package com.bochklaunchflow;

import android.content.Context;
import android.os.AsyncTask;
import com.bochklaunchflow.base.CertPinType;
import com.bochklaunchflow.http.AppRequest;
import com.bochklaunchflow.http.bean.CertificatePinning;
import com.bochklaunchflow.http.bean.CertificatePinningPath;
import com.bochklaunchflow.okhttp.https.TrustedKeyStoreConfig;
import com.bochklaunchflow.utils.BOCLFLogUtil;
import com.bochklaunchflow.utils.BOCLFUtils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;

/* loaded from: classes.dex */
public class DownloadCertManager {
    private static final String a = DownloadCertManager.class.getSimpleName();
    private static Context b = null;
    private static HashMap<String, Boolean> c = null;
    private static Set<String> d = null;
    private static CertificatePinning e = null;
    private static b f = null;
    private static c g = null;
    private static a h = null;

    /* loaded from: classes.dex */
    public interface a {
        void a();

        void a(Exception exc);

        void b();

        void b(Exception exc);

        void c();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class b extends AsyncTask<Void, Void, CertificatePinning> {
        private boolean a = true;
        private boolean b = false;

        public b(a aVar) {
            a unused = DownloadCertManager.h = aVar;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public CertificatePinning doInBackground(Void... voidArr) {
            try {
                return AppRequest.getCertificatesListJson(DownloadCertManager.b);
            } catch (SSLHandshakeException e) {
                this.a = false;
                return null;
            } catch (SSLPeerUnverifiedException e2) {
                this.a = false;
                return null;
            } catch (Exception e3) {
                BOCLFLogUtil.e(DownloadCertManager.a, "get cert list failed!");
                this.b = true;
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onPostExecute(CertificatePinning certificatePinning) {
            super.onPostExecute(certificatePinning);
            if (!this.a) {
                DownloadCertManager.h.b();
                return;
            }
            if (certificatePinning == null || this.b) {
                BOCLFLogUtil.e(DownloadCertManager.a, "cannot download cert list; fail to download cert / cert list is null");
                DownloadCertManager.h.b(new Exception("failed in downloading cert list"));
                return;
            }
            CertificatePinning unused = DownloadCertManager.e = certificatePinning;
            if (DownloadCertManager.c == null) {
                HashMap unused2 = DownloadCertManager.c = new HashMap();
            }
            if (DownloadCertManager.e.getResult() == null) {
                BOCLFLogUtil.w(DownloadCertManager.a, "cert list is empty");
                Set unused3 = DownloadCertManager.d = new HashSet();
                DownloadCertManager.h.a(new Exception("cert list is empty"));
                return;
            }
            Set unused4 = DownloadCertManager.d = new HashSet();
            for (CertificatePinningPath certificatePinningPath : DownloadCertManager.e.getResult()) {
                if (certificatePinningPath != null && certificatePinningPath.getDomain() != null) {
                    DownloadCertManager.d.add(certificatePinningPath.getDomain());
                    DownloadCertManager.c.put(certificatePinningPath.getDomain(), false);
                    BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertListTask DownloadCertListTask: validDomainSet & domainToIsDownloadSucceededHM added->" + certificatePinningPath.getDomain());
                }
            }
            if (TrustedKeyStoreConfig.getCNFromLocalCerts() != null) {
                for (String str : TrustedKeyStoreConfig.getCNFromLocalCerts()) {
                    if (str != null) {
                        DownloadCertManager.d.add(str);
                        BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertListTask DownloadCertListTask: validDomainSet added local cert cn->" + str);
                    }
                }
            }
            DownloadCertManager.d(DownloadCertManager.h);
        }

        @Override // android.os.AsyncTask
        protected void onCancelled() {
            super.onCancelled();
        }

        @Override // android.os.AsyncTask
        protected void onPreExecute() {
            super.onPreExecute();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class c extends AsyncTask<Void, Void, Map<String, X509Certificate>> {
        private boolean a = true;
        private List<CertificatePinningPath> b;

        public c(String str, a aVar) {
            String domainFromValidUrl;
            a unused = DownloadCertManager.h = aVar;
            this.b = null;
            if (str != null) {
                try {
                    if (DownloadCertManager.e == null || DownloadCertManager.e.getResult() == null || (domainFromValidUrl = BOCLFUtils.getDomainFromValidUrl(str)) == null || DownloadCertManager.e.getResult().size() <= 0) {
                        return;
                    }
                    for (CertificatePinningPath certificatePinningPath : DownloadCertManager.e.getResult()) {
                        String wildcardToRegex = BOCLFUtils.wildcardToRegex(certificatePinningPath.getDomain());
                        if (domainFromValidUrl.matches(wildcardToRegex)) {
                            BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertsTask: domain \"" + domainFromValidUrl + "\" matches wildcard \"" + wildcardToRegex + "\"; add to download map");
                            if (this.b == null) {
                                this.b = new ArrayList();
                            }
                            this.b.add(certificatePinningPath);
                        } else {
                            BOCLFLogUtil.d(DownloadCertManager.a, "DownloadCertsTask: domain \"" + domainFromValidUrl + "\" does not match wildcard \"" + wildcardToRegex + "\"");
                        }
                    }
                } catch (Exception e) {
                    BOCLFLogUtil.e(DownloadCertManager.a, "cannot get cert address to download; download all instead");
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Map<String, X509Certificate> doInBackground(Void... voidArr) {
            HashSet<String> hashSet;
            HashMap hashMap;
            boolean z;
            X509Certificate x509Certificate;
            boolean z2;
            String str;
            HashMap hashMap2 = new HashMap();
            if (this.b == null) {
                if (DownloadCertManager.e == null || DownloadCertManager.e.getResult() == null) {
                    BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: certificatesList / certificatesList.getResult is empty");
                    return null;
                }
                if (DownloadCertManager.e.getResult().size() <= 0) {
                    BOCLFLogUtil.w(DownloadCertManager.a, "DownloadCertsTask doInBackground: No certs needed to be downloaded (certificatesList.getResult.size == 0)");
                    return new HashMap();
                }
                HashMap hashMap3 = new HashMap();
                HashMap hashMap4 = new HashMap();
                if (DownloadCertManager.c != null) {
                    hashMap4.putAll(hashMap4);
                }
                for (CertificatePinningPath certificatePinningPath : DownloadCertManager.e.getResult()) {
                    if (certificatePinningPath != null) {
                        try {
                            try {
                            } catch (Exception e) {
                                BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 got exception->" + e.getMessage());
                            }
                        } catch (SSLHandshakeException e2) {
                            this.a = false;
                        } catch (SSLPeerUnverifiedException e3) {
                            this.a = false;
                        }
                        if (certificatePinningPath.getDomain() != null && certificatePinningPath.getPath() != null) {
                            String str2 = null;
                            try {
                                str2 = certificatePinningPath.getPath().substring(certificatePinningPath.getPath().lastIndexOf("/") + 1, certificatePinningPath.getPath().lastIndexOf("."));
                            } catch (Exception e4) {
                                BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 cannot grab cert name from cert path");
                            }
                            BOCLFLogUtil.d(DownloadCertManager.a, "DownloadCertsTask doInBackground: set certName into certNameToCertMap->" + str2);
                            X509Certificate certificateByPath = AppRequest.getCertificateByPath(DownloadCertManager.b, certificatePinningPath.getPath());
                            if (str2 == null || certificateByPath == null) {
                                BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 download cert fail for domain->" + certificatePinningPath.getDomain());
                                if (DownloadCertManager.c.containsKey(certificatePinningPath.getDomain())) {
                                    DownloadCertManager.c.put(certificatePinningPath.getDomain(), false);
                                    BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 set DownloadSucceededMap to false for domain->" + certificatePinningPath.getDomain());
                                }
                                if (hashMap3 != null && hashMap3.containsKey(certificatePinningPath.getDomain()) && hashMap2 != null && hashMap2.containsKey(hashMap3.get(certificatePinningPath.getDomain()))) {
                                    BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 remove domain->" + ((String) hashMap3.get(certificatePinningPath.getDomain())) + " in resultMap");
                                    hashMap2.remove(hashMap3.get(certificatePinningPath.getDomain()));
                                    hashMap3.remove(certificatePinningPath.getDomain());
                                }
                            } else {
                                hashMap2.put(str2, certificateByPath);
                                hashMap3.put(certificatePinningPath.getDomain(), str2);
                                BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 resultMap added->" + str2);
                                if (DownloadCertManager.c.containsKey(certificatePinningPath.getDomain())) {
                                    DownloadCertManager.c.put(certificatePinningPath.getDomain(), true);
                                    BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 updated map with domain->" + certificatePinningPath.getDomain());
                                }
                            }
                        }
                    }
                    BOCLFLogUtil.w(DownloadCertManager.a, "DownloadCertsTask doInBackground: #2 certAddress is not completed");
                }
                return hashMap2;
            }
            X509Certificate x509Certificate2 = null;
            HashSet hashSet2 = new HashSet();
            Iterator<CertificatePinningPath> it = this.b.iterator();
            String str3 = null;
            while (true) {
                if (!it.hasNext()) {
                    hashSet = hashSet2;
                    hashMap = hashMap2;
                    break;
                }
                CertificatePinningPath next = it.next();
                try {
                    X509Certificate certificateByPath2 = AppRequest.getCertificateByPath(DownloadCertManager.b, next.getPath());
                    z = certificateByPath2 != null;
                    x509Certificate = certificateByPath2;
                } catch (SSLHandshakeException e5) {
                    this.a = false;
                    X509Certificate x509Certificate3 = x509Certificate2;
                    z = true;
                    x509Certificate = x509Certificate3;
                } catch (SSLPeerUnverifiedException e6) {
                    this.a = false;
                    X509Certificate x509Certificate4 = x509Certificate2;
                    z = true;
                    x509Certificate = x509Certificate4;
                } catch (Exception e7) {
                    BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #1 got exception->" + e7.getMessage());
                    X509Certificate x509Certificate5 = x509Certificate2;
                    z = false;
                    x509Certificate = x509Certificate5;
                }
                try {
                    str3 = next.getPath().substring(next.getPath().lastIndexOf("/") + 1, next.getPath().lastIndexOf("."));
                    if ("".equals(str3)) {
                        z = false;
                    }
                    z2 = z;
                    str = str3;
                } catch (Exception e8) {
                    BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #1 cannot grab cert name from cert path");
                    String str4 = str3;
                    z2 = false;
                    str = str4;
                }
                if (!z2) {
                    BOCLFLogUtil.e(DownloadCertManager.a, "DownloadCertsTask doInBackground: #1 download single cert Fail for certName->" + str);
                    hashSet = null;
                    hashMap = null;
                    break;
                }
                hashMap2.put(str, x509Certificate);
                hashSet2.add(next.getDomain());
                BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertsTask doInBackground: #1 resultMap added->" + str);
                str3 = str;
                x509Certificate2 = x509Certificate;
            }
            if (hashSet != null) {
                for (String str5 : hashSet) {
                    DownloadCertManager.c.put(str5, true);
                    BOCLFLogUtil.i(DownloadCertManager.a, "DownloadCertsTask doInBackground: #1 updated map with domain->" + str5);
                }
            }
            return hashMap;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onPostExecute(Map<String, X509Certificate> map) {
            super.onPostExecute(map);
            if (!this.a) {
                DownloadCertManager.h.b();
            } else if (map != null) {
                DownloadCertManager.b(map);
                DownloadCertManager.h.a();
            } else {
                BOCLFLogUtil.d(DownloadCertManager.a, "DownloadCertsTask onPostExecute: resultMap returned is empty;");
                DownloadCertManager.h.b(new Exception("failed in downloading certs"));
            }
        }

        @Override // android.os.AsyncTask
        protected void onCancelled() {
            super.onCancelled();
        }

        @Override // android.os.AsyncTask
        protected void onPreExecute() {
            super.onPreExecute();
        }
    }

    private static final boolean a(String str) {
        if (TrustedKeyStoreConfig.getCNFromLocalCerts() == null) {
            BOCLFLogUtil.w(a, "isUrlDomainIncludedInLocalCertList: No certs in local (TrustedKeyStoreConfig.getCNFromLocalCerts() is null)");
            return false;
        }
        if (str == null) {
            BOCLFLogUtil.e(a, "isUrlDomainIncludedInLocalCertList: url is null.so download all certs");
            return false;
        }
        String domainFromValidUrl = BOCLFUtils.getDomainFromValidUrl(str);
        Set<String> cNFromLocalCerts = TrustedKeyStoreConfig.getCNFromLocalCerts();
        if (domainFromValidUrl == null) {
            BOCLFLogUtil.e(a, "isUrlDomainIncludedInLocalCertList: domain is invalid; url->" + str);
            return false;
        }
        Iterator<String> it = cNFromLocalCerts.iterator();
        while (it.hasNext()) {
            String wildcardToRegex = BOCLFUtils.wildcardToRegex(it.next());
            if (domainFromValidUrl.matches(wildcardToRegex)) {
                BOCLFLogUtil.i(a, "isUrlDomainIncludedInLocalCertList: domain \"" + domainFromValidUrl + "\" matches wildcard \"" + wildcardToRegex + "\"");
                return true;
            }
            BOCLFLogUtil.d(a, "isUrlDomainIncludedInLocalCertList: domain \"" + domainFromValidUrl + "\" does not match wildcard \"" + wildcardToRegex + "\"");
        }
        BOCLFLogUtil.e(a, "isUrlDomainIncludedInLocalCertList: domain \"" + domainFromValidUrl + "\" is not included in local cert list");
        return false;
    }

    private static final boolean a(String str, boolean z) {
        String str2 = "scanUrlDomainIncludedInServerCertList#" + (z ? "1" : "0");
        if (c == null) {
            BOCLFLogUtil.w(a, str2 + ": domainToIsDownloadSucceededHM cannot be null");
            return false;
        }
        if (str == null) {
            BOCLFLogUtil.e(a, str2 + ": url is null");
            return false;
        }
        String domainFromValidUrl = BOCLFUtils.getDomainFromValidUrl(str);
        if (domainFromValidUrl == null) {
            BOCLFLogUtil.e(a, str2 + ": domain is invalid; url->" + str);
            return false;
        }
        for (String str3 : c.keySet()) {
            String wildcardToRegex = BOCLFUtils.wildcardToRegex(str3);
            if (domainFromValidUrl.matches(wildcardToRegex)) {
                BOCLFLogUtil.i(a, str2 + ": domain \"" + domainFromValidUrl + "\" matches wildcard \"" + wildcardToRegex + "\"");
                if (z) {
                    return true;
                }
                return c.get(str3).booleanValue();
            }
            BOCLFLogUtil.d(a, str2 + ": domain \"" + domainFromValidUrl + "\" does not match wildcard \"" + wildcardToRegex + "\"");
        }
        BOCLFLogUtil.e(a, str2 + ": domain \"" + domainFromValidUrl + "\" is not included in cert list");
        return false;
    }

    private static final boolean b(String str) {
        return a(str, true);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final boolean b(Map<String, X509Certificate> map) {
        CertPinType certPinType = BOCHKLaunchFlow.getInstance().getCertPinType();
        if (CertPinType.TrustAllCerts.getValue().equals(certPinType != null ? certPinType.getValue() : null)) {
            BOCLFLogUtil.d(a, "you trust all certs.so you don't need to update keystore");
        } else if (map == null || map.size() <= 0) {
            BOCLFLogUtil.e(a, "updateKeystores: certNameToCertMap cannot be null");
        } else if (TrustedKeyStoreConfig.insert(b, map)) {
            OkHttpUtils.getInstance().a(TrustedKeyStoreConfig.getTrustedKeyStore());
        }
        return false;
    }

    private static void c(a aVar) {
        cancelDownloadCertListTask();
        f = new b(aVar);
        f.execute(new Void[0]);
    }

    private static final boolean c(String str) {
        return a(str, false);
    }

    public static void cancelDownloadCertListTask() {
        if (f == null || f.getStatus() == AsyncTask.Status.FINISHED) {
            return;
        }
        f.cancel(true);
    }

    public static void cancelTask() {
        h();
    }

    public static final boolean checkDomainValid(String str) {
        if (d == null) {
            BOCLFLogUtil.w(a, "checkDomainValid: validDomainSet cannot be null");
            return false;
        }
        if (str == null) {
            BOCLFLogUtil.e(a, "checkDomainValid: domain is null");
            return false;
        }
        Iterator<String> it = d.iterator();
        while (it.hasNext()) {
            String wildcardToRegex = BOCLFUtils.wildcardToRegex(it.next());
            if (str.matches(wildcardToRegex)) {
                BOCLFLogUtil.i(a, "checkDomainValid: domain \"" + str + "\" matches wildcard \"" + wildcardToRegex + "\"");
                return true;
            }
            BOCLFLogUtil.d(a, "checkDomainValid: domain \"" + str + "\" does not match wildcard \"" + wildcardToRegex + "\"");
        }
        BOCLFLogUtil.e(a, "checkDomainValid: domain \"" + str + "\" is invalid");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void d(a aVar) {
        if (!isCertListDownloaded()) {
            BOCLFLogUtil.e(a, "runDownloadAllCertsTask: certificatesList cannot be null; calling runDownloadCertListTask to get certificatesList");
            c(aVar);
        } else {
            g();
            g = new c(null, aVar);
            g.execute(new Void[0]);
        }
    }

    private static void g() {
        if (g == null || g.getStatus() == AsyncTask.Status.FINISHED) {
            return;
        }
        g.cancel(true);
    }

    private static void h() {
        cancelDownloadCertListTask();
        g();
        h = null;
    }

    public static void init(Context context) {
        b = context.getApplicationContext();
    }

    public static final boolean isCertListDownloaded() {
        return e != null;
    }

    public static void runTask(a aVar) {
        BOCLFLogUtil.d(a, "redirect to no specific domain runTask...");
        runTask(null, aVar);
    }

    public static void runTask(String str, a aVar) {
        if (a(str)) {
            BOCLFLogUtil.v(a, "=================================================");
            BOCLFLogUtil.v(a, "url matches local cert domain; no need to call download cert list & certs");
            BOCLFLogUtil.v(a, "=================================================");
            aVar.a();
            return;
        }
        if (!isCertListDownloaded()) {
            BOCLFLogUtil.v(a, "=================================================");
            BOCLFLogUtil.v(a, "downloading cert list...");
            BOCLFLogUtil.v(a, "=================================================");
            cancelDownloadCertListTask();
            f = new b(aVar);
            f.execute(new Void[0]);
            return;
        }
        if (str != null && !b(str)) {
            BOCLFLogUtil.i(a, "url [" + str + "] domain is not valid -> showing Data Not Received dialog; ");
            aVar.c();
            return;
        }
        if (c(str)) {
            BOCLFLogUtil.v(a, "=================================================");
            BOCLFLogUtil.v(a, "Cert list and certs have already been downloaded");
            BOCLFLogUtil.v(a, "=================================================");
            aVar.a();
            return;
        }
        if (c(str)) {
            return;
        }
        BOCLFLogUtil.v(a, "=================================================");
        if (str == null) {
            BOCLFLogUtil.v(a, "downloading ALL certs from cert list...");
        } else {
            BOCLFLogUtil.v(a, "downloading cert matching url:[" + str + "] from cert list...");
        }
        BOCLFLogUtil.v(a, "=================================================");
        g();
        g = new c(str, aVar);
        g.execute(new Void[0]);
    }
}
