package at.bitfire.cert4android;

import android.app.Service;
import android.content.Intent;
import android.util.Log;
import android.widget.Toast;
import androidx.core.app.NotificationManagerCompat;
import at.bitfire.cert4android.ICustomCertService;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509TrustManager;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt__ReversedViewsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.conscrypt.Conscrypt;

/* compiled from: CustomCertService.kt */
/* loaded from: classes.dex */
public final class CustomCertService extends Service {
    public static final String CMD_CERTIFICATION_DECISION = "certificateDecision";
    public static final String CMD_RESET_CERTIFICATES = "resetCertificates";
    public static final Companion Companion = new Companion(null);
    public static final String EXTRA_CERTIFICATE = "certificate";
    public static final String EXTRA_TRUSTED = "trusted";
    public static final String KEYSTORE_DIR = "KeyStore";
    public static final String KEYSTORE_NAME = "KeyStore.bks";
    private final CustomCertService$binder$1 binder;
    private final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
    private X509TrustManager customTrustManager;
    private File keyStoreFile;
    private final Map<X509Certificate, List<IOnCertificateDecision>> pendingDecisions;
    private final KeyStore trustedKeyStore;
    private HashSet<X509Certificate> untrustedCerts;

    /* compiled from: CustomCertService.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    static {
        Security.insertProviderAt(Conscrypt.newProvider(), 1);
        Conscrypt.Version version = Conscrypt.version();
        Log.i("cert4android", "Using Conscrypt/" + version.major() + '.' + version.minor() + '.' + version.patch() + " for TLS");
        SSLEngine createSSLEngine = SSLContext.getDefault().createSSLEngine();
        String[] enabledProtocols = createSSLEngine.getEnabledProtocols();
        Intrinsics.checkNotNullExpressionValue(enabledProtocols, "engine.enabledProtocols");
        Log.i("cert4android", "Enabled protocols: ".concat(ArraysKt___ArraysKt.joinToString$default(enabledProtocols, ", ", null, 62)));
        String[] enabledCipherSuites = createSSLEngine.getEnabledCipherSuites();
        Intrinsics.checkNotNullExpressionValue(enabledCipherSuites, "engine.enabledCipherSuites");
        Log.i("cert4android", "Enabled ciphers: ".concat(ArraysKt___ArraysKt.joinToString$default(enabledCipherSuites, ", ", null, 62)));
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [at.bitfire.cert4android.CustomCertService$binder$1] */
    public CustomCertService() {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        Intrinsics.checkNotNull(keyStore);
        this.trustedKeyStore = keyStore;
        this.untrustedCerts = new HashSet<>();
        this.pendingDecisions = new LinkedHashMap();
        this.binder = new ICustomCertService.Stub() { // from class: at.bitfire.cert4android.CustomCertService$binder$1
            @Override // at.bitfire.cert4android.ICustomCertService
            public void abortCheck(final IOnCertificateDecision callback) {
                Map map;
                Map map2;
                Intrinsics.checkNotNullParameter(callback, "callback");
                map = CustomCertService.this.pendingDecisions;
                for (Map.Entry entry : map.entrySet()) {
                    X509Certificate x509Certificate = (X509Certificate) entry.getKey();
                    List list = (List) entry.getValue();
                    CollectionsKt__ReversedViewsKt.removeAll(list, new Function1<IOnCertificateDecision, Boolean>() { // from class: at.bitfire.cert4android.CustomCertService$binder$1$abortCheck$1
                        {
                            super(1);
                        }

                        @Override // kotlin.jvm.functions.Function1
                        public final Boolean invoke(IOnCertificateDecision it) {
                            Intrinsics.checkNotNullParameter(it, "it");
                            return Boolean.valueOf(Intrinsics.areEqual(it, IOnCertificateDecision.this));
                        }
                    });
                    if (list.isEmpty()) {
                        map2 = CustomCertService.this.pendingDecisions;
                        map2.remove(x509Certificate);
                    }
                }
            }

            /* JADX WARN: Removed duplicated region for block: B:10:0x0035  */
            /* JADX WARN: Removed duplicated region for block: B:7:0x0031  */
            @Override // at.bitfire.cert4android.ICustomCertService
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public void checkTrusted(byte[] r8, boolean r9, boolean r10, at.bitfire.cert4android.IOnCertificateDecision r11) {
                /*
                    Method dump skipped, instructions count: 344
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: at.bitfire.cert4android.CustomCertService$binder$1.checkTrusted(byte[], boolean, boolean, at.bitfire.cert4android.IOnCertificateDecision):void");
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean inTrustStore(X509Certificate x509Certificate) {
        try {
            return this.trustedKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException e) {
            Constants.INSTANCE.getLog().log(Level.WARNING, "Couldn't query custom key store", (Throwable) e);
            return false;
        }
    }

    private final void onReceiveDecision(X509Certificate x509Certificate, boolean z) {
        NotificationManagerCompat createChannels = NotificationUtils.INSTANCE.createChannels(this);
        CertUtils certUtils = CertUtils.INSTANCE;
        createChannels.cancel(Constants.NOTIFICATION_CERT_DECISION, certUtils.getTag(x509Certificate));
        if (z) {
            this.untrustedCerts.remove(x509Certificate);
            try {
                String digestAlgorithm = MGF1ParameterSpec.SHA256.getDigestAlgorithm();
                Intrinsics.checkNotNullExpressionValue(digestAlgorithm, "SHA256.digestAlgorithm");
                this.trustedKeyStore.setCertificateEntry(certUtils.fingerprint(x509Certificate, digestAlgorithm), x509Certificate);
                saveKeyStore();
            } catch (KeyStoreException e) {
                Constants.INSTANCE.getLog().log(Level.SEVERE, "Couldn't add certificate into key store", (Throwable) e);
            }
        } else {
            this.untrustedCerts.add(x509Certificate);
            Toast.makeText(this, R.string.service_rejected_temporarily, 1).show();
        }
        List<IOnCertificateDecision> list = this.pendingDecisions.get(x509Certificate);
        if (list != null) {
            Constants.INSTANCE.getLog().fine("Notifying " + list.size() + " certificate decision listener(s)");
            for (IOnCertificateDecision iOnCertificateDecision : list) {
                if (z) {
                    iOnCertificateDecision.accept();
                } else {
                    iOnCertificateDecision.reject();
                }
            }
            this.pendingDecisions.remove(x509Certificate);
        }
    }

    private final void saveKeyStore() {
        Logger log = Constants.INSTANCE.getLog();
        StringBuilder sb = new StringBuilder("Saving custom certificate key store to ");
        File file = this.keyStoreFile;
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStoreFile");
            throw null;
        }
        sb.append(file);
        log.fine(sb.toString());
        try {
            File file2 = this.keyStoreFile;
            if (file2 == null) {
                Intrinsics.throwUninitializedPropertyAccessException("keyStoreFile");
                throw null;
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            try {
                this.trustedKeyStore.store(fileOutputStream, null);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(fileOutputStream, null);
            } finally {
            }
        } catch (Exception e) {
            Constants.INSTANCE.getLog().log(Level.SEVERE, "Couldn't save custom certificate key store", (Throwable) e);
        }
    }

    @Override // android.app.Service
    public ICustomCertService.Stub onBind(Intent intent) {
        return this.binder;
    }

    @Override // android.app.Service
    public void onCreate() {
        File file;
        Constants constants = Constants.INSTANCE;
        constants.getLog().info("CustomCertService created");
        this.keyStoreFile = new File(getDir(KEYSTORE_DIR, 0), KEYSTORE_NAME);
        try {
            file = this.keyStoreFile;
        } catch (Exception unused) {
            Constants.INSTANCE.getLog().log(Level.INFO, "No key store for trusted certifcates (yet); creating in-memory key store.");
            try {
                this.trustedKeyStore.load(null, null);
            } catch (Exception e) {
                Constants.INSTANCE.getLog().log(Level.SEVERE, "Couldn't initialize in-memory key store", (Throwable) e);
            }
        }
        if (file == null) {
            Intrinsics.throwUninitializedPropertyAccessException("keyStoreFile");
            throw null;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            this.trustedKeyStore.load(fileInputStream, null);
            constants.getLog().fine("Loaded " + this.trustedKeyStore.size() + " trusted certificate(s)");
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(fileInputStream, null);
            this.customTrustManager = CertUtils.INSTANCE.getTrustManager(this.trustedKeyStore);
        } finally {
        }
    }

    @Override // android.app.Service
    public void onDestroy() {
        Constants.INSTANCE.getLog().info("CustomCertService destroyed");
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        Constants.INSTANCE.getLog().fine("Received command: " + intent);
        String action = intent != null ? intent.getAction() : null;
        if (action != null) {
            int hashCode = action.hashCode();
            if (hashCode != -1728715605) {
                if (hashCode == -1619112301 && action.equals(CMD_CERTIFICATION_DECISION)) {
                    try {
                        Certificate generateCertificate = this.certFactory.generateCertificate(new ByteArrayInputStream(intent.getByteArrayExtra("certificate")));
                        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
                        onReceiveDecision((X509Certificate) generateCertificate, intent.getBooleanExtra(EXTRA_TRUSTED, false));
                    } catch (Exception e) {
                        Constants.INSTANCE.getLog().log(Level.SEVERE, "Couldn't process certificate", (Throwable) e);
                    }
                }
            } else if (action.equals(CMD_RESET_CERTIFICATES)) {
                this.untrustedCerts.clear();
                try {
                    Enumeration<String> aliases = this.trustedKeyStore.aliases();
                    Intrinsics.checkNotNullExpressionValue(aliases, "trustedKeyStore.aliases()");
                    while (aliases.hasMoreElements()) {
                        this.trustedKeyStore.deleteEntry(aliases.nextElement());
                    }
                    saveKeyStore();
                } catch (KeyStoreException e2) {
                    Constants.INSTANCE.getLog().log(Level.SEVERE, "Couldn't reset custom certificates", (Throwable) e2);
                }
            }
        }
        stopSelf();
        return 2;
    }
}
