package com.vpn.t;

import android.net.http.SslCertificate;
import com.alhinpost.core.g;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.Map;
import kotlin.g0.j.a.f;
import kotlin.j0.d.l;
import org.strongswan.android.data.VpnProfileDataSource;
import org.strongswan.android.logic.TrustedCertificateManager;
import org.strongswan.android.security.TrustedCertificateEntry;

/* compiled from: VpnCertificateManager.kt */
/* loaded from: classes2.dex */
public final class e {
    public static final e a = new e();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: VpnCertificateManager.kt */
    @f(c = "com.vpn.util.VpnCertificateManager", f = "VpnCertificateManager.kt", l = {116}, m = "getAvailableCertificatesAlias")
    /* loaded from: classes2.dex */
    public static final class a extends kotlin.g0.j.a.d {

        /* renamed from: c, reason: collision with root package name */
        /* synthetic */ Object f4521c;

        /* renamed from: d, reason: collision with root package name */
        int f4522d;

        /* renamed from: f, reason: collision with root package name */
        Object f4524f;

        /* renamed from: g, reason: collision with root package name */
        Object f4525g;

        a(kotlin.g0.d dVar) {
            super(dVar);
        }

        @Override // kotlin.g0.j.a.a
        public final Object invokeSuspend(Object obj) {
            this.f4521c = obj;
            this.f4522d |= Integer.MIN_VALUE;
            return e.this.d(this);
        }
    }

    private e() {
    }

    public static /* synthetic */ TrustedCertificateEntry f(e eVar, InputStream inputStream, int i2, Object obj) {
        if ((i2 & 1) != 0) {
            inputStream = g.b.c().getAssets().open("ca.cert_20200106.pem");
            l.d(inputStream, "ContextProvider.getConte….open(BuildConfig.CA_TAG)");
        }
        return eVar.e(inputStream);
    }

    public final X509Certificate a(InputStream inputStream) {
        l.e(inputStream, "certificateIn");
        try {
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            if (generateCertificate != null) {
                return (X509Certificate) generateCertificate;
            }
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        } catch (CertificateException e2) {
            throw new AssertionError(e2);
        }
    }

    public final TrustedCertificateEntry b(X509Certificate x509Certificate, Hashtable<String, X509Certificate> hashtable) {
        l.e(x509Certificate, "src");
        l.e(hashtable, "certificates");
        SslCertificate sslCertificate = new SslCertificate(x509Certificate);
        for (Map.Entry<String, X509Certificate> entry : hashtable.entrySet()) {
            SslCertificate sslCertificate2 = new SslCertificate(entry.getValue());
            SslCertificate.DName issuedTo = sslCertificate2.getIssuedTo();
            l.d(issuedTo, "sica.issuedTo");
            String oName = issuedTo.getOName();
            SslCertificate.DName issuedTo2 = sslCertificate.getIssuedTo();
            l.d(issuedTo2, "sca.issuedTo");
            if (l.a(oName, issuedTo2.getOName())) {
                SslCertificate.DName issuedTo3 = sslCertificate2.getIssuedTo();
                l.d(issuedTo3, "sica.issuedTo");
                String cName = issuedTo3.getCName();
                SslCertificate.DName issuedTo4 = sslCertificate.getIssuedTo();
                l.d(issuedTo4, "sca.issuedTo");
                if (l.a(cName, issuedTo4.getCName())) {
                    SslCertificate.DName issuedTo5 = sslCertificate2.getIssuedTo();
                    l.d(issuedTo5, "sica.issuedTo");
                    String dName = issuedTo5.getDName();
                    SslCertificate.DName issuedTo6 = sslCertificate.getIssuedTo();
                    l.d(issuedTo6, "sca.issuedTo");
                    if (l.a(dName, issuedTo6.getDName())) {
                        SslCertificate.DName issuedTo7 = sslCertificate2.getIssuedTo();
                        l.d(issuedTo7, "sica.issuedTo");
                        String uName = issuedTo7.getUName();
                        SslCertificate.DName issuedTo8 = sslCertificate.getIssuedTo();
                        l.d(issuedTo8, "sca.issuedTo");
                        if (l.a(uName, issuedTo8.getUName())) {
                            return new TrustedCertificateEntry(entry.getKey(), entry.getValue());
                        }
                    } else {
                        continue;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    public final Hashtable<String, X509Certificate> c() {
        Hashtable<String, X509Certificate> cACertificates = TrustedCertificateManager.getInstance().load().getCACertificates(TrustedCertificateManager.TrustedCertificateSource.LOCAL);
        l.d(cACertificates, "certificates");
        return cACertificates;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x0093  */
    /* JADX WARN: Removed duplicated region for block: B:15:0x00b3  */
    /* JADX WARN: Removed duplicated region for block: B:30:0x003a  */
    /* JADX WARN: Removed duplicated region for block: B:38:0x005f  */
    /* JADX WARN: Removed duplicated region for block: B:40:0x0070  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0024  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.lang.Object d(kotlin.g0.d<? super org.strongswan.android.security.TrustedCertificateEntry> r13) {
        /*
            r12 = this;
            boolean r0 = r13 instanceof com.vpn.t.e.a
            if (r0 == 0) goto L13
            r0 = r13
            com.vpn.t.e$a r0 = (com.vpn.t.e.a) r0
            int r1 = r0.f4522d
            r2 = -2147483648(0xffffffff80000000, float:-0.0)
            r3 = r1 & r2
            if (r3 == 0) goto L13
            int r1 = r1 - r2
            r0.f4522d = r1
            goto L18
        L13:
            com.vpn.t.e$a r0 = new com.vpn.t.e$a
            r0.<init>(r13)
        L18:
            java.lang.Object r13 = r0.f4521c
            java.lang.Object r1 = kotlin.g0.i.b.d()
            int r2 = r0.f4522d
            r3 = 1
            r4 = 0
            if (r2 == 0) goto L3a
            if (r2 != r3) goto L32
            java.lang.Object r1 = r0.f4525g
            java.lang.String r1 = (java.lang.String) r1
            java.lang.Object r0 = r0.f4524f
            com.vpn.t.e r0 = (com.vpn.t.e) r0
            kotlin.t.b(r13)
            goto L85
        L32:
            java.lang.IllegalStateException r13 = new java.lang.IllegalStateException
            java.lang.String r0 = "call to 'resume' before 'invoke' with coroutine"
            r13.<init>(r0)
            throw r13
        L3a:
            kotlin.t.b(r13)
            com.vpn.db.l r13 = com.vpn.db.l.f3916j
            com.vpn.db.a r13 = r13.b()
            com.vpn.db.h r13 = r13.c()
            com.vpn.model.ConfModel r13 = (com.vpn.model.ConfModel) r13
            if (r13 == 0) goto L50
            java.lang.String r2 = r13.getCaTag()
            goto L51
        L50:
            r2 = r4
        L51:
            if (r2 == 0) goto L5c
            boolean r5 = kotlin.p0.j.y(r2)
            if (r5 == 0) goto L5a
            goto L5c
        L5a:
            r5 = 0
            goto L5d
        L5c:
            r5 = 1
        L5d:
            if (r5 == 0) goto L70
            d.a.g.a r6 = d.a.g.a.b
            r9 = 0
            r10 = 4
            r11 = 0
            java.lang.String r7 = "可用证书文件名不存在"
            java.lang.String r8 = "证书"
            d.a.g.a.d(r6, r7, r8, r9, r10, r11)
            org.strongswan.android.security.TrustedCertificateEntry r13 = f(r12, r4, r3, r4)
            return r13
        L70:
            com.vpn.launch.LaunchErrorViewModel$a r5 = com.vpn.launch.LaunchErrorViewModel.INSTANCE
            java.lang.String r13 = r13.getCaDownloadUrl()
            r0.f4524f = r12
            r0.f4525g = r2
            r0.f4522d = r3
            java.lang.Object r13 = r5.a(r2, r13, r0)
            if (r13 != r1) goto L83
            return r1
        L83:
            r0 = r12
            r1 = r2
        L85:
            com.vpn.t.a r13 = com.vpn.t.a.a
            com.alhinpost.core.g r2 = com.alhinpost.core.g.b
            android.content.Context r5 = r2.c()
            boolean r5 = r13.m(r5, r1)
            if (r5 != 0) goto Lb3
            d.a.g.a r6 = d.a.g.a.b
            java.lang.StringBuilder r13 = new java.lang.StringBuilder
            r13.<init>()
            java.lang.String r2 = "本地找不到可用证书,fn = "
            r13.append(r2)
            r13.append(r1)
            java.lang.String r7 = r13.toString()
            r9 = 0
            r10 = 4
            r11 = 0
            java.lang.String r8 = "证书"
            d.a.g.a.d(r6, r7, r8, r9, r10, r11)
            org.strongswan.android.security.TrustedCertificateEntry r13 = f(r0, r4, r3, r4)
            return r13
        Lb3:
            java.io.File r0 = new java.io.File
            android.content.Context r2 = r2.c()
            java.io.File r13 = r13.b(r2)
            r0.<init>(r13, r1)
            java.io.FileInputStream r13 = new java.io.FileInputStream
            r13.<init>(r0)
            com.vpn.t.e r0 = com.vpn.t.e.a     // Catch: java.lang.Throwable -> Lce
            r0.e(r13)     // Catch: java.lang.Throwable -> Lce
            kotlin.i0.c.a(r13, r4)
            return r4
        Lce:
            r0 = move-exception
            throw r0     // Catch: java.lang.Throwable -> Ld0
        Ld0:
            r1 = move-exception
            kotlin.i0.c.a(r13, r0)
            throw r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.vpn.t.e.d(kotlin.g0.d):java.lang.Object");
    }

    public final TrustedCertificateEntry e(InputStream inputStream) {
        l.e(inputStream, "certificateIn");
        Hashtable<String, X509Certificate> c2 = c();
        X509Certificate a2 = a(inputStream);
        TrustedCertificateEntry b = b(a2, c2);
        return (b == null && g(a2)) ? b(a2, c()) : b;
    }

    public final boolean g(X509Certificate x509Certificate) {
        l.e(x509Certificate, VpnProfileDataSource.KEY_CERTIFICATE);
        try {
            KeyStore keyStore = KeyStore.getInstance("LocalCertificateStore");
            keyStore.load(null, null);
            keyStore.setCertificateEntry(null, x509Certificate);
            TrustedCertificateManager.getInstance().reset();
            return true;
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }
}
