package com.symantec.starmobile.dendrite;

import android.content.Context;
import com.symantec.starmobile.dendrite.b;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public final class bq extends b {
    private List<bn> h;

    /* JADX INFO: Access modifiers changed from: package-private */
    public bq(Context context) {
        super(context);
        this.h = new ArrayList();
        this.g = "UntrustedCertificate";
        this.f = 0;
        this.d = true;
    }

    private static String a(X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(x509Certificate.getEncoded());
            return com.symantec.starmobile.common.utils.d.a(messageDigest.digest());
        } catch (Exception e) {
            com.symantec.starmobile.common.a.d("failed to get fingerprint from %s", e, x509Certificate.getIssuerDN().getName());
            return null;
        }
    }

    private void a(KeyStore keyStore, ArrayList<String> arrayList, HashSet<PublicKey> hashSet) {
        boolean z;
        X509Certificate x509Certificate;
        X509Certificate x509Certificate2;
        boolean z2;
        if (arrayList.isEmpty()) {
            this.b.a(b.C0005b.b, "Untrusted certificates are not found");
            return;
        }
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            String next = it.next();
            try {
                x509Certificate = (X509Certificate) keyStore.getCertificate(next);
                try {
                    try {
                        x509Certificate.checkValidity();
                        Iterator<PublicKey> it2 = hashSet.iterator();
                        while (true) {
                            if (!it2.hasNext()) {
                                z = false;
                                break;
                            } else {
                                try {
                                    x509Certificate.verify(it2.next());
                                    z = true;
                                    break;
                                } catch (Exception e) {
                                }
                            }
                        }
                        if (z) {
                            try {
                                com.symantec.starmobile.common.a.b("Verification passed for cert: %s", next);
                                it.remove();
                            } catch (Exception e2) {
                                z2 = z;
                                x509Certificate2 = x509Certificate;
                                e = e2;
                                try {
                                    com.symantec.starmobile.common.a.c("Validity Check failed for cert: %s", e, next);
                                    av.a(this.c);
                                    if (av.a() && x509Certificate2 != null) {
                                        try {
                                            ArrayList arrayList2 = new ArrayList();
                                            arrayList2.add(x509Certificate2.getEncoded());
                                            this.h.add(new bn(arrayList2, z2));
                                        } catch (CertificateEncodingException e3) {
                                            com.symantec.starmobile.common.a.d("Certificate encoding exception", e3, new Object[0]);
                                        }
                                    }
                                } catch (Throwable th) {
                                    th = th;
                                    x509Certificate = x509Certificate2;
                                    z = z2;
                                    av.a(this.c);
                                    if (av.a() && x509Certificate != null) {
                                        try {
                                            ArrayList arrayList3 = new ArrayList();
                                            arrayList3.add(x509Certificate.getEncoded());
                                            this.h.add(new bn(arrayList3, z));
                                        } catch (CertificateEncodingException e4) {
                                            com.symantec.starmobile.common.a.d("Certificate encoding exception", e4, new Object[0]);
                                        }
                                    }
                                    throw th;
                                }
                            } catch (Throwable th2) {
                                th = th2;
                                av.a(this.c);
                                if (av.a()) {
                                    ArrayList arrayList32 = new ArrayList();
                                    arrayList32.add(x509Certificate.getEncoded());
                                    this.h.add(new bn(arrayList32, z));
                                }
                                throw th;
                            }
                        } else {
                            com.symantec.starmobile.common.a.e("Verification failed for cert: %s", next);
                        }
                        av.a(this.c);
                        if (av.a() && x509Certificate != null) {
                            try {
                                ArrayList arrayList4 = new ArrayList();
                                arrayList4.add(x509Certificate.getEncoded());
                                this.h.add(new bn(arrayList4, z));
                            } catch (CertificateEncodingException e5) {
                                com.symantec.starmobile.common.a.d("Certificate encoding exception", e5, new Object[0]);
                            }
                        }
                    } catch (Exception e6) {
                        x509Certificate2 = x509Certificate;
                        e = e6;
                        z2 = false;
                    }
                } catch (Throwable th3) {
                    th = th3;
                    z = false;
                }
            } catch (Exception e7) {
                e = e7;
                x509Certificate2 = null;
                z2 = false;
            } catch (Throwable th4) {
                th = th4;
                z = false;
                x509Certificate = null;
            }
        }
        this.e = this.h;
        if (arrayList.isEmpty()) {
            this.b.a(b.C0005b.b, "User certificate(s) found, but they are not untrusted");
        } else {
            this.b.a(b.C0005b.c, "Untrusted certificate(s) found");
            this.b.d = arrayList;
        }
    }

    @Override // com.symantec.starmobile.dendrite.b
    public final void a() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            if (keyStore == null) {
                this.b.a(b.C0005b.b, "Untrusted certificates are not found");
                return;
            }
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            ArrayList<String> arrayList = new ArrayList<>();
            HashSet<PublicKey> hashSet = new HashSet<>();
            com.symantec.starmobile.common.utils.h a = com.symantec.starmobile.common.utils.h.a(this.c);
            boolean booleanValue = Boolean.valueOf(a.a("first_ca_cert_collect", "true")).booleanValue();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (nextElement != null && nextElement.length() != 0) {
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    com.symantec.starmobile.common.a.c("%s:%s:%s", nextElement, x509Certificate.getSubjectX500Principal().getName("RFC2253"), x509Certificate.getIssuerX500Principal().getName("RFC2253"));
                    if (nextElement.toLowerCase().startsWith("user:")) {
                        arrayList.add(nextElement);
                    } else if (nextElement.toLowerCase().startsWith("system:")) {
                        hashSet.add(x509Certificate.getPublicKey());
                        av.a(this.c);
                        if (av.a() && booleanValue) {
                            String a2 = a(x509Certificate);
                            if ((a2 == null || bo.a.containsKey(a2)) ? false : true) {
                                com.symantec.starmobile.common.a.b("%s: unknown System installed CA cert, thus collect it.", x509Certificate.getIssuerDN().getName());
                                this.h.add(new bn(Arrays.asList(x509Certificate.getEncoded())));
                                a.b("first_ca_cert_collect", "false");
                            }
                        }
                    }
                }
            }
            a(keyStore, arrayList, hashSet);
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            com.symantec.starmobile.common.a.d("Unable to verify Untrusted certificate", e2, new Object[0]);
            this.b.b(2, "Untrusted certificates presence check failed");
        }
    }
}
