package at.bitfire.cert4android;

import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.os.Bundle;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
import android.util.SparseBooleanArray;
import java.io.Closeable;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CustomCertManager.kt */
/* loaded from: classes.dex */
public final class CustomCertManager implements Closeable, X509TrustManager {
    private static final Messenger messenger;
    public boolean appInForeground;
    private final Context context;
    private Messenger service;
    private final ServiceConnection serviceConnection;
    private final X509TrustManager systemTrustManager;
    public static final Companion Companion = new Companion(null);
    public static long SERVICE_TIMEOUT = 300000;
    private static final AtomicInteger nextDecisionID = new AtomicInteger();
    private static final SparseBooleanArray decisions = new SparseBooleanArray();
    private static final Object decisionLock = new Object();
    private static final HandlerThread messengerThread = new HandlerThread("CustomCertificateManager.Messenger");

    /* compiled from: CustomCertManager.kt */
    /* loaded from: classes.dex */
    public static final class Companion {

        /* compiled from: CustomCertManager.kt */
        /* loaded from: classes.dex */
        private static final class MessageHandler implements Handler.Callback {
            @Override // android.os.Handler.Callback
            public boolean handleMessage(Message msg) {
                Intrinsics.checkParameterIsNotNull(msg, "msg");
                Constants.log.fine("Received reply from CustomCertificateService: " + msg);
                if (msg.what != CustomCertService.Companion.getMSG_CERTIFICATE_DECISION()) {
                    return false;
                }
                synchronized (CustomCertManager.Companion.getDecisionLock()) {
                    CustomCertManager.Companion.getDecisions().put(msg.arg1, msg.arg2 != 0);
                    CustomCertManager.Companion.getDecisionLock().notifyAll();
                }
                return true;
            }
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final Object getDecisionLock() {
            return CustomCertManager.decisionLock;
        }

        public final SparseBooleanArray getDecisions() {
            return CustomCertManager.decisions;
        }

        public final Messenger getMessenger() {
            return CustomCertManager.messenger;
        }

        public final HandlerThread getMessengerThread() {
            return CustomCertManager.messengerThread;
        }

        public final AtomicInteger getNextDecisionID() {
            return CustomCertManager.nextDecisionID;
        }
    }

    /* compiled from: CustomCertManager.kt */
    /* loaded from: classes.dex */
    public final class CustomHostnameVerifier implements HostnameVerifier {
        private final HostnameVerifier defaultVerifier;

        public CustomHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultVerifier = hostnameVerifier;
        }

        public final HostnameVerifier getDefaultVerifier() {
            return this.defaultVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String host, SSLSession sslSession) {
            Intrinsics.checkParameterIsNotNull(host, "host");
            Intrinsics.checkParameterIsNotNull(sslSession, "sslSession");
            Constants.log.fine("Verifying certificate for " + host);
            HostnameVerifier hostnameVerifier = this.defaultVerifier;
            if (Intrinsics.areEqual(hostnameVerifier != null ? Boolean.valueOf(hostnameVerifier.verify(host, sslSession)) : null, true)) {
                return true;
            }
            try {
                Certificate[] peerCertificates = sslSession.getPeerCertificates();
                if ((!(peerCertificates.length == 0)) && (peerCertificates[0] instanceof X509Certificate)) {
                    CustomCertManager customCertManager = CustomCertManager.this;
                    Certificate certificate = peerCertificates[0];
                    if (certificate == null) {
                        throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    customCertManager.checkCustomTrusted$cert4android_release((X509Certificate) certificate);
                    Constants.log.fine("Certificate is in custom trust store, accepting");
                    return true;
                }
            } catch (CertificateException e) {
            } catch (SSLPeerUnverifiedException e2) {
                Constants.log.log(Level.WARNING, "Couldn't get certificate for host name verification", (Throwable) e2);
            }
            return false;
        }
    }

    static {
        Companion.getMessengerThread().start();
        messenger = new Messenger(new Handler(Companion.getMessengerThread().getLooper(), new Companion.MessageHandler()));
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public CustomCertManager(Context context, boolean z) {
        this(context, z, null);
        Intrinsics.checkParameterIsNotNull(context, "context");
    }

    public CustomCertManager(Context context, boolean z, Messenger messenger2) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        this.context = context;
        this.systemTrustManager = z ? CertUtils.getTrustManager(null) : null;
        if (messenger2 != null) {
            this.service = messenger2;
            this.serviceConnection = (ServiceConnection) null;
        } else {
            this.serviceConnection = new ServiceConnection() { // from class: at.bitfire.cert4android.CustomCertManager.1
                @Override // android.content.ServiceConnection
                public void onServiceConnected(ComponentName className, IBinder binder) {
                    Intrinsics.checkParameterIsNotNull(className, "className");
                    Intrinsics.checkParameterIsNotNull(binder, "binder");
                    Constants.log.fine("Connected to service");
                    CustomCertManager.this.setService(new Messenger(binder));
                }

                @Override // android.content.ServiceConnection
                public void onServiceDisconnected(ComponentName className) {
                    Intrinsics.checkParameterIsNotNull(className, "className");
                    CustomCertManager.this.setService((Messenger) null);
                }
            };
            if (context.bindService(new Intent(context, (Class<?>) CustomCertService.class), this.serviceConnection, 1)) {
                return;
            }
            Constants.log.severe("Couldn't bind CustomCertService to context");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("cert4android doesn't validate client certificates");
    }

    public final void checkCustomTrusted$cert4android_release(X509Certificate cert) {
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        int andIncrement = Companion.getNextDecisionID().getAndIncrement();
        Constants.log.fine("Querying custom certificate trustworthiness (expecting decision " + andIncrement + ")");
        Messenger messenger2 = this.service;
        if (messenger2 == null) {
            throw new CertificateException("Custom certificate service not available");
        }
        Message obtain = Message.obtain();
        obtain.what = CustomCertService.Companion.getMSG_CHECK_TRUSTED();
        obtain.arg1 = andIncrement;
        int i = obtain.arg1;
        obtain.replyTo = Companion.getMessenger();
        Bundle bundle = new Bundle();
        bundle.putSerializable(CustomCertService.Companion.getMSG_DATA_CERTIFICATE(), cert);
        bundle.putBoolean(CustomCertService.Companion.getMSG_DATA_APP_IN_FOREGROUND(), this.appInForeground);
        obtain.setData(bundle);
        try {
            messenger2.send(obtain);
            synchronized (Companion.getDecisionLock()) {
                int indexOfKey = Companion.getDecisions().indexOfKey(i);
                long currentTimeMillis = System.currentTimeMillis();
                while (indexOfKey < 0 && System.currentTimeMillis() < SERVICE_TIMEOUT + currentTimeMillis) {
                    Constants.log.finer("Waiting for reply from service (decision " + i + ")");
                    try {
                        Companion.getDecisionLock().wait(SERVICE_TIMEOUT);
                    } catch (InterruptedException e) {
                    }
                    indexOfKey = Companion.getDecisions().indexOfKey(i);
                }
                if (indexOfKey >= 0) {
                    Constants.log.finer("Decision " + i + " received from service");
                    boolean valueAt = Companion.getDecisions().valueAt(indexOfKey);
                    Companion.getDecisions().delete(i);
                    if (!valueAt) {
                        throw new CertificateException("Certificate not trusted");
                    }
                    return;
                }
                Unit unit = Unit.INSTANCE;
                Constants.log.finer("Timeout for decision " + i + ", sending cancellation to service");
                Message obtain2 = Message.obtain();
                obtain2.what = CustomCertService.Companion.getMSG_CHECK_TRUSTED_ABORT();
                obtain2.arg1 = i;
                obtain2.replyTo = Companion.getMessenger();
                Bundle bundle2 = new Bundle();
                bundle2.putSerializable(CustomCertService.Companion.getMSG_DATA_CERTIFICATE(), cert);
                obtain2.setData(bundle2);
                try {
                    messenger2.send(obtain2);
                } catch (RemoteException e2) {
                    Constants.log.log(Level.WARNING, "Couldn't abort trustworthiness check", (Throwable) e2);
                }
                throw new CertificateException("Timeout when waiting for certificate trustworthiness decision");
            }
        } catch (RemoteException e3) {
            throw new CertificateException("Couldn't query custom certificate trustworthiness", e3);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        Intrinsics.checkParameterIsNotNull(chain, "chain");
        Intrinsics.checkParameterIsNotNull(authType, "authType");
        boolean z = false;
        X509TrustManager x509TrustManager = this.systemTrustManager;
        if (x509TrustManager != null) {
            try {
                x509TrustManager.checkServerTrusted(chain, authType);
                z = true;
            } catch (CertificateException e) {
                Constants.log.fine("Certificate not trusted by system");
            }
        }
        if (z) {
            return;
        }
        checkCustomTrusted$cert4android_release(chain[0]);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        ServiceConnection serviceConnection = this.serviceConnection;
        if (serviceConnection != null) {
            this.context.unbindService(serviceConnection);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public final Context getContext() {
        return this.context;
    }

    public final Messenger getService() {
        return this.service;
    }

    public final ServiceConnection getServiceConnection() {
        return this.serviceConnection;
    }

    public final X509TrustManager getSystemTrustManager() {
        return this.systemTrustManager;
    }

    public final CustomHostnameVerifier hostnameVerifier(HostnameVerifier hostnameVerifier) {
        return new CustomHostnameVerifier(hostnameVerifier);
    }

    public final void resetCertificates() {
        Intent intent = new Intent(this.context, (Class<?>) CustomCertService.class);
        intent.setAction(CustomCertService.CMD_RESET_CERTIFICATES);
        this.context.startService(intent);
    }

    public final void setService(Messenger messenger2) {
        this.service = messenger2;
    }
}
