package org.tigase.mobile.security;

import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.tigase.mobile.MessengerApplication;

/* loaded from: input_file:org/tigase/mobile/security/SecureTrustManagerFactory.class */
public class SecureTrustManagerFactory {
    private static final char[] DEFAULT_PASSWORD = "Tigase".toCharArray();
    private static SecureTrustManagerFactory instance;
    private static final String TAG = "SecureTrustManagerFactory";
    private X509TrustManager defaultTrustManager;
    private final TrustManagerFactory factory;
    private final KeyStore keyStore;
    private File keyStoreFile;

    /* loaded from: input_file:org/tigase/mobile/security/SecureTrustManagerFactory$DataCertificateException.class */
    public static class DataCertificateException extends CertificateException {
        private static final long serialVersionUID = 1;
        private X509Certificate[] chain;

        public DataCertificateException(CertificateException certificateException, X509Certificate[] x509CertificateArr, String str) {
            super(certificateException);
            this.chain = x509CertificateArr;
        }

        public X509Certificate[] getChain() {
            return this.chain;
        }

        public void setChain(X509Certificate[] x509CertificateArr) {
            this.chain = x509CertificateArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/tigase/mobile/security/SecureTrustManagerFactory$TrustManagerWrapper.class */
    public class TrustManagerWrapper implements X509TrustManager {
        private TrustManagerWrapper() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws DataCertificateException {
            try {
                SecureTrustManagerFactory.this.defaultTrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                throw new DataCertificateException(e, x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws DataCertificateException {
            try {
                SecureTrustManagerFactory.this.defaultTrustManager.checkServerTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                throw new DataCertificateException(e, x509CertificateArr, str);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return SecureTrustManagerFactory.this.defaultTrustManager.getAcceptedIssuers();
        }
    }

    public static void add(X509Certificate[] x509CertificateArr) {
        try {
            instance.addTrustKey(x509CertificateArr);
        } catch (Exception e) {
            Log.w(TAG, "Can't add keys", e);
        }
    }

    public static TrustManager[] getTrustManagers() {
        return instance == null ? new TrustManager[0] : instance.getManagers();
    }

    private SecureTrustManagerFactory() throws KeyStoreException, NoSuchAlgorithmException {
        String defaultType = KeyStore.getDefaultType();
        String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        Log.d(TAG, "Creating Factory with KeyStore type " + defaultType + " and TrustManagert algoritm  " + defaultAlgorithm);
        this.keyStore = KeyStore.getInstance(defaultType);
        this.factory = TrustManagerFactory.getInstance(defaultAlgorithm);
    }

    private void addTrustKey(X509Certificate[] x509CertificateArr) throws KeyStoreException {
        for (X509Certificate x509Certificate : x509CertificateArr) {
            this.keyStore.setCertificateEntry(x509Certificate.getSubjectDN().toString(), x509Certificate);
        }
        storeKeystore(this.keyStoreFile);
        this.factory.init(this.keyStore);
        for (TrustManager trustManager : this.factory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                this.defaultTrustManager = (X509TrustManager) trustManager;
                return;
            }
        }
    }

    private TrustManager[] getManagers() {
        if (this.defaultTrustManager != null) {
            Log.d(TAG, "Using wrapped TrustManager");
            return new TrustManager[]{new TrustManagerWrapper()};
        }
        Log.d(TAG, "Using system TrustManager");
        return this.factory.getTrustManagers();
    }

    private void init() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        loadKeystore(MessengerApplication.app.getResources().openRawResource(2131034113), (char[]) null);
        loadKeystore(System.getProperty("javax.net.ssl.trustStore"));
        this.keyStoreFile = new File(MessengerApplication.app.getDir("TrustStore", 0) + File.separator + "TrustStore.bks");
        loadKeystore(this.keyStoreFile, DEFAULT_PASSWORD);
        this.factory.init(this.keyStore);
        TrustManager[] trustManagers = this.factory.getTrustManagers();
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                this.defaultTrustManager = (X509TrustManager) trustManager;
                break;
            }
            i++;
        }
        Log.i(TAG, "Factory initialized! (known ca: " + this.keyStore.size() + ")");
    }

    private void loadKeystore(File file, char[] cArr) {
        try {
            Log.d(TAG, "Loading keystore from " + file);
            loadKeystore(new FileInputStream(file), cArr);
        } catch (Exception e) {
            Log.w(TAG, "Can't load keystore from file " + file);
        }
    }

    private void loadKeystore(InputStream inputStream, char[] cArr) {
        try {
            try {
                this.keyStore.load(inputStream, cArr);
                inputStream.close();
            } catch (Throwable th) {
                inputStream.close();
                throw th;
            }
        } catch (Exception e) {
            Log.w(TAG, "Can't load keystore from stream");
        }
    }

    private void loadKeystore(String str) {
        try {
            loadKeystore(new File(str), (char[]) null);
        } catch (NullPointerException e) {
            Log.w(TAG, "Can't load keystore from file " + str);
        }
    }

    private void storeKeystore(File file) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                this.keyStore.store(fileOutputStream, DEFAULT_PASSWORD);
                fileOutputStream.close();
            } catch (Throwable th) {
                fileOutputStream.close();
                throw th;
            }
        } catch (Exception e) {
            Log.w(TAG, "Can't store keystore to file " + file);
        }
    }

    static {
        try {
            instance = new SecureTrustManagerFactory();
            instance.init();
        } catch (Exception e) {
            Log.e(TAG, "Can't initialize TrustManagerFactory!", e);
        }
    }
}
