package com.airwatch.certpinning;

import android.content.Context;
import com.airwatch.app.OpenForTesting;
import com.airwatch.certpinning.TrustSpecs;
import com.airwatch.util.IOUtils;
import com.airwatch.util.Logger;
import java.io.Closeable;
import java.io.InputStream;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;
import org.koin.core.component.KoinComponent;
import org.koin.core.component.KoinScopeComponent;
import org.koin.core.scope.Scope;

@OpenForTesting
@Metadata(d1 = {"\u0000R\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\b\u0011\u0018\u0000 \u001b2\u00020\u00012\u00020\u0002:\u0001\u001bB\u0015\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0006\u0010\u0005\u001a\u00020\u0006¢\u0006\u0002\u0010\u0007J+\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\f\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u000e0\r2\u0006\u0010\u000f\u001a\u00020\u0004H\u0014¢\u0006\u0002\u0010\u0010J\u0018\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0005\u001a\u00020\u0006H\u0002J\u0018\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0005\u001a\u00020\u0006H\u0002J\u0017\u0010\u0016\u001a\u0004\u0018\u00010\u00172\u0006\u0010\u0013\u001a\u00020\u0014H\u0010¢\u0006\u0002\b\u0018J\b\u0010\u0019\u001a\u00020\u001aH\u0014¨\u0006\u001c"}, d2 = {"Lcom/airwatch/certpinning/LocalCertificateTrustManager;", "Lcom/airwatch/certpinning/ExtendedX509TrustManager;", "Lorg/koin/core/component/KoinComponent;", "targetHost", "", "trustSpecs", "Lcom/airwatch/certpinning/TrustSpecs;", "(Ljava/lang/String;Lcom/airwatch/certpinning/TrustSpecs;)V", "checkTrust", "", "host", "Ljava/net/InetAddress;", "chain", "", "Ljava/security/cert/X509Certificate;", "authType", "(Ljava/net/InetAddress;[Ljava/security/cert/X509Certificate;Ljava/lang/String;)V", "fromCertificate", "Ljava/security/KeyStore;", "context", "Landroid/content/Context;", "fromP12", "getLocalTrustManager", "Ljavax/net/ssl/X509TrustManager;", "getLocalTrustManager$AWFramework_release", "isTrustMaterialAvailable", "", "Companion", "AWFramework_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes3.dex */
public class LocalCertificateTrustManager extends ExtendedX509TrustManager implements KoinComponent {
    private static final String TAG = "LocalCertificateTrustManager";

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public LocalCertificateTrustManager(String targetHost, TrustSpecs trustSpecs) {
        super(targetHost, trustSpecs);
        Intrinsics.checkNotNullParameter(targetHost, "targetHost");
        Intrinsics.checkNotNullParameter(trustSpecs, "trustSpecs");
    }

    private final KeyStore fromCertificate(Context context, TrustSpecs trustSpecs) {
        if (!(trustSpecs instanceof TrustSpecs.CertificateTrustSpecs)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream inputStream = null;
        try {
            InputStream open = context.getAssets().open(((TrustSpecs.CertificateTrustSpecs) trustSpecs).getAssetId());
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(open);
                Intrinsics.checkNotNullExpressionValue(generateCertificate, "cf.generateCertificate(caInput)");
                Logger.d$default(TAG, Intrinsics.stringPlus("ca=", ((X509Certificate) generateCertificate).getSubjectDN()), null, 4, null);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", generateCertificate);
                Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
                if (open != null) {
                    open.close();
                }
                return keyStore;
            } catch (Throwable th) {
                th = th;
                inputStream = open;
                if (inputStream != null) {
                    inputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private final KeyStore fromP12(Context context, TrustSpecs trustSpecs) {
        if (!(trustSpecs instanceof TrustSpecs.P12TrustSpecs)) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        try {
            try {
                KeyStore trustStore = KeyStore.getInstance("PKCS12");
                InputStream open = context.getAssets().open(((TrustSpecs.P12TrustSpecs) trustSpecs).getAssetId());
                String password = ((TrustSpecs.P12TrustSpecs) trustSpecs).getPassword();
                if (password == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
                }
                char[] charArray = password.toCharArray();
                Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
                trustStore.load(open, charArray);
                Intrinsics.checkNotNullExpressionValue(trustStore, "trustStore");
                IOUtils.closeQuietly(open);
                return trustStore;
            } catch (Exception e) {
                throw new RuntimeException("could not load auto discovery trust store", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((Closeable) null);
            throw th;
        }
    }

    @Override // com.airwatch.certpinning.ExtendedX509TrustManager
    protected void checkTrust(InetAddress host, X509Certificate[] chain, String authType) throws CertificateException {
        Scope rootScope;
        KClass<?> orCreateKotlinClass;
        Intrinsics.checkNotNullParameter(host, "host");
        Intrinsics.checkNotNullParameter(chain, "chain");
        Intrinsics.checkNotNullParameter(authType, "authType");
        try {
            if (!(getTrustSpecs() instanceof TrustSpecs.PublicKeyTrustSpec)) {
                X509TrustManager localTrustManager$AWFramework_release = getLocalTrustManager$AWFramework_release(getApplicationContext());
                if (localTrustManager$AWFramework_release == null) {
                    throw new IllegalStateException("Required value was null.".toString());
                }
                localTrustManager$AWFramework_release.checkServerTrusted(chain, authType);
                return;
            }
            LocalCertificateTrustManager localCertificateTrustManager = this;
            if (localCertificateTrustManager instanceof KoinScopeComponent) {
                rootScope = ((KoinScopeComponent) localCertificateTrustManager).getScope();
                orCreateKotlinClass = Reflection.getOrCreateKotlinClass(PublicKeyManager.class);
            } else {
                rootScope = localCertificateTrustManager.getKoin().getScopeRegistry().getRootScope();
                orCreateKotlinClass = Reflection.getOrCreateKotlinClass(PublicKeyManager.class);
            }
            ((PublicKeyManager) rootScope.get(orCreateKotlinClass, null, null)).validate(chain, getTrustSpecs());
        } catch (Exception e) {
            throw new SSLPinningCertificateException(getTargetHost(), e);
        }
    }

    public X509TrustManager getLocalTrustManager$AWFramework_release(Context context) {
        KeyStore fromCertificate;
        Intrinsics.checkNotNullParameter(context, "context");
        TrustSpecs trustSpecs = getTrustSpecs();
        if (trustSpecs instanceof TrustSpecs.P12TrustSpecs) {
            fromCertificate = fromP12(context, getTrustSpecs());
        } else {
            if (!(trustSpecs instanceof TrustSpecs.CertificateTrustSpecs)) {
                throw new IllegalArgumentException("Invalid trust specs");
            }
            fromCertificate = fromCertificate(context, getTrustSpecs());
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(fromCertificate);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            Intrinsics.checkNotNullExpressionValue(trustManagers, "tmf.trustManagers");
            int i = 0;
            int length = trustManagers.length;
            while (i < length) {
                TrustManager trustManager = trustManagers[i];
                i++;
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            Logger.w$default(TAG, "A valid local trust manager was not found", null, 4, null);
            return null;
        } catch (Exception e) {
            Logger.e(TAG, "Could not create trust manager from asset credentials", (Throwable) e);
            return null;
        }
    }

    @Override // com.airwatch.certpinning.ExtendedX509TrustManager
    protected boolean isTrustMaterialAvailable() {
        return true;
    }
}
