package com.adguard.filter.proxy.ssl;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CertificatePolicies;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.PolicyInformation;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.DSAKeyParameters;
import org.bouncycastle.crypto.params.ECKeyParameters;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.bc.BcContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcDSAContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcECContentVerifierProviderBuilder;
import org.bouncycastle.operator.bc.BcRSAContentVerifierProviderBuilder;

/* loaded from: classes.dex */
public class d {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.c f783a = org.slf4j.d.a((Class<?>) d.class);
    private static Map<X500Name, List<X509CertificateHolder>> b = null;
    private static final Map<String, Boolean> c = Collections.synchronizedMap(new LRUMap(100));

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    public static X509TrustManager a() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers != null) {
                for (TrustManager trustManager : trustManagers) {
                    if (trustManager instanceof X509TrustManager) {
                        return (X509TrustManager) trustManager;
                    }
                }
            }
            throw new GeneralSecurityException("Cannot get default trust manager");
        } catch (Exception e) {
            throw new GeneralSecurityException("Cannot get default trust manager", e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 4, instructions: 4 */
    private static X509CertificateHolder a(X509CertificateHolder x509CertificateHolder, Certificate certificate) {
        X500Name issuer = x509CertificateHolder.getIssuer();
        if (x509CertificateHolder.getSubject().equals(issuer)) {
            return null;
        }
        for (int i = 0; i < certificate.getLength(); i++) {
            org.bouncycastle.asn1.x509.Certificate certificateAt = certificate.getCertificateAt(i);
            if (certificateAt.getSubject().equals(issuer)) {
                return new X509CertificateHolder(certificateAt);
            }
        }
        return null;
    }

    /* JADX WARN: Unreachable blocks removed: 7, instructions: 7 */
    private static boolean a(List<X509CertificateHolder> list) {
        for (int i = 0; i < list.size() - 1; i++) {
            X509CertificateHolder x509CertificateHolder = list.get(i);
            if (!a(x509CertificateHolder, list.get(i + 1))) {
                f783a.debug("Certificate \"{}\" signature is invalid", x509CertificateHolder.getSubject());
                return false;
            }
            if (!a(x509CertificateHolder)) {
                f783a.debug("Certificate \"{}\" signature is SHA-1", x509CertificateHolder.getSubject());
                return false;
            }
            if (b(x509CertificateHolder)) {
                return true;
            }
        }
        X509CertificateHolder x509CertificateHolder2 = list.get(list.size() - 1);
        if (!a(x509CertificateHolder2)) {
            return false;
        }
        if (b(x509CertificateHolder2)) {
            return true;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Failed to validate specified certificate chain\n");
        for (int i2 = 0; i2 < list.size() - 1; i2++) {
            X509CertificateHolder x509CertificateHolder3 = list.get(i2);
            sb.append(i2 + 1);
            sb.append(": ");
            sb.append(x509CertificateHolder3.getSubject());
            sb.append("\n  ");
            sb.append(x509CertificateHolder3.getIssuer());
            sb.append(IOUtils.LINE_SEPARATOR_UNIX);
        }
        f783a.debug(sb.toString());
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    public static boolean a(org.bouncycastle.asn1.x509.Certificate certificate) {
        CertificatePolicies fromExtensions;
        Extensions extensions = certificate.getTBSCertificate().getExtensions();
        if (extensions == null || (fromExtensions = CertificatePolicies.fromExtensions(extensions)) == null) {
            return false;
        }
        PolicyInformation[] policyInformation = fromExtensions.getPolicyInformation();
        for (PolicyInformation policyInformation2 : policyInformation) {
            if (f.a(policyInformation2)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static boolean a(X509CertificateHolder x509CertificateHolder) {
        if (!PKCSObjectIdentifiers.sha1WithRSAEncryption.equals(x509CertificateHolder.getSignatureAlgorithm().getAlgorithm())) {
            return true;
        }
        f783a.debug("Certificate \"{}\" signature is SHA-1", x509CertificateHolder.getSubject());
        return false;
    }

    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private static boolean a(X509CertificateHolder x509CertificateHolder, X509CertificateHolder x509CertificateHolder2) {
        BcContentVerifierProviderBuilder bcECContentVerifierProviderBuilder;
        AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(x509CertificateHolder2.getSubjectPublicKeyInfo());
        if (createKey instanceof RSAKeyParameters) {
            bcECContentVerifierProviderBuilder = new BcRSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder());
        } else if (createKey instanceof DSAKeyParameters) {
            bcECContentVerifierProviderBuilder = new BcDSAContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder());
        } else {
            if (!(createKey instanceof ECKeyParameters)) {
                StringBuilder sb = new StringBuilder();
                sb.append("Cannot find content verifier for ");
                sb.append(createKey.getClass().getName());
                sb.append(" ").append(x509CertificateHolder.getSubject());
                throw new GeneralSecurityException(sb.toString());
            }
            bcECContentVerifierProviderBuilder = new BcECContentVerifierProviderBuilder(new DefaultDigestAlgorithmIdentifierFinder());
        }
        return x509CertificateHolder.isSignatureValid(bcECContentVerifierProviderBuilder.build(createKey));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Removed duplicated region for block: B:27:0x0078  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00a4  */
    /* JADX WARN: Unreachable blocks removed: 9, instructions: 9 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean a(org.bouncycastle.crypto.tls.Certificate r9) {
        /*
            Method dump skipped, instructions count: 323
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.adguard.filter.proxy.ssl.d.a(org.bouncycastle.crypto.tls.Certificate):boolean");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static void b() {
        c.clear();
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static boolean b(X509CertificateHolder x509CertificateHolder) {
        List<X509CertificateHolder> list = c().get(x509CertificateHolder.getIssuer());
        if (CollectionUtils.isNotEmpty(list)) {
            for (X509CertificateHolder x509CertificateHolder2 : list) {
                if (a(x509CertificateHolder, x509CertificateHolder2)) {
                    f783a.debug("Found trusted authority \"{}\" for \"{}\"", x509CertificateHolder2.getSubject(), x509CertificateHolder.getSubject());
                    return true;
                }
            }
        }
        return false;
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private static synchronized Map<X500Name, List<X509CertificateHolder>> c() {
        Map<X500Name, List<X509CertificateHolder>> map;
        synchronized (d.class) {
            if (b == null) {
                HashMap hashMap = new HashMap();
                f783a.info("Loading trusted authorities");
                X509Certificate[] acceptedIssuers = a().getAcceptedIssuers();
                f783a.info("Loaded {} trusted authorities from the default TrustManager", Integer.valueOf(acceptedIssuers.length));
                Date date = new Date();
                for (X509Certificate x509Certificate : acceptedIssuers) {
                    X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(org.bouncycastle.asn1.x509.Certificate.getInstance(x509Certificate.getEncoded()));
                    if (x509CertificateHolder.isValidOn(date)) {
                        List list = (List) hashMap.get(x509CertificateHolder.getSubject());
                        if (list == null) {
                            list = new ArrayList();
                            hashMap.put(x509CertificateHolder.getSubject(), list);
                        }
                        list.add(x509CertificateHolder);
                        f783a.debug("Added trusted authority \"{}\"", x509CertificateHolder.getSubject());
                    }
                }
                b = hashMap;
            }
            map = b;
        }
        return map;
    }
}
