package com.android.org.conscrypt;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.security.auth.x500.X500Principal;
import libcore.io.IoUtils;

/* loaded from: classes.dex */
public final class TrustedCertificateStore {
    private static final CertificateFactory CERT_FACTORY;
    private static File defaultCaCertsAddedDir;
    private static File defaultCaCertsDeletedDir;
    private static File defaultCaCertsSystemDir;
    private final File addedDir;
    private final File deletedDir;
    private final File systemDir;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface CertSelector {
        boolean match(X509Certificate x509Certificate);
    }

    static {
        String str = System.getenv("ANDROID_ROOT");
        String str2 = System.getenv("ANDROID_DATA");
        defaultCaCertsSystemDir = new File(str + "/etc/security/cacerts");
        setDefaultUserDirectory(new File(str2 + "/misc/keychain"));
        try {
            CERT_FACTORY = CertificateFactory.getInstance("X509");
        } catch (CertificateException e) {
            throw new AssertionError(e);
        }
    }

    public TrustedCertificateStore() {
        this(defaultCaCertsSystemDir, defaultCaCertsAddedDir, defaultCaCertsDeletedDir);
    }

    public TrustedCertificateStore(File file, File file2, File file3) {
        this.systemDir = file;
        this.addedDir = file2;
        this.deletedDir = file3;
    }

    private File file(File file, String str, int i) {
        return new File(file, str + '.' + i);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.security.cert.X509Certificate, T] */
    /* JADX WARN: Type inference failed for: r1v0, types: [T, java.io.File] */
    private <T> T findCert(File file, X500Principal x500Principal, CertSelector certSelector, Class<T> cls) {
        ?? r0;
        String hash = hash(x500Principal);
        int i = 0;
        while (true) {
            ?? r1 = (T) file(file, hash, i);
            if (!r1.isFile()) {
                if (cls == Boolean.class) {
                    return (T) Boolean.FALSE;
                }
                if (cls != File.class) {
                    return null;
                }
                return r1;
            }
            if (!isTombstone(r1) && (r0 = (T) readCertificate(r1)) != 0 && certSelector.match(r0)) {
                if (cls == X509Certificate.class) {
                    return r0;
                }
                if (cls == Boolean.class) {
                    return (T) Boolean.TRUE;
                }
                if (cls != File.class) {
                    throw new AssertionError();
                }
                return r1;
            }
            i++;
        }
    }

    private String hash(X500Principal x500Principal) {
        return IntegralToString.intToHexString(NativeCrypto.X509_NAME_hash_old(x500Principal), false, 8);
    }

    private boolean isDeletedSystemCertificate(X509Certificate x509Certificate) {
        return getCertificateFile(this.deletedDir, x509Certificate).exists();
    }

    private boolean isTombstone(File file) {
        return file.length() == 0;
    }

    private X509Certificate readCertificate(File file) {
        if (!file.isFile()) {
            return null;
        }
        BufferedInputStream bufferedInputStream = null;
        try {
            BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new FileInputStream(file));
            try {
                try {
                    X509Certificate x509Certificate = (X509Certificate) CERT_FACTORY.generateCertificate(bufferedInputStream2);
                    IoUtils.closeQuietly(bufferedInputStream2);
                    return x509Certificate;
                } catch (IOException e) {
                    bufferedInputStream = bufferedInputStream2;
                    IoUtils.closeQuietly(bufferedInputStream);
                    return null;
                } catch (CertificateException e2) {
                    bufferedInputStream = bufferedInputStream2;
                    IoUtils.closeQuietly(bufferedInputStream);
                    return null;
                } catch (Throwable th) {
                    th = th;
                    bufferedInputStream = bufferedInputStream2;
                    IoUtils.closeQuietly(bufferedInputStream);
                    throw th;
                }
            } catch (IOException e3) {
                bufferedInputStream = bufferedInputStream2;
            } catch (CertificateException e4) {
                bufferedInputStream = bufferedInputStream2;
            } catch (Throwable th2) {
                th = th2;
                bufferedInputStream = bufferedInputStream2;
            }
        } catch (IOException e5) {
        } catch (CertificateException e6) {
        } catch (Throwable th3) {
            th = th3;
        }
    }

    public static void setDefaultUserDirectory(File file) {
        defaultCaCertsAddedDir = new File(file, "cacerts-added");
        defaultCaCertsDeletedDir = new File(file, "cacerts-removed");
    }

    public X509Certificate findIssuer(final X509Certificate x509Certificate) {
        CertSelector certSelector = new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.3
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                try {
                    x509Certificate.verify(x509Certificate2.getPublicKey());
                    return true;
                } catch (Exception e) {
                    return false;
                }
            }
        };
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        X509Certificate x509Certificate2 = (X509Certificate) findCert(this.addedDir, issuerX500Principal, certSelector, X509Certificate.class);
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        X509Certificate x509Certificate3 = (X509Certificate) findCert(this.systemDir, issuerX500Principal, certSelector, X509Certificate.class);
        if (x509Certificate3 == null || isDeletedSystemCertificate(x509Certificate3)) {
            return null;
        }
        return x509Certificate3;
    }

    public File getCertificateFile(File file, final X509Certificate x509Certificate) {
        return (File) findCert(file, x509Certificate.getSubjectX500Principal(), new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.1
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                return x509Certificate2.equals(x509Certificate);
            }
        }, File.class);
    }

    public X509Certificate getTrustAnchor(final X509Certificate x509Certificate) {
        CertSelector certSelector = new CertSelector() { // from class: com.android.org.conscrypt.TrustedCertificateStore.2
            @Override // com.android.org.conscrypt.TrustedCertificateStore.CertSelector
            public boolean match(X509Certificate x509Certificate2) {
                return x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey());
            }
        };
        X509Certificate x509Certificate2 = (X509Certificate) findCert(this.addedDir, x509Certificate.getSubjectX500Principal(), certSelector, X509Certificate.class);
        if (x509Certificate2 != null) {
            return x509Certificate2;
        }
        X509Certificate x509Certificate3 = (X509Certificate) findCert(this.systemDir, x509Certificate.getSubjectX500Principal(), certSelector, X509Certificate.class);
        if (x509Certificate3 == null || isDeletedSystemCertificate(x509Certificate3)) {
            return null;
        }
        return x509Certificate3;
    }

    public boolean isUserAddedCertificate(X509Certificate x509Certificate) {
        return getCertificateFile(this.addedDir, x509Certificate).exists();
    }
}
