package com.adguard.android.service;

import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.security.KeyChain;
import ch.qos.logback.core.joran.action.Action;
import com.adguard.android.R;
import com.adguard.android.filtering.commons.DeviceName;
import com.adguard.android.filtering.filter.AppRules;
import com.adguard.filter.proxy.ssl.cipher.FastTlsCipherFactory;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.apache.commons.codec.compatible.digest.DigestUtils;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.filefilter.IOFileFilter;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: classes.dex */
public class q implements p {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.c f344a = org.slf4j.d.a(q.class);
    private final y b;
    private final a c;
    private final com.adguard.filter.proxy.ssl.c d;
    private final Context e;
    private com.adguard.filter.proxy.ssl.a f;

    public q(Context context) {
        this.e = context;
        this.b = com.adguard.android.a.a(context).d();
        this.c = com.adguard.android.a.a(context).e();
        this.d = new com.adguard.filter.proxy.ssl.g(context.getFilesDir().getAbsolutePath() + "/certs");
    }

    private boolean a(com.adguard.filter.proxy.ssl.a aVar) {
        if (aVar == null) {
            return false;
        }
        try {
            String aVar2 = aVar.toString();
            byte[] encoded = aVar.a().toASN1Structure().getEncoded();
            int indexOf = aVar2.indexOf("-----BEGIN RSA PRIVATE KEY-----");
            String substring = indexOf > 0 ? aVar2.substring(0, indexOf) : null;
            byte[] md5 = DigestUtils.md5(aVar.a().getIssuer().getEncoded());
            final String hexString = Integer.toHexString(((md5[3] & 255) << 24) | (md5[0] & 255) | ((md5[1] & 255) << 8) | ((md5[2] & 255) << 16));
            for (File file : FileUtils.listFiles(new File("/system/etc/security/cacerts/"), new IOFileFilter() { // from class: com.adguard.android.service.q.1
                @Override // org.apache.commons.io.filefilter.IOFileFilter, java.io.FileFilter
                public final boolean accept(File file2) {
                    return StringUtils.startsWith(file2.getName(), hexString);
                }

                @Override // org.apache.commons.io.filefilter.IOFileFilter, java.io.FilenameFilter
                public final boolean accept(File file2, String str) {
                    return false;
                }
            }, (IOFileFilter) null)) {
                if (Arrays.equals(encoded, FileUtils.readFileToByteArray(file))) {
                    return true;
                }
                if (substring != null && FileUtils.readFileToString(file).startsWith(substring)) {
                    return true;
                }
            }
        } catch (IOException e) {
            f344a.error("Error while checking if certificate is in the system store:\n", (Throwable) e);
        }
        return false;
    }

    @Override // com.adguard.android.service.p
    public final void a(int i) {
        this.b.h(i);
    }

    @Override // com.adguard.android.service.p
    public final void a(boolean z) {
        e i = com.adguard.android.a.a(this.e).i();
        AppRules a2 = i.a();
        a2.setHttpsFiltering(Boolean.valueOf(z));
        i.a(a2, false);
    }

    @Override // com.adguard.android.service.p
    public final synchronized boolean a() {
        boolean z = true;
        synchronized (this) {
            if (this.f == null) {
                try {
                    String U = this.b.U();
                    if (U == null) {
                        z = false;
                    } else {
                        this.f = new com.adguard.filter.proxy.ssl.a(U);
                    }
                } catch (IOException | CertificateException e) {
                    f344a.warn("Error while checking if our CA certificate is generated\n", e);
                    z = false;
                }
            }
        }
        return z;
    }

    @Override // com.adguard.android.service.p
    public final boolean a(String str) {
        if (com.adguard.android.filtering.commons.a.k() && com.adguard.android.filtering.commons.f.a(str, this.e) && !com.adguard.android.filtering.a.b(str)) {
            return false;
        }
        AppRules a2 = com.adguard.android.a.a(this.e).i().a(str);
        return a2 == null || (a2.isTrafficFiltering().booleanValue() && a2.isHttpsFiltering().booleanValue() && a2.isAdBlocking().booleanValue());
    }

    @Override // com.adguard.android.service.p
    public final void b(boolean z) {
        this.b.n(z);
    }

    @Override // com.adguard.android.service.p
    public final synchronized boolean b() {
        boolean z = false;
        synchronized (this) {
            if (a()) {
                try {
                    X509Certificate[] acceptedIssuers = com.adguard.filter.proxy.ssl.d.a().getAcceptedIssuers();
                    byte[] encoded = this.f.a().getEncoded();
                    int length = acceptedIssuers.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        if (ArrayUtils.isEquals(encoded, acceptedIssuers[i].getEncoded())) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                } catch (Exception e) {
                    f344a.error("Cannot get trust manager", (Throwable) e);
                }
            }
        }
        return z;
    }

    @Override // com.adguard.android.service.p
    public final boolean c() {
        return com.adguard.android.a.a(this.e).i().a().isHttpsFiltering().booleanValue();
    }

    @Override // com.adguard.android.service.p
    public final int d() {
        return this.b.S();
    }

    @Override // com.adguard.android.service.p
    public final boolean e() {
        return this.b.V();
    }

    @Override // com.adguard.android.service.p
    public final Intent f() {
        try {
            com.adguard.filter.proxy.ssl.a i = i();
            if (i != null) {
                byte[] encoded = i.a().getEncoded();
                Intent createInstallIntent = KeyChain.createInstallIntent();
                createInstallIntent.putExtra(Action.NAME_ATTRIBUTE, "Adguard Certificate");
                createInstallIntent.putExtra("CERT", encoded);
                return createInstallIntent;
            }
        } catch (IOException e) {
            f344a.error("Error while encoding Adguard root certificate\n", (Throwable) e);
        }
        return null;
    }

    @Override // com.adguard.android.service.p
    public final Intent g() {
        r.a(i());
        int a2 = r.a();
        Intent intent = new Intent("android.intent.action.VIEW");
        intent.setData(Uri.parse("http://127.0.0.1:" + a2 + "/root.crt"));
        return Intent.createChooser(intent, this.e.getText(R.string.choose_program));
    }

    @Override // com.adguard.android.service.p
    public final com.adguard.filter.proxy.ssl.k h() {
        f344a.info("Retrieving HTTPs filtering configuration");
        if (!c() || !b()) {
            f344a.info("HTTPs filtering is disabled or CA certificate is not installed");
            return null;
        }
        com.adguard.filter.proxy.ssl.k kVar = new com.adguard.filter.proxy.ssl.k();
        com.adguard.filter.proxy.ssl.a i = i();
        kVar.a(i);
        kVar.a(this.d);
        int d = d();
        kVar.a(d == 0 ? com.adguard.commons.c.a.a(this.c.c("pref.https.domains.blacklist"), IOUtils.LINE_SEPARATOR_WINDOWS, true) : com.adguard.commons.c.a.a(this.c.c("pref.https.domains.whitelist"), IOUtils.LINE_SEPARATOR_WINDOWS, true));
        kVar.a(d);
        kVar.b(e());
        if (com.adguard.android.filtering.commons.a.h() && com.adguard.android.filtering.commons.a.a() && Arrays.asList(DeviceName.Zenfone_2, DeviceName.Zenfone_5, DeviceName.Zenfone_6).contains(DeviceName.getCurrentDevice())) {
            FastTlsCipherFactory.setUsingNativeCipher(false);
        }
        if (com.adguard.android.commons.h.a()) {
            f344a.info("Checking if our certificate is installed to system store");
            boolean a2 = a(i);
            f344a.info("Certificate is installed to system store: {}", Boolean.valueOf(a2));
            kVar.a(a2);
        }
        f344a.info("HTTPs filtering configuration is {}", kVar);
        return kVar;
    }

    @Override // com.adguard.android.service.p
    public final synchronized com.adguard.filter.proxy.ssl.a i() {
        com.adguard.filter.proxy.ssl.a aVar;
        if (this.f != null) {
            aVar = this.f;
        } else {
            try {
                f344a.info("Retrieving CA certificate from preferences");
                String U = this.b.U();
                if (U == null) {
                    f344a.info("No CA certificate in preferences, generate it");
                    aVar = com.adguard.filter.proxy.ssl.b.a();
                    this.b.k(aVar.toString());
                    f344a.info("CA certificate generated and saved to preferences");
                } else {
                    aVar = new com.adguard.filter.proxy.ssl.a(U);
                }
                f344a.info("Returning CA certificate");
                this.f = aVar;
            } catch (IOException | GeneralSecurityException e) {
                f344a.error("Unexpected error while generating CA certificate\n", e);
                aVar = null;
            }
        }
        return aVar;
    }
}
