package com.datatheorem.android.trustkit.config;

import android.content.Context;
import android.text.TextUtils;
import com.datatheorem.android.trustkit.config.DomainPinningPolicy;
import com.datatheorem.android.trustkit.utils.TrustKitLog;
import com.dynatrace.android.agent.Global;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class TrustKitConfigurationParser {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class DebugOverridesTag {
        Set<Certificate> debugCaCertificates;
        boolean overridePins;

        private DebugOverridesTag() {
            this.overridePins = false;
            this.debugCaCertificates = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class DomainTag {
        String hostname;
        Boolean includeSubdomains;

        private DomainTag() {
            this.includeSubdomains = null;
            this.hostname = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class PinSetTag {
        Date expirationDate;
        Set<String> pins;

        private PinSetTag() {
            this.expirationDate = null;
            this.pins = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class TrustkitConfigTag {
        Boolean disableDefaultReportUri;
        Boolean enforcePinning;
        Set<String> reportUris;

        private TrustkitConfigTag() {
            this.enforcePinning = false;
        }
    }

    TrustKitConfigurationParser() {
    }

    private static String formatCertPathResourceWhenId(Context context, String str) {
        if (!TextUtils.isDigitsOnly(str.replace("@", ""))) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("@");
        sb.append(context.getResources().getResourceName(Integer.parseInt(str.replace("@", ""))).replace(context.getPackageName() + Global.COLON, ""));
        return sb.toString();
    }

    public static TrustKitConfiguration fromXmlPolicy(Context context, XmlPullParser xmlPullParser) throws XmlPullParserException, IOException, CertificateException {
        ArrayList arrayList = new ArrayList();
        int eventType = xmlPullParser.getEventType();
        DebugOverridesTag debugOverridesTag = null;
        while (eventType != 1) {
            if (eventType == 2) {
                if ("domain-config".equals(xmlPullParser.getName())) {
                    arrayList.addAll(readDomainConfig(xmlPullParser, null));
                } else if ("debug-overrides".equals(xmlPullParser.getName())) {
                    debugOverridesTag = readDebugOverrides(context, xmlPullParser);
                }
            }
            eventType = xmlPullParser.next();
        }
        HashSet hashSet = new HashSet();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            DomainPinningPolicy build = ((DomainPinningPolicy.Builder) it.next()).build();
            if (build != null) {
                hashSet.add(build);
            }
        }
        return debugOverridesTag != null ? new TrustKitConfiguration(hashSet, debugOverridesTag.overridePins, debugOverridesTag.debugCaCertificates) : new TrustKitConfiguration(hashSet);
    }

    private static DebugOverridesTag readDebugOverrides(Context context, XmlPullParser xmlPullParser) throws CertificateException, IOException, XmlPullParserException {
        boolean valueOf;
        xmlPullParser.require(2, null, "debug-overrides");
        DebugOverridesTag debugOverridesTag = new DebugOverridesTag();
        HashSet hashSet = new HashSet();
        int next = xmlPullParser.next();
        Boolean bool = null;
        while (true) {
            if (next == 3 && "trust-anchors".equals(xmlPullParser.getName())) {
                break;
            }
            if (next == 2 && "certificates".equals(xmlPullParser.getName())) {
                boolean parseBoolean = Boolean.parseBoolean(xmlPullParser.getAttributeValue(null, "overridePins"));
                if (bool == null || bool.booleanValue() == parseBoolean) {
                    valueOf = Boolean.valueOf(parseBoolean);
                } else {
                    valueOf = false;
                    TrustKitLog.w("Warning: different values for overridePins are set in the policy but TrustKit only supports one value; using overridePins=false for all connections");
                }
                bool = valueOf;
                String formatCertPathResourceWhenId = formatCertPathResourceWhenId(context, xmlPullParser.getAttributeValue(null, "src").trim());
                if (TextUtils.isEmpty(formatCertPathResourceWhenId) || formatCertPathResourceWhenId.equals("user") || formatCertPathResourceWhenId.equals("system") || !formatCertPathResourceWhenId.startsWith("@raw")) {
                    TrustKitLog.i("No <debug-overrides> certificates found by TrustKit. Please check your @raw folder (TrustKit doesn't support system and user installed certificates).");
                } else {
                    hashSet.add(CertificateFactory.getInstance("X.509").generateCertificate(context.getResources().openRawResource(context.getResources().getIdentifier(formatCertPathResourceWhenId.split("/")[1], "raw", context.getPackageName()))));
                }
            }
            next = xmlPullParser.next();
        }
        if (bool != null) {
            debugOverridesTag.overridePins = bool.booleanValue();
        }
        if (hashSet.size() > 0) {
            debugOverridesTag.debugCaCertificates = hashSet;
        }
        return debugOverridesTag;
    }

    private static DomainTag readDomain(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "domain");
        DomainTag domainTag = new DomainTag();
        String attributeValue = xmlPullParser.getAttributeValue(null, "includeSubdomains");
        if (attributeValue != null) {
            domainTag.includeSubdomains = Boolean.valueOf(Boolean.parseBoolean(attributeValue));
        }
        domainTag.hostname = xmlPullParser.nextText();
        return domainTag;
    }

    private static List<DomainPinningPolicy.Builder> readDomainConfig(XmlPullParser xmlPullParser, DomainPinningPolicy.Builder builder) throws XmlPullParserException, IOException {
        xmlPullParser.require(2, null, "domain-config");
        DomainPinningPolicy.Builder parent = new DomainPinningPolicy.Builder().setParent(builder);
        ArrayList arrayList = new ArrayList();
        arrayList.add(parent);
        int next = xmlPullParser.next();
        while (true) {
            if (next == 3 && "domain-config".equals(xmlPullParser.getName())) {
                return arrayList;
            }
            if (next == 2) {
                if ("domain-config".equals(xmlPullParser.getName())) {
                    arrayList.addAll(readDomainConfig(xmlPullParser, parent));
                } else if ("domain".equals(xmlPullParser.getName())) {
                    DomainTag readDomain = readDomain(xmlPullParser);
                    parent.setHostname(readDomain.hostname).setShouldIncludeSubdomains(readDomain.includeSubdomains);
                } else if ("pin-set".equals(xmlPullParser.getName())) {
                    PinSetTag readPinSet = readPinSet(xmlPullParser);
                    parent.setPublicKeyHashes(readPinSet.pins).setExpirationDate(readPinSet.expirationDate);
                } else if ("trustkit-config".equals(xmlPullParser.getName())) {
                    TrustkitConfigTag readTrustkitConfig = readTrustkitConfig(xmlPullParser);
                    parent.setReportUris(readTrustkitConfig.reportUris).setShouldEnforcePinning(readTrustkitConfig.enforcePinning).setShouldDisableDefaultReportUri(readTrustkitConfig.disableDefaultReportUri);
                }
            }
            next = xmlPullParser.next();
        }
    }

    private static PinSetTag readPinSet(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        String attributeValue;
        xmlPullParser.require(2, null, "pin-set");
        PinSetTag pinSetTag = new PinSetTag();
        pinSetTag.pins = new HashSet();
        String attributeValue2 = xmlPullParser.getAttributeValue(null, "expiration");
        if (attributeValue2 != null) {
            try {
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd", Locale.US);
                simpleDateFormat.setLenient(false);
                Date parse = simpleDateFormat.parse(attributeValue2);
                if (parse == null) {
                    throw new ConfigurationException("Invalid expiration date in pin-set");
                }
                pinSetTag.expirationDate = parse;
            } catch (ParseException unused) {
                throw new ConfigurationException("Invalid expiration date in pin-set");
            }
        }
        int next = xmlPullParser.next();
        while (true) {
            if (next == 3 && "pin-set".equals(xmlPullParser.getName())) {
                return pinSetTag;
            }
            if (next == 2 && "pin".equals(xmlPullParser.getName())) {
                attributeValue = xmlPullParser.getAttributeValue(null, "digest");
                if (attributeValue == null || !attributeValue.equals("SHA-256")) {
                    break;
                }
                pinSetTag.pins.add(xmlPullParser.nextText());
            }
            next = xmlPullParser.next();
        }
        throw new IllegalArgumentException("Unexpected digest value: " + attributeValue);
    }

    private static TrustkitConfigTag readTrustkitConfig(XmlPullParser xmlPullParser) throws IOException, XmlPullParserException {
        xmlPullParser.require(2, null, "trustkit-config");
        TrustkitConfigTag trustkitConfigTag = new TrustkitConfigTag();
        HashSet hashSet = new HashSet();
        String attributeValue = xmlPullParser.getAttributeValue(null, "enforcePinning");
        if (attributeValue != null) {
            trustkitConfigTag.enforcePinning = Boolean.valueOf(Boolean.parseBoolean(attributeValue));
        }
        String attributeValue2 = xmlPullParser.getAttributeValue(null, "disableDefaultReportUri");
        if (attributeValue2 != null) {
            trustkitConfigTag.disableDefaultReportUri = Boolean.valueOf(Boolean.parseBoolean(attributeValue2));
        }
        int next = xmlPullParser.next();
        while (true) {
            if (next == 3 && "trustkit-config".equals(xmlPullParser.getName())) {
                trustkitConfigTag.reportUris = hashSet;
                return trustkitConfigTag;
            }
            if (next == 2 && "report-uri".equals(xmlPullParser.getName())) {
                hashSet.add(xmlPullParser.nextText());
            }
            next = xmlPullParser.next();
        }
    }
}
