package com.backbase.cxpandroid.core.security.certificates;

import android.content.Context;
import com.backbase.cxpandroid.configurations.inner.CxpConfigurationManager;
import com.backbase.cxpandroid.core.utils.CxpLogger;
import com.commonsware.cwac.security.trust.TrustManagerBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes2.dex */
public class CxpCertificateManager {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final String LOGTAG = "CxpCertificateManager";
    private final Context context;

    public CxpCertificateManager(Context context) {
        this.context = context;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r5v0, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r5v2 */
    /* JADX WARN: Type inference failed for: r5v9, types: [java.io.InputStream] */
    private TrustManager[] addSelfSignedCerts(String str) {
        Throwable th;
        Exception e10;
        InputStream inputStream;
        CertificateFactory certificateFactory;
        try {
            try {
                certificateFactory = CertificateFactory.getInstance("X.509");
                inputStream = this.context.getAssets().open(str);
            } catch (Throwable th2) {
                th = th2;
                try {
                    str.close();
                } catch (IOException e11) {
                    CxpLogger.error(LOGTAG, e11);
                }
                throw th;
            }
        } catch (IOException e12) {
            e = e12;
            e10 = e;
            inputStream = null;
            CxpLogger.error(LOGTAG, e10);
            try {
                inputStream.close();
            } catch (IOException e13) {
                CxpLogger.error(LOGTAG, e13);
            }
            return new TrustManager[0];
        } catch (KeyStoreException e14) {
            e = e14;
            e10 = e;
            inputStream = null;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        } catch (NoSuchAlgorithmException e15) {
            e = e15;
            e10 = e;
            inputStream = null;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        } catch (CertificateException e16) {
            e = e16;
            e10 = e;
            inputStream = null;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        } catch (Throwable th3) {
            th = th3;
            str = 0;
            str.close();
            throw th;
        }
        try {
            KeyStore keyStore = getKeyStore();
            Certificate certificate = getCertificate(inputStream, certificateFactory);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", certificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            try {
                inputStream.close();
            } catch (IOException e17) {
                CxpLogger.error(LOGTAG, e17);
            }
            return trustManagers;
        } catch (IOException e18) {
            e10 = e18;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        } catch (KeyStoreException e19) {
            e10 = e19;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        } catch (NoSuchAlgorithmException e20) {
            e10 = e20;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        } catch (CertificateException e21) {
            e10 = e21;
            CxpLogger.error(LOGTAG, e10);
            inputStream.close();
            return new TrustManager[0];
        }
    }

    private boolean allowAllCertificates() {
        return CxpConfigurationManager.getConfiguration().getDevelopment().isAllowUntrustedCertificates() && CxpConfigurationManager.getConfiguration().getDevelopment().isDebugEnabled();
    }

    protected Certificate getCertificate(InputStream inputStream, CertificateFactory certificateFactory) throws CertificateException {
        return certificateFactory.generateCertificate(inputStream);
    }

    protected KeyStore getKeyStore() throws KeyStoreException {
        return KeyStore.getInstance(KeyStore.getDefaultType());
    }

    protected List<String> getPinnedCertificates() {
        return CxpConfigurationManager.getConfiguration().getSecurity().getSslPinning().getCertificates();
    }

    protected SSLContext getSSLContext() throws NoSuchAlgorithmException {
        return SSLContext.getInstance("TLS");
    }

    public SSLSocketFactory getSSLSocketFactory() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException, KeyManagementException {
        TrustManager[] trustedCertificates = getTrustedCertificates();
        if (trustedCertificates == null) {
            return null;
        }
        SSLContext sSLContext = getSSLContext();
        sSLContext.init(null, trustedCertificates, null);
        return sSLContext.getSocketFactory();
    }

    protected TrustManagerBuilder getTrustManagerBuilder() {
        return new TrustManagerBuilder(this.context);
    }

    public TrustManager[] getTrustedCertificates() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        int i10 = 1;
        if (allowAllCertificates()) {
            return new TrustManager[]{new a()};
        }
        TrustManagerBuilder trustManagerBuilder = getTrustManagerBuilder();
        List<String> pinnedCertificates = getPinnedCertificates();
        for (String str : pinnedCertificates) {
            trustManagerBuilder.addAll(addSelfSignedCerts(str));
            trustManagerBuilder.allowCA(str);
            if (i10 != pinnedCertificates.size()) {
                trustManagerBuilder.or();
            }
            i10++;
        }
        if (pinnedCertificates.isEmpty()) {
            trustManagerBuilder.useDefault();
        } else if (isDeviceChainChecked()) {
            trustManagerBuilder.and();
            trustManagerBuilder.useDefault();
        }
        return trustManagerBuilder.buildArray();
    }

    protected boolean isDeviceChainChecked() {
        return CxpConfigurationManager.getConfiguration().getSecurity().getSslPinning().isDeviceChainChecked();
    }
}
