package com.microsoft.sapphire.app.browser.extensions.aia;

import android.os.AsyncTask;
import com.microsoft.sapphire.app.browser.utils.BrowserUtils;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import n.g.a.e;
import n.g.a.m;
import n.g.a.n;
import n.g.a.y1.a;
import n.g.a.y1.b;
import n.g.a.y1.c;
import n.g.a.y1.d;

@Metadata(bv = {1, 0, 3}, d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000b\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\t\u0018\u0000 \u001d2\u0018\u0012\u0006\u0012\u0004\u0018\u00010\u0002\u0012\u0006\u0012\u0004\u0018\u00010\u0002\u0012\u0004\u0012\u00020\u00030\u0001:\u0003\u001e\u001f\u001dB\u001b\u0012\b\u0010\u001a\u001a\u0004\u0018\u00010\u0004\u0012\b\u0010\u0015\u001a\u0004\u0018\u00010\u0014¢\u0006\u0004\b\u001b\u0010\u001cJ\u0019\u0010\u0006\u001a\u0004\u0018\u00010\u00042\u0006\u0010\u0005\u001a\u00020\u0004H\u0002¢\u0006\u0004\b\u0006\u0010\u0007J!\u0010\n\u001a\u00020\t2\u0006\u0010\u0005\u001a\u00020\u00042\b\u0010\b\u001a\u0004\u0018\u00010\u0004H\u0002¢\u0006\u0004\b\n\u0010\u000bJ'\u0010\u000e\u001a\u00020\u00032\u0016\u0010\r\u001a\f\u0012\b\b\u0001\u0012\u0004\u0018\u00010\u00020\f\"\u0004\u0018\u00010\u0002H\u0014¢\u0006\u0004\b\u000e\u0010\u000fJ\u0017\u0010\u0012\u001a\u00020\u00112\u0006\u0010\u0010\u001a\u00020\u0003H\u0014¢\u0006\u0004\b\u0012\u0010\u0013R\u0018\u0010\u0015\u001a\u0004\u0018\u00010\u00148\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u0015\u0010\u0016R \u0010\u0018\u001a\f\u0012\u0006\u0012\u0004\u0018\u00010\u0004\u0018\u00010\u00178\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u0018\u0010\u0019¨\u0006 "}, d2 = {"Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask;", "Landroid/os/AsyncTask;", "Ljava/lang/Void;", "", "Ljava/security/cert/X509Certificate;", "curCertificate", "performAIAFetch", "(Ljava/security/cert/X509Certificate;)Ljava/security/cert/X509Certificate;", "aiaCertificate", "Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIACertificateVerifyResult;", "verifyAIAFetchResult", "(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIACertificateVerifyResult;", "", "params", "doInBackground", "([Ljava/lang/Void;)Ljava/lang/Boolean;", "verifySucceed", "", "onPostExecute", "(Z)V", "Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIAFetchVerifyResultListener;", "listener", "Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIAFetchVerifyResultListener;", "Ljava/lang/ref/WeakReference;", "sslErrorCertRef", "Ljava/lang/ref/WeakReference;", "cert", "<init>", "(Ljava/security/cert/X509Certificate;Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIAFetchVerifyResultListener;)V", "Companion", "AIACertificateVerifyResult", "AIAFetchVerifyResultListener", "libApplication_release"}, k = 1, mv = {1, 4, 2})
/* loaded from: classes2.dex */
public final class AIAFetchVerificationAsyncTask extends AsyncTask<Void, Void, Boolean> {
    private static final int MAX_AIA_FETCHES = 5;
    private AIAFetchVerifyResultListener listener;
    private WeakReference<X509Certificate> sslErrorCertRef;

    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0002\b\u0006\b\u0082\u0001\u0018\u00002\b\u0012\u0004\u0012\u00020\u00000\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003j\u0002\b\u0004j\u0002\b\u0005j\u0002\b\u0006¨\u0006\u0007"}, d2 = {"Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIACertificateVerifyResult;", "", "<init>", "(Ljava/lang/String;I)V", "SUCCESS", "FAIL_NO_TRUST_ROOT", "FAIL_NOT_MATCH", "libApplication_release"}, k = 1, mv = {1, 4, 2})
    /* loaded from: classes2.dex */
    public enum AIACertificateVerifyResult {
        SUCCESS,
        FAIL_NO_TRUST_ROOT,
        FAIL_NOT_MATCH
    }

    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0016\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0003\bf\u0018\u00002\u00020\u0001J\u0017\u0010\u0005\u001a\u00020\u00042\u0006\u0010\u0003\u001a\u00020\u0002H&¢\u0006\u0004\b\u0005\u0010\u0006¨\u0006\u0007"}, d2 = {"Lcom/microsoft/sapphire/app/browser/extensions/aia/AIAFetchVerificationAsyncTask$AIAFetchVerifyResultListener;", "", "", "valid", "", "verifyFinished", "(Z)V", "libApplication_release"}, k = 1, mv = {1, 4, 2})
    /* loaded from: classes2.dex */
    public interface AIAFetchVerifyResultListener {
        void verifyFinished(boolean valid);
    }

    public AIAFetchVerificationAsyncTask(X509Certificate x509Certificate, AIAFetchVerifyResultListener aIAFetchVerifyResultListener) {
        if (x509Certificate != null) {
            this.sslErrorCertRef = new WeakReference<>(x509Certificate);
        }
        if (aIAFetchVerifyResultListener != null) {
            this.listener = aIAFetchVerifyResultListener;
        }
    }

    private final X509Certificate performAIAFetch(X509Certificate curCertificate) {
        BrowserUtils browserUtils;
        String message;
        a[] aVarArr;
        d dVar;
        e eVar;
        try {
            m mVar = c.a;
            Intrinsics.checkNotNullExpressionValue(mVar, "Extension.authorityInfoAccess");
            n r = n.r(curCertificate.getExtensionValue(mVar.a));
            b i2 = r != null ? b.i(r.t()) : null;
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            if (i2 == null || certificateFactory == null || (aVarArr = i2.a) == null) {
                BrowserUtils.INSTANCE.log("AiaFetchError", "FailedParseAIAExtension");
                return null;
            }
            for (a aVar : aVarArr) {
                if (aVar != null && !(!Intrinsics.areEqual(n.g.a.y1.e.f13891f, aVar.a)) && (dVar = aVar.f13885b) != null && dVar.f13886b == 6 && (eVar = dVar.a) != null) {
                    Certificate generateCertificate = certificateFactory.generateCertificate(new URL(eVar.toString()).openStream());
                    if (generateCertificate != null) {
                        return (X509Certificate) generateCertificate;
                    }
                    throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
            }
            return null;
        } catch (IOException e2) {
            browserUtils = BrowserUtils.INSTANCE;
            message = e2.getMessage();
            Intrinsics.checkNotNull(message);
            browserUtils.log("AiaFetchError", message);
            return null;
        } catch (CertificateException e3) {
            browserUtils = BrowserUtils.INSTANCE;
            message = e3.getMessage();
            Intrinsics.checkNotNull(message);
            browserUtils.log("AiaFetchError", message);
            return null;
        }
    }

    private final AIACertificateVerifyResult verifyAIAFetchResult(X509Certificate curCertificate, X509Certificate aiaCertificate) {
        BrowserUtils browserUtils;
        String str;
        BrowserUtils browserUtils2;
        String str2;
        AIACertificateVerifyResult aIACertificateVerifyResult = AIACertificateVerifyResult.FAIL_NOT_MATCH;
        if (aiaCertificate == null) {
            return aIACertificateVerifyResult;
        }
        try {
            try {
                curCertificate.verify(aiaCertificate.getPublicKey());
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                tmf.init((KeyStore) null);
                Intrinsics.checkNotNullExpressionValue(tmf, "tmf");
                TrustManager[] trustManagers = tmf.getTrustManagers();
                if (trustManagers != null) {
                    int i2 = 0;
                    if (!(trustManagers.length == 0)) {
                        TrustManager trustManager = trustManagers[0];
                        if (trustManager == null) {
                            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
                        }
                        X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                        int length = acceptedIssuers.length;
                        while (true) {
                            if (i2 >= length) {
                                break;
                            }
                            X509Certificate x509Certificate = acceptedIssuers[i2];
                            if (x509Certificate != null) {
                                try {
                                    aiaCertificate.verify(x509Certificate.getPublicKey());
                                    aIACertificateVerifyResult = AIACertificateVerifyResult.SUCCESS;
                                    break;
                                } catch (InvalidKeyException unused) {
                                    browserUtils2 = BrowserUtils.INSTANCE;
                                    str2 = "[AIAFetch] Not matched certificate for issuer: " + x509Certificate.getSubjectX500Principal();
                                    browserUtils2.log("VerifyCatch", str2);
                                    i2++;
                                } catch (NoSuchAlgorithmException unused2) {
                                    browserUtils2 = BrowserUtils.INSTANCE;
                                    str2 = "[AIAFetch] Not matched certificate for issuer: " + x509Certificate.getSubjectX500Principal();
                                    browserUtils2.log("VerifyCatch", str2);
                                    i2++;
                                } catch (NoSuchProviderException unused3) {
                                    browserUtils2 = BrowserUtils.INSTANCE;
                                    str2 = "[AIAFetch] Not matched certificate for issuer: " + x509Certificate.getSubjectX500Principal();
                                    browserUtils2.log("VerifyCatch", str2);
                                    i2++;
                                } catch (SignatureException unused4) {
                                    browserUtils2 = BrowserUtils.INSTANCE;
                                    str2 = "[AIAFetch] Not matched certificate for issuer: " + x509Certificate.getSubjectX500Principal();
                                    browserUtils2.log("VerifyCatch", str2);
                                    i2++;
                                } catch (CertificateException unused5) {
                                    browserUtils2 = BrowserUtils.INSTANCE;
                                    str2 = "[AIAFetch] Not matched certificate for issuer: " + x509Certificate.getSubjectX500Principal();
                                    browserUtils2.log("VerifyCatch", str2);
                                    i2++;
                                }
                            }
                            i2++;
                        }
                    }
                }
                if (aIACertificateVerifyResult == AIACertificateVerifyResult.SUCCESS) {
                    browserUtils = BrowserUtils.INSTANCE;
                    str = "Success";
                } else {
                    aIACertificateVerifyResult = AIACertificateVerifyResult.FAIL_NO_TRUST_ROOT;
                    browserUtils = BrowserUtils.INSTANCE;
                    str = "NoTrustRoot";
                }
                browserUtils.log("AIAFetchVerifyResult", str);
            } catch (KeyStoreException e2) {
                e = e2;
                BrowserUtils.INSTANCE.reportException(e, "AIAFetchVerificationAsyncTask-1");
                return aIACertificateVerifyResult;
            }
        } catch (InvalidKeyException e3) {
            e = e3;
            BrowserUtils.INSTANCE.reportException(e, "AIAFetchVerificationAsyncTask-1");
        } catch (NoSuchAlgorithmException unused6) {
            BrowserUtils.INSTANCE.log("AIAFetchVerifyResult", "NotMatch");
        } catch (NoSuchProviderException e4) {
            e = e4;
            BrowserUtils.INSTANCE.reportException(e, "AIAFetchVerificationAsyncTask-1");
        } catch (SignatureException e5) {
            e = e5;
            BrowserUtils.INSTANCE.reportException(e, "AIAFetchVerificationAsyncTask-1");
        } catch (CertificateException e6) {
            e = e6;
            BrowserUtils.INSTANCE.reportException(e, "AIAFetchVerificationAsyncTask-1");
        }
        return aIACertificateVerifyResult;
    }

    @Override // android.os.AsyncTask
    public Boolean doInBackground(Void... params) {
        Intrinsics.checkNotNullParameter(params, "params");
        WeakReference<X509Certificate> weakReference = this.sslErrorCertRef;
        if (weakReference != null) {
            Intrinsics.checkNotNull(weakReference);
            X509Certificate x509Certificate = weakReference.get();
            int i2 = 0;
            while (x509Certificate != null) {
                X509Certificate performAIAFetch = performAIAFetch(x509Certificate);
                i2++;
                AIACertificateVerifyResult verifyAIAFetchResult = verifyAIAFetchResult(x509Certificate, performAIAFetch);
                if (verifyAIAFetchResult == AIACertificateVerifyResult.SUCCESS) {
                    return Boolean.TRUE;
                }
                if (verifyAIAFetchResult == AIACertificateVerifyResult.FAIL_NOT_MATCH) {
                    return Boolean.FALSE;
                }
                if (i2 >= 5) {
                    break;
                }
                x509Certificate = performAIAFetch;
            }
        }
        return Boolean.FALSE;
    }

    @Override // android.os.AsyncTask
    public /* bridge */ /* synthetic */ void onPostExecute(Boolean bool) {
        onPostExecute(bool.booleanValue());
    }

    public void onPostExecute(boolean verifySucceed) {
        AIAFetchVerifyResultListener aIAFetchVerifyResultListener = this.listener;
        if (aIAFetchVerifyResultListener != null) {
            aIAFetchVerifyResultListener.verifyFinished(verifySucceed);
        }
        WeakReference<X509Certificate> weakReference = this.sslErrorCertRef;
        if (weakReference != null) {
            Intrinsics.checkNotNull(weakReference);
            if (weakReference.get() != null) {
                WeakReference<X509Certificate> weakReference2 = this.sslErrorCertRef;
                Intrinsics.checkNotNull(weakReference2);
                weakReference2.clear();
                this.sslErrorCertRef = null;
            }
        }
    }
}
