package at.bitfire.cert4android;

import android.app.PendingIntent;
import android.app.Service;
import android.content.Intent;
import android.support.v4.app.NotificationCompat;
import android.widget.Toast;
import at.bitfire.cert4android.ICustomCertService;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.logging.Level;
import javax.net.ssl.X509TrustManager;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;

/* compiled from: CustomCertService.kt */
/* loaded from: classes.dex */
public final class CustomCertService extends Service {
    private final ICustomCertService.Stub binder;
    private final CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
    private X509TrustManager customTrustManager;
    private File keyStoreFile;
    private final Map<X509Certificate, List<IOnCertificateDecision>> pendingDecisions;
    private final KeyStore trustedKeyStore;
    private HashSet<X509Certificate> untrustedCerts;
    public static final Companion Companion = new Companion(null);
    public static final String CMD_CERTIFICATION_DECISION = CMD_CERTIFICATION_DECISION;
    public static final String CMD_CERTIFICATION_DECISION = CMD_CERTIFICATION_DECISION;
    public static final String CMD_RESET_CERTIFICATES = CMD_RESET_CERTIFICATES;
    public static final String CMD_RESET_CERTIFICATES = CMD_RESET_CERTIFICATES;
    public static final String EXTRA_CERTIFICATE = EXTRA_CERTIFICATE;
    public static final String EXTRA_CERTIFICATE = EXTRA_CERTIFICATE;
    public static final String EXTRA_TRUSTED = EXTRA_TRUSTED;
    public static final String EXTRA_TRUSTED = EXTRA_TRUSTED;
    private static final String KEYSTORE_DIR = KEYSTORE_DIR;
    private static final String KEYSTORE_DIR = KEYSTORE_DIR;
    private static final String KEYSTORE_NAME = KEYSTORE_NAME;
    private static final String KEYSTORE_NAME = KEYSTORE_NAME;

    /* compiled from: CustomCertService.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final String getKEYSTORE_DIR() {
            return CustomCertService.KEYSTORE_DIR;
        }

        public final String getKEYSTORE_NAME() {
            return CustomCertService.KEYSTORE_NAME;
        }
    }

    public CustomCertService() {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (keyStore == null) {
            Intrinsics.throwNpe();
        }
        this.trustedKeyStore = keyStore;
        this.untrustedCerts = new HashSet<>();
        this.pendingDecisions = new LinkedHashMap();
        this.binder = new ICustomCertService.Stub() { // from class: at.bitfire.cert4android.CustomCertService$binder$1
            @Override // at.bitfire.cert4android.ICustomCertService
            public void abortCheck(IOnCertificateDecision callback) {
                Map map;
                Map map2;
                Intrinsics.checkParameterIsNotNull(callback, "callback");
                map = CustomCertService.this.pendingDecisions;
                for (Map.Entry entry : map.entrySet()) {
                    X509Certificate x509Certificate = (X509Certificate) entry.getKey();
                    List list = (List) entry.getValue();
                    ListIterator listIterator = list.listIterator();
                    while (listIterator.hasNext()) {
                        if (Intrinsics.areEqual((IOnCertificateDecision) listIterator.next(), callback)) {
                            listIterator.remove();
                        }
                    }
                    if (list.isEmpty()) {
                        map2 = CustomCertService.this.pendingDecisions;
                        map2.remove(x509Certificate);
                    }
                }
            }

            @Override // at.bitfire.cert4android.ICustomCertService
            public void checkTrusted(byte[] raw, boolean z, boolean z2, IOnCertificateDecision callback) {
                X509Certificate x509Certificate;
                Map map;
                HashSet hashSet;
                boolean inTrustStore;
                Map map2;
                CertificateFactory certificateFactory;
                Intrinsics.checkParameterIsNotNull(raw, "raw");
                Intrinsics.checkParameterIsNotNull(callback, "callback");
                try {
                    certificateFactory = CustomCertService.this.certFactory;
                    Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(raw));
                    if (!(generateCertificate instanceof X509Certificate)) {
                        generateCertificate = null;
                    }
                    x509Certificate = (X509Certificate) generateCertificate;
                } catch (Exception e) {
                    Constants.log.log(Level.SEVERE, "Couldn't handle certificate", (Throwable) e);
                    x509Certificate = null;
                }
                if (x509Certificate == null) {
                    callback.reject();
                    return;
                }
                map = CustomCertService.this.pendingDecisions;
                List list = (List) map.get(x509Certificate);
                if (list != null) {
                    list.add(callback);
                    return;
                }
                hashSet = CustomCertService.this.untrustedCerts;
                if (hashSet.contains(x509Certificate)) {
                    Constants.log.fine("Certificate is cached as untrusted, rejecting");
                    callback.reject();
                    return;
                }
                inTrustStore = CustomCertService.this.inTrustStore(x509Certificate);
                if (inTrustStore) {
                    Constants.log.fine("Certificate is cached as trusted, accepting");
                    callback.accept();
                    return;
                }
                if (!z) {
                    Constants.log.fine("Certificate not known and running in non-interactive mode, rejecting");
                    callback.reject();
                    return;
                }
                Constants.log.fine("Certificate not known and running in interactive mode, asking user");
                map2 = CustomCertService.this.pendingDecisions;
                map2.put(x509Certificate, CollectionsKt.mutableListOf(callback));
                Intent intent = new Intent(CustomCertService.this, (Class<?>) TrustCertificateActivity.class);
                intent.putExtra(TrustCertificateActivity.Companion.getEXTRA_CERTIFICATE(), raw);
                Intent intent2 = new Intent(CustomCertService.this, (Class<?>) CustomCertService.class);
                intent2.setAction(CustomCertService.CMD_CERTIFICATION_DECISION);
                intent2.putExtra(CustomCertService.EXTRA_CERTIFICATE, raw);
                intent2.putExtra(CustomCertService.EXTRA_TRUSTED, false);
                int hashCode = Arrays.hashCode(raw);
                NotificationUtils.INSTANCE.createChannels(CustomCertService.this).notify(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION, new NotificationCompat.Builder(CustomCertService.this, NotificationUtils.INSTANCE.getCHANNEL_CERTIFICATES()).setSmallIcon(R.drawable.ic_lock_open_white).setContentTitle(CustomCertService.this.getString(R.string.certificate_notification_connection_security)).setContentText(CustomCertService.this.getString(R.string.certificate_notification_user_interaction)).setSubText(x509Certificate.getSubjectDN().getName()).setCategory("service").setPriority(1).setContentIntent(PendingIntent.getActivity(CustomCertService.this, hashCode, intent, 134217728)).setDeleteIntent(PendingIntent.getService(CustomCertService.this, hashCode, intent2, 134217728)).build());
                if (z2) {
                    intent.addFlags(268435456);
                    CustomCertService.this.startActivity(intent);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean inTrustStore(X509Certificate x509Certificate) {
        try {
            return this.trustedKeyStore.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException e) {
            Constants.log.log(Level.WARNING, "Couldn't query custom key store", (Throwable) e);
            return false;
        }
    }

    private final void onReceiveDecision(X509Certificate x509Certificate, boolean z) {
        NotificationUtils.INSTANCE.createChannels(this).cancel(CertUtils.getTag(x509Certificate), Constants.NOTIFICATION_CERT_DECISION);
        if (z) {
            this.untrustedCerts.remove(x509Certificate);
            try {
                this.trustedKeyStore.setCertificateEntry(x509Certificate.getSubjectDN().getName(), x509Certificate);
                saveKeyStore();
            } catch (KeyStoreException e) {
                Constants.log.log(Level.SEVERE, "Couldn't add certificate into key store", (Throwable) e);
            }
        } else {
            this.untrustedCerts.add(x509Certificate);
            Toast.makeText(this, R.string.service_rejected_temporarily, 1).show();
        }
        List<IOnCertificateDecision> list = this.pendingDecisions.get(x509Certificate);
        if (list != null) {
            Constants.log.fine("Notifying " + list.size() + " certificate decision listener(s)");
            for (IOnCertificateDecision iOnCertificateDecision : list) {
                if (z) {
                    iOnCertificateDecision.accept();
                } else {
                    iOnCertificateDecision.reject();
                }
            }
            this.pendingDecisions.remove(x509Certificate);
        }
    }

    private final void saveKeyStore() {
        Constants.log.fine("Saving custom certificate key store to " + this.keyStoreFile);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
            try {
                try {
                    this.trustedKeyStore.store(fileOutputStream, null);
                    Unit unit = Unit.INSTANCE;
                    fileOutputStream.close();
                } catch (Exception e) {
                    try {
                        fileOutputStream.close();
                    } catch (Exception e2) {
                    }
                    throw e;
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    fileOutputStream.close();
                }
                throw th;
            }
        } catch (Exception e3) {
            Constants.log.log(Level.SEVERE, "Couldn't save custom certificate key store", (Throwable) e3);
        }
    }

    public final ICustomCertService.Stub getBinder() {
        return this.binder;
    }

    @Override // android.app.Service
    public ICustomCertService.Stub onBind(Intent intent) {
        return this.binder;
    }

    @Override // android.app.Service
    public void onCreate() {
        boolean z = false;
        Constants.log.info("CustomCertService created");
        this.keyStoreFile = new File(getDir(Companion.getKEYSTORE_DIR(), 0), Companion.getKEYSTORE_NAME());
        try {
            FileInputStream fileInputStream = new FileInputStream(this.keyStoreFile);
            try {
                try {
                    this.trustedKeyStore.load(fileInputStream, null);
                    Unit unit = Unit.INSTANCE;
                    fileInputStream.close();
                } catch (Exception e) {
                    z = true;
                    try {
                        fileInputStream.close();
                    } catch (Exception e2) {
                    }
                    throw e;
                }
            } catch (Throwable th) {
                if (!z) {
                    fileInputStream.close();
                }
                throw th;
            }
        } catch (Exception e3) {
            Constants.log.log(Level.INFO, "No persistent key store (yet), creating in-memory key store", (Throwable) e3);
            try {
                this.trustedKeyStore.load(null, null);
            } catch (Exception e4) {
                Constants.log.log(Level.SEVERE, "Couldn't initialize in-memory key store", (Throwable) e4);
            }
        }
        this.customTrustManager = CertUtils.getTrustManager(this.trustedKeyStore);
    }

    @Override // android.app.Service
    public void onDestroy() {
        Constants.log.info("CustomCertService destroyed");
    }

    @Override // android.app.Service
    public int onStartCommand(Intent intent, int i, int i2) {
        Constants.log.fine("Received command:" + intent);
        String action = intent != null ? intent.getAction() : null;
        if (Intrinsics.areEqual(action, CMD_CERTIFICATION_DECISION)) {
            try {
                Certificate generateCertificate = this.certFactory.generateCertificate(new ByteArrayInputStream(intent.getByteArrayExtra(EXTRA_CERTIFICATE)));
                if (generateCertificate == null) {
                    throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
                onReceiveDecision((X509Certificate) generateCertificate, intent.getBooleanExtra(EXTRA_TRUSTED, false));
            } catch (Exception e) {
                Constants.log.log(Level.SEVERE, "Couldn't process certificate", (Throwable) e);
            }
        } else if (Intrinsics.areEqual(action, CMD_RESET_CERTIFICATES)) {
            this.untrustedCerts.clear();
            try {
                Iterator it = CollectionsKt.iterator(this.trustedKeyStore.aliases());
                while (it.hasNext()) {
                    this.trustedKeyStore.deleteEntry((String) it.next());
                }
                saveKeyStore();
            } catch (KeyStoreException e2) {
                Constants.log.log(Level.SEVERE, "Couldn't reset custom certificates", (Throwable) e2);
            }
        }
        stopSelf();
        return 2;
    }
}
