package com.avaya.clientservices.client;

import android.content.Context;
import com.avaya.csdk.aaadev.vantage.clickt2call.SDKManager;
import io.netty.handler.codec.memcache.binary.DefaultBinaryMemcacheRequest;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
class CustomTrustManager implements X509TrustManager {
    private static final String AUTHORITY_KEY_IDENTIFIER_OID = "2.5.29.35";
    private static final String SAVED_TRUST_STORE_TO_INTERNAL_STORAGE = "Saved trust store to internal storage: ";
    private static final String SUBJECT_KEY_IDENTIFIER_OID = "2.5.29.14";
    public static final String TRUSTED_CREDENTIALS_FILENAME = "trusted-credentials";
    private static final char[] TRUSTED_CREDENTIALS_PASSWORD = SDKManager.PASSWORD.toCharArray();
    private TrustManager[] delegates;
    private boolean isUsingPrivateTrustStore;
    private final Lock keyStoreLock;

    /* renamed from: com.avaya.clientservices.client.CustomTrustManager$3, reason: invalid class name */
    /* loaded from: classes.dex */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$com$avaya$clientservices$client$CustomTrustManager$ValidationType;

        static {
            int[] iArr = new int[ValidationType.values().length];
            $SwitchMap$com$avaya$clientservices$client$CustomTrustManager$ValidationType = iArr;
            try {
                iArr[ValidationType.SERVER.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$client$CustomTrustManager$ValidationType[ValidationType.CLIENT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ASN1Helper {
        private static final int BYTE_LENGTH = 8;
        private static final int BYTE_MASK = 255;
        private static final byte CONSTRUCTED_SEQUENCE_TAG = 48;
        private static final byte LENGTH_INDICATOR = Byte.MIN_VALUE;
        private static final byte LONG_FORM_LENGTH_FLAG = Byte.MIN_VALUE;
        private static final byte LONG_FORM_LENGTH_MASK = Byte.MAX_VALUE;
        private static final byte OCTET_STRING_TAG = 4;
        private int current = 0;
        private final byte[] raw;

        ASN1Helper(byte[] bArr) {
            this.raw = bArr;
        }

        private int parseLength() {
            byte[] bArr = this.raw;
            int i = this.current;
            this.current = i + 1;
            byte b = bArr[i];
            if ((b & DefaultBinaryMemcacheRequest.REQUEST_MAGIC_BYTE) == 0) {
                return b;
            }
            int i2 = 0;
            for (int i3 = b & LONG_FORM_LENGTH_MASK; i3 > 0; i3--) {
                byte[] bArr2 = this.raw;
                int i4 = this.current;
                this.current = i4 + 1;
                i2 = (i2 << 8) + (bArr2[i4] & 255);
            }
            return i2;
        }

        byte[] extractAuthorityKeyIdentifier() {
            byte[] bArr = this.raw;
            if (bArr == null) {
                return null;
            }
            int i = this.current;
            this.current = i + 1;
            if (bArr[i] != 4) {
                return null;
            }
            parseLength();
            byte[] bArr2 = this.raw;
            int i2 = this.current;
            this.current = i2 + 1;
            if (bArr2[i2] != 48) {
                return null;
            }
            parseLength();
            byte[] bArr3 = this.raw;
            int i3 = this.current;
            this.current = i3 + 1;
            if (bArr3[i3] != Byte.MIN_VALUE) {
                return null;
            }
            int parseLength = parseLength();
            byte[] bArr4 = this.raw;
            int i4 = this.current;
            return Arrays.copyOfRange(bArr4, i4, parseLength + i4);
        }

        byte[] extractSubjectKeyIdentifier() {
            byte[] bArr = this.raw;
            if (bArr == null) {
                return null;
            }
            int i = this.current;
            this.current = i + 1;
            if (bArr[i] != 4) {
                return null;
            }
            parseLength();
            byte[] bArr2 = this.raw;
            int i2 = this.current;
            this.current = i2 + 1;
            if (bArr2[i2] != 4) {
                return null;
            }
            int parseLength = parseLength();
            byte[] bArr3 = this.raw;
            int i3 = this.current;
            return Arrays.copyOfRange(bArr3, i3, parseLength + i3);
        }
    }

    /* loaded from: classes.dex */
    private static final class ImpossibleException extends RuntimeException {
        private static final long serialVersionUID = 8960337891702873212L;

        public ImpossibleException(Exception exc) {
            super(exc);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ImpossibleKeyStoreException extends RuntimeException {
        private static final long serialVersionUID = 8078614213845076246L;

        public ImpossibleKeyStoreException(Exception exc) {
            super(exc);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum ValidationType {
        SERVER,
        CLIENT
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface X509TrustManagerRunnable {
        void run(X509TrustManager x509TrustManager) throws CertificateException;
    }

    public CustomTrustManager(Context context) {
        this(context, null);
    }

    public CustomTrustManager(Context context, KeyStore keyStore) {
        this.isUsingPrivateTrustStore = false;
        this.keyStoreLock = new ReentrantLock();
        if (keyStore == null) {
            try {
                keyStore = loadTrustStore(context);
            } catch (IOException e) {
                Log.w("Failed to load private trust store, using platform trusted credentials", e);
            } catch (NoSuchAlgorithmException e2) {
                Log.w("Failed to load private trust store, using platform trusted credentials", e2);
            } catch (CertificateException e3) {
                Log.w("Failed to load private trust store, using platform trusted credentials", e3);
            }
        }
        setKeyStore(keyStore);
    }

    private void checkTrust(ValidationType validationType, X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509Certificate[] filterCertificateChain = filterCertificateChain(x509CertificateArr);
        Log.w("validating certificate " + filterCertificateChain[0].getSubjectDN().getName() + " certified by " + filterCertificateChain[0].getIssuerDN().getName());
        delegateCheckTrust(validationType, getDelegates(), filterCertificateChain, str);
    }

    private void delegateCheckTrust(final ValidationType validationType, TrustManager[] trustManagerArr, final X509Certificate[] x509CertificateArr, final String str) throws CertificateException {
        iterate(trustManagerArr, new X509TrustManagerRunnable() { // from class: com.avaya.clientservices.client.CustomTrustManager.2
            @Override // com.avaya.clientservices.client.CustomTrustManager.X509TrustManagerRunnable
            public void run(X509TrustManager x509TrustManager) throws CertificateException {
                Log.d("Delegating " + validationType + " cert check");
                int i = AnonymousClass3.$SwitchMap$com$avaya$clientservices$client$CustomTrustManager$ValidationType[validationType.ordinal()];
                if (i == 1) {
                    x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                } else if (i == 2) {
                    x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                }
                Log.d("Delegate accepted " + validationType + " cert");
            }
        });
    }

    private static byte[] extractAuthorityKeyIdentifier(X509Certificate x509Certificate) {
        return new ASN1Helper(x509Certificate.getExtensionValue(AUTHORITY_KEY_IDENTIFIER_OID)).extractAuthorityKeyIdentifier();
    }

    private static byte[] extractSubjectKeyIdentifier(X509Certificate x509Certificate) {
        return new ASN1Helper(x509Certificate.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID)).extractSubjectKeyIdentifier();
    }

    private static X509Certificate[] filterCertificateChain(X509Certificate... x509CertificateArr) {
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        X509Certificate x509Certificate = x509CertificateArr[0];
        arrayList.add(x509Certificate);
        boolean z = false;
        while (!z) {
            byte[] extractAuthorityKeyIdentifier = extractAuthorityKeyIdentifier(x509Certificate);
            Principal issuerDN = x509Certificate.getIssuerDN();
            boolean z2 = false;
            for (int i = 1; !z2 && i < x509CertificateArr.length; i++) {
                byte[] extractSubjectKeyIdentifier = extractSubjectKeyIdentifier(x509CertificateArr[i]);
                Principal subjectDN = x509CertificateArr[i].getSubjectDN();
                if (extractAuthorityKeyIdentifier == null) {
                    if (issuerDN != null && issuerDN.equals(subjectDN)) {
                        if (!subjectDN.equals(x509CertificateArr[i].getIssuerDN())) {
                            x509Certificate = x509CertificateArr[i];
                            arrayList.add(x509Certificate);
                            z2 = true;
                        }
                        z = true;
                        z2 = true;
                    }
                } else if (Arrays.equals(extractAuthorityKeyIdentifier, extractSubjectKeyIdentifier)) {
                    if (!Arrays.equals(extractAuthorityKeyIdentifier(x509CertificateArr[i]), extractSubjectKeyIdentifier)) {
                        x509Certificate = x509CertificateArr[i];
                        arrayList.add(x509Certificate);
                        z2 = true;
                    }
                    z = true;
                    z2 = true;
                }
            }
            if (!z2) {
                z = true;
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private TrustManager[] getDelegates() {
        this.keyStoreLock.lock();
        try {
            return this.delegates;
        } finally {
            this.keyStoreLock.unlock();
        }
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    private void iterate(TrustManager[] trustManagerArr, X509TrustManagerRunnable x509TrustManagerRunnable) throws CertificateException {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                x509TrustManagerRunnable.run((X509TrustManager) trustManager);
            }
        }
    }

    private KeyStore loadTrustStore(Context context) throws CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore createKeyStore = createKeyStore();
        try {
            createKeyStore.load(context.openFileInput(TRUSTED_CREDENTIALS_FILENAME), TRUSTED_CREDENTIALS_PASSWORD);
            Log.i("Saved trust store to internal storage:  trusted-credentials");
            return createKeyStore;
        } catch (FileNotFoundException unused) {
            Log.i("Could not open file: trusted-credentials");
            return null;
        }
    }

    private void setKeyStore(KeyStore keyStore) {
        this.keyStoreLock.lock();
        try {
            this.delegates = getTrustManagers(keyStore);
            this.isUsingPrivateTrustStore = keyStore != null;
        } finally {
            this.keyStoreLock.unlock();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        checkTrust(ValidationType.CLIENT, x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        try {
            checkTrust(ValidationType.SERVER, x509CertificateArr, str);
        } catch (CertificateException e) {
            Log.w("Certificate validation failed, details: " + e.toString());
            throw e;
        }
    }

    public KeyStore createKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e) {
            throw new ImpossibleKeyStoreException(e);
        } catch (KeyStoreException e2) {
            throw new ImpossibleKeyStoreException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new ImpossibleKeyStoreException(e3);
        } catch (CertificateException e4) {
            throw new ImpossibleKeyStoreException(e4);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        final ArrayList arrayList = new ArrayList();
        try {
            iterate(getDelegates(), new X509TrustManagerRunnable() { // from class: com.avaya.clientservices.client.CustomTrustManager.1
                @Override // com.avaya.clientservices.client.CustomTrustManager.X509TrustManagerRunnable
                public void run(X509TrustManager x509TrustManager) throws CertificateException {
                    Collections.addAll(arrayList, x509TrustManager.getAcceptedIssuers());
                }
            });
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (CertificateException e) {
            throw new ImpossibleException(e);
        }
    }

    public boolean isUsingPrivateTrustedCredentials() {
        return this.isUsingPrivateTrustStore;
    }

    public void persistTrustStore(Context context, KeyStore keyStore) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
        if (keyStore == null) {
            Log.i("Removing private trust store: trusted-credentials");
            context.deleteFile(TRUSTED_CREDENTIALS_FILENAME);
        } else {
            keyStore.store(context.openFileOutput(TRUSTED_CREDENTIALS_FILENAME, 0), TRUSTED_CREDENTIALS_PASSWORD);
            Log.i("Saved trust store to internal storage:  trusted-credentials");
        }
        setKeyStore(keyStore);
    }
}
