package com.android.org.conscrypt;

import android.compat.annotation.UnsupportedAppUsage;
import com.android.org.conscrypt.io.IoUtils;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/android/org/conscrypt/TrustedCertificateStore.class */
public class TrustedCertificateStore implements ConscryptCertStore {
    private static final String PREFIX_SYSTEM = "system:";
    private static final String PREFIX_USER = "user:";
    private static final CertificateFactory CERT_FACTORY;
    private final File systemDir;
    private final File addedDir;
    private final File deletedDir;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/org/conscrypt/TrustedCertificateStore$CertSelector.class */
    public interface CertSelector {
        boolean match(X509Certificate x509Certificate);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/android/org/conscrypt/TrustedCertificateStore$PreloadHolder.class */
    public static class PreloadHolder {
        private static File defaultCaCertsSystemDir;
        private static File defaultCaCertsAddedDir;
        private static File defaultCaCertsDeletedDir;

        private PreloadHolder() {
        }

        static {
            String str = System.getenv("ANDROID_ROOT");
            String str2 = System.getenv("ANDROID_DATA");
            defaultCaCertsSystemDir = new File(str + "/etc/security/cacerts");
            TrustedCertificateStore.setDefaultUserDirectory(new File(str2 + "/misc/keychain"));
        }
    }

    public static final boolean isSystem(String str) {
        return str.startsWith(PREFIX_SYSTEM);
    }

    public static final boolean isUser(String str) {
        return str.startsWith(PREFIX_USER);
    }

    public static void setDefaultUserDirectory(File file) {
        File unused = PreloadHolder.defaultCaCertsAddedDir = new File(file, "cacerts-added");
        File unused2 = PreloadHolder.defaultCaCertsDeletedDir = new File(file, "cacerts-removed");
    }

    @UnsupportedAppUsage
    public TrustedCertificateStore() {
        this(PreloadHolder.defaultCaCertsSystemDir, PreloadHolder.defaultCaCertsAddedDir, PreloadHolder.defaultCaCertsDeletedDir);
    }

    public TrustedCertificateStore(File file, File file2, File file3) {
        this.systemDir = file;
        this.addedDir = file2;
        this.deletedDir = file3;
    }

    public Certificate getCertificate(String str) {
        return getCertificate(str, false);
    }

    public Certificate getCertificate(String str, boolean z) {
        X509Certificate readCertificate;
        File fileForAlias = fileForAlias(str);
        if (fileForAlias == null) {
            return null;
        }
        if ((isUser(str) && isTombstone(fileForAlias)) || (readCertificate = readCertificate(fileForAlias)) == null) {
            return null;
        }
        if (isSystem(str) && !z && isDeletedSystemCertificate(readCertificate)) {
            return null;
        }
        return readCertificate;
    }

    private File fileForAlias(String str) {
        File file;
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        if (isSystem(str)) {
            file = new File(this.systemDir, str.substring(PREFIX_SYSTEM.length()));
        } else {
            if (!isUser(str)) {
                return null;
            }
            file = new File(this.addedDir, str.substring(PREFIX_USER.length()));
        }
        if (!file.exists() || isTombstone(file)) {
            return null;
        }
        return file;
    }

    private boolean isTombstone(File file) {
        return file.length() == 0;
    }

    private X509Certificate readCertificate(File file) {
        if (!file.isFile()) {
            return null;
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            X509Certificate x509Certificate = (X509Certificate) CERT_FACTORY.generateCertificate(bufferedInputStream);
            IoUtils.closeQuietly(bufferedInputStream);
            return x509Certificate;
        } catch (IOException e) {
            IoUtils.closeQuietly(bufferedInputStream);
            return null;
        } catch (CertificateException e2) {
            IoUtils.closeQuietly(bufferedInputStream);
            return null;
        } catch (Throwable th) {
            IoUtils.closeQuietly(bufferedInputStream);
            throw th;
        }
    }

    private void writeCertificate(File file, X509Certificate x509Certificate) throws IOException, CertificateException {
        File parentFile = file.getParentFile();
        parentFile.mkdirs();
        parentFile.setReadable(true, false);
        parentFile.setExecutable(true, false);
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(x509Certificate.getEncoded());
            IoUtils.closeQuietly(fileOutputStream);
            file.setReadable(true, false);
        } catch (Throwable th) {
            IoUtils.closeQuietly(fileOutputStream);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isDeletedSystemCertificate(X509Certificate x509Certificate) {
        return getCertificateFile(this.deletedDir, x509Certificate).exists();
    }

    public Date getCreationDate(String str) {
        File fileForAlias;
        if (!containsAlias(str) || (fileForAlias = fileForAlias(str)) == null) {
            return null;
        }
        long lastModified = fileForAlias.lastModified();
        if (lastModified == 0) {
            return null;
        }
        return new Date(lastModified);
    }

    public Set<String> aliases() {
        HashSet hashSet = new HashSet();
        addAliases(hashSet, PREFIX_USER, this.addedDir);
        addAliases(hashSet, PREFIX_SYSTEM, this.systemDir);
        return hashSet;
    }

    public Set<String> userAliases() {
        HashSet hashSet = new HashSet();
        addAliases(hashSet, PREFIX_USER, this.addedDir);
        return hashSet;
    }

    private void addAliases(Set<String> set, String str, File file) {
        String[] list = file.list();
        if (list == null) {
            return;
        }
        for (String str2 : list) {
            String str3 = str + str2;
            if (containsAlias(str3)) {
                set.add(str3);
            }
        }
    }

    public Set<String> allSystemAliases() {
        HashSet hashSet = new HashSet();
        String[] list = this.systemDir.list();
        if (list == null) {
            return hashSet;
        }
        for (String str : list) {
            String str2 = PREFIX_SYSTEM + str;
            if (containsAlias(str2, true)) {
                hashSet.add(str2);
            }
        }
        return hashSet;
    }

    public boolean containsAlias(String str) {
        return containsAlias(str, false);
    }

    private boolean containsAlias(String str, boolean z) {
        return getCertificate(str, z) != null;
    }

    public String getCertificateAlias(Certificate certificate) {
        return getCertificateAlias(certificate, false);
    }

    public String getCertificateAlias(Certificate certificate, boolean z) {
        if (certificate == null || !(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        File certificateFile = getCertificateFile(this.addedDir, x509Certificate);
        if (certificateFile.exists()) {
            return PREFIX_USER + certificateFile.getName();
        }
        if (!z && isDeletedSystemCertificate(x509Certificate)) {
            return null;
        }
        File certificateFile2 = getCertificateFile(this.systemDir, x509Certificate);
        if (certificateFile2.exists()) {
            return PREFIX_SYSTEM + certificateFile2.getName();
        }
        return null;
    }

    public boolean isUserAddedCertificate(X509Certificate x509Certificate) {
        return getCertificateFile(this.addedDir, x509Certificate).exists();
    }

    public File getCertificateFile(File file, final X509Certificate x509Certificate) {
        return (File) findCert(file, x509Certificate.getSubjectX500Principal(), new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.1
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                return x509Certificate2.equals(x509Certificate);
            }
        }, File.class);
    }

    @Override // com.android.org.conscrypt.ConscryptCertStore
    public X509Certificate getTrustAnchor(final X509Certificate x509Certificate) {
        CertSelector certSelector = new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.2
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                return x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey());
            }
        };
        X509Certificate x509Certificate2 = (X509Certificate) findCert(this.addedDir, x509Certificate.getSubjectX500Principal(), certSelector, X509Certificate.class);
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        X509Certificate x509Certificate3 = (X509Certificate) findCert(this.systemDir, x509Certificate.getSubjectX500Principal(), certSelector, X509Certificate.class);
        if (x509Certificate3 == null || isDeletedSystemCertificate(x509Certificate3)) {
            return null;
        }
        return x509Certificate3;
    }

    public X509Certificate findIssuer(final X509Certificate x509Certificate) {
        CertSelector certSelector = new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.3
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        };
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X509Certificate x509Certificate2 = (X509Certificate) findCert(this.addedDir, issuerX500Principal, certSelector, X509Certificate.class);
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        X509Certificate x509Certificate3 = (X509Certificate) findCert(this.systemDir, issuerX500Principal, certSelector, X509Certificate.class);
        if (x509Certificate3 == null || isDeletedSystemCertificate(x509Certificate3)) {
            return null;
        }
        return x509Certificate3;
    }

    @Override // com.android.org.conscrypt.ConscryptCertStore
    public Set<X509Certificate> findAllIssuers(final X509Certificate x509Certificate) {
        Set<X509Certificate> set = null;
        CertSelector certSelector = new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.4
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        };
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        Set<X509Certificate> findCertSet = findCertSet(this.addedDir, issuerX500Principal, certSelector);
        if (findCertSet != null) {
            set = findCertSet;
        }
        Set<X509Certificate> findCertSet2 = findCertSet(this.systemDir, issuerX500Principal, new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.5
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    if (TrustedCertificateStore.this.isDeletedSystemCertificate(x509Certificate2)) {
                        return false;
                    }
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        });
        if (findCertSet2 != null) {
            if (set != null) {
                set.addAll(findCertSet2);
            } else {
                set = findCertSet2;
            }
        }
        return set != null ? set : Collections.emptySet();
    }

    private static boolean isSelfIssuedCertificate(OpenSSLX509Certificate openSSLX509Certificate) {
        long context = openSSLX509Certificate.getContext();
        return NativeCrypto.X509_check_issued(context, openSSLX509Certificate, context, openSSLX509Certificate) == 0;
    }

    private static OpenSSLX509Certificate convertToOpenSSLIfNeeded(X509Certificate x509Certificate) throws CertificateException {
        if (x509Certificate == null) {
            return null;
        }
        if (x509Certificate instanceof OpenSSLX509Certificate) {
            return (OpenSSLX509Certificate) x509Certificate;
        }
        try {
            return OpenSSLX509Certificate.fromX509Der(x509Certificate.getEncoded());
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    @UnsupportedAppUsage
    public List<X509Certificate> getCertificateChain(X509Certificate x509Certificate) throws CertificateException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        OpenSSLX509Certificate convertToOpenSSLIfNeeded = convertToOpenSSLIfNeeded(x509Certificate);
        linkedHashSet.add(convertToOpenSSLIfNeeded);
        while (!isSelfIssuedCertificate(convertToOpenSSLIfNeeded)) {
            convertToOpenSSLIfNeeded = convertToOpenSSLIfNeeded(findIssuer(convertToOpenSSLIfNeeded));
            if (convertToOpenSSLIfNeeded == null || linkedHashSet.contains(convertToOpenSSLIfNeeded)) {
                break;
            }
            linkedHashSet.add(convertToOpenSSLIfNeeded);
        }
        return new ArrayList(linkedHashSet);
    }

    private Set<X509Certificate> findCertSet(File file, X500Principal x500Principal, CertSelector certSelector) {
        return (Set) findCert(file, x500Principal, certSelector, Set.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.security.cert.X509Certificate, T, java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v31, types: [java.util.Set] */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.util.HashSet] */
    /* JADX WARN: Type inference failed for: r0v5, types: [T, java.io.File] */
    /* JADX WARN: Type inference failed for: r5v0, types: [com.android.org.conscrypt.TrustedCertificateStore] */
    /* JADX WARN: Type inference failed for: r8v0, types: [com.android.org.conscrypt.TrustedCertificateStore$CertSelector] */
    private <T> T findCert(File file, X500Principal x500Principal, CertSelector certSelector, Class<T> cls) {
        ?? r0;
        T t = null;
        String hash = hash(x500Principal);
        int i = 0;
        while (true) {
            ?? r02 = (T) file(file, hash, i);
            if (!r02.isFile()) {
                if (cls == Boolean.class) {
                    return (T) Boolean.FALSE;
                }
                if (cls == File.class) {
                    return r02;
                }
                if (cls == Set.class) {
                    return t;
                }
                return null;
            }
            if (!isTombstone(r02) && (r0 = (T) readCertificate(r02)) != 0 && certSelector.match(r0)) {
                if (cls == X509Certificate.class) {
                    return r0;
                }
                if (cls == Boolean.class) {
                    return (T) Boolean.TRUE;
                }
                if (cls == File.class) {
                    return r02;
                }
                if (cls != Set.class) {
                    throw new AssertionError();
                }
                if (t == null) {
                    t = new HashSet();
                }
                t.add(r0);
            }
            i++;
        }
    }

    private String hash(X500Principal x500Principal) {
        return Hex.intToHexString(NativeCrypto.X509_NAME_hash_old(x500Principal), 8);
    }

    private File file(File file, String str, int i) {
        return new File(file, str + '.' + i);
    }

    public void installCertificate(X509Certificate x509Certificate) throws IOException, CertificateException {
        if (x509Certificate == null) {
            throw new NullPointerException("cert == null");
        }
        if (getCertificateFile(this.systemDir, x509Certificate).exists()) {
            File certificateFile = getCertificateFile(this.deletedDir, x509Certificate);
            if (certificateFile.exists() && !certificateFile.delete()) {
                throw new IOException("Could not remove " + certificateFile);
            }
            return;
        }
        File certificateFile2 = getCertificateFile(this.addedDir, x509Certificate);
        if (certificateFile2.exists()) {
            return;
        }
        writeCertificate(certificateFile2, x509Certificate);
    }

    public void deleteCertificateEntry(String str) throws IOException, CertificateException {
        File fileForAlias;
        if (str == null || (fileForAlias = fileForAlias(str)) == null) {
            return;
        }
        if (!isSystem(str)) {
            if (isUser(str)) {
                new FileOutputStream(fileForAlias).close();
                removeUnnecessaryTombstones(str);
                return;
            }
            return;
        }
        X509Certificate readCertificate = readCertificate(fileForAlias);
        if (readCertificate == null) {
            return;
        }
        File certificateFile = getCertificateFile(this.deletedDir, readCertificate);
        if (certificateFile.exists()) {
            return;
        }
        writeCertificate(certificateFile, readCertificate);
    }

    private void removeUnnecessaryTombstones(String str) throws IOException {
        if (!isUser(str)) {
            throw new AssertionError(str);
        }
        int lastIndexOf = str.lastIndexOf(46);
        if (lastIndexOf == -1) {
            throw new AssertionError(str);
        }
        String substring = str.substring(PREFIX_USER.length(), lastIndexOf);
        int parseInt = Integer.parseInt(str.substring(lastIndexOf + 1));
        if (file(this.addedDir, substring, parseInt + 1).exists()) {
            return;
        }
        while (parseInt >= 0) {
            File file = file(this.addedDir, substring, parseInt);
            if (!isTombstone(file)) {
                return;
            }
            if (!file.delete()) {
                throw new IOException("Could not remove " + file);
            }
            parseInt--;
        }
    }

    static {
        try {
            CERT_FACTORY = CertificateFactory.getInstance("X509");
        } catch (CertificateException e) {
            throw new AssertionError(e);
        }
    }
}
