
                return true;
            default:
                return false;
        }
    }

    private boolean isCertKnown(X509Certificate x509Certificate) {
        try {
            return this.appKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    private static boolean isExpiredException(Throwable th) {
        while (th != null) {
            if (th instanceof CertificateExpiredException) {
                return true;
            }
            th = th.getCause();
        }
        return false;
    }

    private void keyStoreUpdated() {
        FileOutputStream fileOutputStream;
        this.appTrustManager = getTrustManager(this.appKeyStore);
        FileOutputStream fileOutputStream2 = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(this.appKeyStoreFile);
            } catch (Exception e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            this.appKeyStore.store(fileOutputStream, KEYSTORE_PASSWORD.toCharArray());
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e2) {
                    Logger.e(TAG, "storeCert(" + this.appKeyStoreFile + ")", e2);
                }
            }
        } catch (Exception e3) {
            e = e3;
            fileOutputStream2 = fileOutputStream;
            Logger.e(TAG, "storeCert(" + this.appKeyStoreFile + ")", e);
            if (fileOutputStream2 != null) {
                try {
                    fileOutputStream2.close();
                } catch (IOException e4) {
                    Logger.e(TAG, "storeCert(" + this.appKeyStoreFile + ")", e4);
                }
            }
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            if (fileOutputStream2 != null) {
                try {
                    fileOutputStream2.close();
                } catch (IOException e5) {
                    Logger.e(TAG, "storeCert(" + this.appKeyStoreFile + ")", e5);
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:39:0x00b7 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static java.security.KeyStore loadAppKeyStore(java.io.File r8) {
        /*
            Method dump skipped, instructions count: 291
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: nya.miku.wishmaster.http.client.ExtendedTrustManager.loadAppKeyStore(java.io.File):java.security.KeyStore");
    }

    public static void setAppContext(Context context) {
        staticContext = context;
    }

    private void storeCert(String str, Certificate certificate) {
        try {
            this.appKeyStore.setCertificateEntry(str, certificate);
            keyStoreUpdated();
        } catch (KeyStoreException e) {
            Logger.e(TAG, "storeCert(" + certificate + ")", e);
        }
    }

    private void storeCert(X509Certificate x509Certificate) {
        storeCert(x509Certificate.getSubjectDN().toString(), x509Certificate);
    }

    public static void unbindActivity() {
        foregroundAct = null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkCertTrusted(x509CertificateArr, str, true);
    }

    public void deleteCertificate(String str) throws KeyStoreException {
        this.appKeyStore.deleteEntry(str);
        keyStoreUpdated();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.defaultTrustManager.getAcceptedIssuers();
    }

    public Certificate getCertificate(String str) {
        try {
            return this.appKeyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    public Enumeration<String> getCertificates() {
        try {
            return this.appKeyStore.aliases();
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509HostnameVerifier wrapHostnameVerifier(final X509HostnameVerifier x509HostnameVerifier) {
        if (x509HostnameVerifier == null) {
            throw new IllegalArgumentException("The default verifier may not be null");
        }
        return new X509HostnameVerifier() { // from class: nya.miku.wishmaster.http.client.ExtendedTrustManager.1
            private boolean verifyCert(String str, X509Certificate x509Certificate) {
                try {
                    if (x509Certificate.equals(ExtendedTrustManager.this.appKeyStore.getCertificate(str.toLowerCase(Locale.US)))) {
                        return true;
                    }
                    return ExtendedTrustManager.this.interactHostname(x509Certificate, str);
                } catch (Exception e) {
                    Logger.e(ExtendedTrustManager.TAG, e);
                    return false;
                }
            }

            @Override // cz.msebera.android.httpclient.conn.ssl.X509HostnameVerifier
            public void verify(String str, X509Certificate x509Certificate) throws SSLException {
                try {
                    x509HostnameVerifier.verify(str, x509Certificate);
                } catch (Exception e) {
                    if (!verifyCert(str, x509Certificate)) {
                        throw e;
                    }
                }
            }

            @Override // cz.msebera.android.httpclient.conn.ssl.X509HostnameVerifier
            public void verify(String str, SSLSocket sSLSocket) throws IOException {
                try {
                    x509HostnameVerifier.verify(str, sSLSocket);
                } catch (Exception e) {
                    if (!verifyCert(str, (X509Certificate) sSLSocket.getSession().getPeerCertificates()[0])) {
                        throw e;
                    }
                }
            }

            @Override // cz.msebera.android.httpclient.conn.ssl.X509HostnameVerifier
            public void verify(String str, String[] strArr, String[] strArr2) throws SSLException {
                x509HostnameVerifier.verify(str, strArr, strArr2);
            }

            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                if (x509HostnameVerifier.verify(str, sSLSession)) {
                    Logger.d(ExtendedTrustManager.TAG, "default verifier accepted " + str);
                    return true;
                }
                try {
                    return verifyCert(str, (X509Certificate) sSLSession.getPeerCertificates()[0]);
                } catch (Exception e) {
                    Logger.e(ExtendedTrustManager.TAG, e);
                    return false;
                }
            }
        };
    }
}
