package com.blackberry.security.cr.svc;

import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.os.IBinder;
import android.util.Log;
import com.blackberry.concierge.b;
import com.blackberry.security.cr.ICRAidlInterface;
import com.blackberry.security.cr.ParcelableCertificate;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;

/* loaded from: classes.dex */
public class CertificateRevocationService extends Service {
    public static final String LOG_TAG = "certmgr:certRevSvc:CertificateRevocationService";
    public static final int STATUS_GOOD = 0;
    public static final int STATUS_REVOKED = 1;
    public static final int STATUS_UNKNOWN = 2;
    public static final int STATUS_UNSUPPORTED = 3;
    Context mContext;
    private CertRevocationNative mCrNative;
    private final ICRAidlInterface.Stub mCrServiceBinder = new ICRAidlInterface.Stub() { // from class: com.blackberry.security.cr.svc.CertificateRevocationService.1
        private void addCertStatusToDb(CertStatus certStatus, long j10) {
            int i10;
            try {
                i10 = CertificateRevocationService.this.mOCSPDbHelper.addCertStatusToDb(certStatus, j10);
            } catch (Exception e10) {
                e10.printStackTrace();
                i10 = 65535;
            }
            if (i10 == 0) {
                Log.d(CertificateRevocationService.LOG_TAG, "AddCertStatusToDb Success");
                return;
            }
            Log.e(CertificateRevocationService.LOG_TAG, "AddCertStatusToDb fails" + i10);
        }

        private long calculateExpTime(CertStatus certStatus) {
            long currentTimeMillis = System.currentTimeMillis() / 1000;
            if (certStatus.getNextUpdate() <= 0) {
                return currentTimeMillis + 60;
            }
            long nextUpdate = certStatus.getNextUpdate() - currentTimeMillis;
            if (nextUpdate >= 86400) {
                return currentTimeMillis + 86400;
            }
            if (nextUpdate < 86400) {
                return certStatus.getNextUpdate();
            }
            return 0L;
        }

        private int callOcspResponder(CertId certId, Cert cert, EncodedRequest encodedRequest, String str) {
            try {
                Log.i(CertificateRevocationService.LOG_TAG, "Contacting URL " + str);
                HttpResponseData postRequestToResponder = postRequestToResponder(new URL(str), encodedRequest.getByteArray());
                if (postRequestToResponder.getErrCode() != 0) {
                    return postRequestToResponder.getErrCode();
                }
                byte[] respData = postRequestToResponder.getRespData();
                Cert cert2 = new Cert(respData, respData.length);
                int decodeOcspRespMsg = decodeOcspRespMsg(cert, encodedRequest, cert2);
                return decodeOcspRespMsg == 0 ? getCertStatusFromServRespMsg(certId, cert2) : decodeOcspRespMsg;
            } catch (MalformedURLException e10) {
                Log.e(CertificateRevocationService.LOG_TAG, "MalformedURLException: " + e10.getMessage());
                return ErrorCodes.MALFORMED_OCSP_URL;
            } catch (IOException e11) {
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:IOException: " + e11.getMessage());
                e11.printStackTrace();
                return ErrorCodes.INTERNAL_ERROR;
            } catch (Exception e12) {
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:Exception: " + e12.getMessage());
                e12.printStackTrace();
                return ErrorCodes.INTERNAL_ERROR;
            }
        }

        private int checkCertStatusInDb(CertId certId) {
            try {
                CertStatus certStatusFromDb = CertificateRevocationService.this.mOCSPDbHelper.getCertStatusFromDb(certId);
                if (certStatusFromDb == null) {
                    Log.i(CertificateRevocationService.LOG_TAG, "checkCertStatusInDb certStatus null STATUS_NOT_FOUND_IN_DB");
                    return ErrorCodes.STATUS_NOT_FOUND_IN_DB;
                }
                Log.i(CertificateRevocationService.LOG_TAG, "Status found in Db = " + certStatusFromDb.getStatus());
                return certStatusFromDb.getStatus();
            } catch (Exception e10) {
                e10.printStackTrace();
                return ErrorCodes.STATUS_NOT_FOUND_IN_DB;
            }
        }

        private boolean checkPermissions() {
            if (b.D().t(CertificateRevocationService.this.getApplicationContext()).a()) {
                return true;
            }
            Log.e(CertificateRevocationService.LOG_TAG, "Missing BBCI essential permissions");
            return false;
        }

        private byte[] convertInputStreamToByteArray(InputStream inputStream) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int read = inputStream.read();
            while (read != -1) {
                byteArrayOutputStream.write(read);
                read = inputStream.read();
            }
            return byteArrayOutputStream.toByteArray();
        }

        private int decodeOcspRespMsg(Cert cert, EncodedRequest encodedRequest, Cert cert2) {
            try {
                return CertificateRevocationService.this.mCrNative.ocspDecodeResponse(cert, encodedRequest, cert2);
            } catch (Exception e10) {
                e10.printStackTrace();
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:mCrNative.ocspDecodeResponse : " + e10.getMessage());
                return ErrorCodes.INTERNAL_ERROR;
            }
        }

        /* JADX WARN: Code restructure failed: missing block: B:24:0x007d, code lost:
        
            return r3;
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private int getCertStatusFromServRespMsg(com.blackberry.security.cr.svc.CertId r9, com.blackberry.security.cr.svc.Cert r10) {
            /*
                r8 = this;
                java.lang.String r0 = "certmgr:certRevSvc:CertificateRevocationService"
                r1 = 0
                r2 = 65535(0xffff, float:9.1834E-41)
                r3 = 600003(0x927c3, float:8.40783E-40)
            L9:
                r4 = 20483(0x5003, float:2.8703E-41)
                if (r2 == r4) goto L7d
                r2 = 600000(0x927c0, float:8.40779E-40)
                com.blackberry.security.cr.svc.CertificateRevocationService r5 = com.blackberry.security.cr.svc.CertificateRevocationService.this     // Catch: java.lang.Exception -> L60
                com.blackberry.security.cr.svc.CertRevocationNative r5 = com.blackberry.security.cr.svc.CertificateRevocationService.access$200(r5)     // Catch: java.lang.Exception -> L60
                com.blackberry.security.cr.svc.CertStatus r5 = r5.ocspGetCertStatus(r1, r10)     // Catch: java.lang.Exception -> L60
                if (r5 != 0) goto L22
                java.lang.String r9 = "INTERNAL_ERROR: crStatus is null"
                android.util.Log.e(r0, r9)
                return r2
            L22:
                int r2 = r5.getReturnCode()
                if (r2 != r4) goto L2e
                java.lang.String r9 = "returnCode==TP_ERR_INVALID_INDEX"
                android.util.Log.d(r0, r9)
                goto L7d
            L2e:
                int r1 = r1 + 1
                com.blackberry.security.cr.svc.CertId r4 = r5.getCertId()
                boolean r4 = r9.equals(r4)
                if (r4 == 0) goto L56
                if (r2 == 0) goto L3e
                r3 = r2
                goto L42
            L3e:
                int r3 = r5.getStatus()
            L42:
                java.lang.StringBuilder r4 = new java.lang.StringBuilder
                r4.<init>()
                java.lang.String r6 = "Got the required Cert status  "
                r4.append(r6)
                r4.append(r3)
                java.lang.String r4 = r4.toString()
                android.util.Log.i(r0, r4)
            L56:
                if (r2 != 0) goto L9
                long r6 = r8.calculateExpTime(r5)
                r8.addCertStatusToDb(r5, r6)
                goto L9
            L60:
                r9 = move-exception
                java.lang.StringBuilder r10 = new java.lang.StringBuilder
                r10.<init>()
                java.lang.String r1 = "INTERNAL_ERROR:mCrNative.ocspGetCertStatus: "
                r10.append(r1)
                java.lang.String r1 = r9.getMessage()
                r10.append(r1)
                java.lang.String r10 = r10.toString()
                android.util.Log.e(r0, r10)
                r9.printStackTrace()
                return r2
            L7d:
                return r3
            */
            throw new UnsupportedOperationException("Method not decompiled: com.blackberry.security.cr.svc.CertificateRevocationService.AnonymousClass1.getCertStatusFromServRespMsg(com.blackberry.security.cr.svc.CertId, com.blackberry.security.cr.svc.Cert):int");
        }

        private int getOnlineCertStatus(CertId certId, Cert cert, Cert cert2) {
            boolean z10;
            int i10;
            try {
                EncodedRequest ocspEncodeRequest = CertificateRevocationService.this.mCrNative.ocspEncodeRequest(new Cert[]{cert}, cert2);
                if (ocspEncodeRequest == null) {
                    Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR: encodeReq==null");
                    return ErrorCodes.INTERNAL_ERROR;
                }
                if (ocspEncodeRequest.getRetCode() != 0) {
                    return ocspEncodeRequest.getRetCode();
                }
                if (cert.getResponderUrl().length() == 0) {
                    i10 = 49551;
                    z10 = false;
                } else {
                    int i11 = 0;
                    z10 = false;
                    for (String str : cert.getResponderUrl().trim().split("[\\s]+")) {
                        if (str.length() != 0) {
                            int callOcspResponder = callOcspResponder(certId, cert2, ocspEncodeRequest, str);
                            if ((callOcspResponder == 0) || (callOcspResponder == 1)) {
                                return callOcspResponder;
                            }
                            if (callOcspResponder == 2) {
                                z10 = true;
                            } else {
                                i11 = callOcspResponder;
                            }
                        }
                    }
                    i10 = i11;
                }
                for (String str2 : CertificateRevocationService.this.mOCSPServiceURL) {
                    if (str2.length() != 0) {
                        int callOcspResponder2 = callOcspResponder(certId, cert2, ocspEncodeRequest, str2);
                        if ((callOcspResponder2 == 0) || (callOcspResponder2 == 1)) {
                            return callOcspResponder2;
                        }
                        if (callOcspResponder2 == 2) {
                            z10 = true;
                        } else if (i10 == 0) {
                            i10 = callOcspResponder2;
                        }
                    }
                }
                if (z10) {
                    return 2;
                }
                return i10;
            } catch (Exception e10) {
                e10.printStackTrace();
                Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:Native Exception: " + e10.getMessage());
                return ErrorCodes.INTERNAL_ERROR;
            }
        }

        /* JADX WARN: Code restructure failed: missing block: B:33:0x0174, code lost:
        
            if (r10 == 0) goto L77;
         */
        /* JADX WARN: Code restructure failed: missing block: B:40:0x01a3, code lost:
        
            if (r10 == 0) goto L77;
         */
        /* JADX WARN: Code restructure failed: missing block: B:47:0x0145, code lost:
        
            if (r10 == 0) goto L77;
         */
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Removed duplicated region for block: B:30:0x016c  */
        /* JADX WARN: Removed duplicated region for block: B:32:0x0171  */
        /* JADX WARN: Removed duplicated region for block: B:37:0x019b  */
        /* JADX WARN: Removed duplicated region for block: B:39:0x01a0  */
        /* JADX WARN: Removed duplicated region for block: B:44:0x013d  */
        /* JADX WARN: Removed duplicated region for block: B:46:0x0142  */
        /* JADX WARN: Removed duplicated region for block: B:61:0x01ad  */
        /* JADX WARN: Removed duplicated region for block: B:63:0x01b2  */
        /* JADX WARN: Removed duplicated region for block: B:65:0x01b7  */
        /* JADX WARN: Type inference failed for: r10v0, types: [java.net.URL] */
        /* JADX WARN: Type inference failed for: r10v10 */
        /* JADX WARN: Type inference failed for: r10v11 */
        /* JADX WARN: Type inference failed for: r10v12 */
        /* JADX WARN: Type inference failed for: r10v13, types: [java.net.HttpURLConnection] */
        /* JADX WARN: Type inference failed for: r10v15, types: [java.net.HttpURLConnection, java.net.URLConnection] */
        /* JADX WARN: Type inference failed for: r10v18 */
        /* JADX WARN: Type inference failed for: r10v19 */
        /* JADX WARN: Type inference failed for: r10v2 */
        /* JADX WARN: Type inference failed for: r10v20 */
        /* JADX WARN: Type inference failed for: r10v3 */
        /* JADX WARN: Type inference failed for: r10v4 */
        /* JADX WARN: Type inference failed for: r10v5 */
        /* JADX WARN: Type inference failed for: r10v6 */
        /* JADX WARN: Type inference failed for: r10v7 */
        /* JADX WARN: Type inference failed for: r10v9 */
        /* JADX WARN: Type inference failed for: r11v1 */
        /* JADX WARN: Type inference failed for: r11v13 */
        /* JADX WARN: Type inference failed for: r11v28 */
        /* JADX WARN: Type inference failed for: r11v8, types: [java.io.InputStream] */
        /* JADX WARN: Type inference failed for: r7v0 */
        /* JADX WARN: Type inference failed for: r7v1 */
        /* JADX WARN: Type inference failed for: r7v13, types: [java.io.OutputStream, java.io.DataOutputStream] */
        /* JADX WARN: Type inference failed for: r7v2 */
        /* JADX WARN: Type inference failed for: r7v4, types: [java.io.OutputStream] */
        /* JADX WARN: Type inference failed for: r7v5, types: [java.io.OutputStream] */
        /* JADX WARN: Type inference failed for: r7v6, types: [java.io.OutputStream] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private com.blackberry.security.cr.svc.HttpResponseData postRequestToResponder(java.net.URL r10, byte[] r11) {
            /*
                Method dump skipped, instructions count: 443
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: com.blackberry.security.cr.svc.CertificateRevocationService.AnonymousClass1.postRequestToResponder(java.net.URL, byte[]):com.blackberry.security.cr.svc.HttpResponseData");
        }

        @Override // com.blackberry.security.cr.ICRAidlInterface
        public void clearCache() {
            if (checkPermissions()) {
                CertificateRevocationService.this.mOCSPDbHelper.deleteDb();
                CertificateRevocationProxyCRL proxyCRL = CertificateRevocationService.this.getProxyCRL();
                if (proxyCRL != null) {
                    proxyCRL.clearCache();
                }
            }
        }

        @Override // com.blackberry.security.cr.ICRAidlInterface
        public int[] getOCSPCertChainStatus(ParcelableCertificate[] parcelableCertificateArr) {
            if (!checkPermissions()) {
                return null;
            }
            k8.b c10 = k8.b.c(CertificateRevocationService.this.mContext);
            CertificateRevocationService.this.mOcspTimeout = c10.e() * 1000;
            if (CertificateRevocationService.this.mOCSPServiceURL == null) {
                CertificateRevocationService.this.mOCSPServiceURL = c10.d().trim().split("[\r\n\\s]+");
            }
            ArrayList arrayList = new ArrayList();
            for (int i10 = 0; i10 < parcelableCertificateArr.length; i10++) {
                arrayList.add(new Cert(parcelableCertificateArr[i10].getCertBytes(), parcelableCertificateArr[i10].getCertBytes().length));
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            int[] iArr = new int[parcelableCertificateArr.length - 1];
            int length = parcelableCertificateArr.length - 1;
            Log.i(CertificateRevocationService.LOG_TAG, "getOCSPCertChainStatus No of Certs =  " + parcelableCertificateArr.length);
            int i11 = 0;
            while (i11 < length) {
                Cert cert = (Cert) arrayList.get(i11);
                i11++;
                Cert cert2 = (Cert) arrayList.get(i11);
                if (cert2 == null || cert == null) {
                    Log.e(CertificateRevocationService.LOG_TAG, "Error while extracting Certificate");
                } else {
                    linkedHashMap.put(cert, cert2);
                }
            }
            int i12 = -1;
            for (Map.Entry entry : linkedHashMap.entrySet()) {
                i12++;
                Cert cert3 = (Cert) entry.getKey();
                Cert cert4 = (Cert) entry.getValue();
                Log.i(CertificateRevocationService.LOG_TAG, "targetCert " + cert4.getByteArray().length);
                Log.i(CertificateRevocationService.LOG_TAG, "issuerCert " + cert3.getByteArray().length);
                try {
                    CertId certId = CertificateRevocationService.this.mCrNative.getCertId(cert4, cert3);
                    if (certId == null) {
                        Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR: CertId is null");
                        iArr[i12] = 600000;
                    } else {
                        Log.i(CertificateRevocationService.LOG_TAG, "getCertId return code = " + String.format("%x", Integer.valueOf(certId.getReturnCode())));
                        if (certId.getReturnCode() != 0) {
                            iArr[i12] = certId.getReturnCode();
                        } else {
                            int checkCertStatusInDb = checkCertStatusInDb(certId);
                            Log.i(CertificateRevocationService.LOG_TAG, "status of Cert in DB = " + String.format("%x", Integer.valueOf(checkCertStatusInDb)));
                            if (checkCertStatusInDb != 600001) {
                                iArr[i12] = checkCertStatusInDb;
                            } else {
                                int onlineCertStatus = getOnlineCertStatus(certId, cert4, cert3);
                                Log.i(CertificateRevocationService.LOG_TAG, "OCSP status of Cert = " + String.format("%x", Integer.valueOf(onlineCertStatus)));
                                iArr[i12] = onlineCertStatus;
                            }
                        }
                    }
                } catch (Exception e10) {
                    Log.e(CertificateRevocationService.LOG_TAG, "INTERNAL_ERROR:Exception calling getCertId: " + e10.getMessage());
                    e10.printStackTrace();
                    iArr[i12] = 600000;
                }
            }
            return iArr;
        }

        @Override // com.blackberry.security.cr.ICRAidlInterface
        public int[] getProxyCRLCertChainStatus(ParcelableCertificate[] parcelableCertificateArr) {
            CertificateRevocationProxyCRL proxyCRL;
            if (checkPermissions() && (proxyCRL = CertificateRevocationService.this.getProxyCRL()) != null) {
                return proxyCRL.getProxyCRLCertChainStatus(parcelableCertificateArr);
            }
            return null;
        }
    };
    private Thread mDelExpRecordThread;
    private OCSPDbHelper mOCSPDbHelper;
    private String[] mOCSPServiceURL;
    private int mOcspTimeout;
    private CertificateRevocationProxyCRL mProxyCRL;

    private void deleteExpiredRecordsFromDb() {
        Thread thread = new Thread("DeleteExpRecThread") { // from class: com.blackberry.security.cr.svc.CertificateRevocationService.2
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                Log.i(CertificateRevocationService.LOG_TAG, "no of expired records deleted is " + CertificateRevocationService.this.mOCSPDbHelper.deleteAllExpiredRecord());
            }
        };
        this.mDelExpRecordThread = thread;
        thread.start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized CertificateRevocationProxyCRL getProxyCRL() {
        if (this.mProxyCRL == null) {
            Log.d(LOG_TAG, "CertificateRevocationService getProxyCRLCertChainStatus() no crl proxy, calling restrictions to get service details");
            k8.b c10 = k8.b.c(this.mContext);
            String g10 = c10.g();
            String f10 = c10.f();
            int h10 = c10.h() * 1000;
            if (g10.isEmpty() || f10.isEmpty()) {
                Log.w(LOG_TAG, "CertificateRevocationService getProxyCRLCertChainStatus() cannot create crl proxy, crlPackageID or crlClass is empty String");
            } else {
                Log.d(LOG_TAG, "CertificateRevocationService getProxyCRLCertChainStatus() creating crl proxy, crlPackageID = " + g10 + ", crlClass = " + f10 + ", timeout(ms) = " + h10);
                CertificateRevocationProxyCRL certificateRevocationProxyCRL = new CertificateRevocationProxyCRL(this.mContext, g10, f10, h10);
                this.mProxyCRL = certificateRevocationProxyCRL;
                certificateRevocationProxyCRL.initialize();
            }
        }
        return this.mProxyCRL;
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        return this.mCrServiceBinder;
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        this.mCrNative = new CertRevocationNative();
        this.mOCSPDbHelper = new OCSPDbHelper(getApplicationContext());
        this.mContext = this;
    }

    @Override // android.app.Service
    public void onDestroy() {
        deleteExpiredRecordsFromDb();
        try {
            this.mDelExpRecordThread.join();
        } catch (InterruptedException e10) {
            e10.printStackTrace();
        }
        Log.i(LOG_TAG, "del thread joined");
        this.mOCSPDbHelper.close();
        CertificateRevocationProxyCRL certificateRevocationProxyCRL = this.mProxyCRL;
        if (certificateRevocationProxyCRL != null) {
            certificateRevocationProxyCRL.close();
        }
        super.onDestroy();
    }
}
