package at.bitfire.cert4android;

import android.app.PendingIntent;
import android.app.Service;
import android.content.Intent;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
import android.support.v4.app.NotificationManagerCompat;
import android.support.v7.app.NotificationCompat;
import at.bitfire.davdroid.model.ServiceDB;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.Serializable;
import java.lang.ref.WeakReference;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import java.util.logging.Level;
import javax.net.ssl.X509TrustManager;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CustomCertService.kt */
/* loaded from: classes.dex */
public final class CustomCertService extends Service {
    private X509TrustManager customTrustManager;
    private File keyStoreFile;
    private final Messenger messenger;
    private final HashMap<X509Certificate, List<ReplyInfo>> pendingDecisions;
    private final KeyStore trustedKeyStore;
    private HashSet<X509Certificate> untrustedCerts;
    public static final Companion Companion = new Companion(null);
    public static final String CMD_CERTIFICATION_DECISION = CMD_CERTIFICATION_DECISION;
    public static final String CMD_CERTIFICATION_DECISION = CMD_CERTIFICATION_DECISION;
    public static final String EXTRA_CERTIFICATE = "certificate";
    public static final String EXTRA_TRUSTED = EXTRA_TRUSTED;
    public static final String EXTRA_TRUSTED = EXTRA_TRUSTED;
    public static final String CMD_RESET_CERTIFICATES = CMD_RESET_CERTIFICATES;
    public static final String CMD_RESET_CERTIFICATES = CMD_RESET_CERTIFICATES;
    private static final String KEYSTORE_DIR = KEYSTORE_DIR;
    private static final String KEYSTORE_DIR = KEYSTORE_DIR;
    private static final String KEYSTORE_NAME = KEYSTORE_NAME;
    private static final String KEYSTORE_NAME = KEYSTORE_NAME;
    private static final int MSG_CHECK_TRUSTED = 1;
    private static final String MSG_DATA_CERTIFICATE = "certificate";
    private static final String MSG_DATA_APP_IN_FOREGROUND = MSG_DATA_APP_IN_FOREGROUND;
    private static final String MSG_DATA_APP_IN_FOREGROUND = MSG_DATA_APP_IN_FOREGROUND;
    private static final int MSG_CHECK_TRUSTED_ABORT = 2;

    /* compiled from: CustomCertService.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final String getKEYSTORE_DIR() {
            return CustomCertService.KEYSTORE_DIR;
        }

        public final String getKEYSTORE_NAME() {
            return CustomCertService.KEYSTORE_NAME;
        }

        public final int getMSG_CHECK_TRUSTED() {
            return CustomCertService.MSG_CHECK_TRUSTED;
        }

        public final int getMSG_CHECK_TRUSTED_ABORT() {
            return CustomCertService.MSG_CHECK_TRUSTED_ABORT;
        }

        public final String getMSG_DATA_APP_IN_FOREGROUND() {
            return CustomCertService.MSG_DATA_APP_IN_FOREGROUND;
        }

        public final String getMSG_DATA_CERTIFICATE() {
            return CustomCertService.MSG_DATA_CERTIFICATE;
        }
    }

    /* compiled from: CustomCertService.kt */
    /* loaded from: classes.dex */
    private static final class MessageHandler extends Handler {
        private final WeakReference<CustomCertService> serviceRef;

        public MessageHandler(CustomCertService service) {
            Intrinsics.checkParameterIsNotNull(service, "service");
            this.serviceRef = new WeakReference<>(service);
        }

        public final WeakReference<CustomCertService> getServiceRef() {
            return this.serviceRef;
        }

        @Override // android.os.Handler
        public void handleMessage(Message msg) {
            Intrinsics.checkParameterIsNotNull(msg, "msg");
            CustomCertService customCertService = this.serviceRef.get();
            if (customCertService == null) {
                Constants.log.warning("Couldn't handle message: service not available");
                return;
            }
            Constants.log.info("Handling request: " + msg);
            int i = msg.arg1;
            Bundle data = msg.getData();
            Serializable serializable = data.getSerializable(CustomCertService.Companion.getMSG_DATA_CERTIFICATE());
            if (serializable == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) serializable;
            Messenger messenger = msg.replyTo;
            Intrinsics.checkExpressionValueIsNotNull(messenger, "msg.replyTo");
            ReplyInfo replyInfo = new ReplyInfo(messenger, i);
            int i2 = msg.what;
            if (i2 != CustomCertService.Companion.getMSG_CHECK_TRUSTED()) {
                if (i2 == CustomCertService.Companion.getMSG_CHECK_TRUSTED_ABORT()) {
                    List list = (List) customCertService.pendingDecisions.get(x509Certificate);
                    if (list != null) {
                        ListIterator listIterator = list.listIterator();
                        while (listIterator.hasNext()) {
                            if (Intrinsics.areEqual((ReplyInfo) listIterator.next(), replyInfo)) {
                                listIterator.remove();
                            }
                        }
                    }
                    if (list == null || list.isEmpty()) {
                        customCertService.pendingDecisions.remove(x509Certificate);
                        NotificationManagerCompat.from(customCertService).cancel(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION);
                        return;
                    }
                    return;
                }
                return;
            }
            List list2 = (List) customCertService.pendingDecisions.get(x509Certificate);
            if (list2 != null) {
                list2.add(replyInfo);
                return;
            }
            if (customCertService.getUntrustedCerts().contains(x509Certificate)) {
                Constants.log.fine("Certificate is cached as untrusted");
                try {
                    msg.replyTo.send(obtainMessage(CustomCertManager.MSG_CERTIFICATE_DECISION, i, 0));
                    return;
                } catch (RemoteException e) {
                    Constants.log.log(Level.WARNING, "Couldn't send distrust information to CustomCertManager", (Throwable) e);
                    return;
                }
            }
            if (customCertService.inTrustStore(x509Certificate)) {
                try {
                    msg.replyTo.send(obtainMessage(CustomCertManager.MSG_CERTIFICATE_DECISION, i, 1));
                    return;
                } catch (RemoteException e2) {
                    Constants.log.log(Level.WARNING, "Couldn't send trust information to CustomCertManager", (Throwable) e2);
                    return;
                }
            }
            LinkedList linkedList = new LinkedList();
            linkedList.add(replyInfo);
            customCertService.pendingDecisions.put(x509Certificate, linkedList);
            Intent intent = new Intent(customCertService, (Class<?>) TrustCertificateActivity.class);
            intent.putExtra(TrustCertificateActivity.Companion.getEXTRA_CERTIFICATE(), x509Certificate);
            NotificationManagerCompat.from(customCertService).notify(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION, new NotificationCompat.Builder(customCertService).setSmallIcon(R.drawable.ic_lock_open_white).setContentTitle(customCertService.getString(R.string.certificate_notification_connection_security)).setContentText(customCertService.getString(R.string.certificate_notification_user_interaction)).setCategory(ServiceDB.Services.SERVICE).setPriority(1).setOngoing(true).setContentIntent(PendingIntent.getActivity(customCertService, i, intent, 134217728)).build());
            if (data.getBoolean(CustomCertService.Companion.getMSG_DATA_APP_IN_FOREGROUND())) {
                intent.addFlags(268435456);
                customCertService.startActivity(intent);
            }
        }
    }

    /* compiled from: CustomCertService.kt */
    /* loaded from: classes.dex */
    public static final class ReplyInfo {
        private final int id;
        private final Messenger messenger;

        public ReplyInfo(Messenger messenger, int i) {
            Intrinsics.checkParameterIsNotNull(messenger, "messenger");
            this.messenger = messenger;
            this.id = i;
        }

        public static /* bridge */ /* synthetic */ ReplyInfo copy$default(ReplyInfo replyInfo, Messenger messenger, int i, int i2, Object obj) {
            if ((i2 & 1) != 0) {
                messenger = replyInfo.messenger;
            }
            if ((i2 & 2) != 0) {
                i = replyInfo.id;
            }
            return replyInfo.copy(messenger, i);
        }

        public final Messenger component1() {
            return this.messenger;
        }

        public final int component2() {
            return this.id;
        }

        public final ReplyInfo copy(Messenger messenger, int i) {
            Intrinsics.checkParameterIsNotNull(messenger, "messenger");
            return new ReplyInfo(messenger, i);
        }

        public boolean equals(Object obj) {
            if (obj instanceof ReplyInfo) {
                return Intrinsics.areEqual(((ReplyInfo) obj).messenger, this.messenger) && ((ReplyInfo) obj).id == this.id;
            }
            return false;
        }

        public final int getId() {
            return this.id;
        }

        public final Messenger getMessenger() {
            return this.messenger;
        }

        public int hashCode() {
            return this.messenger.hashCode() ^ this.id;
        }

        public String toString() {
            return "ReplyInfo(messenger=" + this.messenger + ", id=" + this.id + ")";
        }
    }

    public CustomCertService() {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (keyStore == null) {
            Intrinsics.throwNpe();
        }
        this.trustedKeyStore = keyStore;
        this.untrustedCerts = new HashSet<>();
        this.pendingDecisions = new HashMap<>();
        this.messenger = new Messenger(new MessageHandler(this));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean inTrustStore(X509Certificate x509Certificate) {
        try {
            return this.trustedKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException e) {
            Constants.log.log(Level.WARNING, "Couldn't query custom key store", (Throwable) e);
            return false;
        }
    }

    private final void onReceiveDecision(X509Certificate x509Certificate, boolean z) {
        NotificationManagerCompat.from(this).cancel(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION);
        if (z) {
            this.untrustedCerts.remove(x509Certificate);
            try {
                this.trustedKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
                saveKeyStore();
            } catch (KeyStoreException e) {
                Constants.log.log(Level.SEVERE, "Couldn't add certificate into key store", (Throwable) e);
            }
        } else {
            this.untrustedCerts.add(x509Certificate);
        }
        List<ReplyInfo> list = this.pendingDecisions.get(x509Certificate);
        if (list != null) {
            for (ReplyInfo replyInfo : list) {
                Messenger component1 = replyInfo.component1();
                int component2 = replyInfo.component2();
                Message obtain = Message.obtain();
                obtain.what = CustomCertManager.MSG_CERTIFICATE_DECISION;
                obtain.arg1 = component2;
                obtain.arg2 = z ? 1 : 0;
                try {
                    component1.send(obtain);
                } catch (RemoteException e2) {
                    Constants.log.log(Level.WARNING, "Couldn't forward decision to CustomCertManager", (Throwable) e2);
                }
            }
            this.pendingDecisions.remove(x509Certificate);
        }
    }

    private final void saveKeyStore() {
        Constants.log.fine("Saving custom certificate key store to " + this.keyStoreFile);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
            try {
                try {
                    this.trustedKeyStore.store(fileOutputStream, null);
                    Unit unit = Unit.INSTANCE;
                    fileOutputStream.close();
                } catch (Exception e) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e2) {
                    }
                    throw e;
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    fileOutputStream.close();
                }
                throw th;
            }
        } catch (Exception e3) {
            Constants.log.log(Level.SEVERE, "Couldn't save custom certificate key store", (Throwable) e3);
        }
    }

    public final X509TrustManager getCustomTrustManager() {
        return this.customTrustManager;
    }

    public final File getKeyStoreFile() {
        return this.keyStoreFile;
    }

    public final Messenger getMessenger() {
        return this.messenger;
    }

    public final KeyStore getTrustedKeyStore() {
        return this.trustedKeyStore;
    }

    public final HashSet<X509Certificate> getUntrustedCerts() {
        return this.untrustedCerts;
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        IBinder binder = this.messenger.getBinder();
        if (binder == null) {
            Intrinsics.throwNpe();
        }
        return binder;
    }

    @Override // android.app.Service
    public void onCreate() {
        boolean z = false;
        Constants.log.info("Creating CustomCertService");
        this.keyStoreFile = new File(getDir(Companion.getKEYSTORE_DIR(), 0), Companion.getKEYSTORE_NAME());
        try {
            FileInputStream fileInputStream = new FileInputStream(this.keyStoreFile);
            try {
                try {
                    this.trustedKeyStore.load(fileInputStream, null);
                    Unit unit = Unit.INSTANCE;
                    fileInputStream.close();
                } catch (Exception e) {
                    z = true;
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                    }
                    throw e;
                }
            } catch (Throwable th) {
                if (!z) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (Exception e3) {
            Constants.log.log(Level.SEVERE, "Couldn't initialize key store, creating in-memory key store", (Throwable) e3);
            try {
                this.trustedKeyStore.load(null, null);
            } catch (Exception e4) {
                Constants.log.log(Level.SEVERE, "Couldn't initialize in-memory key store", (Throwable) e4);
            }
        }
        this.customTrustManager = CertUtils.getTrustManager(this.trustedKeyStore);
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        Constants.log.fine("Received command:" + intent);
        String action = intent != null ? intent.getAction() : null;
        if (Intrinsics.areEqual(action, CMD_CERTIFICATION_DECISION)) {
            Serializable serializableExtra = intent.getSerializableExtra(EXTRA_CERTIFICATE);
            if (serializableExtra == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            onReceiveDecision((X509Certificate) serializableExtra, intent.getBooleanExtra(EXTRA_TRUSTED, false));
            return 2;
        }
        if (!Intrinsics.areEqual(action, CMD_RESET_CERTIFICATES)) {
            return 2;
        }
        this.untrustedCerts.clear();
        try {
            Iterator it = CollectionsKt.iterator(this.trustedKeyStore.aliases());
            while (it.hasNext()) {
                this.trustedKeyStore.deleteEntry((String) it.next());
            }
            saveKeyStore();
            return 2;
        } catch (KeyStoreException e) {
            Constants.log.log(Level.SEVERE, "Couldn't reset custom certificates", (Throwable) e);
            return 2;
        }
    }

    public final void setCustomTrustManager(X509TrustManager x509TrustManager) {
        this.customTrustManager = x509TrustManager;
    }

    public final void setKeyStoreFile(File file) {
        this.keyStoreFile = file;
    }

    public final void setUntrustedCerts(HashSet<X509Certificate> hashSet) {
        Intrinsics.checkParameterIsNotNull(hashSet, "<set-?>");
        this.untrustedCerts = hashSet;
    }
}
