package cz.seznam.tv.certificate;

import android.content.Context;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.ref.WeakReference;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.OkHttpClient;

/* compiled from: TrustCaManager.kt */
@Metadata(d1 = {"\u0000h\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0015\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0010\u0011\n\u0000\n\u0002\u0010\u000e\n\u0002\b\b\n\u0002\u0010\b\n\u0002\b\u0004\b\u0007\u0018\u0000 <2\u00020\u0001:\u0001<B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u000e\u0010)\u001a\u00020*2\u0006\u0010+\u001a\u00020(J'\u0010,\u001a\u00020*2\u000e\u0010-\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010(0.2\b\u0010/\u001a\u0004\u0018\u000100H\u0016¢\u0006\u0002\u00101J'\u00102\u001a\u00020*2\u000e\u0010-\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010(0.2\b\u0010/\u001a\u0004\u0018\u000100H\u0016¢\u0006\u0002\u00101J\u0010\u00103\u001a\u00020\u001b2\u0006\u00104\u001a\u00020\u0000H\u0002J\u0015\u00105\u001a\n\u0012\u0004\u0012\u00020(\u0018\u00010.H\u0016¢\u0006\u0002\u00106J\u001a\u00107\u001a\u0004\u0018\u00010(2\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u00108\u001a\u000209H\u0002J\u0012\u0010:\u001a\u0004\u0018\u00010\u00152\u0006\u00104\u001a\u00020\u0000H\u0002J\u0010\u0010;\u001a\u00020*2\u0006\u0010\u0014\u001a\u00020\u0015H\u0002R(\u0010\u0007\u001a\u0010\u0012\f\u0012\n \t*\u0004\u0018\u00010\u00030\u00030\bX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\u000b\"\u0004\b\f\u0010\rR\u001a\u0010\u000e\u001a\u00020\u000fX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0010\u0010\u0011\"\u0004\b\u0012\u0010\u0013R\u001c\u0010\u0014\u001a\u0004\u0018\u00010\u0015X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0016\u0010\u0017\"\u0004\b\u0018\u0010\u0019R\u001c\u0010\u001a\u001a\u0004\u0018\u00010\u001bX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u001c\u0010\u001d\"\u0004\b\u001e\u0010\u001fR\u001b\u0010 \u001a\u00020!8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b$\u0010%\u001a\u0004\b\"\u0010#R\u0016\u0010&\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010(0'X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006="}, d2 = {"Lcz/seznam/tv/certificate/TrustCaManager;", "Ljavax/net/ssl/X509TrustManager;", "context", "Landroid/content/Context;", "rawcerts", "", "(Landroid/content/Context;[I)V", "contextRef", "Ljava/lang/ref/WeakReference;", "kotlin.jvm.PlatformType", "getContextRef", "()Ljava/lang/ref/WeakReference;", "setContextRef", "(Ljava/lang/ref/WeakReference;)V", "keyManagerFactory", "Ljavax/net/ssl/KeyManagerFactory;", "getKeyManagerFactory", "()Ljavax/net/ssl/KeyManagerFactory;", "setKeyManagerFactory", "(Ljavax/net/ssl/KeyManagerFactory;)V", "keyStore", "Ljava/security/KeyStore;", "getKeyStore", "()Ljava/security/KeyStore;", "setKeyStore", "(Ljava/security/KeyStore;)V", "sslContext", "Ljavax/net/ssl/SSLContext;", "getSslContext", "()Ljavax/net/ssl/SSLContext;", "setSslContext", "(Ljavax/net/ssl/SSLContext;)V", "trustManagerFactory", "Ljavax/net/ssl/TrustManagerFactory;", "getTrustManagerFactory", "()Ljavax/net/ssl/TrustManagerFactory;", "trustManagerFactory$delegate", "Lkotlin/Lazy;", "trustedIssuers", "", "Ljava/security/cert/X509Certificate;", "addValidCertificateToKeyStore", "", "cert", "checkClientTrusted", "c", "", "authType", "", "([Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "checkServerTrusted", "createSslContext", "trustCaManager", "getAcceptedIssuers", "()[Ljava/security/cert/X509Certificate;", "readCert", "certResourceId", "", "readKeyStore", "saveKeyStore", "Companion", "app_prodRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class TrustCaManager implements X509TrustManager {

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final String SERVER_CERTIFICATE_STORE = "ServerKeyStore.keystore";
    private static final String SERVER_KS_PASSWORD = "keystore_pass";
    private static X509TrustManager originalTrustManager;
    private WeakReference<Context> contextRef;
    private KeyManagerFactory keyManagerFactory;
    private KeyStore keyStore;
    private SSLContext sslContext;

    /* renamed from: trustManagerFactory$delegate, reason: from kotlin metadata */
    private final Lazy trustManagerFactory;
    private List<X509Certificate> trustedIssuers;

    /* compiled from: TrustCaManager.kt */
    @Metadata(d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0015\n\u0002\u0010\b\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001e\u0010\f\u001a\u00020\r*\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000f2\n\u0010\u0010\u001a\u00020\u0011\"\u00020\u0012J\u001e\u0010\u0013\u001a\u00020\u0014*\u00020\u00142\u0006\u0010\u000e\u001a\u00020\u000f2\n\u0010\u0010\u001a\u00020\u0011\"\u00020\u0012J\u0012\u0010\u0015\u001a\u00020\u0014*\u00020\u00142\u0006\u0010\u0016\u001a\u00020\u0017R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u001c\u0010\u0006\u001a\u0004\u0018\u00010\u0007X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\b\u0010\t\"\u0004\b\n\u0010\u000b¨\u0006\u0018"}, d2 = {"Lcz/seznam/tv/certificate/TrustCaManager$Companion;", "", "()V", "SERVER_CERTIFICATE_STORE", "", "SERVER_KS_PASSWORD", "originalTrustManager", "Ljavax/net/ssl/X509TrustManager;", "getOriginalTrustManager", "()Ljavax/net/ssl/X509TrustManager;", "setOriginalTrustManager", "(Ljavax/net/ssl/X509TrustManager;)V", "acceptCertificate", "Lokhttp3/OkHttpClient;", "context", "Landroid/content/Context;", "rawcerts", "", "", "withCertificate", "Lokhttp3/OkHttpClient$Builder;", "withTrustCaManager", "trustManager", "Lcz/seznam/tv/certificate/TrustCaManager;", "app_prodRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final OkHttpClient acceptCertificate(OkHttpClient okHttpClient, Context context, int... rawcerts) {
            Intrinsics.checkNotNullParameter(okHttpClient, "<this>");
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(rawcerts, "rawcerts");
            return withCertificate(okHttpClient.newBuilder(), context, Arrays.copyOf(rawcerts, rawcerts.length)).build();
        }

        public final X509TrustManager getOriginalTrustManager() {
            return TrustCaManager.originalTrustManager;
        }

        public final void setOriginalTrustManager(X509TrustManager x509TrustManager) {
            TrustCaManager.originalTrustManager = x509TrustManager;
        }

        public final OkHttpClient.Builder withCertificate(OkHttpClient.Builder builder, Context context, int... rawcerts) {
            SSLSocketFactory socketFactory;
            Intrinsics.checkNotNullParameter(builder, "<this>");
            Intrinsics.checkNotNullParameter(context, "context");
            Intrinsics.checkNotNullParameter(rawcerts, "rawcerts");
            TrustCaManager trustCaManager = new TrustCaManager(context, rawcerts);
            SSLContext sslContext = trustCaManager.getSslContext();
            if (sslContext != null && (socketFactory = sslContext.getSocketFactory()) != null) {
                builder.sslSocketFactory(socketFactory, trustCaManager);
            }
            return builder;
        }

        public final OkHttpClient.Builder withTrustCaManager(OkHttpClient.Builder builder, TrustCaManager trustManager) {
            SSLSocketFactory socketFactory;
            Intrinsics.checkNotNullParameter(builder, "<this>");
            Intrinsics.checkNotNullParameter(trustManager, "trustManager");
            SSLContext sslContext = trustManager.getSslContext();
            if (sslContext != null && (socketFactory = sslContext.getSocketFactory()) != null) {
                builder.sslSocketFactory(socketFactory, trustManager);
            }
            return builder;
        }
    }

    static {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        Intrinsics.checkNotNullExpressionValue(trustManagers, "getTrustManagers(...)");
        TrustManager trustManager = trustManagers[0];
        Intrinsics.checkNotNull(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        originalTrustManager = (X509TrustManager) trustManager;
    }

    public TrustCaManager(Context context, int[] rawcerts) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(rawcerts, "rawcerts");
        ArrayList arrayList = new ArrayList(rawcerts.length);
        for (int i : rawcerts) {
            arrayList.add(readCert(context, i));
        }
        this.trustedIssuers = CollectionsKt.toMutableList((Collection) arrayList);
        this.contextRef = new WeakReference<>(context.getApplicationContext());
        this.keyStore = readKeyStore(this);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        Intrinsics.checkNotNullExpressionValue(keyManagerFactory, "getInstance(...)");
        KeyStore keyStore = this.keyStore;
        char[] charArray = SERVER_KS_PASSWORD.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
        keyManagerFactory.init(keyStore, charArray);
        this.keyManagerFactory = keyManagerFactory;
        this.sslContext = createSslContext(this);
        this.trustManagerFactory = LazyKt.lazy(new Function0<TrustManagerFactory>() { // from class: cz.seznam.tv.certificate.TrustCaManager$trustManagerFactory$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final TrustManagerFactory invoke() {
                KeyStore readKeyStore;
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
                TrustCaManager trustCaManager = TrustCaManager.this;
                readKeyStore = trustCaManager.readKeyStore(trustCaManager);
                trustManagerFactory.init(readKeyStore);
                return trustManagerFactory;
            }
        });
    }

    private final SSLContext createSslContext(TrustCaManager trustCaManager) {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(trustCaManager.keyManagerFactory.getKeyManagers(), new TrustCaManager[]{trustCaManager}, new SecureRandom());
        Intrinsics.checkNotNull(sSLContext);
        return sSLContext;
    }

    private final TrustManagerFactory getTrustManagerFactory() {
        Object value = this.trustManagerFactory.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "getValue(...)");
        return (TrustManagerFactory) value;
    }

    private final X509Certificate readCert(Context context, int certResourceId) throws CertificateException, IOException {
        InputStream openRawResource = context.getResources().openRawResource(certResourceId);
        Intrinsics.checkNotNullExpressionValue(openRawResource, "openRawResource(...)");
        InputStream inputStream = openRawResource;
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            CloseableKt.closeFinally(inputStream, null);
            Intrinsics.checkNotNullExpressionValue(generateCertificate, "use(...)");
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        } catch (Throwable th) {
            try {
                throw th;
            } catch (Throwable th2) {
                CloseableKt.closeFinally(inputStream, th);
                throw th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final KeyStore readKeyStore(TrustCaManager trustCaManager) {
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
        Context context = this.contextRef.get();
        if (context != null) {
            try {
                FileInputStream openFileInput = context.openFileInput(SERVER_CERTIFICATE_STORE);
                Intrinsics.checkNotNullExpressionValue(openFileInput, "openFileInput(...)");
                char[] charArray = SERVER_KS_PASSWORD.toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
                keyStore2.load(openFileInput, charArray);
                for (TrustAnchor trustAnchor : new PKIXParameters(keyStore2).getTrustAnchors()) {
                    Intrinsics.checkNotNull(trustAnchor, "null cannot be cast to non-null type java.security.cert.TrustAnchor");
                    this.trustedIssuers.add(trustAnchor.getTrustedCert());
                }
            } catch (Exception unused) {
                keyStore2.load(null, null);
                for (X509Certificate x509Certificate : CollectionsKt.filterNotNull(this.trustedIssuers)) {
                    keyStore2.setCertificateEntry(String.valueOf(x509Certificate.hashCode()), x509Certificate);
                }
                Intrinsics.checkNotNull(keyStore2);
                saveKeyStore(keyStore2);
            }
        }
        return keyStore2;
    }

    private final void saveKeyStore(KeyStore keyStore) {
        Context context = this.contextRef.get();
        if (context != null) {
            FileOutputStream openFileOutput = context.openFileOutput(SERVER_CERTIFICATE_STORE, 0);
            Intrinsics.checkNotNullExpressionValue(openFileOutput, "openFileOutput(...)");
            char[] charArray = SERVER_KS_PASSWORD.toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray, "toCharArray(...)");
            keyStore.store(openFileOutput, charArray);
            openFileOutput.close();
        }
    }

    public final void addValidCertificateToKeyStore(X509Certificate cert) {
        Intrinsics.checkNotNullParameter(cert, "cert");
        KeyStore keyStore = this.keyStore;
        if (keyStore != null) {
            this.trustedIssuers.add(cert);
            keyStore.setCertificateEntry(String.valueOf(cert.hashCode()), cert);
            saveKeyStore(keyStore);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] c, String authType) {
        CertificateException certificateException;
        Intrinsics.checkNotNullParameter(c, "c");
        boolean z = true;
        try {
            X509TrustManager x509TrustManager = originalTrustManager;
            if (x509TrustManager != null) {
                x509TrustManager.checkClientTrusted(c, authType);
            }
            certificateException = null;
        } catch (CertificateException e) {
            e = e;
            TrustManager[] trustManagers = getTrustManagerFactory().getTrustManagers();
            boolean z2 = false;
            if (trustManagers != null) {
                ArrayList arrayList = new ArrayList();
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        arrayList.add(trustManager);
                    }
                }
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    try {
                        ((X509TrustManager) it.next()).checkClientTrusted(c, authType);
                        z2 = true;
                    } catch (CertificateException e2) {
                        e = e2;
                    }
                }
            }
            certificateException = e;
            z = z2;
        }
        if (certificateException != null && !z) {
            throw certificateException;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] c, String authType) {
        Intrinsics.checkNotNullParameter(c, "c");
        boolean z = true;
        CertificateException e = null;
        try {
            X509TrustManager x509TrustManager = originalTrustManager;
            if (x509TrustManager != null) {
                x509TrustManager.checkServerTrusted(c, authType);
            }
        } catch (CertificateException unused) {
            TrustManager[] trustManagers = getTrustManagerFactory().getTrustManagers();
            boolean z2 = false;
            if (trustManagers != null) {
                ArrayList arrayList = new ArrayList();
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        arrayList.add(trustManager);
                    }
                }
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    try {
                        ((X509TrustManager) it.next()).checkServerTrusted(c, authType);
                        z2 = true;
                    } catch (CertificateException e2) {
                        e = e2;
                    }
                }
            }
            z = z2;
        }
        if (e != null && !z) {
            throw e;
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = originalTrustManager;
        X509Certificate[] acceptedIssuers = x509TrustManager != null ? x509TrustManager.getAcceptedIssuers() : null;
        if (acceptedIssuers == null) {
            acceptedIssuers = new X509Certificate[0];
        }
        return (X509Certificate[]) CollectionsKt.union(CollectionsKt.filterNotNull(this.trustedIssuers), ArraysKt.toList(acceptedIssuers)).toArray(new X509Certificate[0]);
    }

    public final WeakReference<Context> getContextRef() {
        return this.contextRef;
    }

    public final KeyManagerFactory getKeyManagerFactory() {
        return this.keyManagerFactory;
    }

    public final KeyStore getKeyStore() {
        return this.keyStore;
    }

    public final SSLContext getSslContext() {
        return this.sslContext;
    }

    public final void setContextRef(WeakReference<Context> weakReference) {
        Intrinsics.checkNotNullParameter(weakReference, "<set-?>");
        this.contextRef = weakReference;
    }

    public final void setKeyManagerFactory(KeyManagerFactory keyManagerFactory) {
        Intrinsics.checkNotNullParameter(keyManagerFactory, "<set-?>");
        this.keyManagerFactory = keyManagerFactory;
    }

    public final void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    public final void setSslContext(SSLContext sSLContext) {
        this.sslContext = sSLContext;
    }
}
