package at.bitfire.cert4android;

import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.ServiceConnection;
import android.os.Bundle;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
import android.util.SparseArray;
import java.io.Closeable;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CustomCertManager implements Closeable, X509TrustManager {
    static final Object decisionLock;
    static final SparseArray<Boolean> decisions;
    static final Messenger messenger;
    static final AtomicInteger nextDecisionID;
    public boolean appInForeground;
    final Context context;
    Messenger service;
    ServiceConnection serviceConnection;
    final X509TrustManager systemTrustManager;
    protected static int SERVICE_TIMEOUT = 300000;
    static final HandlerThread messengerThread = new HandlerThread("CustomCertificateManager.Messenger");

    /* loaded from: classes.dex */
    protected class CustomHostnameVerifier implements HostnameVerifier {
        final HostnameVerifier defaultVerifier;

        public CustomHostnameVerifier(HostnameVerifier hostnameVerifier) {
            this.defaultVerifier = hostnameVerifier;
        }

        @Override // javax.net.ssl.HostnameVerifier
        public boolean verify(String str, SSLSession sSLSession) {
            Constants.log.fine("Verifying certificate for " + str);
            if (this.defaultVerifier != null && this.defaultVerifier.verify(str, sSLSession)) {
                return true;
            }
            try {
                Certificate[] peerCertificates = sSLSession.getPeerCertificates();
                if ((peerCertificates instanceof X509Certificate[]) && peerCertificates.length > 0) {
                    CustomCertManager.this.checkCustomTrusted((X509Certificate) peerCertificates[0]);
                    Constants.log.fine("Certificate is in custom trust store, accepting");
                    return true;
                }
            } catch (CertificateException e) {
            } catch (SSLPeerUnverifiedException e2) {
                Constants.log.log(Level.WARNING, "Couldn't get certificate for host name verification", (Throwable) e2);
            }
            return false;
        }
    }

    /* loaded from: classes.dex */
    private static class MessageHandler implements Handler.Callback {
        private MessageHandler() {
        }

        @Override // android.os.Handler.Callback
        public boolean handleMessage(Message message) {
            Constants.log.fine("Received reply from CustomCertificateService: " + message);
            switch (message.what) {
                case 0:
                    synchronized (CustomCertManager.decisionLock) {
                        CustomCertManager.decisions.put(message.arg1, Boolean.valueOf(message.arg2 != 0));
                        CustomCertManager.decisionLock.notifyAll();
                    }
                    return true;
                default:
                    return false;
            }
        }
    }

    static {
        messengerThread.start();
        messenger = new Messenger(new Handler(messengerThread.getLooper(), new MessageHandler()));
        nextDecisionID = new AtomicInteger();
        decisions = new SparseArray<>();
        decisionLock = new Object();
    }

    public CustomCertManager(Context context, boolean z) {
        this(context, z, null);
    }

    CustomCertManager(Context context, boolean z, Messenger messenger2) {
        this.appInForeground = false;
        this.serviceConnection = new ServiceConnection() { // from class: at.bitfire.cert4android.CustomCertManager.1
            @Override // android.content.ServiceConnection
            public void onServiceConnected(ComponentName componentName, IBinder iBinder) {
                Constants.log.fine("Connected to service");
                CustomCertManager.this.service = new Messenger(iBinder);
            }

            @Override // android.content.ServiceConnection
            public void onServiceDisconnected(ComponentName componentName) {
                CustomCertManager.this.service = null;
            }
        };
        this.context = context;
        this.systemTrustManager = z ? CertUtils.getTrustManager(null) : null;
        if (messenger2 != null) {
            this.service = messenger2;
            this.serviceConnection = null;
        } else {
            if (context.bindService(new Intent(context, (Class<?>) CustomCertService.class), this.serviceConnection, 1)) {
                return;
            }
            Constants.log.severe("Couldn't bind CustomCertService to context");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new CertificateException("cert4android doesn't validate client certificates");
    }

    protected void checkCustomTrusted(X509Certificate x509Certificate) throws CertificateException {
        Constants.log.fine("Querying custom certificate trustworthiness");
        if (this.service == null) {
            throw new CertificateException("Custom certificate service not available");
        }
        Message obtain = Message.obtain();
        obtain.what = 1;
        int andIncrement = nextDecisionID.getAndIncrement();
        obtain.arg1 = andIncrement;
        obtain.replyTo = messenger;
        Bundle bundle = new Bundle();
        bundle.putSerializable("certificate", x509Certificate);
        bundle.putBoolean("appInForeground", this.appInForeground);
        obtain.setData(bundle);
        try {
            this.service.send(obtain);
            long currentTimeMillis = System.currentTimeMillis();
            synchronized (decisionLock) {
                while (System.currentTimeMillis() < SERVICE_TIMEOUT + currentTimeMillis) {
                    try {
                        try {
                            decisionLock.wait(SERVICE_TIMEOUT);
                            Boolean bool = decisions.get(andIncrement);
                            if (bool != null) {
                                decisions.delete(andIncrement);
                                if (!bool.booleanValue()) {
                                    throw new CertificateException("Certificate not trusted");
                                }
                                return;
                            }
                        } catch (InterruptedException e) {
                            throw new CertificateException("Trustworthiness check interrupted", e);
                        }
                    } catch (Throwable th) {
                        th = th;
                        throw th;
                    }
                }
                Message obtain2 = Message.obtain();
                obtain2.what = 2;
                obtain2.arg1 = andIncrement;
                obtain2.replyTo = messenger;
                Bundle bundle2 = new Bundle();
                try {
                    bundle2.putSerializable("certificate", x509Certificate);
                    obtain2.setData(bundle2);
                    try {
                        this.service.send(obtain2);
                    } catch (RemoteException e2) {
                        Constants.log.log(Level.WARNING, "Couldn't abort trustworthiness check", (Throwable) e2);
                    }
                    throw new CertificateException("Timeout when waiting for certificate trustworthiness decision");
                } catch (Throwable th2) {
                    th = th2;
                    throw th;
                }
            }
        } catch (RemoteException e3) {
            throw new CertificateException("Couldn't query custom certificate trustworthiness", e3);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        boolean z = false;
        if (this.systemTrustManager != null) {
            try {
                this.systemTrustManager.checkServerTrusted(x509CertificateArr, str);
                z = true;
            } catch (CertificateException e) {
                Constants.log.fine("Certificate not trusted by system");
            }
        }
        if (z) {
            return;
        }
        checkCustomTrusted(x509CertificateArr[0]);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.serviceConnection != null) {
            this.context.unbindService(this.serviceConnection);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public HostnameVerifier hostnameVerifier(HostnameVerifier hostnameVerifier) {
        return new CustomHostnameVerifier(hostnameVerifier);
    }

    public void resetCertificates() {
        Intent intent = new Intent(this.context, (Class<?>) CustomCertService.class);
        intent.setAction("resetCertificates");
        this.context.startService(intent);
    }
}
