package com.mobileiron.common.cert;

import android.content.Context;
import com.mobileiron.R;
import com.mobileiron.acom.core.android.f;
import com.mobileiron.acom.core.common.b;
import com.mobileiron.common.AbstractTlsCallback;
import com.mobileiron.common.MiscConstants;
import com.mobileiron.common.d;
import com.mobileiron.common.o;
import com.mobileiron.opensslwrapper.SSLSocketFactory;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.IOUtils;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.spongycastle.asn1.ASN1String;
import org.spongycastle.asn1.x509.CRLDistPoint;
import org.spongycastle.asn1.x509.DistributionPoint;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.x509.extension.X509ExtensionUtil;

/* loaded from: classes.dex */
public final class CrlUtils {

    /* renamed from: a, reason: collision with root package name */
    private static CrlUtils f2555a = new CrlUtils();
    private static Map<String, byte[]> b = null;
    private static String c = "MI_CRL_FILE";
    private CrlStatus d;

    /* loaded from: classes.dex */
    public enum CrlStatus {
        CRL_NOT_EXIST,
        CRL_NOT_REACHABLE,
        CRL_CANNOT_BE_VERIFIED,
        CRL_EXPIRED,
        CRL_CERT_REVOKED,
        CRL_FOUND_VALID,
        CRL_CERT_OK
    }

    private CrlUtils() {
    }

    public static CrlUtils a() {
        return f2555a;
    }

    private static Object a(Context context, String str) {
        try {
            FileInputStream openFileInput = context.openFileInput(str);
            ObjectInputStream objectInputStream = new ObjectInputStream(openFileInput);
            Object readObject = objectInputStream.readObject();
            objectInputStream.close();
            openFileInput.close();
            return readObject;
        } catch (IOException unused) {
            o.g("CrlUtils", "CRL file not found " + str);
            return null;
        } catch (ClassNotFoundException e) {
            o.a("CrlUtils", e);
            return null;
        }
    }

    public static String a(CrlStatus crlStatus, X509Certificate x509Certificate) {
        Context a2 = f.a();
        String bigInteger = x509Certificate.getSerialNumber().toString(16);
        String name = x509Certificate.getSubjectX500Principal().getName();
        String name2 = x509Certificate.getIssuerX500Principal().getName();
        switch (crlStatus) {
            case CRL_NOT_EXIST:
                return a2.getResources().getString(R.string.provision_certs_crl_doesnot_exist, bigInteger, name, name2);
            case CRL_NOT_REACHABLE:
                return a2.getString(R.string.provision_certs_crl_not_reachable, bigInteger, name, name2);
            case CRL_CANNOT_BE_VERIFIED:
                return a2.getString(R.string.provision_certs_crl_not_verified, bigInteger, name, name2);
            case CRL_EXPIRED:
                return a2.getString(R.string.provision_certs_crl_expired, bigInteger, name, name2);
            case CRL_CERT_REVOKED:
                return a2.getString(R.string.provision_certs_crl_revoked, bigInteger, name, name2);
            default:
                return a2.getString(R.string.provision_certs_crl_check_failed, bigInteger, name, name2);
        }
    }

    private static PublicKey a(Principal principal) {
        X509Certificate[] acceptedIssuers;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if ((trustManager instanceof X509TrustManager) && (acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers()) != null && acceptedIssuers.length > 0) {
                    return a(acceptedIssuers, principal);
                }
            }
        } catch (Exception e) {
            o.d("CrlUtils", "findSigningPublicKeyInTrustStore " + e);
        }
        return null;
    }

    private static PublicKey a(X509Certificate[] x509CertificateArr, Principal principal) {
        boolean[] keyUsage;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            if (x509Certificate.getSubjectDN().equals(principal) && ((keyUsage = x509Certificate.getKeyUsage()) == null || keyUsage[6])) {
                return x509Certificate.getPublicKey();
            }
        }
        return null;
    }

    private X509CRL a(String str) {
        try {
            URL url = new URL(str);
            o.g("CrlUtils", "downloadCrlOverHttp: uri = " + str);
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            o.g("CrlUtils", "downloadCrlOverHttp: opened connection");
            httpURLConnection.setRequestMethod("GET");
            httpURLConnection.setConnectTimeout(MiscConstants.f2527a);
            httpURLConnection.setReadTimeout(b.f2211a);
            httpURLConnection.connect();
            o.g("CrlUtils", "downloadCrlOverHttp: trying to connect");
            return a(httpURLConnection);
        } catch (IOException unused) {
            o.d("CrlUtils", "downloadCrlOverHttp: Unable to download CRL: " + str);
            return null;
        }
    }

    private static X509CRL a(HttpURLConnection httpURLConnection) throws IOException {
        if (httpURLConnection == null || httpURLConnection.getResponseCode() != 200) {
            if (httpURLConnection == null) {
                o.d("CrlUtils", "downloadX509CRL: connection = null");
            } else {
                o.d("CrlUtils", "downloadX509CRL: connection.getResponseCode() = " + httpURLConnection.getResponseCode());
            }
            return null;
        }
        byte[] byteArray = IOUtils.toByteArray(httpURLConnection.getInputStream());
        StringBuilder sb = new StringBuilder("Downloaded encoded CRL length=");
        sb.append(byteArray != null ? byteArray.length : 0);
        o.g("CrlUtils", sb.toString());
        X509CRL a2 = a(byteArray);
        httpURLConnection.disconnect();
        return a2;
    }

    private static X509CRL a(byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                try {
                    X509CRL x509crl = (X509CRL) CertificateFactory.getInstance("X.509").generateCRL(byteArrayInputStream);
                    IOUtils.closeQuietly((InputStream) byteArrayInputStream);
                    return x509crl;
                } catch (Exception e) {
                    e = e;
                    o.d("CrlUtils", "Unable to parse CRL, reason: " + e.getMessage());
                    IOUtils.closeQuietly((InputStream) byteArrayInputStream);
                    return null;
                }
            } catch (Throwable th) {
                th = th;
                IOUtils.closeQuietly((InputStream) null);
                throw th;
            }
        } catch (Exception e2) {
            e = e2;
            byteArrayInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            IOUtils.closeQuietly((InputStream) null);
            throw th;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x00b7 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0061 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.cert.X509CRL a(java.security.cert.X509Certificate[] r8, int r9) {
        /*
            Method dump skipped, instructions count: 469
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mobileiron.common.cert.CrlUtils.a(java.security.cert.X509Certificate[], int):java.security.cert.X509CRL");
    }

    private static List<String> a(X509Certificate x509Certificate) {
        byte[] extensionValue;
        ArrayList arrayList = new ArrayList();
        try {
            extensionValue = x509Certificate.getExtensionValue(Extension.cRLDistributionPoints.getId());
        } catch (Exception e) {
            o.a("CrlUtils", e);
        }
        if (extensionValue == null) {
            o.g("CrlUtils", "extractCRLs returns null");
            return arrayList;
        }
        for (DistributionPoint distributionPoint : CRLDistPoint.getInstance(X509ExtensionUtil.fromExtensionValue(extensionValue)).getDistributionPoints()) {
            for (GeneralName generalName : ((GeneralNames) distributionPoint.getDistributionPoint().getName()).getNames()) {
                if (generalName.getTagNo() == 6) {
                    arrayList.add(((ASN1String) generalName.getName()).getString());
                }
            }
        }
        o.g("CrlUtils", "extractCRLs returns list of " + arrayList.size());
        return arrayList;
    }

    private static void a(Context context, String str, Object obj) {
        try {
            FileOutputStream openFileOutput = context.openFileOutput(str, 0);
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(openFileOutput);
            objectOutputStream.writeObject(obj);
            objectOutputStream.close();
            openFileOutput.close();
        } catch (Exception e) {
            o.a("CrlUtils", e);
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:10:0x0026, code lost:
    
        if (com.mobileiron.a.i().b("skip_check_crl_expired", false) != false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x0033, code lost:
    
        if (com.mobileiron.a.i().b("skip_check_crl_not_verified", false) != false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x0040, code lost:
    
        if (com.mobileiron.a.i().b("skip_check_crl_not_reachable", false) != false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x004d, code lost:
    
        if (com.mobileiron.a.i().b("skip_check_crl_not_exist", false) != false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x0019, code lost:
    
        if (com.mobileiron.a.i().b("skip_check_crl_revoked", false) != false) goto L19;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static boolean a(com.mobileiron.common.cert.CrlUtils.CrlStatus r4) {
        /*
            int[] r0 = com.mobileiron.common.cert.CrlUtils.AnonymousClass1.f2556a
            int r1 = r4.ordinal()
            r0 = r0[r1]
            r1 = 1
            r2 = 0
            switch(r0) {
                case 1: goto L43;
                case 2: goto L36;
                case 3: goto L29;
                case 4: goto L1c;
                case 5: goto Lf;
                default: goto Ld;
            }
        Ld:
            r1 = 0
            goto L4f
        Lf:
            com.mobileiron.common.utils.q r0 = com.mobileiron.a.i()
            java.lang.String r3 = "skip_check_crl_revoked"
            boolean r0 = r0.b(r3, r2)
            if (r0 == 0) goto Ld
            goto L4f
        L1c:
            com.mobileiron.common.utils.q r0 = com.mobileiron.a.i()
            java.lang.String r3 = "skip_check_crl_expired"
            boolean r0 = r0.b(r3, r2)
            if (r0 == 0) goto Ld
            goto L4f
        L29:
            com.mobileiron.common.utils.q r0 = com.mobileiron.a.i()
            java.lang.String r3 = "skip_check_crl_not_verified"
            boolean r0 = r0.b(r3, r2)
            if (r0 == 0) goto Ld
            goto L4f
        L36:
            com.mobileiron.common.utils.q r0 = com.mobileiron.a.i()
            java.lang.String r3 = "skip_check_crl_not_reachable"
            boolean r0 = r0.b(r3, r2)
            if (r0 == 0) goto Ld
            goto L4f
        L43:
            com.mobileiron.common.utils.q r0 = com.mobileiron.a.i()
            java.lang.String r3 = "skip_check_crl_not_exist"
            boolean r0 = r0.b(r3, r2)
            if (r0 == 0) goto Ld
        L4f:
            java.lang.String r0 = "CrlUtils"
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            java.lang.String r3 = "ignoreCRLStatus = "
            r2.<init>(r3)
            r2.append(r1)
            java.lang.String r3 = " for "
            r2.append(r3)
            java.lang.String r4 = r4.name()
            r2.append(r4)
            java.lang.String r4 = r2.toString()
            com.mobileiron.common.o.g(r0, r4)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mobileiron.common.cert.CrlUtils.a(com.mobileiron.common.cert.CrlUtils$CrlStatus):boolean");
    }

    private static boolean a(X509CRL x509crl, X509Certificate[] x509CertificateArr) {
        boolean z = false;
        if (x509crl.getExtensionValue("2.5.29.27") != null) {
            o.d("CrlUtils", "Do not support delta CRL");
            return false;
        }
        if (!x509crl.getNextUpdate().after(new Date(System.currentTimeMillis()))) {
            o.d("CrlUtils", "CRL expired");
            return false;
        }
        PublicKey a2 = a(x509CertificateArr, x509crl.getIssuerDN());
        if (a2 == null) {
            a2 = a(x509crl.getIssuerDN());
        }
        if (a2 != null) {
            try {
                x509crl.verify(a2);
                o.g("CrlUtils", "Successfully verified CRL signature");
                z = true;
            } catch (Exception e) {
                o.g("CrlUtils", "Cannot verify CRL signature: " + e.getMessage());
            }
        }
        o.g("CrlUtils", "CRL verified? " + z);
        return z;
    }

    private X509CRL b(String str) {
        HttpsURLConnection.setDefaultHostnameVerifier(new DefaultHostnameVerifier());
        HttpsURLConnection.setDefaultSSLSocketFactory(new SSLSocketFactory());
        try {
            URL url = new URL(str);
            o.g("CrlUtils", "downloadCrlOverHttps: uri = " + str);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
            o.g("CrlUtils", "downloadCrlOverHttps: opened connection");
            httpsURLConnection.setRequestMethod("GET");
            httpsURLConnection.setConnectTimeout(MiscConstants.f2527a);
            httpsURLConnection.setReadTimeout(b.f2211a);
            httpsURLConnection.connect();
            o.g("CrlUtils", "downloadCrlOverHttps: trying to connect");
            return a(httpsURLConnection);
        } catch (IOException unused) {
            o.d("CrlUtils", "downloadCrlOverHttps: Unable to download CRL: " + str);
            return null;
        }
    }

    public final CrlStatus a(X509Certificate[] x509CertificateArr, AbstractTlsCallback abstractTlsCallback) {
        o.h("CrlUtils", "checkCRLStatus for chain of " + x509CertificateArr.length);
        for (int i = 0; i < x509CertificateArr.length; i++) {
            X509Certificate x509Certificate = x509CertificateArr[i];
            X509CRL a2 = a(x509CertificateArr, i);
            if (this.d == CrlStatus.CRL_NOT_EXIST && (i == x509CertificateArr.length - 1 || !d.b().d())) {
                o.h("CrlUtils", "Skip CRL check for cert " + i);
            } else {
                if (this.d != CrlStatus.CRL_FOUND_VALID && !a(this.d)) {
                    if (abstractTlsCallback != null) {
                        abstractTlsCallback.a(this.d, x509Certificate);
                    }
                    return this.d;
                }
                X509CRLEntry revokedCertificate = a2.getRevokedCertificate(x509Certificate);
                if (revokedCertificate != null) {
                    o.d("CrlUtils", "Certificate was revoked on " + revokedCertificate.getRevocationDate());
                    if (!a(CrlStatus.CRL_CERT_REVOKED)) {
                        if (abstractTlsCallback != null) {
                            abstractTlsCallback.a(CrlStatus.CRL_CERT_REVOKED, x509Certificate);
                        }
                        return CrlStatus.CRL_CERT_REVOKED;
                    }
                } else {
                    o.h("CrlUtils", "CRL entry is null for cert " + i);
                }
            }
        }
        return CrlStatus.CRL_CERT_OK;
    }
}
