package com.versa.sase.utils;

import android.content.Context;
import android.text.TextUtils;
import com.versa.sase.apis.RegisterApi;
import com.versa.sase.utils.IntermediateCertHandler;
import java.io.ByteArrayInputStream;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import okhttp3.OkHttpClient;
import okhttp3.ResponseBody;
import okhttp3.logging.HttpLoggingInterceptor;
import org.bouncycastle.asn1.k1;
import org.bouncycastle.asn1.n1;
import org.bouncycastle.asn1.u1;
import org.strongswan.android.security.TrustedCertificateEntry;
import retrofit2.Call;
import retrofit2.Callback;
import retrofit2.Response;
import retrofit2.Retrofit;

/* loaded from: classes2.dex */
public class IntermediateCertHandler {

    /* renamed from: a, reason: collision with root package name */
    public static c f7681a;

    /* renamed from: b, reason: collision with root package name */
    public static Context f7682b;

    /* renamed from: c, reason: collision with root package name */
    static boolean f7683c;

    /* loaded from: classes2.dex */
    public enum ResponseType {
        DOWNLOAD_FAILED,
        CERT_IN_LOCAL_STORE,
        CERT_DOWNLOADING,
        CERT_DOWNLOADED,
        SSL_PEER_UNVERIFIED,
        GENERAL_FAILURE
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a implements X509TrustManager {
        a() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class b implements Callback<ResponseBody> {
        b() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Removed duplicated region for block: B:25:0x0121  */
        /* JADX WARN: Removed duplicated region for block: B:28:? A[RETURN, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:58:0x0143 A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:65:? A[SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:66:0x012a A[EXC_TOP_SPLITTER, SYNTHETIC] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public static /* synthetic */ void b(retrofit2.Response r12) {
            /*
                Method dump skipped, instructions count: 347
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: com.versa.sase.utils.IntermediateCertHandler.b.b(retrofit2.Response):void");
        }

        @Override // retrofit2.Callback
        public void onFailure(Call<ResponseBody> call, Throwable th) {
            d0.e("IntermediateCertHandler", "Failed to download file: " + th.getMessage());
            c cVar = IntermediateCertHandler.f7681a;
            if (cVar != null) {
                cVar.a(ResponseType.DOWNLOAD_FAILED);
            }
        }

        @Override // retrofit2.Callback
        public void onResponse(Call<ResponseBody> call, final Response<ResponseBody> response) {
            if (response.isSuccessful()) {
                new Thread(new Runnable() { // from class: com.versa.sase.utils.z
                    @Override // java.lang.Runnable
                    public final void run() {
                        IntermediateCertHandler.b.b(Response.this);
                    }
                }).start();
                return;
            }
            d0.e("IntermediateCertHandler", "Failed to download file: " + response);
            c cVar = IntermediateCertHandler.f7681a;
            if (cVar != null) {
                cVar.a(ResponseType.DOWNLOAD_FAILED);
            }
        }
    }

    /* loaded from: classes2.dex */
    public interface c {
        void a(ResponseType responseType);
    }

    public static <S> S c(Class<S> cls, String str, boolean z8) {
        Retrofit.Builder addConverterFactory = new Retrofit.Builder().addConverterFactory(k3.d0.a());
        f7683c = z8;
        d0.a("IntermediateCertHandler", "createService skip: " + f7683c);
        OkHttpClient.Builder i9 = i();
        TimeUnit timeUnit = TimeUnit.SECONDS;
        i9.readTimeout(10L, timeUnit);
        i9.connectTimeout(10L, timeUnit);
        if (!TextUtils.isEmpty(str)) {
            addConverterFactory.baseUrl(str);
        }
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor();
        httpLoggingInterceptor.setLevel(HttpLoggingInterceptor.Level.NONE);
        i9.addInterceptor(httpLoggingInterceptor);
        addConverterFactory.client(i9.build());
        return (S) addConverterFactory.build().create(cls);
    }

    private static void d(final String str) {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        newSingleThreadExecutor.submit(new Runnable() { // from class: com.versa.sase.utils.y
            @Override // java.lang.Runnable
            public final void run() {
                IntermediateCertHandler.m(str);
            }
        });
        newSingleThreadExecutor.shutdown();
    }

    private static String e(TrustedCertificateEntry trustedCertificateEntry) {
        return (l(trustedCertificateEntry.getCertificate(), trustedCertificateEntry.getCertificate().getSigAlgName()) || !trustedCertificateEntry.getCertificate().toString().contains("CA Issuers - URI:")) ? "" : g(trustedCertificateEntry.getCertificate());
    }

    private static List<String> f(Certificate certificate) {
        TrustedCertificateEntry trustedCertificateEntry = new TrustedCertificateEntry(null, (X509Certificate) certificate, false);
        if (l(trustedCertificateEntry.getCertificate(), trustedCertificateEntry.getCertificate().getSigAlgName()) || !trustedCertificateEntry.getCertificate().toString().contains("CA Issuers - URI:")) {
            return null;
        }
        return h(trustedCertificateEntry.getCertificate().toString().split("CA Issuers - URI:")[1].split("OCSP - URI:")[0]);
    }

    public static String g(X509Certificate x509Certificate) {
        org.bouncycastle.asn1.t tVar = o5.g0.f12326v;
        byte[] extensionValue = x509Certificate.getExtensionValue(o5.e0.f12264z.c0());
        if (extensionValue == null) {
            return null;
        }
        try {
            org.bouncycastle.asn1.n nVar = new org.bouncycastle.asn1.n(new ByteArrayInputStream(extensionValue));
            org.bouncycastle.asn1.n nVar2 = new org.bouncycastle.asn1.n(((n1) nVar.Q()).a0());
            for (o5.a aVar : o5.j.O(nVar2.Q()).N()) {
                if (aVar.N().T(tVar)) {
                    o5.r M = aVar.M();
                    if (M.O() == 6) {
                        String k9 = ((k1) ((u1) M.j()).d0(true, 22)).k();
                        d0.a("IntermediateCertHandler", "getAccessLocation AIA Url: " + k9);
                        return k9;
                    }
                }
            }
            nVar.close();
            nVar2.close();
        } catch (Exception e9) {
            d0.e("IntermediateCertHandler", "Exception:" + e9);
        }
        return null;
    }

    public static List<String> h(String str) {
        ArrayList arrayList = new ArrayList();
        Matcher matcher = Pattern.compile("(?:^|[\\W])((ht|f)tp(s?):\\/\\/|www\\.)(([\\w\\-]+\\.){1,}?([\\w\\-.~]+\\/?)*[\\p{Alnum}.,%_=?&#\\-+()\\[\\]\\*$~@!:/{};']*)", 42).matcher(str);
        while (matcher.find()) {
            arrayList.add(str.substring(matcher.start(0), matcher.end(0)));
        }
        return arrayList;
    }

    public static OkHttpClient.Builder i() {
        try {
            TrustManager[] trustManagerArr = {new a()};
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            builder.sslSocketFactory(socketFactory, (X509TrustManager) trustManagerArr[0]);
            builder.hostnameVerifier(new HostnameVerifier() { // from class: com.versa.sase.utils.x
                @Override // javax.net.ssl.HostnameVerifier
                public final boolean verify(String str, SSLSession sSLSession) {
                    boolean n9;
                    n9 = IntermediateCertHandler.n(str, sSLSession);
                    return n9;
                }
            });
            return builder;
        } catch (Exception e9) {
            d0.e("IntermediateCertHandler", "getUnsafeOkHttpClient Exception: " + e9);
            throw new RuntimeException(e9);
        }
    }

    public static boolean j(X509Certificate x509Certificate) {
        d0.a("IntermediateCertHandler", "Check certificate in Local keystore");
        List<TrustedCertificateEntry> c9 = new k3.f0().c();
        if (c9 != null && !c9.isEmpty()) {
            for (TrustedCertificateEntry trustedCertificateEntry : c9) {
                try {
                    if (x509Certificate.getIssuerDN().equals(trustedCertificateEntry.getCertificate().getSubjectDN()) && !trustedCertificateEntry.isTrusted()) {
                        d0.a("IntermediateCertHandler", "Certificate available in Local keystore");
                        return true;
                    }
                } catch (Exception e9) {
                    d0.e("IntermediateCertHandler", "Exception isInLocalStore verify: " + e9);
                }
            }
        }
        return false;
    }

    public static boolean k(X509Certificate x509Certificate) {
        return ((X500Principal) x509Certificate.getSubjectDN()).equals((X500Principal) x509Certificate.getIssuerDN());
    }

    public static boolean l(X509Certificate x509Certificate, String str) {
        if (!k(x509Certificate)) {
            return false;
        }
        try {
            if (str == null) {
                x509Certificate.verify(x509Certificate.getPublicKey());
                return true;
            }
            x509Certificate.verify(x509Certificate.getPublicKey(), str);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void m(String str) {
        c cVar = f7681a;
        if (cVar != null) {
            cVar.a(ResponseType.CERT_DOWNLOADING);
        }
        ((RegisterApi) c(RegisterApi.class, str + "/", true)).downloadCert(str).enqueue(new b());
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00d2  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static /* synthetic */ boolean n(java.lang.String r9, javax.net.ssl.SSLSession r10) {
        /*
            java.lang.String r9 = "IntermediateCertHandler"
            boolean r0 = com.versa.sase.utils.IntermediateCertHandler.f7683c
            r1 = 1
            if (r0 == 0) goto L8
            return r1
        L8:
            r0 = 0
            java.security.cert.Certificate[] r10 = r10.getPeerCertificates()     // Catch: java.lang.Exception -> Lb3
            if (r10 == 0) goto Lb1
            int r2 = r10.length     // Catch: java.lang.Exception -> Lb3
            if (r2 < 0) goto Lb1
            int r2 = r10.length     // Catch: java.lang.Exception -> Lb3
            r3 = r0
            r4 = r3
        L15:
            if (r3 >= r2) goto Lce
            r5 = r10[r3]     // Catch: java.lang.Exception -> Lae
            org.strongswan.android.security.TrustedCertificateEntry r6 = new org.strongswan.android.security.TrustedCertificateEntry     // Catch: java.lang.Exception -> Lae
            r7 = r5
            java.security.cert.X509Certificate r7 = (java.security.cert.X509Certificate) r7     // Catch: java.lang.Exception -> Lae
            r8 = 0
            r6.<init>(r8, r7, r0)     // Catch: java.lang.Exception -> Lae
            java.security.cert.X509Certificate r7 = r6.getCertificate()     // Catch: java.lang.Exception -> Lae
            boolean r7 = j(r7)     // Catch: java.lang.Exception -> Lae
            if (r7 == 0) goto L36
            com.versa.sase.utils.IntermediateCertHandler$c r10 = com.versa.sase.utils.IntermediateCertHandler.f7681a     // Catch: java.lang.Exception -> Lae
            if (r10 == 0) goto L35
            com.versa.sase.utils.IntermediateCertHandler$ResponseType r1 = com.versa.sase.utils.IntermediateCertHandler.ResponseType.CERT_IN_LOCAL_STORE     // Catch: java.lang.Exception -> Lae
            r10.a(r1)     // Catch: java.lang.Exception -> Lae
        L35:
            return r0
        L36:
            java.lang.String r6 = e(r6)     // Catch: java.lang.Exception -> Lae
            boolean r7 = android.text.TextUtils.isEmpty(r6)     // Catch: java.lang.Exception -> Lae
            java.lang.String r8 = "AIA URL: "
            if (r7 != 0) goto L5b
            java.lang.StringBuilder r5 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> Lae
            r5.<init>()     // Catch: java.lang.Exception -> Lae
            r5.append(r8)     // Catch: java.lang.Exception -> Lae
            r5.append(r6)     // Catch: java.lang.Exception -> Lae
            java.lang.String r5 = r5.toString()     // Catch: java.lang.Exception -> Lae
            com.versa.sase.utils.d0.a(r9, r5)     // Catch: java.lang.Exception -> Lae
            d(r6)     // Catch: java.lang.Exception -> L59
            r4 = r1
            goto La0
        L59:
            r10 = move-exception
            goto Lb5
        L5b:
            java.util.List r5 = f(r5)     // Catch: java.lang.Exception -> Lae
            if (r5 == 0) goto La4
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> Lae
            r6.<init>()     // Catch: java.lang.Exception -> Lae
            r6.append(r8)     // Catch: java.lang.Exception -> Lae
            r6.append(r5)     // Catch: java.lang.Exception -> Lae
            java.lang.String r6 = r6.toString()     // Catch: java.lang.Exception -> Lae
            android.util.Log.i(r9, r6)     // Catch: java.lang.Exception -> Lae
            java.util.Iterator r5 = r5.iterator()     // Catch: java.lang.Exception -> Lae
        L77:
            boolean r6 = r5.hasNext()     // Catch: java.lang.Exception -> Lae
            if (r6 == 0) goto La0
            java.lang.Object r6 = r5.next()     // Catch: java.lang.Exception -> Lae
            java.lang.String r6 = (java.lang.String) r6     // Catch: java.lang.Exception -> Lae
            java.lang.String r7 = ".crt"
            boolean r7 = r6.contains(r7)     // Catch: java.lang.Exception -> Lae
            if (r7 != 0) goto L9b
            java.lang.String r7 = "r3"
            boolean r7 = r6.contains(r7)     // Catch: java.lang.Exception -> Lae
            if (r7 != 0) goto L9b
            java.lang.String r7 = ".cer"
            boolean r7 = r6.contains(r7)     // Catch: java.lang.Exception -> Lae
            if (r7 == 0) goto L77
        L9b:
            d(r6)     // Catch: java.lang.Exception -> L59
            r4 = r1
            goto L77
        La0:
            int r3 = r3 + 1
            goto L15
        La4:
            com.versa.sase.utils.IntermediateCertHandler$c r10 = com.versa.sase.utils.IntermediateCertHandler.f7681a     // Catch: java.lang.Exception -> Lae
            if (r10 == 0) goto Lad
            com.versa.sase.utils.IntermediateCertHandler$ResponseType r1 = com.versa.sase.utils.IntermediateCertHandler.ResponseType.SSL_PEER_UNVERIFIED     // Catch: java.lang.Exception -> Lae
            r10.a(r1)     // Catch: java.lang.Exception -> Lae
        Lad:
            return r0
        Lae:
            r10 = move-exception
            r1 = r4
            goto Lb5
        Lb1:
            r4 = r0
            goto Lce
        Lb3:
            r10 = move-exception
            r1 = r0
        Lb5:
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r2.<init>()
            java.lang.String r3 = "Exception: "
            r2.append(r3)
            java.lang.String r10 = r10.getMessage()
            r2.append(r10)
            java.lang.String r10 = r2.toString()
            com.versa.sase.utils.d0.e(r9, r10)
            r4 = r1
        Lce:
            com.versa.sase.utils.IntermediateCertHandler$c r9 = com.versa.sase.utils.IntermediateCertHandler.f7681a
            if (r9 == 0) goto Ldf
            if (r4 == 0) goto Lda
            com.versa.sase.utils.IntermediateCertHandler$ResponseType r10 = com.versa.sase.utils.IntermediateCertHandler.ResponseType.CERT_DOWNLOADING
            r9.a(r10)
            goto Ldf
        Lda:
            com.versa.sase.utils.IntermediateCertHandler$ResponseType r10 = com.versa.sase.utils.IntermediateCertHandler.ResponseType.SSL_PEER_UNVERIFIED
            r9.a(r10)
        Ldf:
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.versa.sase.utils.IntermediateCertHandler.n(java.lang.String, javax.net.ssl.SSLSession):boolean");
    }

    public static void o(Context context) {
        f7682b = context;
    }

    public static void p(c cVar) {
        f7681a = cVar;
    }
}
