package com.microsoft.scmx.network.protection;

import androidx.compose.ui.graphics.o0;
import androidx.compose.ui.graphics.p0;
import com.microsoft.identity.common.java.crypto.key.KeyUtil;
import com.microsoft.scmx.libraries.diagnostics.log.MDLog;
import com.microsoft.scmx.libraries.diagnostics.telemetry.MDAppTelemetry;
import com.microsoft.scmx.libraries.sharedpref.SharedPrefManager;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.ConcurrentHashMap;
import kotlin.Pair;
import kotlin.collections.y;

/* loaded from: classes2.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    public final LinkedHashSet f18917a = new LinkedHashSet();

    /* renamed from: b, reason: collision with root package name */
    public final rl.d f18918b;

    public a() {
        j();
        this.f18918b = new rl.d();
    }

    public static X509Certificate d(File file) {
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(file));
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        } catch (Exception e10) {
            MDLog.c("CACertDetectionHandler", "Exception while parsing cert. filePath:" + file.getAbsolutePath(), e10);
            return null;
        }
    }

    public static int e(com.microsoft.scmx.network.protection.model.b bVar, boolean z10) {
        int i10 = bVar.f19005b;
        if (i10 == 0 || i10 == 1) {
            return 2;
        }
        return (z10 && i10 != 2 && i10 == 3) ? 2 : 1;
    }

    public static boolean g(int i10, String str, X509Certificate x509Certificate, int i11, int i12, boolean z10) {
        com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30439e.J()), new nr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779")));
        boolean d10 = ak.k.b().d(new ak.a(a10.f19055e, a10.f19052b, str, a10.f19051a, com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1"), i11, i10, false, false), true);
        if (d10 && i10 == 2) {
            m(x509Certificate, a10.f19052b, a10.f19055e, a10.f19053c, a10.f19051a, i11, str, true, z10, i12);
        }
        return d10;
    }

    public static boolean h(com.microsoft.scmx.network.protection.utils.b bVar, com.microsoft.scmx.network.protection.utils.b bVar2) {
        String str;
        String str2 = bVar2.f19055e;
        return str2 == null || (str = bVar.f19055e) == null || (kotlin.jvm.internal.p.b(str, str2) && kotlin.jvm.internal.p.b(bVar.f19052b, bVar2.f19052b));
    }

    public static boolean i(X509Certificate x509Certificate) {
        return h(com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30439e.J()), new nr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779"))), com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30451y.J()), new nr.c(x509Certificate.getIssuerX500Principal().getName("RFC1779"))));
    }

    public static void k(int i10, String str) {
        kk.e eVar = new kk.e();
        boolean z10 = false;
        if (SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && nl.a.B()) {
            z10 = true;
        }
        if (z10) {
            eVar.c(i10, "CertType");
            eVar.e("CertIdentifier", str);
        }
        nl.a.p();
        MDAppTelemetry.n(1, eVar, "SuspiciousCACertDeletion", true);
    }

    public static void l(String str, X509Certificate x509Certificate, int i10, int i11, boolean z10) {
        com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30439e.J()), new nr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779")));
        m(x509Certificate, a10.f19052b, a10.f19055e, a10.f19053c, a10.f19051a, i10, str, true, z10, i11);
    }

    public static void m(X509Certificate x509Certificate, String str, String str2, String str3, String str4, int i10, String str5, boolean z10, boolean z11, int i11) {
        boolean z12;
        boolean z13;
        if (!(nl.a.b() == 0)) {
            kk.e eVar = new kk.e();
            if (SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && nl.a.B()) {
                com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30451y.J()), new nr.c(x509Certificate.getIssuerX500Principal().getName("RFC1779")));
                Date notBefore = x509Certificate.getNotBefore();
                boolean b10 = eVar.b("ValidFrom");
                ConcurrentHashMap concurrentHashMap = eVar.f24109a;
                if (b10) {
                    if (notBefore == null) {
                        MDLog.b("Telemetry EventProperties", "Property value cannot be null");
                        z13 = false;
                    } else {
                        z13 = true;
                    }
                    if (z13) {
                        concurrentHashMap.put("ValidFrom", new kk.c());
                    }
                }
                Date notAfter = x509Certificate.getNotAfter();
                if (eVar.b("ValidTo")) {
                    if (notAfter == null) {
                        MDLog.b("Telemetry EventProperties", "Property value cannot be null");
                        z12 = false;
                    } else {
                        z12 = true;
                    }
                    if (z12) {
                        concurrentHashMap.put("ValidTo", new kk.c());
                    }
                }
                eVar.e("SubjectKeyIdentifier", str2);
                eVar.e("SubjectCommonName", str);
                eVar.e("SubjectOrganisationName", str4);
                eVar.e("SubjectOrganisationUnit", str3);
                String str6 = a10.f19055e;
                if (str6 == null) {
                    str6 = "";
                }
                eVar.e("IssuerKeyIdentifier", str6);
                eVar.e("IssuerCommonName", a10.f19052b);
                eVar.e("IssuerOrganisationName", a10.f19051a);
                eVar.e("IssuerOrganisationUnit", a10.f19053c);
                eVar.e("Sha1Thumbprint", com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1"));
                eVar.e("Sha256Thumbprint", com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, KeyUtil.HMAC_KEY_HASH_ALGORITHM));
                eVar.e("CertIdentifier", str5);
                eVar.e("CaCertAllowedList", lj.a.d().c("DefenderAllowlistedCACertificates"));
            }
            eVar.f("PrivacyDataAllowed", SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && nl.a.B());
            eVar.f("IsCloudDetection", z10);
            eVar.f("IsSelfSigned", z11);
            if (i11 != -1) {
                eVar.c(i11, "CloudDetectionVerdict");
            }
            eVar.c(i10, "CertType");
            com.microsoft.scmx.network.protection.utils.h.b(eVar, false);
        }
        if (!(SharedPrefManager.getBoolean("network_protection", "euPrivacyConcentGiven", false) && nl.a.B())) {
            MDLog.a("SuspiciousCACert", "Suspecious CA detected");
            return;
        }
        MDLog.a("SuspiciousCACert", "Suspecious CA detected " + com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1"));
        MDLog.a("SuspiciousCACert", "Allowed Cert list ".concat(lj.a.d().c("DefenderAllowlistedCACertificates")));
    }

    public static void n() {
        MDLog.a("CACertDetectionHandler", "Updating Rogue CA model");
        List<ak.a> a10 = ak.k.b().a();
        kotlin.jvm.internal.p.f(a10, "getInstance().allSuspiciousCACerts");
        com.microsoft.scmx.network.protection.model.d dVar = com.microsoft.scmx.network.protection.model.d.f19012a;
        synchronized (dVar) {
            ArrayList arrayList = new ArrayList();
            if (!nl.a.f()) {
                Iterator<ak.a> it = a10.iterator();
                while (it.hasNext()) {
                    arrayList.add(new com.microsoft.scmx.network.protection.model.a(it.next()));
                }
            }
            dVar.h(arrayList);
            dVar.a();
        }
    }

    public final void a(File file, boolean z10) {
        MDLog.f("CACertDetectionHandler", "Detecting rogue Downloaded CA Cert. filePath:" + file.getAbsolutePath());
        X509Certificate d10 = d(file);
        if (d10 == null) {
            p0.a("Unable to convert file to X509Certificate. filePath:", file.getAbsolutePath(), "CACertDetectionHandler");
            return;
        }
        com.microsoft.scmx.network.protection.utils.b a10 = com.microsoft.scmx.network.protection.utils.c.a(d10.getExtensionValue(pr.l.f30439e.J()), new nr.c(d10.getSubjectX500Principal().getName("RFC1779")));
        if (h(a10, com.microsoft.scmx.network.protection.utils.c.a(d10.getExtensionValue(pr.l.f30451y.J()), new nr.c(d10.getIssuerX500Principal().getName("RFC1779"))))) {
            String c10 = com.microsoft.scmx.network.protection.utils.c.c(d10, "SHA1");
            if (c10 == null) {
                c10 = "None";
            }
            String str = c10;
            o0.a("Suspicious CA Cert is detected. FilePath: ", file.getAbsolutePath(), "CACertDetectionHandler");
            String str2 = a10.f19055e;
            String str3 = a10.f19052b;
            String str4 = a10.f19051a;
            String certIdentifier = file.getAbsolutePath();
            if (ak.k.b().d(new ak.a(str2, str3, certIdentifier, str4, str, 2, 2, false, false), false)) {
                MDLog.d("CACertDetectionHandler", "Added suspicious CA Cert to dB. CertType: 2, FilePath: " + file.getAbsolutePath());
                String str5 = a10.f19053c;
                kotlin.jvm.internal.p.f(certIdentifier, "certIdentifier");
                m(d10, str3, str2, str5, str4, 2, certIdentifier, false, true, -1);
            } else {
                MDLog.f("CACertDetectionHandler", "Failed to insert suspicious caCert. failureReason : already existing entry / DB exception. FilePath: " + file.getAbsolutePath());
            }
        }
        j();
        o(z10);
        MDLog.f("CACertDetectionHandler", "Completed Detecting rogue Downloaded CA Cert. filePath:" + file.getAbsolutePath());
    }

    public final void b(boolean z10) {
        ArrayList arrayList;
        if (!(mj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 2)) {
            KeyStore a10 = com.microsoft.scmx.network.protection.utils.d.f19056a.a();
            Enumeration<String> aliases = a10 != null ? a10.aliases() : null;
            if (aliases == null) {
                MDLog.b("CACertDetectionHandler", "KeyStore is null");
            } else {
                ArrayList arrayList2 = new ArrayList();
                HashMap hashMap = new HashMap();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    kotlin.jvm.internal.p.f(alias, "alias");
                    if (kotlin.text.n.t(alias, "user:", false)) {
                        Certificate certificate = a10.getCertificate(alias);
                        X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
                        if (x509Certificate != null) {
                            arrayList2.add(x509Certificate);
                            String c10 = com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1");
                            if (!(c10 == null || c10.length() == 0)) {
                                hashMap.put(c10, new Pair(alias, x509Certificate));
                            }
                        }
                    }
                }
                if (arrayList2.size() > 0) {
                    ArrayList f10 = f(arrayList2);
                    if (mj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 0) {
                        Iterator it = f10.iterator();
                        while (it.hasNext()) {
                            com.microsoft.scmx.network.protection.model.b bVar = (com.microsoft.scmx.network.protection.model.b) it.next();
                            Object obj = hashMap.get(bVar.f19004a);
                            kotlin.jvm.internal.p.d(obj);
                            Pair pair = (Pair) obj;
                            String str = (String) pair.getFirst();
                            X509Certificate x509Certificate2 = (X509Certificate) pair.getSecond();
                            boolean i10 = i(x509Certificate2);
                            if (e(bVar, i10) == 2 && ak.k.b().c(1, str).size() == 0) {
                                l(str, x509Certificate2, 1, bVar.f19005b, i10);
                            }
                        }
                    } else if (arrayList2.size() == f10.size()) {
                        ak.k b10 = ak.k.b();
                        b10.getClass();
                        try {
                            MDLog.d("CACertRepository", "Retrieving installed CACerts from RogueCACert table");
                            arrayList = b10.f316a.d();
                        } catch (Exception e10) {
                            MDLog.c("CACertRepository", "Retrieving installed CACerts from RogueCACert table failed with exception", e10);
                            arrayList = new ArrayList();
                        }
                        kotlin.jvm.internal.p.f(arrayList, "getInstance().installedCACerts");
                        Iterator it2 = f10.iterator();
                        while (it2.hasNext()) {
                            com.microsoft.scmx.network.protection.model.b bVar2 = (com.microsoft.scmx.network.protection.model.b) it2.next();
                            Object obj2 = hashMap.get(bVar2.f19004a);
                            kotlin.jvm.internal.p.d(obj2);
                            Pair pair2 = (Pair) obj2;
                            String str2 = (String) pair2.getFirst();
                            X509Certificate x509Certificate3 = (X509Certificate) pair2.getSecond();
                            boolean i11 = i(x509Certificate3);
                            int i12 = bVar2.f19005b;
                            if ((i12 == 0 || i12 == 1) || i11) {
                                y.U(arrayList, str2);
                                if (g(e(bVar2, i11), str2, x509Certificate3, 1, bVar2.f19005b, i11)) {
                                    MDLog.d("CACertDetectionHandler", "Added suspicious CA Cert to dB. CertType: 1, alias: " + str2);
                                } else {
                                    MDLog.f("CACertDetectionHandler", "Failed to insert suspicious caCert. failureReason : already existing entry / DB exception. Alias: " + str2);
                                }
                            }
                        }
                        ak.k b11 = ak.k.b();
                        b11.getClass();
                        try {
                            MDLog.d("CACertRepository", "Deleting CACerts.");
                            b11.f316a.e(arrayList);
                        } catch (Exception e11) {
                            MDLog.c("CACertRepository", "Deleting CACerts from RogueCACert table failed with exception", e11);
                        }
                    } else {
                        c(false);
                    }
                } else {
                    if (mj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 1) {
                        ak.k b12 = ak.k.b();
                        b12.getClass();
                        try {
                            MDLog.d("CACertRepository", "Deleting CACerts.");
                            b12.f316a.h();
                        } catch (Exception e12) {
                            MDLog.c("CACertRepository", "Deleting CACerts from RogueCACert table failed with exception", e12);
                        }
                    }
                }
                j();
                o(z10);
            }
        }
        if (mj.b.e(2, "NetworkProtection/detectionTechniques/cloudCertDetectionMode") == 1) {
            return;
        }
        c(z10);
    }

    public final void c(boolean z10) {
        ArrayList arrayList;
        KeyStore a10 = com.microsoft.scmx.network.protection.utils.d.f19056a.a();
        Enumeration<String> aliases = a10 != null ? a10.aliases() : null;
        if (aliases == null) {
            MDLog.b("CACertDetectionHandler", "KeyStore is null");
            return;
        }
        ak.k b10 = ak.k.b();
        b10.getClass();
        try {
            MDLog.d("CACertRepository", "Retrieving installed CACerts from RogueCACert table");
            arrayList = b10.f316a.d();
        } catch (Exception e10) {
            MDLog.c("CACertRepository", "Retrieving installed CACerts from RogueCACert table failed with exception", e10);
            arrayList = new ArrayList();
        }
        kotlin.jvm.internal.p.f(arrayList, "getInstance().installedCACerts");
        ArrayList arrayList2 = new ArrayList();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            kotlin.jvm.internal.p.f(alias, "alias");
            if (kotlin.text.n.t(alias, "user:", false)) {
                Certificate certificate = a10.getCertificate(alias);
                X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
                if (x509Certificate != null) {
                    com.microsoft.scmx.network.protection.utils.b a11 = com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30439e.J()), new nr.c(x509Certificate.getSubjectX500Principal().getName("RFC1779")));
                    if (h(a11, com.microsoft.scmx.network.protection.utils.c.a(x509Certificate.getExtensionValue(pr.l.f30451y.J()), new nr.c(x509Certificate.getIssuerX500Principal().getName("RFC1779"))))) {
                        String c10 = com.microsoft.scmx.network.protection.utils.c.c(x509Certificate, "SHA1");
                        if (c10 == null) {
                            c10 = "None";
                        }
                        arrayList2.add(alias);
                        String str = a11.f19055e;
                        String str2 = a11.f19052b;
                        String str3 = a11.f19051a;
                        X509Certificate x509Certificate2 = x509Certificate;
                        if (ak.k.b().d(new ak.a(str, str2, alias, str3, c10, 1, 2, false, false), false)) {
                            MDLog.d("CACertDetectionHandler", "Added suspicious CA Cert to dB. CertType: 1, alias: ".concat(alias));
                            m(x509Certificate2, str2, str, a11.f19053c, str3, 1, alias, false, true, -1);
                        } else {
                            MDLog.f("CACertDetectionHandler", "Failed to insert suspicious caCert. failureReason : already existing entry / DB exception. Alias: ".concat(alias));
                        }
                    }
                }
            }
        }
        List<String> V = y.V(arrayList, arrayList2);
        if (!V.isEmpty()) {
            MDLog.d("CACertDetectionHandler", "Deleting installed CACerts. certs: " + V);
            ak.k b11 = ak.k.b();
            b11.getClass();
            try {
                MDLog.d("CACertRepository", "Deleting CACerts.");
                b11.f316a.e(V);
            } catch (Exception e11) {
                MDLog.c("CACertRepository", "Deleting CACerts from RogueCACert table failed with exception", e11);
            }
            for (String certIdentifier : V) {
                kotlin.jvm.internal.p.f(certIdentifier, "certIdentifier");
                k(1, certIdentifier);
            }
        }
        j();
        o(z10);
    }

    /* JADX WARN: Code restructure failed: missing block: B:52:0x00df, code lost:
    
        if (r15.equals("") == false) goto L46;
     */
    /* JADX WARN: Removed duplicated region for block: B:10:0x0070  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x0092  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0175  */
    /* JADX WARN: Removed duplicated region for block: B:34:0x0184  */
    /* JADX WARN: Removed duplicated region for block: B:47:0x017c  */
    /* JADX WARN: Removed duplicated region for block: B:63:0x0077  */
    /* JADX WARN: Removed duplicated region for block: B:64:0x006d  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0068  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.ArrayList f(java.util.ArrayList r15) {
        /*
            Method dump skipped, instructions count: 561
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.scmx.network.protection.a.f(java.util.ArrayList):java.util.ArrayList");
    }

    public final void j() {
        String c10 = lj.a.d().c("DefenderAllowlistedCACertificates");
        LinkedHashSet linkedHashSet = this.f18917a;
        linkedHashSet.clear();
        for (String str : kotlin.text.p.P(c10, new String[]{","})) {
            if ((str.length() > 0) && !kotlin.jvm.internal.p.b(str, "NONE")) {
                StringBuilder sb2 = new StringBuilder();
                int length = str.length();
                for (int i10 = 0; i10 < length; i10++) {
                    char charAt = str.charAt(i10);
                    if (!kotlin.text.b.b(charAt)) {
                        sb2.append(charAt);
                    }
                }
                String sb3 = sb2.toString();
                kotlin.jvm.internal.p.f(sb3, "toString(...)");
                String lowerCase = sb3.toLowerCase(Locale.ROOT);
                kotlin.jvm.internal.p.f(lowerCase, "toLowerCase(...)");
                linkedHashSet.add(lowerCase);
            }
        }
    }

    public final void o(boolean z10) {
        List<ak.a> a10 = ak.k.b().a();
        kotlin.jvm.internal.p.f(a10, "getInstance().allSuspiciousCACerts");
        for (ak.a aVar : a10) {
            boolean contains = this.f18917a.contains(aVar.f302g);
            if (contains != aVar.f306k) {
                ak.k b10 = ak.k.b();
                long j10 = aVar.f296a;
                b10.getClass();
                try {
                    MDLog.d("CACertRepository", "Updating Self signed allow status in RogueCACert table. certId:" + j10 + " isAllowed:" + Boolean.toString(contains));
                    b10.f316a.g(contains, j10);
                } catch (Exception e10) {
                    MDLog.c("CACertRepository", "Updating Self signed allow status in RogueCACert table failed with exception", e10);
                }
            }
        }
        if (z10) {
            n();
        }
    }
}
