package com.commonsware.cwac.netsecurity.config;

import com.commonsware.cwac.netsecurity.conscrypt.Hex;
import com.flurry.android.Constants;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
abstract class DirectoryCertificateSource implements CertificateSource {
    private final CertificateFactory mCertFactory;
    private Set<X509Certificate> mCertificates;
    private final File mDir;
    private final Object mLock = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface CertSelector {
        boolean match(X509Certificate x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DirectoryCertificateSource(File file) {
        this.mDir = file;
        try {
            this.mCertFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new RuntimeException("Failed to obtain X.509 CertificateFactory", e);
        }
    }

    private static int X509_NAME_hash(X500Principal x500Principal, String str) {
        try {
            byte[] digest = MessageDigest.getInstance(str).digest(x500Principal.getEncoded());
            return ((digest[3] & Constants.UNKNOWN) << 24) | ((digest[1] & Constants.UNKNOWN) << 8) | ((digest[0] & Constants.UNKNOWN) << 0) | ((digest[2] & Constants.UNKNOWN) << 16);
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public static int X509_NAME_hash_old(X500Principal x500Principal) {
        return X509_NAME_hash(x500Principal, "MD5");
    }

    private X509Certificate findCert(X500Principal x500Principal, CertSelector certSelector) {
        String hash = getHash(x500Principal);
        for (int i = 0; i >= 0; i++) {
            String str = hash + "." + i;
            if (!new File(this.mDir, str).exists()) {
                return null;
            }
            if (!isCertMarkedAsRemoved(str)) {
                X509Certificate readCertificate = readCertificate(str);
                if (x500Principal.equals(readCertificate.getSubjectX500Principal()) && certSelector.match(readCertificate)) {
                    return readCertificate;
                }
            }
        }
        return null;
    }

    private Set<X509Certificate> findCerts(X500Principal x500Principal, CertSelector certSelector) {
        String hash = getHash(x500Principal);
        HashSet hashSet = null;
        for (int i = 0; i >= 0; i++) {
            String str = hash + "." + i;
            if (!new File(this.mDir, str).exists()) {
                break;
            }
            if (!isCertMarkedAsRemoved(str)) {
                X509Certificate readCertificate = readCertificate(str);
                if (x500Principal.equals(readCertificate.getSubjectX500Principal()) && certSelector.match(readCertificate)) {
                    if (hashSet == null) {
                        hashSet = new HashSet();
                    }
                    hashSet.add(readCertificate);
                }
            }
        }
        return hashSet != null ? hashSet : Collections.emptySet();
    }

    private String getHash(X500Principal x500Principal) {
        return Hex.intToHexString(X509_NAME_hash_old(x500Principal), 8);
    }

    private X509Certificate readCertificate(String str) {
        BufferedInputStream bufferedInputStream;
        BufferedInputStream bufferedInputStream2 = null;
        try {
            bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(this.mDir, str)));
            try {
                X509Certificate x509Certificate = (X509Certificate) this.mCertFactory.generateCertificate(bufferedInputStream);
                try {
                    bufferedInputStream.close();
                } catch (RuntimeException e) {
                    throw e;
                } catch (Exception unused) {
                }
                return x509Certificate;
            } catch (IOException | CertificateException unused2) {
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (RuntimeException e2) {
                        throw e2;
                    } catch (Exception unused3) {
                    }
                }
                return null;
            } catch (Throwable th) {
                th = th;
                bufferedInputStream2 = bufferedInputStream;
                if (bufferedInputStream2 != null) {
                    try {
                        bufferedInputStream2.close();
                    } catch (RuntimeException e3) {
                        throw e3;
                    } catch (Exception unused4) {
                    }
                }
                throw th;
            }
        } catch (IOException | CertificateException unused5) {
            bufferedInputStream = null;
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public Set<X509Certificate> findAllByIssuerAndSignature(final X509Certificate x509Certificate) {
        return findCerts(x509Certificate.getIssuerX500Principal(), new CertSelector() { // from class: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.3
            @Override // com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception unused) {
                    return false;
                }
            }
        });
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public X509Certificate findByIssuerAndSignature(final X509Certificate x509Certificate) {
        return findCert(x509Certificate.getIssuerX500Principal(), new CertSelector() { // from class: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.2
            @Override // com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception unused) {
                    return false;
                }
            }
        });
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public X509Certificate findBySubjectAndPublicKey(final X509Certificate x509Certificate) {
        return findCert(x509Certificate.getSubjectX500Principal(), new CertSelector() { // from class: com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.1
            @Override // com.commonsware.cwac.netsecurity.config.DirectoryCertificateSource.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                return x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey());
            }
        });
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public Set<X509Certificate> getCertificates() {
        X509Certificate readCertificate;
        synchronized (this.mLock) {
            if (this.mCertificates != null) {
                return this.mCertificates;
            }
            HashSet hashSet = new HashSet();
            if (this.mDir.isDirectory()) {
                for (String str : this.mDir.list()) {
                    if (!isCertMarkedAsRemoved(str) && (readCertificate = readCertificate(str)) != null) {
                        hashSet.add(readCertificate);
                    }
                }
            }
            this.mCertificates = hashSet;
            return this.mCertificates;
        }
    }

    @Override // com.commonsware.cwac.netsecurity.config.CertificateSource
    public void handleTrustStorageUpdate() {
        synchronized (this.mLock) {
            this.mCertificates = null;
        }
    }

    protected abstract boolean isCertMarkedAsRemoved(String str);
}
