package com.flipdog.certificates.utils;

import com.flipdog.certificates.exceptions.CertificateDoesNotMatchHostException;
import com.flipdog.certificates.exceptions.CertificateIsSelfSignedException;
import com.flipdog.certificates.exceptions.IntermediateCertificateDownloadException;
import com.flipdog.certificates.exceptions.IntermediateCertificateUrlException;
import com.flipdog.certificates.g;
import com.flipdog.commons.diagnostic.Track;
import com.flipdog.commons.utils.k2;
import com.flipdog.commons.utils.m;
import com.flipdog.pub.commons.utils.StringUtils;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import net.fortuna.ical4j.model.Parameter;

/* compiled from: CryptoUtils.java */
/* loaded from: classes.dex */
public class c {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: CryptoUtils.java */
    /* loaded from: classes.dex */
    public class a implements Comparator<File> {
        a() {
        }

        @Override // java.util.Comparator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public int compare(File file, File file2) {
            return m.d(file.getName(), file2.getName());
        }
    }

    /* compiled from: CryptoUtils.java */
    /* loaded from: classes.dex */
    class b implements p.b {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ StringBuilder f2361a;

        b(StringBuilder sb) {
            this.f2361a = sb;
        }

        @Override // p.b
        public void a(String str) {
            this.f2361a.append(k2.f0("%s:\n", str.toUpperCase()));
        }

        @Override // p.b
        public void b(String str, String str2) {
            if (str2 == null) {
                str2 = "";
            }
            this.f2361a.append(k2.f0("%-30s%s\n", str + ":", str2));
        }

        @Override // p.b
        public void c() {
            this.f2361a.append(javanet.staxutils.a.P0);
        }
    }

    public static void a(List<X509Certificate> list, String str) throws CertificateDoesNotMatchHostException, CertificateIsSelfSignedException, CertificateException, IntermediateCertificateUrlException, IntermediateCertificateDownloadException {
        r("check, %s, %s", str, Integer.valueOf(k2.B5(list)));
        X509TrustManager d5 = g.d();
        X509TrustManager e5 = g.e();
        if (list.size() == 0) {
            r("check, ERROR (zero size)", new Object[0]);
            throw new RuntimeException();
        }
        List C3 = k2.C3(list);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) k2.a6(C3, X509Certificate.class);
        try {
            r("check, check using local trust manager", new Object[0]);
            e5.checkServerTrusted(x509CertificateArr, "RSA");
            r("check, OK (accepted by user)", new Object[0]);
        } catch (CertificateException e6) {
            r("check, local check failed: %s", e6.getMessage());
            Track.it(e6, Track.D);
            r("check, check using default trust manager", new Object[0]);
            d5.checkServerTrusted(x509CertificateArr, "RSA");
            X509Certificate x509Certificate = (X509Certificate) k2.B0(list);
            r("check, check subject name", new Object[0]);
            if (!b(x509Certificate, str)) {
                r("check, ERROR (certificate does NOT match the host)", new Object[0]);
                throw new CertificateDoesNotMatchHostException("Certificate does NOT match the host.");
            }
            r("check, check date", new Object[0]);
            Iterator it = C3.iterator();
            while (it.hasNext()) {
                ((X509Certificate) it.next()).checkValidity();
            }
            r("check, OK", new Object[0]);
        }
    }

    private static boolean b(X509Certificate x509Certificate, String str) {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.addSubjectAlternativeName(2, str);
            if (x509CertSelector.match(x509Certificate)) {
                return true;
            }
            String str2 = com.flipdog.certificates.utils.b.p(x509Certificate.getSubjectX500Principal().getName("RFC2253")).get(Parameter.CN);
            if (str2 == null) {
                return false;
            }
            return StringUtils.endsWith(str2.toLowerCase(), i(str).toLowerCase());
        } catch (IOException e5) {
            throw new RuntimeException(e5);
        }
    }

    private static byte[] c(byte[] bArr, String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    private static String d(byte[] bArr, String str) {
        try {
            return o(c(bArr, str));
        } catch (NoSuchAlgorithmException e5) {
            return k2.f0("Can't compute %s digest. %s", str, e5.getMessage());
        }
    }

    public static p.a e(X509Certificate x509Certificate) throws CertificateEncodingException {
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        String name = subjectX500Principal.getName("RFC2253");
        String name2 = issuerX500Principal.getName("RFC2253");
        Map<String, String> p5 = com.flipdog.certificates.utils.b.p(name);
        Map<String, String> p6 = com.flipdog.certificates.utils.b.p(name2);
        String n5 = n(x509Certificate.getSerialNumber());
        byte[] encoded = x509Certificate.getEncoded();
        String d5 = d(encoded, "SHA-1");
        String d6 = d(encoded, "SHA-256");
        p.a aVar = new p.a();
        aVar.b("Issued to");
        aVar.d("Common name", p5.get(Parameter.CN));
        aVar.d("Organization", p5.get("O"));
        aVar.d("Organization unit", p5.get("OU"));
        aVar.d("Serial number", n5);
        aVar.c();
        aVar.b("Issued by");
        aVar.d("Common name", p6.get(Parameter.CN));
        aVar.d("Organization", p6.get("O"));
        aVar.d("Organization unit", p6.get("OU"));
        aVar.c();
        aVar.b("Validity");
        aVar.d("Issued on", x509Certificate.getNotBefore().toString());
        aVar.d("Expires on", x509Certificate.getNotAfter().toString());
        aVar.c();
        aVar.b("Fingerprints");
        aVar.d("SHA-256 fingerprint", d6);
        aVar.d("SHA-1 fingerprint", d5);
        return aVar;
    }

    private static List<X509Certificate> f(CertificateFactory certificateFactory, List<X509Certificate> list, X509Certificate x509Certificate) throws MalformedURLException, CertificateException, IOException {
        List<X509Certificate> B3 = k2.B3();
        while (true) {
            X509Certificate g5 = g(list, x509Certificate);
            if (g5 != null) {
                return B3;
            }
            String c5 = d.c(x509Certificate);
            x509Certificate = c5 != null ? h(certificateFactory, c5) : g5;
            if (x509Certificate == null) {
                return B3;
            }
            B3.add(x509Certificate);
        }
    }

    private static X509Certificate g(List<X509Certificate> list, X509Certificate x509Certificate) {
        Principal issuerDN = x509Certificate.getIssuerDN();
        if (issuerDN == null) {
            throw new RuntimeException();
        }
        String name = issuerDN.getName();
        if (name == null) {
            throw new RuntimeException();
        }
        for (X509Certificate x509Certificate2 : list) {
            if (StringUtils.equals(x509Certificate2.getSubjectDN().getName(), name)) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private static X509Certificate h(CertificateFactory certificateFactory, String str) throws MalformedURLException, IOException, CertificateException {
        InputStream openStream = new URL(str).openStream();
        try {
            return (X509Certificate) certificateFactory.generateCertificate(openStream);
        } finally {
            openStream.close();
        }
    }

    private static String i(String str) {
        String[] split = StringUtils.split(str, ".");
        return split.length <= 2 ? str : String.format("%s.%s", split[split.length - 2], split[split.length - 1]);
    }

    public static List<X509Certificate> j(String str, String str2) {
        List<X509Certificate> B3 = k2.B3();
        Iterator<File> it = k(str, str2).iterator();
        while (it.hasNext()) {
            B3.add(l(it.next().getPath()));
        }
        return B3;
    }

    private static List<File> k(String str, String str2) {
        List<File> G3 = k2.G3(new File(str, str2));
        m(G3);
        return G3;
    }

    private static X509Certificate l(String str) {
        try {
            return com.flipdog.certificates.utils.b.l(com.flipdog.certificates.utils.b.h(), new File(str));
        } catch (IOException e5) {
            throw new RuntimeException(e5);
        } catch (CertificateException e6) {
            throw new RuntimeException(e6);
        }
    }

    private static void m(List<File> list) {
        Collections.sort(list, new a());
    }

    private static String n(BigInteger bigInteger) {
        return o(bigInteger.toByteArray());
    }

    private static String o(byte[] bArr) {
        return p(bArr, ":");
    }

    private static String p(byte[] bArr, String str) {
        StringBuilder sb = new StringBuilder();
        for (byte b5 : bArr) {
            if (sb.length() != 0) {
                sb.append(str);
            }
            sb.append(String.format("%02X", Byte.valueOf(b5)));
        }
        return sb.toString();
    }

    public static String q(p.a aVar) {
        StringBuilder sb = new StringBuilder();
        aVar.e(new b(sb));
        return sb.toString();
    }

    private static void r(String str, Object... objArr) {
        if (Track.isDisabled(Track.D)) {
            return;
        }
        Track.me(Track.D, "CryptoUtils, %s", String.format(str, objArr));
    }
}
