package com.adguard.android.service;

import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.security.KeyChain;
import android.text.format.DateFormat;
import ch.qos.logback.core.joran.action.Action;
import com.adguard.android.filtering.api.CertificateStoreType;
import com.adguard.android.filtering.api.HttpsMitmMode;
import com.adguard.android.filtering.filter.AppRules;
import com.adguard.corelibs.proxy.ProxyUtils;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import org.apache.commons.codec.compatible.digest.DigestUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.filefilter.IOFileFilter;
import org.apache.commons.lang3.StringUtils;

/* compiled from: HttpsFilteringServiceImpl.java */
/* loaded from: classes.dex */
public class t implements s {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.c f500a = org.slf4j.d.a((Class<?>) t.class);
    private final PreferencesService h;
    private final c i;
    private final Context j;
    private byte[][] k;
    private final String b = "/data/misc/user/0/cacerts-added";
    private final String c = "/data/misc/user/0/cacerts-removed";
    private final String d = "/etc/security/cacerts";
    private final String e = "/sbin/.core/mirror/system";
    private final String f = "/sbin/.magisk/mirror/system";
    private final String g = "/system";
    private long l = 0;
    private String m = "";

    public t(Context context, PreferencesService preferencesService, c cVar) {
        this.j = context;
        this.h = preferencesService;
        this.i = cVar;
    }

    private File a(String str, byte[][] bArr) {
        String certKeyPairToPEM = ProxyUtils.certKeyPairToPEM(bArr);
        byte[] bArr2 = bArr[0];
        int indexOf = certKeyPairToPEM.indexOf("-----BEGIN RSA PRIVATE KEY-----");
        String substring = indexOf > 0 ? certKeyPairToPEM.substring(0, indexOf) : null;
        byte[] md5 = DigestUtils.md5(((X509Certificate) ProxyUtils.certKeyPairToKeyStoreEntry(bArr).getCertificate()).getIssuerX500Principal().getEncoded());
        final String hexString = Integer.toHexString(((md5[3] & 255) << 24) | (md5[0] & 255) | ((md5[1] & 255) << 8) | ((md5[2] & 255) << 16));
        for (File file : FileUtils.listFiles(new File(str), new IOFileFilter() { // from class: com.adguard.android.service.t.1
            @Override // org.apache.commons.io.filefilter.IOFileFilter, java.io.FileFilter
            public final boolean accept(File file2) {
                return StringUtils.startsWith(file2.getName(), hexString);
            }

            @Override // org.apache.commons.io.filefilter.IOFileFilter, java.io.FilenameFilter
            public final boolean accept(File file2, String str2) {
                return false;
            }
        }, (IOFileFilter) null)) {
            if (Arrays.equals(bArr2, FileUtils.readFileToByteArray(file))) {
                return file;
            }
            if (substring != null && FileUtils.readFileToString(file, com.adguard.commons.c.a.b).startsWith(substring)) {
                return file;
            }
        }
        return null;
    }

    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v2, types: [boolean] */
    private boolean c(boolean z) {
        ?? r0 = 0;
        String r = r();
        try {
            f500a.info("Mount directory {}, readonly {}", r, Boolean.valueOf(z));
            List<String> a2 = com.adguard.android.filtering.commons.d.a(String.format("mount -o %s %s", z ? "ro,remount" : "rw,remount", r), 10000);
            f500a.debug("Mount directory {} result: {}", r, StringUtils.join(a2, "\n"));
            r0 = CollectionUtils.isEmpty(a2);
            return r0;
        } catch (Exception e) {
            org.slf4j.c cVar = f500a;
            Object[] objArr = new Object[3];
            objArr[r0] = r;
            objArr[1] = Boolean.valueOf(z);
            objArr[2] = e;
            cVar.error("Error mount directory {}, readOnly {}", objArr);
            return r0;
        }
    }

    private static boolean e(String str) {
        try {
            return StringUtils.contains(FileUtils.readFileToString(new File("/proc/mounts"), com.adguard.commons.c.a.b), str);
        } catch (IOException e) {
            return false;
        }
    }

    private static void f(String str) {
        f500a.info("Remove certificate {}", str);
        f500a.debug("Remove certificate result: {}", StringUtils.join(com.adguard.android.filtering.commons.d.a(new String[]{"rm " + str}, 2, 10000), "\n"));
    }

    private String q() {
        return r() + "/etc/security/cacerts";
    }

    private static String r() {
        return com.adguard.android.filtering.commons.d.d() ? e("/sbin/.magisk/mirror/system") ? "/sbin/.magisk/mirror/system" : "/sbin/.core/mirror/system" : "/system";
    }

    private String s() {
        String str = null;
        f500a.debug("Getting CA certificate alias");
        if (this.k == null) {
            f500a.debug("CA certificate is not loaded yet");
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null);
        byte[] bArr = this.k[0];
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                String name = x509Certificate.getSubjectDN().getName();
                if (StringUtils.containsIgnoreCase(name, "AdGuard Personal CA")) {
                    f500a.debug("Checking certificate {}", name);
                    if (Arrays.equals(bArr, x509Certificate.getEncoded())) {
                        f500a.debug("The AdGuard certificate is stored by alias {}", nextElement);
                        if (StringUtils.startsWith(nextElement, "system")) {
                            return nextElement;
                        }
                    } else {
                        f500a.debug("The encoded forms doesn't equals for certificate {}", name);
                        nextElement = str;
                    }
                    str = nextElement;
                } else {
                    continue;
                }
            }
        }
        return str;
    }

    @Override // com.adguard.android.service.s
    public final void a(HttpsMitmMode httpsMitmMode) {
        this.h.a(httpsMitmMode);
    }

    @Override // com.adguard.android.service.s
    public final void a(List<String> list) {
        String str;
        List<String> f = com.adguard.android.filtering.api.a.f();
        if (CollectionUtils.isEmpty(f) || CollectionUtils.isEmpty(list)) {
            str = "";
        } else {
            str = com.adguard.commons.c.d.a((List) CollectionUtils.subtract(list, f), (List) CollectionUtils.subtract(f, list));
        }
        this.h.j(str);
        com.adguard.android.d.s.a().c();
    }

    @Override // com.adguard.android.service.s
    public final void a(boolean z) {
        f j = com.adguard.android.e.a(this.j).j();
        AppRules a2 = j.a();
        a2.setHttpsFiltering(Boolean.valueOf(z));
        j.a(a2, false);
    }

    @Override // com.adguard.android.service.s
    public final synchronized boolean a() {
        boolean z = true;
        synchronized (this) {
            if (this.k == null) {
                try {
                    String K = this.h.K();
                    if (K == null) {
                        f500a.debug("Certificate is not yet generated");
                        z = false;
                    } else {
                        this.k = ProxyUtils.certKeyPairFromPEM(K);
                        f500a.info("Loading certificate from preferences: {}", Boolean.valueOf(this.k != null));
                        if (this.k == null) {
                            z = false;
                        }
                    }
                } catch (Exception e) {
                    f500a.warn("Error while checking if our CA certificate is generated\n", (Throwable) e);
                    z = false;
                }
            }
        }
        return z;
    }

    @Override // com.adguard.android.service.s
    public final boolean a(CertificateStoreType certificateStoreType) {
        boolean z = false;
        try {
            f500a.info("Removing certificate from {} store", certificateStoreType);
            if (com.adguard.android.filtering.commons.d.e()) {
                File a2 = a(q(), this.k);
                if (a2 != null) {
                    f500a.info("The certificate file path: {}", a2);
                    if (c(false)) {
                        f(a2.getAbsolutePath());
                        c(true);
                        this.l = System.currentTimeMillis();
                        this.m = null;
                        this.h.g((String) null);
                        this.k = null;
                        z = true;
                    } else {
                        f500a.error("Cannot mount system directory on read-write mode");
                    }
                } else {
                    f500a.warn("Cannot found a certificate to the system store");
                }
            } else {
                f500a.info("No root access given");
            }
        } catch (Exception e) {
            f500a.error("Error while removing certificate:\n", (Throwable) e);
        }
        return z;
    }

    @Override // com.adguard.android.service.s
    public final boolean a(String str) {
        if (com.adguard.android.filtering.commons.b.d() && com.adguard.android.filtering.commons.j.a(str, this.j) && !d(str)) {
            return false;
        }
        AppRules b = com.adguard.android.e.a(this.j).j().b(str);
        return b == null || (b.isTrafficFiltering().booleanValue() && b.isHttpsFiltering().booleanValue() && b.isAdBlocking().booleanValue());
    }

    @Override // com.adguard.android.service.s
    public final synchronized CertificateStoreType b() {
        CertificateStoreType certificateStoreType;
        if (a()) {
            try {
                if (StringUtils.isBlank(this.m) || this.l + 1000 < System.currentTimeMillis()) {
                    this.m = s();
                    this.l = System.currentTimeMillis();
                }
            } catch (Exception e) {
                f500a.error("Error getting certificate store type", (Throwable) e);
            }
            if (StringUtils.startsWith(this.m, "system")) {
                certificateStoreType = CertificateStoreType.SYSTEM;
            } else {
                if (StringUtils.startsWith(this.m, "user")) {
                    certificateStoreType = CertificateStoreType.USER;
                }
                certificateStoreType = CertificateStoreType.NONE;
            }
        } else {
            certificateStoreType = CertificateStoreType.NONE;
        }
        return certificateStoreType;
    }

    @Override // com.adguard.android.service.s
    public final void b(String str) {
        List<String> c = this.i.c();
        if (c.contains(str) || !c.add(str)) {
            return;
        }
        this.i.a(c);
    }

    @Override // com.adguard.android.service.s
    public final void b(List<String> list) {
        this.h.i(StringUtils.join(list, "\n"));
        com.adguard.android.d.s.a().c();
    }

    @Override // com.adguard.android.service.s
    public final void b(boolean z) {
        this.h.k(z);
    }

    @Override // com.adguard.android.service.s
    public final void c(String str) {
        List<String> c = this.i.c();
        if (c.removeAll(Collections.singletonList(str))) {
            this.i.a(c);
        }
    }

    @Override // com.adguard.android.service.s
    public final boolean c() {
        return com.adguard.android.e.a(this.j).j().a().isHttpsFiltering().booleanValue();
    }

    @Override // com.adguard.android.service.s
    public final HttpsMitmMode d() {
        return this.h.I();
    }

    @Override // com.adguard.android.service.s
    public final boolean d(String str) {
        return this.i.c().contains(str);
    }

    @Override // com.adguard.android.service.s
    public final boolean e() {
        return this.h.L();
    }

    @Override // com.adguard.android.service.s
    public final Intent f() {
        try {
            byte[][] i = i();
            if (i != null) {
                byte[] bArr = i[0];
                Intent createInstallIntent = KeyChain.createInstallIntent();
                createInstallIntent.putExtra(Action.NAME_ATTRIBUTE, "AdGuard Certificate");
                createInstallIntent.putExtra("CERT", bArr);
                return createInstallIntent;
            }
        } catch (Exception e) {
            f500a.error("Error while encoding AdGuard root certificate\n", (Throwable) e);
        }
        return null;
    }

    @Override // com.adguard.android.service.s
    public final Intent g() {
        u.a(i());
        int a2 = u.a();
        Intent intent = new Intent("android.intent.action.VIEW");
        intent.setData(Uri.parse("http://127.0.0.1:" + a2 + "/adguard.crt"));
        return intent;
    }

    @Override // com.adguard.android.service.s
    public final com.adguard.android.filtering.api.k h() {
        f500a.info("Retrieving HTTPs filtering configuration");
        CertificateStoreType b = b();
        if (!c() || b == CertificateStoreType.NONE) {
            f500a.info("HTTPs filtering is disabled or CA certificate is not installed");
            return null;
        }
        com.adguard.android.filtering.api.k kVar = new com.adguard.android.filtering.api.k();
        kVar.a(i());
        HttpsMitmMode d = d();
        kVar.a(d == HttpsMitmMode.BLACKLIST ? n() : l());
        kVar.a(d);
        kVar.a(e());
        kVar.a(b);
        kVar.b(this.i.c());
        if (b == CertificateStoreType.SYSTEM) {
            f500a.info("Certificate is installed to system store");
        }
        f500a.info("HTTPs filtering configuration is {}", kVar);
        return kVar;
    }

    @Override // com.adguard.android.service.s
    public final synchronized byte[][] i() {
        byte[][] bArr;
        byte[][] certKeyPairFromPEM;
        if (this.k != null) {
            bArr = this.k;
        } else {
            try {
                f500a.info("Retrieving CA certificate from preferences");
                String K = this.h.K();
                if (K == null) {
                    f500a.info("No CA certificate in preferences, generate it");
                    certKeyPairFromPEM = ProxyUtils.generateCACertKeyPair("AdGuard Personal CA");
                    this.h.g(ProxyUtils.certKeyPairToPEM(certKeyPairFromPEM));
                    f500a.info("CA certificate generated and saved to preferences");
                } else {
                    f500a.info("Loading CA certificate from preferences");
                    certKeyPairFromPEM = ProxyUtils.certKeyPairFromPEM(K);
                }
                f500a.info("Returning CA certificate");
                this.k = certKeyPairFromPEM;
                bArr = this.k;
            } catch (Exception e) {
                f500a.error("Unexpected error while generating CA certificate\n", (Throwable) e);
                bArr = null;
            }
        }
        return bArr;
    }

    @Override // com.adguard.android.service.s
    public final boolean j() {
        f500a.info("Moving certificate to the system store");
        try {
            if (!com.adguard.android.filtering.commons.d.e()) {
                f500a.info("No root access given");
                return false;
            }
            File a2 = a("/data/misc/user/0/cacerts-added", this.k);
            if (a2 == null) {
                f500a.warn("Cannot found a certificate to the user store");
                return false;
            }
            f500a.info("The certificate file path: {}", a2);
            if (!c(false)) {
                f500a.error("Cannot mount system directory on read-write mode");
                return false;
            }
            String absolutePath = a2.getAbsolutePath();
            String replaceAll = StringUtils.replaceAll(a2.getName(), "\\.[0-9a-z]{1,2}$", ".0");
            String str = q() + File.separator + replaceAll;
            f500a.info("Copy certificate {} to {}", absolutePath, str);
            List<String> a3 = com.adguard.android.filtering.commons.d.a(new String[]{String.format("cp -f %s %s", absolutePath, str), String.format("chmod 644 %s", str)}, 2, 10000);
            if (CollectionUtils.isNotEmpty(a3)) {
                throw new Exception("Error while copy a certificate: \n" + a3);
            }
            f(absolutePath);
            File file = new File("/data/misc/user/0/cacerts-removed", replaceAll);
            if (file.exists()) {
                String absolutePath2 = file.getAbsolutePath();
                f500a.info("Remove certificate {} from black list", absolutePath2);
                f(absolutePath2);
            }
            this.l = System.currentTimeMillis();
            this.m = s();
            f500a.info("The certificate has been moved");
            return true;
        } catch (Exception e) {
            f500a.error("Error while moving certificate to system store:\n", (Throwable) e);
            return false;
        } finally {
            c(true);
        }
    }

    @Override // com.adguard.android.service.s
    public final String k() {
        X509Certificate x509Certificate;
        KeyStore.PrivateKeyEntry certKeyPairToKeyStoreEntry = ProxyUtils.certKeyPairToKeyStoreEntry(this.k);
        if (certKeyPairToKeyStoreEntry == null || (x509Certificate = (X509Certificate) certKeyPairToKeyStoreEntry.getCertificate()) == null) {
            return "";
        }
        return DateFormat.getLongDateFormat(this.j).format(x509Certificate.getNotAfter());
    }

    @Override // com.adguard.android.service.s
    public final List<String> l() {
        List<String> f = com.adguard.android.filtering.api.a.f();
        String af = this.h.af();
        if (CollectionUtils.isEmpty(f)) {
            return null;
        }
        if (StringUtils.isBlank(af)) {
            return f;
        }
        List<String> a2 = com.adguard.commons.b.a.a(af, "\r\n", true);
        ArrayList arrayList = new ArrayList(f.size());
        arrayList.addAll(f);
        for (String str : a2) {
            String substring = str.substring(1);
            if (StringUtils.startsWith(str, "-")) {
                arrayList.remove(substring);
            }
            if (StringUtils.startsWith(str, "+") && !arrayList.contains(substring)) {
                arrayList.add(0, substring);
            }
        }
        return arrayList;
    }

    @Override // com.adguard.android.service.s
    public final void m() {
        this.h.j((String) null);
        com.adguard.android.d.s.a().c();
    }

    @Override // com.adguard.android.service.s
    public final List<String> n() {
        return com.adguard.commons.b.a.a(this.h.ae(), "\r\n", true);
    }

    @Override // com.adguard.android.service.s
    public final void o() {
        this.h.i(com.adguard.android.filtering.api.a.e());
        com.adguard.android.d.s.a().c();
    }
}
