package com.baramundi.dpc.controller.http;

import android.content.Context;
import androidx.preference.PreferenceManager;
import com.baramundi.dpc.R;
import com.baramundi.dpc.common.FileUtil;
import com.baramundi.dpc.common.SharedPrefKeys;
import com.baramundi.dpc.persistence.databases.CertificateWithPWDatabase;
import com.baramundi.dpc.persistence.entities.CertificateWithPW;
import com.baramundi.dpc.util.X509Utils;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import org.tinylog.Logger;

/* loaded from: classes.dex */
public class HTTPClientFactory {
    private Context mContext;

    public HTTPClientFactory(Context context) {
        this.mContext = context;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkAgainstInstalledCAs(X509Certificate[] x509CertificateArr) {
        List<CertificateWithPW> allTrustedCAs = CertificateWithPWDatabase.getInstance(this.mContext).certificateWithPWDao().getAllTrustedCAs();
        Logger.debug("Trying to load certificates from DB");
        Iterator<CertificateWithPW> it = allTrustedCAs.iterator();
        while (it.hasNext()) {
            try {
                X509Certificate certificate = X509Utils.getCertificate(it.next().getCertificate());
                Logger.debug("Finished loading cert from db. Issuer is " + certificate.getIssuerDN().getName());
                x509CertificateArr[0].verify(certificate.getPublicKey());
                Logger.info("Certificate from DB successfully verified");
                saveThumbprintForInfoPage(certificate);
                return true;
            } catch (Exception unused) {
                Logger.debug("Certificate mismatch");
            }
        }
        Logger.error("None of the installed CAs did match the given server certificate.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkAgainstServerCAFile(X509Certificate[] x509CertificateArr) {
        InputStream readStreamFromFile;
        FileUtil fileUtil = new FileUtil(this.mContext);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Logger.debug("Trying to load serverCert.cer (Server-CA file)");
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileUtil.readStreamFromFile("serverCert.cer"));
            Logger.debug("Finished loading serverCert.cer (Server-CA file). Issuer is " + x509Certificate.getIssuerDN().getName());
            x509CertificateArr[0].verify(x509Certificate.getPublicKey());
            Logger.info("Certificate successfully verified with the serverCert.cer (Server-CA file)");
            saveThumbprintForInfoPage(x509Certificate);
            return true;
        } catch (Exception e) {
            Logger.error("Certificate verification with serverCert.cer (Server-CA file) failed: " + e.getMessage());
            try {
                if (!fileUtil.fileExists("rolloverServerCert.cer") || (readStreamFromFile = fileUtil.readStreamFromFile("rolloverServerCert.cer")) == null) {
                    return false;
                }
                Logger.debug("Trying to verify the communication with the rollover CA");
                X509Certificate x509Certificate2 = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(readStreamFromFile);
                x509CertificateArr[0].verify(x509Certificate2.getPublicKey());
                saveThumbprintForInfoPage(x509Certificate2);
                return true;
            } catch (Exception e2) {
                Logger.error("Certificate verification with rolloverServerCert.cer failed: " + e2.getMessage());
                return false;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkAgainstSystemStore(X509Certificate[] x509CertificateArr) {
        Logger.debug("Trying to verify the certificate using the system store");
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            ((X509TrustManager) trustManagerFactory.getTrustManagers()[0]).checkServerTrusted(x509CertificateArr, "RSA");
            Logger.info("Certificate successfully verified with the system store");
            return true;
        } catch (Exception unused) {
            Logger.error("Server certificate did not match any certificate in the system store");
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getThumbPrint(X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            return hexify(messageDigest.digest());
        } catch (Exception unused) {
            return null;
        }
    }

    private String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(cArr[(b & 240) >> 4]);
            sb.append(cArr[b & 15]);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$getDefaultClient$0(String str, SSLSession sSLSession) {
        Logger.info("Hostname '{}'", str);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ boolean lambda$getEnrollmentClient$1(String str, SSLSession sSLSession) {
        Logger.info("Hostname '{}'", str);
        return true;
    }

    private void saveThumbprintForInfoPage(X509Certificate x509Certificate) {
        PreferenceManager.getDefaultSharedPreferences(this.mContext).edit().putString(SharedPrefKeys.SERVER_CA_THUMBPRINT, X509Utils.getCertificateSHA1Fingerprint(x509Certificate)).apply();
    }

    public OkHttpClient getDefaultClient() {
        Logger.info("Creating new OKHTTP Default Client");
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.hostnameVerifier(new HostnameVerifier() { // from class: com.baramundi.dpc.controller.http.HTTPClientFactory$$ExternalSyntheticLambda1
            @Override // javax.net.ssl.HostnameVerifier
            public final boolean verify(String str, SSLSession sSLSession) {
                boolean lambda$getDefaultClient$0;
                lambda$getDefaultClient$0 = HTTPClientFactory.lambda$getDefaultClient$0(str, sSLSession);
                return lambda$getDefaultClient$0;
            }
        });
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.baramundi.dpc.controller.http.HTTPClientFactory.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException("All incoming client certificate communication is untrusted.");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                Logger.debug("checkServerTrusted()");
                if (!(HTTPClientFactory.this.checkAgainstServerCAFile(x509CertificateArr) || HTTPClientFactory.this.checkAgainstInstalledCAs(x509CertificateArr) || HTTPClientFactory.this.checkAgainstSystemStore(x509CertificateArr))) {
                    throw new CertificateException("Certificate validation failed.");
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            try {
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerArr[0]);
                TimeUnit timeUnit = TimeUnit.SECONDS;
                builder.readTimeout(60L, timeUnit);
                builder.writeTimeout(60L, timeUnit);
                return builder.build();
            } catch (KeyManagementException e) {
                throw new IllegalStateException("Cannot instantiate SSL Context", e);
            }
        } catch (NoSuchAlgorithmException unused) {
            Logger.error("TLSv1.2 not available");
            throw new IllegalStateException("Cannot instantiate TLSv1.2 Connection");
        }
    }

    public OkHttpClient.Builder getEnrollmentClient(final String str) {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        Logger.info("Creating new OKHTTP Enrollment Client");
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.baramundi.dpc.controller.http.HTTPClientFactory.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                throw new CertificateException("All incoming client certificate communication is untrusted.");
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                Logger.debug("checkServerTrusted()");
                try {
                    String thumbPrint = HTTPClientFactory.this.getThumbPrint(x509CertificateArr[0]);
                    Logger.debug("Received SSL Thumbprint '{}'", thumbPrint);
                    if (!str.equalsIgnoreCase(thumbPrint)) {
                        throw new CertificateException(HTTPClientFactory.this.mContext.getResources().getString(R.string.error_thumbprint_mismatch));
                    }
                    Logger.info("Thumbprints match.");
                } catch (Exception e) {
                    throw new CertificateException(e.getMessage());
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            try {
                sSLContext.init(null, trustManagerArr, new SecureRandom());
                builder.sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagerArr[0]);
                builder.hostnameVerifier(new HostnameVerifier() { // from class: com.baramundi.dpc.controller.http.HTTPClientFactory$$ExternalSyntheticLambda0
                    @Override // javax.net.ssl.HostnameVerifier
                    public final boolean verify(String str2, SSLSession sSLSession) {
                        boolean lambda$getEnrollmentClient$1;
                        lambda$getEnrollmentClient$1 = HTTPClientFactory.lambda$getEnrollmentClient$1(str2, sSLSession);
                        return lambda$getEnrollmentClient$1;
                    }
                });
                return builder;
            } catch (KeyManagementException e) {
                throw new IllegalStateException("Cannot instantiate SSL Context", e);
            }
        } catch (NoSuchAlgorithmException unused) {
            Logger.error("TLSv1.2 not available");
            throw new IllegalStateException("Cannot instantiate TLSv1.2 Connection");
        }
    }
}
