package org.kman.AquaMail.net;

import android.app.AlertDialog;
import android.app.Dialog;
import android.content.Context;
import android.content.DialogInterface;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.preference.PreferenceManager;
import android.text.SpannableStringBuilder;
import android.text.format.DateUtils;
import android.text.style.TextAppearanceSpan;
import android.util.TypedValue;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.AdapterView;
import android.widget.BaseAdapter;
import android.widget.Button;
import android.widget.Checkable;
import android.widget.ListAdapter;
import android.widget.ListView;
import android.widget.TextView;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import javax.security.auth.x500.X500Principal;
import org.kman.AquaMail.R;
import org.kman.AquaMail.coredefs.MailAccountSslInfo;
import org.kman.AquaMail.coredefs.SSLCertificateChangeException;
import org.kman.AquaMail.data.AsyncDataLoader;
import org.kman.AquaMail.io.StreamUtil;
import org.kman.AquaMail.util.Base64;
import org.kman.AquaMail.util.Hex;
import org.kman.AquaMail.util.Prefs;
import org.kman.AquaMail.util.UIThemeHelper;
import org.kman.Compat.util.CollectionUtil;
import org.kman.Compat.util.MyLog;
import org.kman.Compat.util.android.BackLruCache;

/* loaded from: classes.dex */
public class SSLCertificateChecker {
    private static final String CERT_DIR = "certs";
    private static final String HASH_MD5 = "MD5";
    private static final String HASH_SHA1 = "SHA1";
    private static final String SUFFIX_CERT_NEW = "new";
    private static final String SUFFIX_CERT_PREV = "prev";
    private static final String TAG = "SSLCertificateChecker";
    private static SSLCertificateChecker gInstance;
    private static SharedPreferences gSharedPrefs;
    private BackLruCache<String, X509Certificate> mCertCache;
    private File mCertDir;
    private CertificateFactory mCertFactory;
    private Object mCertLock;
    private Context mContext;
    private static final String SUFFIX_CERT = null;
    private static final String[] SPECIAL_ISSUER_SIG = {"NtcGgBEnrSoUmzh3syOgdVi7sX6DQrpy2h7YjjYGl+DwlTs3/RtCWP4iyGu9OF7ROyVuEuteZ3ZGQJDaFMh4De2VZtqOhm+AobpWMpWG3NxqygSMW3/2v8xvhQNYw2hRE839yPd5PZk18FajveBZ7U9ECaOeOHr2RtEdEp1PvtBA/FX+Bl482hxWvZZRe29XKtuiqpbcjHTClb7wbpUT/xfwPKyyEI3Mc/vojwLG8Pszs5U748LLaFhz26gkYjsGNZ0NqTO9eAOQLkx4XVA6gdTuoMhwONyy+Wf6h0BdYcBRj2uDa80FOsrhpwV4/MralNAsCD1+FnnIoFAgJFQzcQ==", "J4zP6cc7vsBv6JaE+5xcXZDkd9uLMmCbZdiFJrW6nx7eZE4fxsggWwmfq6ngCTRFomUlNz1/Wm8gzPn68R2PEAwCOsTJAXaWvpv5Fdg50cUDR3a4iowx1mDV5I/b+jzG1Zgo+ByPF5E0y8tSetH7OiDk4Yax2BgPvtaHZI3FCiVCUe+yOLjgHdDh/Ob0r0a678C/xbQF9ZR1DP6ivgK66oZb+TWzZvXFjYWhGiN3GhkXVBNgnwvhtJwoKvmuAjRtJZOcgqgXe/GFsNMPWOH7sf6coaPo/ck/9Ndx3L2MpBngISMjVROPpBYCCX65r+7bU2S9cS+5Oc4wt7S8VOBHBw==", "qvqpIM1qZ4PtXtR+3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpIhNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnIOi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4XBupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPmX4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40fsg12A==", "A/oKzlMZVl+Z0Sn/hsZK4q5DWqi7mCUYGifZ++jtrcORZM884aBQQhNkCrVhTwKpJQaoJdRQUsuvDI3TQG5YRbxt/BPevQQbJQ1ZbGMKt3Ryb5ARr9x9o6sSLZJLNM0GE6IKUVXKy4IMcZTDlbo0dtoAvanClXerPo2cIwHsTU1jfQJkRwjwjrT/C71nK820iQeBMrVYPfmujAt8xjPKXMJjeq95iPWu1N5h8JUierCpgv5/RD7Yst7aVrt9ggvJ80pr0rNdD3d6VDOeXQB+s/likZ69QQ5sq2rpYbhjZKfQ3k7yF7D66+/aR2H6xpdKnX3XeQU2hH/eG1LbY+j2MQ=="};

    /* loaded from: classes.dex */
    public interface SSLAcceptListener {
        void onSslAcceptedCertificates(MailAccountSslInfo mailAccountSslInfo, Set<MailAccountSslInfo.SslServerName> set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class SSLCertificateAdapter extends BaseAdapter {
        private List<SSLCertificateItem> mCertList;
        private Context mContext;
        private SSLCertificateDialog mDialog;
        private int mFontSizeHeader;
        private LayoutInflater mInflater;
        private SpannableStringBuilder mSSb;

        public SSLCertificateAdapter(SSLCertificateDialog sSLCertificateDialog, List<SSLCertificateItem> list) {
            this.mDialog = sSLCertificateDialog;
            this.mContext = sSLCertificateDialog.mWrappedContext;
            this.mInflater = sSLCertificateDialog.mWrappedInflater;
            this.mCertList = list;
            this.mFontSizeHeader = (int) TypedValue.applyDimension(2, 16.0f, this.mContext.getResources().getDisplayMetrics());
        }

        private void appendCertificate(SpannableStringBuilder spannableStringBuilder, int i, SSLCertificateInfo sSLCertificateInfo) {
            appendHeader(spannableStringBuilder, i);
            if (sSLCertificateInfo.mSubjectText != null) {
                appendText(spannableStringBuilder, R.string.account_setup_view_ssl_subject, false, sSLCertificateInfo.mSubjectText);
            }
            if (sSLCertificateInfo.mIssuerText != null) {
                appendText(spannableStringBuilder, R.string.account_setup_view_ssl_issuer, false, sSLCertificateInfo.mIssuerText);
            }
            if (sSLCertificateInfo.mValidFrom != null) {
                appendDate(spannableStringBuilder, R.string.account_setup_view_ssl_valid_from, sSLCertificateInfo.mValidFrom);
            }
            if (sSLCertificateInfo.mValidUntil != null) {
                appendDate(spannableStringBuilder, R.string.account_setup_view_ssl_valid_until, sSLCertificateInfo.mValidUntil);
            }
            if (sSLCertificateInfo.mHashMD5 != null) {
                appendText(spannableStringBuilder, SSLCertificateChecker.HASH_MD5, false, sSLCertificateInfo.mHashMD5);
            }
            if (sSLCertificateInfo.mHashSHA1 != null) {
                appendText(spannableStringBuilder, SSLCertificateChecker.HASH_SHA1, false, sSLCertificateInfo.mHashSHA1);
            }
        }

        private void appendDate(SpannableStringBuilder spannableStringBuilder, int i, Date date) {
            appendText(spannableStringBuilder, i, true, DateUtils.formatDateTime(this.mContext, date.getTime(), 524309));
        }

        private void appendHeader(SpannableStringBuilder spannableStringBuilder, int i) {
            if (spannableStringBuilder.length() != 0) {
                spannableStringBuilder.append("\n");
            }
            int length = spannableStringBuilder.length();
            spannableStringBuilder.append(this.mContext.getText(i));
            spannableStringBuilder.setSpan(new TextAppearanceSpan(null, 1, this.mFontSizeHeader, null, null), length, spannableStringBuilder.length(), 33);
        }

        private void appendText(SpannableStringBuilder spannableStringBuilder, int i, boolean z, String str) {
            appendText(spannableStringBuilder, this.mContext.getString(i), z, str);
        }

        private void appendText(SpannableStringBuilder spannableStringBuilder, String str, boolean z, String str2) {
            if (spannableStringBuilder.length() != 0) {
                spannableStringBuilder.append("\n");
            }
            int length = spannableStringBuilder.length();
            spannableStringBuilder.append((CharSequence) str);
            spannableStringBuilder.setSpan(new TextAppearanceSpan(null, 1, 0, null, null), length, spannableStringBuilder.length(), 33);
            if (z) {
                spannableStringBuilder.append(": ");
            } else {
                spannableStringBuilder.append(":\n");
            }
            spannableStringBuilder.append((CharSequence) str2);
        }

        @Override // android.widget.Adapter
        public int getCount() {
            return this.mCertList.size();
        }

        @Override // android.widget.Adapter
        public Object getItem(int i) {
            return this.mCertList.get(i);
        }

        @Override // android.widget.Adapter
        public long getItemId(int i) {
            return this.mCertList.get(i)._id;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v0, types: [android.view.View] */
        /* JADX WARN: Type inference failed for: r6v1, types: [android.view.View] */
        /* JADX WARN: Type inference failed for: r6v3 */
        /* JADX WARN: Type inference failed for: r6v4 */
        @Override // android.widget.Adapter
        public View getView(int i, View view, ViewGroup viewGroup) {
            View view2 = view;
            Checkable checkable = view2;
            if (view2 == null) {
                checkable = this.mInflater.inflate(R.layout.view_ssl_dialog_item, viewGroup, false);
            }
            SSLCertificateItem sSLCertificateItem = this.mCertList.get(i);
            ((TextView) checkable.findViewById(R.id.cert_name)).setText(sSLCertificateItem.mServerName.getHumanName());
            if (this.mSSb == null) {
                this.mSSb = new SpannableStringBuilder();
            }
            SpannableStringBuilder spannableStringBuilder = this.mSSb;
            TextView textView = (TextView) checkable.findViewById(R.id.cert_old);
            if (sSLCertificateItem.mOldInfo != null) {
                spannableStringBuilder.clear();
                appendCertificate(spannableStringBuilder, R.string.account_setup_view_ssl_old, sSLCertificateItem.mOldInfo);
                textView.setText(spannableStringBuilder);
                textView.setVisibility(0);
            } else {
                textView.setVisibility(8);
            }
            TextView textView2 = (TextView) checkable.findViewById(R.id.cert_new);
            if (sSLCertificateItem.mNewInfo != null) {
                spannableStringBuilder.clear();
                appendCertificate(spannableStringBuilder, R.string.account_setup_view_ssl_new, sSLCertificateItem.mNewInfo);
                textView2.setText(spannableStringBuilder);
                textView2.setVisibility(0);
            } else {
                textView2.setVisibility(8);
            }
            if (this.mDialog.mIsForAccept) {
                ?? findViewById = checkable.findViewById(R.id.cert_check);
                findViewById.setVisibility(0);
                ((Checkable) findViewById).setChecked(sSLCertificateItem.mIsAccepted);
                checkable.setChecked(sSLCertificateItem.mIsAccepted);
            } else {
                checkable.setBackgroundDrawable(null);
            }
            checkable.setTag(sSLCertificateItem);
            return checkable;
        }
    }

    /* loaded from: classes.dex */
    static class SSLCertificateDialog extends AlertDialog implements DialogInterface.OnClickListener, AdapterView.OnItemClickListener {
        private SSLAcceptListener mAcceptListener;
        private List<SSLCertificateItem> mCertList;
        private Set<MailAccountSslInfo.SslServerName> mCerts;
        private SSLCertificateChecker mChecker;
        private boolean mIsForAccept;
        private ListView mListView;
        private AsyncDataLoader<SSLCertificateLoadItem> mLoader;
        private Button mOKButton;
        private MailAccountSslInfo mSslInfo;
        private Context mWrappedContext;
        private LayoutInflater mWrappedInflater;

        SSLCertificateDialog(Context context, SSLCertificateChecker sSLCertificateChecker, MailAccountSslInfo mailAccountSslInfo, Set<MailAccountSslInfo.SslServerName> set, SSLAcceptListener sSLAcceptListener) {
            super(context);
            this.mChecker = sSLCertificateChecker;
            this.mSslInfo = mailAccountSslInfo;
            this.mCerts = set;
            this.mAcceptListener = sSLAcceptListener;
            this.mIsForAccept = this.mAcceptListener != null;
            this.mWrappedContext = UIThemeHelper.wrapAlertDialogContent(context);
            this.mWrappedInflater = LayoutInflater.from(this.mWrappedContext);
        }

        void deliver(List<SSLCertificateItem> list) {
            if (this.mIsForAccept && this.mListView.getAdapter() == null) {
                this.mListView.addHeaderView(this.mWrappedInflater.inflate(R.layout.view_ssl_dialog_header, (ViewGroup) this.mListView, false));
            }
            this.mCertList = list;
            this.mListView.setAdapter((ListAdapter) new SSLCertificateAdapter(this, list));
        }

        @Override // android.app.Dialog, android.content.DialogInterface
        public void dismiss() {
            super.dismiss();
            if (this.mLoader != null) {
                this.mLoader.cleanup();
                this.mLoader = null;
            }
        }

        @Override // android.content.DialogInterface.OnClickListener
        public void onClick(DialogInterface dialogInterface, int i) {
            if (i == -1 && this.mAcceptListener != null) {
                Set<MailAccountSslInfo.SslServerName> newHashSet = CollectionUtil.newHashSet();
                for (SSLCertificateItem sSLCertificateItem : this.mCertList) {
                    if (sSLCertificateItem.mIsAccepted) {
                        newHashSet.add(sSLCertificateItem.mServerName);
                    }
                }
                if (newHashSet.size() != 0) {
                    this.mAcceptListener.onSslAcceptedCertificates(this.mSslInfo, newHashSet);
                }
                this.mAcceptListener = null;
            }
            dialogInterface.dismiss();
        }

        @Override // android.app.AlertDialog, android.app.Dialog
        protected void onCreate(Bundle bundle) {
            setTitle(R.string.account_setup_view_ssl_certs);
            setInverseBackgroundForced(true);
            View inflate = this.mWrappedInflater.inflate(R.layout.view_ssl_dialog_content, (ViewGroup) null);
            ListView listView = (ListView) inflate.findViewById(android.R.id.list);
            setView(inflate);
            this.mListView = listView;
            this.mLoader = new AsyncDataLoader<>();
            this.mLoader.submit(new SSLCertificateLoadItem(this, this.mChecker, this.mSslInfo, this.mCerts, this.mIsForAccept), hashCode());
            Context context = getContext();
            if (this.mIsForAccept) {
                setButton(-1, context.getString(R.string.confirm), this);
                setButton(-2, context.getString(R.string.cancel), this);
            } else {
                setButton(-3, context.getString(R.string.close), this);
            }
            super.onCreate(bundle);
            if (this.mIsForAccept) {
                this.mListView.setOnItemClickListener(this);
                this.mOKButton = getButton(-1);
                this.mOKButton.setEnabled(false);
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // android.widget.AdapterView.OnItemClickListener
        public void onItemClick(AdapterView<?> adapterView, View view, int i, long j) {
            Object tag = view.getTag();
            if (tag instanceof SSLCertificateItem) {
                SSLCertificateItem sSLCertificateItem = (SSLCertificateItem) tag;
                if (sSLCertificateItem.mIsAccepted) {
                    sSLCertificateItem.mIsAccepted = false;
                    boolean z = false;
                    Iterator<SSLCertificateItem> it = this.mCertList.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        } else if (it.next().mIsAccepted) {
                            z = true;
                            break;
                        }
                    }
                    this.mOKButton.setEnabled(z);
                } else {
                    sSLCertificateItem.mIsAccepted = true;
                    this.mOKButton.setEnabled(true);
                }
                if (view instanceof Checkable) {
                    ((Checkable) view).setChecked(sSLCertificateItem.mIsAccepted);
                    ((Checkable) view.findViewById(R.id.cert_check)).setChecked(sSLCertificateItem.mIsAccepted);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class SSLCertificateInfo {
        String mHashMD5;
        String mHashSHA1;
        Principal mIssuer;
        String mIssuerText;
        Principal mSubject;
        String mSubjectText;
        Date mValidFrom;
        Date mValidUntil;

        SSLCertificateInfo() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class SSLCertificateItem implements Comparable<SSLCertificateItem> {
        long _id;
        boolean mIsAccepted;
        SSLCertificateInfo mNewInfo;
        SSLCertificateInfo mOldInfo;
        MailAccountSslInfo.SslServerName mServerName;

        SSLCertificateItem() {
        }

        @Override // java.lang.Comparable
        public int compareTo(SSLCertificateItem sSLCertificateItem) {
            return this.mServerName.compareTo(sSLCertificateItem.mServerName);
        }
    }

    /* loaded from: classes.dex */
    static class SSLCertificateLoadItem implements AsyncDataLoader.LoadItem {
        private List<SSLCertificateItem> mCertList;
        private SSLCertificateDialog mDialog;
        private MessageDigest mDigestMD5;
        private MessageDigest mDigestSHA1;
        private boolean mIsForAccept;

        SSLCertificateLoadItem(SSLCertificateDialog sSLCertificateDialog, SSLCertificateChecker sSLCertificateChecker, MailAccountSslInfo mailAccountSslInfo, Set<MailAccountSslInfo.SslServerName> set, boolean z) {
            this.mDialog = sSLCertificateDialog;
            this.mIsForAccept = z;
        }

        private String computeHash(byte[] bArr, MessageDigest messageDigest) {
            if (messageDigest == null) {
                return null;
            }
            messageDigest.reset();
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            String encodeHexWithDelimiter = Hex.encodeHexWithDelimiter(digest, 0, digest.length, ':');
            int length = encodeHexWithDelimiter.length();
            return length == 47 ? encodeHexWithDelimiter.substring(0, 23) + " - " + encodeHexWithDelimiter.substring(24) : length == 59 ? encodeHexWithDelimiter.substring(0, 29) + " - " + encodeHexWithDelimiter.substring(30) : encodeHexWithDelimiter;
        }

        private SSLCertificateInfo loadCertificateInfo(SSLCertificateChecker sSLCertificateChecker, MailAccountSslInfo mailAccountSslInfo, MailAccountSslInfo.SslServerName sslServerName, String str) {
            X509Certificate loadCertificateLocked;
            synchronized (sSLCertificateChecker.mCertLock) {
                loadCertificateLocked = sSLCertificateChecker.loadCertificateLocked(mailAccountSslInfo, sslServerName, str);
            }
            if (loadCertificateLocked == null) {
                return null;
            }
            SSLCertificateInfo sSLCertificateInfo = new SSLCertificateInfo();
            sSLCertificateInfo.mSubject = loadCertificateLocked.getSubjectX500Principal();
            if (sSLCertificateInfo.mSubject != null) {
                sSLCertificateInfo.mSubjectText = sSLCertificateInfo.mSubject.toString();
            }
            sSLCertificateInfo.mIssuer = loadCertificateLocked.getIssuerX500Principal();
            if (sSLCertificateInfo.mIssuer != null) {
                sSLCertificateInfo.mIssuerText = sSLCertificateInfo.mIssuer.toString();
            }
            sSLCertificateInfo.mValidFrom = loadCertificateLocked.getNotBefore();
            sSLCertificateInfo.mValidUntil = loadCertificateLocked.getNotAfter();
            try {
                byte[] encoded = loadCertificateLocked.getEncoded();
                sSLCertificateInfo.mHashMD5 = computeHash(encoded, this.mDigestMD5);
                sSLCertificateInfo.mHashSHA1 = computeHash(encoded, this.mDigestSHA1);
                return sSLCertificateInfo;
            } catch (CertificateEncodingException e) {
                MyLog.w(SSLCertificateChecker.TAG, e);
                return sSLCertificateInfo;
            }
        }

        @Override // org.kman.AquaMail.data.AsyncDataLoader.LoadItem
        public void close() {
        }

        @Override // org.kman.AquaMail.data.AsyncDataLoader.LoadItem
        public void deliver() {
            if (this.mCertList == null || this.mDialog == null || !this.mDialog.isShowing()) {
                return;
            }
            this.mDialog.deliver(this.mCertList);
        }

        @Override // org.kman.AquaMail.data.AsyncDataLoader.LoadItem
        public void load() {
            long j = 0;
            SSLCertificateChecker sSLCertificateChecker = this.mDialog.mChecker;
            MailAccountSslInfo mailAccountSslInfo = this.mDialog.mSslInfo;
            Set<MailAccountSslInfo.SslServerName> set = this.mDialog.mCerts;
            try {
                this.mDigestMD5 = MessageDigest.getInstance(SSLCertificateChecker.HASH_MD5);
            } catch (Exception e) {
                MyLog.w(SSLCertificateChecker.TAG, e);
            }
            try {
                this.mDigestSHA1 = MessageDigest.getInstance(SSLCertificateChecker.HASH_SHA1);
            } catch (Exception e2) {
                MyLog.w(SSLCertificateChecker.TAG, e2);
            }
            for (MailAccountSslInfo.SslServerName sslServerName : set) {
                SSLCertificateItem sSLCertificateItem = new SSLCertificateItem();
                j++;
                sSLCertificateItem._id = j;
                sSLCertificateItem.mServerName = sslServerName;
                if (this.mIsForAccept) {
                    sSLCertificateItem.mOldInfo = loadCertificateInfo(sSLCertificateChecker, mailAccountSslInfo, sslServerName, null);
                    sSLCertificateItem.mNewInfo = loadCertificateInfo(sSLCertificateChecker, mailAccountSslInfo, sslServerName, SSLCertificateChecker.SUFFIX_CERT_NEW);
                } else {
                    sSLCertificateItem.mNewInfo = loadCertificateInfo(sSLCertificateChecker, mailAccountSslInfo, sslServerName, null);
                }
                if (this.mCertList == null) {
                    this.mCertList = CollectionUtil.newArrayList();
                }
                this.mCertList.add(sSLCertificateItem);
            }
            if (this.mCertList != null) {
                Collections.sort(this.mCertList);
            }
        }
    }

    private SSLCertificateChecker(Context context) {
        this.mContext = context.getApplicationContext();
        this.mCertDir = new File(this.mContext.getFilesDir(), CERT_DIR);
        if (!this.mCertDir.exists()) {
            this.mCertDir.mkdirs();
        }
        this.mCertLock = new Object();
        this.mCertCache = new BackLruCache<>(16);
    }

    public static SSLCertificateChecker get(Context context) {
        SSLCertificateChecker sSLCertificateChecker;
        synchronized (SSLCertificateChecker.class) {
            if (gInstance == null) {
                gInstance = new SSLCertificateChecker(context);
            }
            sSLCertificateChecker = gInstance;
        }
        return sSLCertificateChecker;
    }

    private static SharedPreferences getSharedPrefsLocked(Context context) {
        if (gSharedPrefs == null) {
            gSharedPrefs = PreferenceManager.getDefaultSharedPreferences(context.getApplicationContext());
        }
        return gSharedPrefs;
    }

    public static boolean isCheckerEnabled(Context context) {
        boolean z;
        synchronized (SSLHardening.class) {
            z = getSharedPrefsLocked(context).getBoolean(Prefs.PREF_NETWORK_SSL_CHECKING_KEY, false);
        }
        return z;
    }

    public boolean acceptChosenCertificates(MailAccountSslInfo mailAccountSslInfo, Set<MailAccountSslInfo.SslServerName> set) {
        boolean z = false;
        for (MailAccountSslInfo.SslServerName sslServerName : set) {
            z |= mailAccountSslInfo.removeErrorSslInfo(sslServerName);
            long sslStorageKey = mailAccountSslInfo.getSslStorageKey();
            File certificateFile = getCertificateFile(sslServerName, sslStorageKey, "prev");
            File certificateFile2 = getCertificateFile(sslServerName, sslStorageKey, SUFFIX_CERT);
            File certificateFile3 = getCertificateFile(sslServerName, sslStorageKey, SUFFIX_CERT_NEW);
            synchronized (this.mCertLock) {
                moveCertificateFileFromTo("curr->prev", certificateFile2, certificateFile);
                moveCertificateFileFromTo("new->curr", certificateFile3, certificateFile2);
                this.mCertCache.clear();
            }
        }
        return z;
    }

    public void checkSslSocket(Context context, MailAccountSslInfo mailAccountSslInfo, SSLSocket sSLSocket, Endpoint endpoint) throws SSLException {
        try {
            Certificate[] peerCertificates = sSLSocket.getSession().getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length == 0 || !(peerCertificates[0] instanceof X509Certificate)) {
                return;
            }
            X509Certificate x509Certificate = (X509Certificate) peerCertificates[0];
            if (MyLog.isEnabled()) {
                MyLog.i(TAG, "Certificate for %s: subject: %s, issuer: %s", endpoint, x509Certificate.getSubjectDN(), x509Certificate.getIssuerDN());
            }
            MailAccountSslInfo.SslServerName sslServerName = new MailAccountSslInfo.SslServerName(endpoint.mServer, endpoint.mPort);
            if (mailAccountSslInfo.isCheckingAccount()) {
                synchronized (this.mCertLock) {
                    saveCertificateLocked(mailAccountSslInfo, sslServerName, x509Certificate, SUFFIX_CERT);
                }
                mailAccountSslInfo.addCheckingSslInfo(sslServerName);
                return;
            }
            synchronized (this.mCertLock) {
                X509Certificate loadCertificateLocked = loadCertificateLocked(mailAccountSslInfo, sslServerName, SUFFIX_CERT);
                if (loadCertificateLocked == null) {
                    saveCertificateLocked(mailAccountSslInfo, sslServerName, x509Certificate, SUFFIX_CERT);
                    return;
                }
                if (loadCertificateLocked != null && loadCertificateLocked.equals(x509Certificate)) {
                    MyLog.i(TAG, "Certificate for %s matches existing", endpoint);
                    mailAccountSslInfo.removeErrorSslInfo(sslServerName);
                    deleteCertificateLocked(mailAccountSslInfo, sslServerName, SUFFIX_CERT_NEW);
                    return;
                }
                X509Certificate loadCertificateLocked2 = loadCertificateLocked(mailAccountSslInfo, sslServerName, "prev");
                if (loadCertificateLocked2 != null && loadCertificateLocked2.equals(x509Certificate)) {
                    MyLog.i(TAG, "Certificate for %s matches previous", endpoint);
                    mailAccountSslInfo.removeErrorSslInfo(sslServerName);
                    deleteCertificateLocked(mailAccountSslInfo, sslServerName, SUFFIX_CERT_NEW);
                    saveCertificateLocked(mailAccountSslInfo, sslServerName, loadCertificateLocked2, SUFFIX_CERT);
                    saveCertificateLocked(mailAccountSslInfo, sslServerName, loadCertificateLocked, "prev");
                    return;
                }
                if (!isSpecialIssuerCertificateLocked(x509Certificate, peerCertificates)) {
                    mailAccountSslInfo.addErrorSslInfo(sslServerName);
                    saveCertificateLocked(mailAccountSslInfo, sslServerName, x509Certificate, SUFFIX_CERT_NEW);
                    throw new SSLCertificateChangeException(String.format(Locale.US, "Certificate change for %s", endpoint));
                }
                MyLog.i(TAG, "Certificate for %s is from special issuer", endpoint);
                mailAccountSslInfo.removeErrorSslInfo(sslServerName);
                deleteCertificateLocked(mailAccountSslInfo, sslServerName, SUFFIX_CERT_NEW);
                saveCertificateLocked(mailAccountSslInfo, sslServerName, x509Certificate, SUFFIX_CERT);
            }
        } catch (SSLPeerUnverifiedException e) {
            MyLog.w(TAG, "No peer certificate, assuming _anon_ cipher", e);
        }
    }

    void deleteCertificateFile(String str, File file) {
        if (file.exists()) {
            MyLog.i(TAG, "Deleting %s %s", str, file.getName());
            file.delete();
        }
    }

    void deleteCertificateLocked(MailAccountSslInfo mailAccountSslInfo, MailAccountSslInfo.SslServerName sslServerName, String str) {
        String keyName = sslServerName.getKeyName(mailAccountSslInfo.getSslStorageKey(), str);
        File file = new File(this.mCertDir, keyName);
        this.mCertCache.remove(keyName);
        if (file.delete()) {
            MyLog.i(TAG, "Deleted certificate in %s", keyName);
        }
    }

    public void deleteCertificates(MailAccountSslInfo mailAccountSslInfo) {
        final String keyNamePrefix = MailAccountSslInfo.SslServerName.getKeyNamePrefix(mailAccountSslInfo.getSslStorageKey());
        File[] listFiles = this.mCertDir.listFiles(new FileFilter() { // from class: org.kman.AquaMail.net.SSLCertificateChecker.1
            @Override // java.io.FileFilter
            public boolean accept(File file) {
                return file.getName().startsWith(keyNamePrefix);
            }
        });
        if (listFiles != null) {
            for (File file : listFiles) {
                MyLog.i(TAG, "Deleting %s", file.getName());
                file.delete();
            }
        }
        synchronized (this.mCertLock) {
            this.mCertCache.clear();
        }
    }

    X509Certificate findIssuerCertificateLocked(X509Certificate x509Certificate, Certificate[] certificateArr) {
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        if (issuerX500Principal != null) {
            for (int i = 1; i < certificateArr.length; i++) {
                if (certificateArr[i] instanceof X509Certificate) {
                    X509Certificate x509Certificate2 = (X509Certificate) certificateArr[i];
                    if (x509Certificate2.getSubjectX500Principal().equals(issuerX500Principal)) {
                        MyLog.i(TAG, "Found certificate for issuer %s", issuerX500Principal);
                        Set singleton = Collections.singleton(new TrustAnchor(x509Certificate2, null));
                        try {
                            CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                            PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) singleton);
                            pKIXParameters.setRevocationEnabled(false);
                            if (this.mCertFactory == null) {
                                this.mCertFactory = CertificateFactory.getInstance("X.509");
                            }
                            certPathValidator.validate(this.mCertFactory.generateCertPath(Arrays.asList(x509Certificate)), pKIXParameters);
                            MyLog.i(TAG, "Issuer certificate validated OK");
                            return x509Certificate2;
                        } catch (Exception e) {
                            MyLog.w(TAG, "Error validating issuer certificate", e);
                            this.mCertFactory = null;
                            return null;
                        }
                    }
                }
            }
        }
        return null;
    }

    File getCertificateFile(MailAccountSslInfo.SslServerName sslServerName, long j, String str) {
        return new File(this.mCertDir, sslServerName.getKeyName(j, str));
    }

    boolean isSpecialIssuerCertificateLocked(X509Certificate x509Certificate, Certificate[] certificateArr) {
        byte[] signature;
        X509Certificate findIssuerCertificateLocked = findIssuerCertificateLocked(x509Certificate, certificateArr);
        if (findIssuerCertificateLocked != null && (signature = findIssuerCertificateLocked.getSignature()) != null) {
            MyLog.i(TAG, "Issuer: %s, signature: %s", findIssuerCertificateLocked, Base64.encodeByteArrayToAscii(signature));
            for (String str : SPECIAL_ISSUER_SIG) {
                byte[] decodeAscii = Base64.decodeAscii(str);
                if (decodeAscii != null && Arrays.equals(decodeAscii, signature)) {
                    MyLog.i(TAG, "Issuer is \"special\"");
                    return true;
                }
            }
        }
        return false;
    }

    X509Certificate loadCertificateLocked(MailAccountSslInfo mailAccountSslInfo, MailAccountSslInfo.SslServerName sslServerName, String str) {
        FileInputStream fileInputStream;
        Certificate generateCertificate;
        String keyName = sslServerName.getKeyName(mailAccountSslInfo.getSslStorageKey(), str);
        File file = new File(this.mCertDir, keyName);
        X509Certificate x509Certificate = this.mCertCache.get(keyName);
        if (x509Certificate != null) {
            MyLog.i(TAG, "Got certificate from cache %s", keyName);
            return x509Certificate;
        }
        MyLog.i(TAG, "Loading certificate from %s", keyName);
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            e = e;
        } catch (CertificateException e2) {
            e = e2;
        }
        try {
            if (this.mCertFactory == null) {
                this.mCertFactory = CertificateFactory.getInstance("X.509");
            }
            generateCertificate = this.mCertFactory.generateCertificate(fileInputStream);
        } catch (IOException e3) {
            e = e3;
            fileInputStream2 = fileInputStream;
            MyLog.i(TAG, "Error loading certificate: %s", e);
            StreamUtil.closeStream(fileInputStream2);
            return null;
        } catch (CertificateException e4) {
            e = e4;
            fileInputStream2 = fileInputStream;
            MyLog.w(TAG, "Error loading certificate", e);
            this.mCertFactory = null;
            StreamUtil.closeStream(fileInputStream2);
            return null;
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            StreamUtil.closeStream(fileInputStream2);
            throw th;
        }
        if (!(generateCertificate instanceof X509Certificate)) {
            StreamUtil.closeStream(fileInputStream);
            fileInputStream2 = fileInputStream;
            return null;
        }
        X509Certificate x509Certificate2 = (X509Certificate) generateCertificate;
        this.mCertCache.put(keyName, x509Certificate2);
        StreamUtil.closeStream(fileInputStream);
        return x509Certificate2;
    }

    void moveCertificateFileFromTo(String str, File file, File file2) {
        file2.delete();
        if (file.exists()) {
            MyLog.i(TAG, "Moving %s %s to %s", str, file.getName(), file2.getName());
            MyLog.i(TAG, "Moving %s worked: %b", str, Boolean.valueOf(file.renameTo(file2)));
        }
    }

    void saveCertificateLocked(MailAccountSslInfo mailAccountSslInfo, MailAccountSslInfo.SslServerName sslServerName, X509Certificate x509Certificate, String str) {
        FileOutputStream fileOutputStream;
        String keyName = sslServerName.getKeyName(mailAccountSslInfo.getSslStorageKey(), str);
        File file = new File(this.mCertDir, keyName);
        MyLog.i(TAG, "Saving certificate for %s to %s", sslServerName.getHumanName(), keyName);
        this.mCertCache.remove(keyName);
        file.delete();
        if (x509Certificate == null) {
            MyLog.i(TAG, "Certificate for %s is null, nothing to save", sslServerName.getHumanName());
            return;
        }
        try {
            byte[] encoded = x509Certificate.getEncoded();
            FileOutputStream fileOutputStream2 = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(file);
                } catch (IOException e) {
                    e = e;
                }
            } catch (Throwable th) {
                th = th;
            }
            try {
                fileOutputStream.write(encoded);
                fileOutputStream.flush();
                StreamUtil.closeStream(fileOutputStream);
                this.mCertCache.put(keyName, x509Certificate);
                MyLog.i(TAG, "Saved certificate for %s to %s", sslServerName.getHumanName(), keyName);
            } catch (IOException e2) {
                e = e2;
                fileOutputStream2 = fileOutputStream;
                MyLog.w(TAG, "Error writing certificate bytes", e);
                StreamUtil.closeStream(fileOutputStream2);
            } catch (Throwable th2) {
                th = th2;
                fileOutputStream2 = fileOutputStream;
                StreamUtil.closeStream(fileOutputStream2);
                throw th;
            }
        } catch (CertificateEncodingException e3) {
            MyLog.w(TAG, "Error getting certificate bytes", e3);
        }
    }

    public void saveCheckingCertificates(MailAccountSslInfo mailAccountSslInfo, MailAccountSslInfo mailAccountSslInfo2) {
        Set<MailAccountSslInfo.SslServerName> checkingSslInfo = mailAccountSslInfo.getCheckingSslInfo();
        if (checkingSslInfo != null) {
            for (MailAccountSslInfo.SslServerName sslServerName : checkingSslInfo) {
                File certificateFile = getCertificateFile(sslServerName, mailAccountSslInfo.getSslStorageKey(), SUFFIX_CERT);
                long sslStorageKey = mailAccountSslInfo2.getSslStorageKey();
                File certificateFile2 = getCertificateFile(sslServerName, sslStorageKey, "prev");
                File certificateFile3 = getCertificateFile(sslServerName, sslStorageKey, SUFFIX_CERT);
                File certificateFile4 = getCertificateFile(sslServerName, sslStorageKey, SUFFIX_CERT_NEW);
                synchronized (this.mCertLock) {
                    moveCertificateFileFromTo("checking->curr", certificateFile, certificateFile3);
                    deleteCertificateFile(SUFFIX_CERT_NEW, certificateFile4);
                    deleteCertificateFile("prev", certificateFile2);
                    this.mCertCache.clear();
                }
            }
        }
    }

    public Dialog showCertificates(Context context, MailAccountSslInfo mailAccountSslInfo, Set<MailAccountSslInfo.SslServerName> set, DialogInterface.OnDismissListener onDismissListener, SSLAcceptListener sSLAcceptListener) {
        SSLCertificateDialog sSLCertificateDialog = new SSLCertificateDialog(context, this, mailAccountSslInfo, set, sSLAcceptListener);
        sSLCertificateDialog.setOnDismissListener(onDismissListener);
        return sSLCertificateDialog;
    }
}
