package com.cisco.anyconnect.vpn.android.service.helpers.uri;

import android.content.Context;
import android.content.DialogInterface;
import com.cisco.anyconnect.vpn.android.R;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
class CustomTrustManager implements X509TrustManager {
    private static final String ENTITY_NAME = "TrustManager";
    private IImportOperationCB mCallback;
    private Context mContext;
    private X509Certificate mLastTrustedServerCert;
    private X509Certificate mPromptServerCert;
    private final Object mTrustPromptLock = new Object();
    private boolean mCertTrusted = false;
    private DialogInterface.OnClickListener positiveResponseHandler = new DialogInterface.OnClickListener() { // from class: com.cisco.anyconnect.vpn.android.service.helpers.uri.CustomTrustManager.1
        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            dialogInterface.cancel();
            synchronized (CustomTrustManager.this.mTrustPromptLock) {
                CustomTrustManager.this.mLastTrustedServerCert = CustomTrustManager.this.mPromptServerCert;
                CustomTrustManager.this.mCertTrusted = true;
                CustomTrustManager.this.mTrustPromptLock.notifyAll();
            }
        }
    };
    private DialogInterface.OnClickListener negativeResponseHandler = new DialogInterface.OnClickListener() { // from class: com.cisco.anyconnect.vpn.android.service.helpers.uri.CustomTrustManager.2
        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            dialogInterface.cancel();
            synchronized (CustomTrustManager.this.mTrustPromptLock) {
                CustomTrustManager.this.mCertTrusted = false;
                CustomTrustManager.this.mTrustPromptLock.notifyAll();
            }
        }
    };

    public CustomTrustManager(Context context, IImportOperationCB iImportOperationCB) {
        if (context == null || iImportOperationCB == null) {
            throw new IllegalArgumentException("Unexpected null args passed to CustomTrustManager");
        }
        this.mContext = context;
        this.mCallback = iImportOperationCB;
    }

    private TrustManager[] getSystemTrustManagers() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Failed to initialize trust factory.", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "No X509 provider on system.", e2);
            return null;
        }
    }

    private boolean isCertTrusted(TrustManager[] trustManagerArr, X509Certificate[] x509CertificateArr, String str, boolean z) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                try {
                    if (z) {
                        ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                    } else {
                        ((X509TrustManager) trustManager).checkClientTrusted(x509CertificateArr, str);
                    }
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Certificate chain trusted by the system trust manager.");
                    return true;
                } catch (CertificateException e) {
                }
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "unexpected CustomTrustManager.checkClientTrusted call.");
        TrustManager[] systemTrustManagers = getSystemTrustManagers();
        if (systemTrustManagers == null) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "null systemtrustmanagers");
            throw new CertificateException("could not get the trustmanagers required to validate cert");
        }
        if (!isCertTrusted(systemTrustManagers, x509CertificateArr, str, false)) {
            throw new CertificateException();
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Unexpected null/empty chain");
            return;
        }
        if (x509CertificateArr[0].equals(this.mLastTrustedServerCert)) {
            return;
        }
        TrustManager[] systemTrustManagers = getSystemTrustManagers();
        if (systemTrustManagers == null || !isCertTrusted(systemTrustManagers, x509CertificateArr, str, true)) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Server certificate not trusted by system trust manager.");
            this.mPromptServerCert = x509CertificateArr[0];
            this.mCallback.ImportAlertCB(this.mContext.getString(R.string.untrusted_server_prompt), this.positiveResponseHandler, this.negativeResponseHandler);
            while (true) {
                try {
                    synchronized (this.mTrustPromptLock) {
                        this.mTrustPromptLock.wait();
                    }
                    break;
                } catch (InterruptedException e) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "Wait for on user to trust cert has been interrupted", e);
                }
            }
            if (!this.mCertTrusted) {
                throw new CertificateException("Certificate trust prompt not accepted.");
            }
            AppLog.logDebugMessage(AppLog.Severity.DBG_INFO, ENTITY_NAME, "User trusted the server certificate.");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        ArrayList arrayList = new ArrayList();
        TrustManager[] systemTrustManagers = getSystemTrustManagers();
        if (systemTrustManagers == null) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "no trust managers returned, returning empty list");
            return (X509Certificate[]) arrayList.toArray();
        }
        for (TrustManager trustManager : systemTrustManagers) {
            if (trustManager instanceof X509TrustManager) {
                arrayList.addAll(Arrays.asList(((X509TrustManager) trustManager).getAcceptedIssuers()));
            }
        }
        return (X509Certificate[]) arrayList.toArray();
    }
}
