package net.openvpn.openvpn;

import android.content.Context;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class TrustMan implements X509TrustManager {

    /* renamed from: g, reason: collision with root package name */
    private static int f39368g;

    /* renamed from: a, reason: collision with root package name */
    private KeyStore f39369a;

    /* renamed from: b, reason: collision with root package name */
    private X509TrustManager f39370b;

    /* renamed from: c, reason: collision with root package name */
    private int f39371c;

    /* renamed from: d, reason: collision with root package name */
    private X509TrustManager f39372d;

    /* renamed from: e, reason: collision with root package name */
    private File f39373e;

    /* renamed from: f, reason: collision with root package name */
    private Callback f39374f;

    /* loaded from: classes3.dex */
    public interface Callback {
        void onTrustFail(TrustContext trustContext);

        void onTrustSucceed(boolean z2);
    }

    /* loaded from: classes3.dex */
    public static class Error extends Exception {
        public Error(String str) {
            super("TrustMan: " + str);
        }
    }

    /* loaded from: classes3.dex */
    public static class TrustContext {
        public String authType;
        public X509Certificate[] chain;
        public CertificateException excep;

        public String toString() {
            return "TrustContext chain=" + this.chain + " authType=" + this.authType + " excep=" + this.excep;
        }
    }

    /* loaded from: classes3.dex */
    public static class TrustFail extends CertificateException {
        TrustFail(CertificateException certificateException) {
            super(certificateException);
        }
    }

    public TrustMan(Context context) {
        this.f39373e = new File(context.getFilesDir() + File.separator + "trusted-certs.keystore");
        h();
    }

    private void a(boolean z2) {
        Callback callback = this.f39374f;
        if (callback != null) {
            callback.onTrustSucceed(z2);
        }
    }

    private void b(X509Certificate[] x509CertificateArr, String str, boolean z2) {
        c();
        try {
            if (z2) {
                this.f39370b.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.f39370b.checkClientTrusted(x509CertificateArr, str);
            }
            a(true);
        } catch (CertificateException e3) {
            if (f(e3)) {
                a(true);
                return;
            }
            if (e(x509CertificateArr[0])) {
                a(true);
                return;
            }
            try {
                if (z2) {
                    this.f39372d.checkServerTrusted(x509CertificateArr, str);
                } else {
                    this.f39372d.checkClientTrusted(x509CertificateArr, str);
                }
                a(false);
            } catch (CertificateException e4) {
                TrustContext trustContext = new TrustContext();
                trustContext.chain = x509CertificateArr;
                trustContext.authType = str;
                trustContext.excep = e4;
                Callback callback = this.f39374f;
                if (callback != null) {
                    callback.onTrustFail(trustContext);
                }
                throw new TrustFail(e4);
            }
        }
    }

    private void c() {
        try {
            if (this.f39371c != f39368g) {
                h();
            }
        } catch (Error unused) {
        }
    }

    private X509TrustManager d(KeyStore keyStore, String str) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    return (X509TrustManager) trustManager;
                }
            }
            return null;
        } catch (Exception unused) {
            return null;
        }
    }

    private boolean e(X509Certificate x509Certificate) {
        try {
            return this.f39369a.getCertificateAlias(x509Certificate) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    private boolean f(Throwable th) {
        while (!(th instanceof CertificateExpiredException)) {
            th = th.getCause();
            if (th == null) {
                return false;
            }
        }
        return true;
    }

    public static void forget_certs(Context context) {
        context.deleteFile("trusted-certs.keystore");
        f39368g++;
    }

    private KeyStore g() {
        KeyStore keyStore;
        KeyStoreException e3;
        try {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                keyStore.load(null, null);
                keyStore.load(new FileInputStream(this.f39373e), "OpenVPN".toCharArray());
            } catch (FileNotFoundException unused) {
            } catch (Exception e4) {
                try {
                    e4.printStackTrace();
                } catch (KeyStoreException e5) {
                    e3 = e5;
                    e3.printStackTrace();
                    return keyStore;
                }
            }
        } catch (KeyStoreException e6) {
            keyStore = null;
            e3 = e6;
        }
        return keyStore;
    }

    private void h() {
        KeyStore g3 = g();
        if (g3 == null) {
            throw new Error("could not load appKeyStore");
        }
        X509TrustManager d3 = d(null, "default");
        if (d3 == null) {
            throw new Error("could not load defaultTrustManager");
        }
        X509TrustManager d4 = d(g3, "app-init");
        if (d4 == null) {
            throw new Error("could not load appTrustManager");
        }
        this.f39371c = f39368g;
        this.f39369a = g3;
        this.f39372d = d3;
        this.f39370b = d4;
    }

    /* JADX WARN: Code restructure failed: missing block: B:0:?, code lost:
    
        r1 = r1;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean isTrustFail(java.lang.Exception r1) {
        /*
        L0:
            if (r1 == 0) goto Ld
            boolean r0 = r1 instanceof net.openvpn.openvpn.TrustMan.TrustFail
            if (r0 == 0) goto L8
            r1 = 1
            return r1
        L8:
            java.lang.Throwable r1 = r1.getCause()
            goto L0
        Ld:
            r1 = 0
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: net.openvpn.openvpn.TrustMan.isTrustFail(java.lang.Exception):boolean");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        b(x509CertificateArr, str, true);
    }

    public void clearCallback() {
        this.f39374f = null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        c();
        return this.f39372d.getAcceptedIssuers();
    }

    public void setCallback(Callback callback) {
        this.f39374f = callback;
    }

    public void trustCert(TrustContext trustContext) {
        try {
            this.f39369a.setCertificateEntry(trustContext.chain[0].getSubjectDN().toString(), trustContext.chain[0]);
            X509TrustManager d3 = d(this.f39369a, "app-reload");
            if (d3 != null) {
                this.f39370b = d3;
            }
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(this.f39373e);
                this.f39369a.store(fileOutputStream, "OpenVPN".toCharArray());
                fileOutputStream.close();
            } catch (Exception unused) {
            }
        } catch (KeyStoreException e3) {
            e3.printStackTrace();
        }
    }
}
