package com.assaabloy.stg.cliq.go.android.backend;

import android.content.res.AssetManager;
import com.assaabloy.stg.cliq.android.common.util.log.Logger;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.OkHttpClient;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.Transformer;
import org.apache.commons.lang3.Validate;

/* loaded from: classes.dex */
public abstract class AbstractSslCertificateHandler {
    public static final String TAG = "AbstractSslCertificateHandler";
    private final Logger logger = new Logger(this, TAG);

    /* loaded from: classes.dex */
    public static class SslCertificateHandlingException extends RuntimeException {
        SslCertificateHandlingException(String str) {
            super(str);
        }

        public SslCertificateHandlingException(String str, Throwable th) {
            super(str, th);
        }
    }

    private void addCertificatesToKeyStore(KeyStore keyStore, Iterable<X509Certificate> iterable) {
        String str;
        for (X509Certificate x509Certificate : iterable) {
            try {
                str = x509Certificate.getSubjectDN() + ":" + x509Certificate.hashCode();
            } catch (KeyStoreException e) {
                this.logger.error(String.format("Failed to add certificate [%s] to key store.", x509Certificate), e);
            }
            if (keyStore.containsAlias(str)) {
                throw new SslCertificateHandlingException(String.format("Error adding certificates to key store. The certificates have duplicate alias (=[%s])!", str));
                break;
            } else {
                this.logger.verbose(String.format("Added certificate (alias=[%s]) to key store.", str));
                keyStore.setCertificateEntry(str, x509Certificate);
            }
        }
    }

    private static List<String> addPrefix(String[] strArr, final String str) {
        ArrayList arrayList = new ArrayList(Arrays.asList(strArr));
        CollectionUtils.transform(arrayList, new Transformer<String, String>() { // from class: com.assaabloy.stg.cliq.go.android.backend.AbstractSslCertificateHandler.1
            @Override // org.apache.commons.collections4.Transformer
            public String transform(String str2) {
                return str + str2;
            }
        });
        return arrayList;
    }

    private static X509Certificate getCertificate(InputStream inputStream, String str) {
        try {
            return (X509Certificate) getCertificateFactory().generateCertificate(inputStream);
        } catch (ClassCastException e) {
            throw new SslCertificateHandlingException(String.format("Certificate was not a X509Certificate: [%s]", str), e);
        } catch (CertificateException e2) {
            throw new SslCertificateHandlingException(String.format("Error parsing CER file: [%s]", str), e2);
        }
    }

    private static CertificateFactory getCertificateFactory() {
        try {
            return CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new SslCertificateHandlingException("Error getting Certificate factory.", e);
        }
    }

    private static KeyStore getEmptyKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            load(keyStore);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SslCertificateHandlingException("Error getting KeyStore", e);
        }
    }

    private KeyStore getInitializedKeyStore(AssetManager assetManager) {
        KeyStore emptyKeyStore = getEmptyKeyStore();
        addCertificatesToKeyStore(emptyKeyStore, readCertificatesFromFiles(assetManager, getCertificateFileNamesFromAssetFolder(assetManager)));
        return emptyKeyStore;
    }

    private static TrustManagerFactory getTrustManagerFactory(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            init(trustManagerFactory, keyStore);
            return trustManagerFactory;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new SslCertificateHandlingException("Error getting TrustManagerFactory.", e);
        }
    }

    private static void init(TrustManagerFactory trustManagerFactory, KeyStore keyStore) throws KeyStoreException {
        trustManagerFactory.init(keyStore);
    }

    private static void load(KeyStore keyStore) throws IOException, NoSuchAlgorithmException, CertificateException {
        keyStore.load(null, null);
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x0066  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.X509Certificate readCertificateFromFile(android.content.res.AssetManager r13, java.lang.String r14) {
        /*
            r12 = this;
            r10 = 1
            r9 = 0
            java.io.BufferedInputStream r1 = new java.io.BufferedInputStream     // Catch: java.io.IOException -> L48
            java.io.InputStream r3 = r13.open(r14)     // Catch: java.io.IOException -> L48
            r1.<init>(r3)     // Catch: java.io.IOException -> L48
            r4 = 0
            java.security.cert.X509Certificate r0 = getCertificate(r1, r14)     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            com.assaabloy.stg.cliq.android.common.util.log.Logger r3 = r12.logger     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            java.lang.String r5 = "Successfully read cert from [%s]. (issuerDN=[%s], keyUsage=[%s], subjectDN=[%s])"
            r6 = 4
            java.lang.Object[] r6 = new java.lang.Object[r6]     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r7 = 0
            r6[r7] = r14     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r7 = 1
            java.security.Principal r8 = r0.getIssuerDN()     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r6[r7] = r8     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r7 = 2
            boolean[] r8 = r0.getKeyUsage()     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            java.lang.String r8 = java.util.Arrays.toString(r8)     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r6[r7] = r8     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r7 = 3
            java.security.Principal r8 = r0.getSubjectDN()     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r6[r7] = r8     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            java.lang.String r5 = java.lang.String.format(r5, r6)     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            r3.verbose(r5)     // Catch: java.lang.Throwable -> L5e java.lang.Throwable -> L75
            if (r1 == 0) goto L42
            if (r4 == 0) goto L5a
            r1.close()     // Catch: java.lang.Throwable -> L43 java.io.IOException -> L48
        L42:
            return r0
        L43:
            r3 = move-exception
            r4.addSuppressed(r3)     // Catch: java.io.IOException -> L48
            goto L42
        L48:
            r2 = move-exception
            com.assaabloy.stg.cliq.go.android.backend.AbstractSslCertificateHandler$SslCertificateHandlingException r3 = new com.assaabloy.stg.cliq.go.android.backend.AbstractSslCertificateHandler$SslCertificateHandlingException
            java.lang.String r4 = "Failed to read certificate file=[%s]"
            java.lang.Object[] r5 = new java.lang.Object[r10]
            r5[r9] = r14
            java.lang.String r4 = java.lang.String.format(r4, r5)
            r3.<init>(r4, r2)
            throw r3
        L5a:
            r1.close()     // Catch: java.io.IOException -> L48
            goto L42
        L5e:
            r3 = move-exception
            throw r3     // Catch: java.lang.Throwable -> L60
        L60:
            r4 = move-exception
            r11 = r4
            r4 = r3
            r3 = r11
        L64:
            if (r1 == 0) goto L6b
            if (r4 == 0) goto L71
            r1.close()     // Catch: java.io.IOException -> L48 java.lang.Throwable -> L6c
        L6b:
            throw r3     // Catch: java.io.IOException -> L48
        L6c:
            r5 = move-exception
            r4.addSuppressed(r5)     // Catch: java.io.IOException -> L48
            goto L6b
        L71:
            r1.close()     // Catch: java.io.IOException -> L48
            goto L6b
        L75:
            r3 = move-exception
            goto L64
        */
        throw new UnsupportedOperationException("Method not decompiled: com.assaabloy.stg.cliq.go.android.backend.AbstractSslCertificateHandler.readCertificateFromFile(android.content.res.AssetManager, java.lang.String):java.security.cert.X509Certificate");
    }

    private SSLContext sslContextForTrustedCertificates(KeyStore keyStore) {
        try {
            KeyManagerFactory keyManagerFactory = getKeyManagerFactory();
            TrustManagerFactory trustManagerFactory = getTrustManagerFactory(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
            return sSLContext;
        } catch (GeneralSecurityException e) {
            throw new SslCertificateHandlingException(e.getMessage(), e);
        }
    }

    public void addTrustedCas(OkHttpClient.Builder builder, AssetManager assetManager) {
        this.logger.debug(String.format("addTrustedCas(httpClientBuilder=[%s], assetManager=[%s])", builder, assetManager));
        Validate.notNull(assetManager);
        Validate.notNull(builder);
        SSLContext sslContextForTrustedCertificates = sslContextForTrustedCertificates(getInitializedKeyStore(assetManager));
        builder.hostnameVerifier(getHostnameVerifier());
        builder.sslSocketFactory(new Tls12EnablingSocketFactory(sslContextForTrustedCertificates.getSocketFactory()));
    }

    public List<String> getCertificateFileNamesFromAssetFolder(AssetManager assetManager) {
        this.logger.debug(String.format("getCertificateFileNamesFromAssetFolder(assetManager=[%s])", assetManager));
        String sslAssetDirectory = getSslAssetDirectory();
        try {
            String[] list = assetManager.list(sslAssetDirectory);
            if (list.length <= 0) {
                throw new SslCertificateHandlingException(String.format("Error getting Certificate names (no assets found; dir=[%s]).", sslAssetDirectory));
            }
            return addPrefix(list, sslAssetDirectory + "/");
        } catch (IOException e) {
            throw new SslCertificateHandlingException(String.format("Error getting Certificate names (dir=[%s]).", sslAssetDirectory), e);
        }
    }

    protected abstract HostnameVerifier getHostnameVerifier();

    protected abstract KeyManagerFactory getKeyManagerFactory();

    protected abstract String getSslAssetDirectory();

    public List<X509Certificate> readCertificatesFromFiles(AssetManager assetManager, Iterable<String> iterable) {
        this.logger.debug(String.format("readCertificatesFromFiles(assetManager=[%s], fileNames=[%s])", assetManager, iterable));
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = iterable.iterator();
        while (it.hasNext()) {
            arrayList.add(readCertificateFromFile(assetManager, it.next()));
        }
        if (arrayList.isEmpty()) {
            throw new SslCertificateHandlingException("Couldn't read any certificates.");
        }
        return arrayList;
    }
}
