package com.nextcloud.talk.utils.ssl;

import android.util.Log;
import com.nextcloud.talk.application.NextcloudTalkApplication;
import com.nextcloud.talk.events.CertificateEvent;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.greenrobot.eventbus.EventBus;

/* loaded from: classes2.dex */
public class MagicTrustManager implements X509TrustManager {
    private static final String TAG = "MagicTrustManager";
    private File keystoreFile = new File(NextcloudTalkApplication.INSTANCE.getSharedApplication().getDir("CertsKeystore", 0), "keystore.bks");
    private X509TrustManager systemTrustManager;
    private KeyStore trustedKeyStore;

    /* loaded from: classes2.dex */
    private class MagicHostnameVerifier implements HostnameVerifier {
        private static final String TAG = "MagicHostnameVerifier";
        private HostnameVerifier defaultHostNameVerifier;

        private MagicHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultHostNameVerifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            if (this.defaultHostNameVerifier.verify(str, sSLSession)) {
                return true;
            }
            try {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
                if (x509CertificateArr.length > 0) {
                    return MagicTrustManager.this.isCertInTrustStore(x509CertificateArr, str);
                }
                return false;
            } catch (SSLPeerUnverifiedException unused) {
                Log.d(TAG, "Couldn't get certificate for host name verification");
                return false;
            }
        }
    }

    public MagicTrustManager() {
        this.systemTrustManager = null;
        this.trustedKeyStore = null;
        try {
            try {
                this.trustedKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.trustedKeyStore.load(new FileInputStream(this.keystoreFile), null);
            } catch (Exception e) {
                Log.d(TAG, "Failed to create in-memory key store " + e.getLocalizedMessage());
            }
        } catch (Exception unused) {
            this.trustedKeyStore.load(null, null);
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.systemTrustManager = (X509TrustManager) trustManager;
                    return;
                }
            }
        } catch (Exception e2) {
            Log.d(TAG, "Failed to load default trust manager " + e2.getLocalizedMessage());
        }
    }

    private boolean isCertInMagicTrustStore(X509Certificate x509Certificate) {
        KeyStore keyStore = this.trustedKeyStore;
        if (keyStore != null) {
            try {
                if (keyStore.getCertificateAlias(x509Certificate) != null) {
                    return true;
                }
            } catch (KeyStoreException unused) {
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isCertInTrustStore(X509Certificate[] x509CertificateArr, String str) {
        X509TrustManager x509TrustManager = this.systemTrustManager;
        if (x509TrustManager == null) {
            return false;
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        try {
            x509TrustManager.checkServerTrusted(x509CertificateArr, str);
            return true;
        } catch (CertificateException unused) {
            if (isCertInMagicTrustStore(x509Certificate)) {
                return true;
            }
            EventBus.getDefault().post(new CertificateEvent(x509Certificate, this, null));
            long currentTimeMillis = System.currentTimeMillis();
            while (!isCertInMagicTrustStore(x509Certificate) && System.currentTimeMillis() <= 15000 + currentTimeMillis) {
            }
            return isCertInMagicTrustStore(x509Certificate);
        }
    }

    public void addCertInTrustStore(X509Certificate x509Certificate) {
        KeyStore keyStore = this.trustedKeyStore;
        if (keyStore != null) {
            try {
                keyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
                this.trustedKeyStore.store(new FileOutputStream(this.keystoreFile), null);
            } catch (Exception e) {
                Log.d(TAG, "Failed to set certificate entry " + e.getLocalizedMessage());
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.systemTrustManager.checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (!isCertInTrustStore(x509CertificateArr, str)) {
            throw new CertificateException();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.systemTrustManager.getAcceptedIssuers();
    }

    public HostnameVerifier getHostnameVerifier(HostnameVerifier hostnameVerifier) {
        return new MagicHostnameVerifier(hostnameVerifier);
    }
}
