package at.bitfire.cert4android;

import android.app.PendingIntent;
import android.app.Service;
import android.content.Intent;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
import android.support.v4.app.NotificationCompat;
import android.support.v4.app.NotificationManagerCompat;
import com.etesync.syncadapter.model.ServiceDB;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CustomCertService extends Service {
    X509TrustManager customTrustManager;
    File keyStoreFile;
    KeyStore trustedKeyStore;
    Set<X509Certificate> untrustedCerts = new HashSet();
    final Map<X509Certificate, List<ReplyInfo>> pendingDecisions = new HashMap();
    final Messenger messenger = new Messenger(new MessageHandler(this));

    /* loaded from: classes.dex */
    protected static class MessageHandler extends Handler {
        private final WeakReference<CustomCertService> serviceRef;

        MessageHandler(CustomCertService customCertService) {
            this.serviceRef = new WeakReference<>(customCertService);
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            CustomCertService customCertService = this.serviceRef.get();
            if (customCertService == null) {
                Constants.log.warning("Couldn't handle message: service not available");
                return;
            }
            Constants.log.info("Handling request: " + message);
            int i = message.arg1;
            Bundle data = message.getData();
            X509Certificate x509Certificate = (X509Certificate) data.getSerializable("certificate");
            ReplyInfo replyInfo = new ReplyInfo(message.replyTo, i);
            switch (message.what) {
                case 1:
                    List<ReplyInfo> list = customCertService.pendingDecisions.get(x509Certificate);
                    if (list != null) {
                        list.add(replyInfo);
                        return;
                    }
                    if (customCertService.untrustedCerts.contains(x509Certificate)) {
                        Constants.log.fine("Certificate is cached as untrusted");
                        try {
                            message.replyTo.send(obtainMessage(0, i, 0));
                            return;
                        } catch (RemoteException e) {
                            Constants.log.log(Level.WARNING, "Couldn't send distrust information to CustomCertManager", (Throwable) e);
                            return;
                        }
                    }
                    if (customCertService.inTrustStore(x509Certificate)) {
                        try {
                            message.replyTo.send(obtainMessage(0, i, 1));
                            return;
                        } catch (RemoteException e2) {
                            Constants.log.log(Level.WARNING, "Couldn't send trust information to CustomCertManager", (Throwable) e2);
                            return;
                        }
                    }
                    LinkedList linkedList = new LinkedList();
                    linkedList.add(replyInfo);
                    customCertService.pendingDecisions.put(x509Certificate, linkedList);
                    Intent intent = new Intent(customCertService, (Class<?>) TrustCertificateActivity.class);
                    intent.putExtra("certificate", x509Certificate);
                    NotificationManagerCompat.from(customCertService).notify(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION, new NotificationCompat.Builder(customCertService).setSmallIcon(R.drawable.ic_lock_open_white).setContentTitle(customCertService.getString(R.string.certificate_notification_connection_security)).setContentText(customCertService.getString(R.string.certificate_notification_user_interaction)).setCategory(ServiceDB.Services.SERVICE).setPriority(1).setOngoing(true).setContentIntent(PendingIntent.getActivity(customCertService, i, intent, 134217728)).build());
                    if (data.getBoolean("appInForeground")) {
                        intent.addFlags(268435456);
                        customCertService.startActivity(intent);
                        return;
                    }
                    return;
                case 2:
                    List<ReplyInfo> list2 = customCertService.pendingDecisions.get(x509Certificate);
                    if (list2 != null) {
                        Iterator<ReplyInfo> it = list2.iterator();
                        while (it.hasNext()) {
                            if (replyInfo.equals(it.next())) {
                                it.remove();
                            }
                        }
                    }
                    if (list2 == null || list2.isEmpty()) {
                        customCertService.pendingDecisions.remove(x509Certificate);
                        NotificationManagerCompat.from(customCertService).cancel(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION);
                        return;
                    }
                    return;
                default:
                    return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public static class ReplyInfo {
        final int id;
        final Messenger messenger;

        ReplyInfo(Messenger messenger, int i) {
            this.messenger = messenger;
            this.id = i;
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof ReplyInfo)) {
                return false;
            }
            ReplyInfo replyInfo = (ReplyInfo) obj;
            return replyInfo.messenger.equals(this.messenger) && replyInfo.id == this.id;
        }
    }

    boolean inTrustStore(X509Certificate x509Certificate) {
        try {
            return this.trustedKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException e) {
            Constants.log.log(Level.WARNING, "Couldn't query custom key store", (Throwable) e);
            return false;
        }
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        return this.messenger.getBinder();
    }

    @Override // android.app.Service
    public void onCreate() {
        FileInputStream fileInputStream;
        Constants.log.info("Creating CustomCertService");
        this.keyStoreFile = new File(getDir("KeyStore", 0), "KeyStore.bks");
        try {
            this.trustedKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                fileInputStream = new FileInputStream(this.keyStoreFile);
            } catch (FileNotFoundException unused) {
                Constants.log.fine("No custom keystore found");
                fileInputStream = null;
            }
            this.trustedKeyStore.load(fileInputStream, null);
            this.customTrustManager = CertUtils.getTrustManager(this.trustedKeyStore);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Constants.log.log(Level.SEVERE, "Couldn't initialize key store, creating in-memory key store", e);
            try {
                this.trustedKeyStore.load(null, null);
            } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
                Constants.log.log(Level.SEVERE, "Couldn't initialize in-memory key store", e2);
            }
        }
    }

    protected void onReceiveDecision(X509Certificate x509Certificate, boolean z) {
        NotificationManagerCompat.from(this).cancel(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION);
        if (z) {
            this.untrustedCerts.remove(x509Certificate);
            try {
                this.trustedKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
            } catch (KeyStoreException e) {
                Constants.log.log(Level.SEVERE, "Couldn't add certificate into key store", (Throwable) e);
            }
            saveKeyStore();
        } else {
            this.untrustedCerts.add(x509Certificate);
        }
        List<ReplyInfo> list = this.pendingDecisions.get(x509Certificate);
        if (list != null) {
            for (ReplyInfo replyInfo : list) {
                Message obtain = Message.obtain();
                obtain.what = 0;
                obtain.arg1 = replyInfo.id;
                obtain.arg2 = z ? 1 : 0;
                try {
                    replyInfo.messenger.send(obtain);
                } catch (RemoteException e2) {
                    Constants.log.log(Level.WARNING, "Couldn't forward decision to CustomCertManager", (Throwable) e2);
                }
            }
            this.pendingDecisions.remove(x509Certificate);
        }
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        Constants.log.fine("Received command:" + intent);
        if (intent.getAction() == null) {
            return 2;
        }
        String action = intent.getAction();
        char c = 65535;
        int hashCode = action.hashCode();
        if (hashCode != -1728715605) {
            if (hashCode == -717833696 && action.equals("certDecision")) {
                c = 0;
            }
        } else if (action.equals("resetCertificates")) {
            c = 1;
        }
        switch (c) {
            case 0:
                onReceiveDecision((X509Certificate) intent.getSerializableExtra("certificate"), intent.getBooleanExtra("trusted", false));
                break;
            case 1:
                this.untrustedCerts.clear();
                try {
                    Iterator it = Collections.list(this.trustedKeyStore.aliases()).iterator();
                    while (it.hasNext()) {
                        this.trustedKeyStore.deleteEntry((String) it.next());
                    }
                    saveKeyStore();
                    break;
                } catch (KeyStoreException e) {
                    Constants.log.log(Level.SEVERE, "Couldn't reset custom certificates", (Throwable) e);
                    break;
                }
        }
        return 2;
    }

    protected void saveKeyStore() {
        try {
            Constants.log.fine("Saving custom certificate key store to " + this.keyStoreFile);
            this.trustedKeyStore.store(new FileOutputStream(this.keyStoreFile), null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            Constants.log.log(Level.SEVERE, "Couldn't save custom certificate key store", e);
        }
    }
}
