package com.yandex.sslpinning.core;

import android.content.Context;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.ReentrantLock;

/* loaded from: classes.dex */
public class PinningTrustManager implements X509PinningTrustManager {
    private final Holder mHolder;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Holder {
        private volatile AppStoreCoordinator mAppStoreCoordinator;
        private volatile LibStoreCoordinator mLibStoreCoordinator;
        private volatile MessageManager mMessageManager;
        private volatile SystemChainVerifier mSystemVerifier;
        private final TrustConfiguration mTrustConfiguration;
        private final TrustContext mTrustContext;
        private volatile ListsVerifier[] mVerifiers;

        public Holder(TrustContext trustContext, TrustConfiguration trustConfiguration) {
            this.mTrustContext = trustContext;
            this.mTrustConfiguration = trustConfiguration;
        }

        private AppStoreCoordinator getAppStoreCoordinator() {
            if (this.mAppStoreCoordinator == null) {
                synchronized (this) {
                    if (this.mAppStoreCoordinator == null) {
                        this.mAppStoreCoordinator = new AppStoreCoordinator();
                    }
                }
            }
            return this.mAppStoreCoordinator;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public LibStoreCoordinator getLibStoreCoordinator() {
            if (this.mLibStoreCoordinator == null) {
                synchronized (this) {
                    if (this.mLibStoreCoordinator == null) {
                        this.mLibStoreCoordinator = new LibStoreCoordinator(this.mTrustContext, this.mTrustConfiguration);
                    }
                }
            }
            return this.mLibStoreCoordinator;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public MessageManager getMessageManager() {
            if (this.mMessageManager == null) {
                synchronized (this) {
                    if (this.mMessageManager == null) {
                        this.mMessageManager = new MessageManager(getAppStoreCoordinator().getWhiteContainer());
                    }
                }
            }
            return this.mMessageManager;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public SystemChainVerifier getSystemChainVerifier() {
            if (this.mSystemVerifier == null) {
                synchronized (this) {
                    if (this.mSystemVerifier == null) {
                        try {
                            this.mSystemVerifier = new SystemChainVerifier();
                        } catch (GeneralSecurityException e) {
                            throw new IllegalStateException("Can't get system trust manager", e);
                        }
                    }
                }
            }
            return this.mSystemVerifier;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public ListsVerifier[] getVerifiers() {
            if (this.mVerifiers == null) {
                synchronized (this) {
                    if (this.mVerifiers == null) {
                        this.mVerifiers = new ListsVerifier[]{new AppListsVerifier(getAppStoreCoordinator()), new LibListsVerifier(getLibStoreCoordinator())};
                    }
                }
            }
            return this.mVerifiers;
        }
    }

    public PinningTrustManager(Context context, TrustConfiguration trustConfiguration) {
        this(new TrustContext(context), trustConfiguration);
    }

    PinningTrustManager(TrustContext trustContext, TrustConfiguration trustConfiguration) {
        checkUuidProvider(trustConfiguration);
        this.mHolder = new Holder(trustContext, trustConfiguration);
    }

    private void checkUuidProvider(TrustConfiguration trustConfiguration) {
        if (trustConfiguration.getUuidProvider() == null) {
            throw new IllegalArgumentException("UUID provider must be set");
        }
    }

    private boolean checkWithPinUpdate(X509Certificate[] x509CertificateArr) throws CertificateException {
        try {
            if (!isSystemTrusted(x509CertificateArr)) {
                return false;
            }
            boolean isTrusted = isTrusted(x509CertificateArr);
            this.mHolder.getLibStoreCoordinator().updateOnScheduleIfNeeded();
            return isTrusted;
        } catch (CertificatePinningException e) {
            boolean tryCheckAfterUpdate = tryCheckAfterUpdate(x509CertificateArr);
            return !tryCheckAfterUpdate ? tryResolveWithListener(x509CertificateArr) : tryCheckAfterUpdate;
        }
    }

    private boolean isBlackListed(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (ListsVerifier listsVerifier : this.mHolder.getVerifiers()) {
            if (listsVerifier.verifyBlackList(x509CertificateArr)) {
                throw new CertificateException("There is blacklisted certificate in chain");
            }
        }
        return false;
    }

    private boolean isPinned(X509Certificate[] x509CertificateArr) throws CertificateException {
        for (ListsVerifier listsVerifier : this.mHolder.getVerifiers()) {
            if (listsVerifier.verifyPinList(x509CertificateArr)) {
                return true;
            }
        }
        throw new CertificatePinningException(new TrustIssue(this.mHolder.getMessageManager(), x509CertificateArr));
    }

    private boolean isSystemTrusted(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (this.mHolder.getSystemChainVerifier().verifyChain(x509CertificateArr)) {
            return true;
        }
        throw new CertificateException("System doesn't trust certificate chain");
    }

    private boolean isTrusted(X509Certificate[] x509CertificateArr) throws CertificateException {
        return isWhiteListed(x509CertificateArr) || (!isBlackListed(x509CertificateArr) && isPinned(x509CertificateArr));
    }

    private boolean isWhiteListed(X509Certificate[] x509CertificateArr) {
        for (ListsVerifier listsVerifier : this.mHolder.getVerifiers()) {
            if (listsVerifier.verifyWhiteList(x509CertificateArr)) {
                return true;
            }
        }
        return false;
    }

    private boolean tryCheckAfterUpdate(X509Certificate[] x509CertificateArr) {
        UpdateManager updateManager = this.mHolder.getLibStoreCoordinator().getUpdateManager();
        if (updateManager != null) {
            ReentrantLock updateLock = updateManager.getUpdateLock();
            updateLock.lock();
            try {
                try {
                    if (isTrusted(x509CertificateArr)) {
                        return true;
                    }
                } finally {
                    updateLock.unlock();
                }
            } catch (CertificateException e) {
            }
            if (updateManager.updateOnPinError()) {
                try {
                    return isTrusted(x509CertificateArr);
                } catch (CertificateException e2) {
                }
            }
        }
        return false;
    }

    private boolean tryResolveWithListener(X509Certificate[] x509CertificateArr) throws CertificateException {
        this.mHolder.getMessageManager().notifyListeners(x509CertificateArr);
        return isTrusted(x509CertificateArr);
    }

    @Override // com.yandex.sslpinning.core.X509PinningTrustManager
    public void addPinningListener(PinningListener pinningListener) {
        this.mHolder.getMessageManager().addPinningListener(pinningListener);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        throw new UnsupportedOperationException();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0 || str == null || str.length() == 0) {
            throw new IllegalArgumentException("null or zero-length parameter");
        }
        if (!checkWithPinUpdate(normalizeChain(x509CertificateArr))) {
            throw new CertificateException("Can't trust certificate chain");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.mHolder.getSystemChainVerifier().getAcceptedIssuers();
    }

    X509Certificate[] normalizeChain(X509Certificate[] x509CertificateArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            boolean z = false;
            int i2 = i + 1;
            while (true) {
                if (i2 >= x509CertificateArr.length) {
                    break;
                }
                if (x509CertificateArr[i].getIssuerDN().equals(x509CertificateArr[i2].getSubjectDN())) {
                    z = true;
                    if (i2 != i + 1) {
                        if (x509CertificateArr == x509CertificateArr) {
                            x509CertificateArr = (X509Certificate[]) x509CertificateArr.clone();
                        }
                        X509Certificate x509Certificate = x509CertificateArr[i2];
                        x509CertificateArr[i2] = x509CertificateArr[i + 1];
                        x509CertificateArr[i + 1] = x509Certificate;
                    }
                } else {
                    i2++;
                }
            }
            if (!z) {
                if (i + 1 == x509CertificateArr.length) {
                    return x509CertificateArr;
                }
                X509Certificate[] x509CertificateArr2 = new X509Certificate[i + 1];
                System.arraycopy(x509CertificateArr, 0, x509CertificateArr2, 0, i + 1);
                return x509CertificateArr2;
            }
        }
        return x509CertificateArr;
    }

    @Override // com.yandex.sslpinning.core.X509PinningTrustManager
    public boolean removePinningListener(PinningListener pinningListener) {
        return this.mHolder.getMessageManager().removePinningListener(pinningListener);
    }
}
