package ru.CryptoPro.JCSP.support;

import android.content.Context;
import android.content.res.AssetManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Comparator;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCP.tools.JCPLogger;
import ru.CryptoPro.JCSP.support.BKSTrustStore;
import ru.cprocsp.ACSP.tools.common.HexString;
import ru.cprocsp.ACSP.util.UtilFile;

/* loaded from: classes3.dex */
public class BKSTrustStore {
    private static final String ROOT_CERTS_DIRECTORY = "root_certs";
    public static final String STORAGE_DIRECTORY = "security";
    public static final String STORAGE_FILE_TRUST = "cacerts";
    public static final char[] STORAGE_PASSWORD = "changeit".toCharArray();
    public static final String STORAGE_TRUST = "Trust";
    public static final String STORAGE_TYPE = "BKS";

    /* renamed from: ru.CryptoPro.JCSP.support.BKSTrustStore$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    class AnonymousClass1 extends TrustStoreUpdater {
        final /* synthetic */ Context val$context;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        AnonymousClass1(Context context, Context context2) {
            super(context);
            this.val$context = context2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static /* synthetic */ int lambda$needUpdate$0(File file, File file2) {
            return file.getName().compareTo(file2.getName());
        }

        @Override // ru.CryptoPro.JCSP.support.MainUpdater
        public boolean needUpdate() {
            try {
                List certificateFiles = BKSTrustStore.getCertificateFiles(this.val$context.getAssets());
                certificateFiles.sort(new Comparator() { // from class: ru.CryptoPro.JCSP.support.a
                    @Override // java.util.Comparator
                    public final int compare(Object obj, Object obj2) {
                        int lambda$needUpdate$0;
                        lambda$needUpdate$0 = BKSTrustStore.AnonymousClass1.lambda$needUpdate$0((File) obj, (File) obj2);
                        return lambda$needUpdate$0;
                    }
                });
                int hashCode = Arrays.hashCode(certificateFiles.toArray(new File[certificateFiles.size()]));
                String updateValue = getUpdateValue();
                if (updateValue == null) {
                    setUpdateValue(String.valueOf(hashCode));
                    return true;
                }
                if (Integer.parseInt(updateValue) == hashCode) {
                    return false;
                }
                setUpdateValue(String.valueOf(hashCode));
                return true;
            } catch (Exception e10) {
                JCPLogger.thrown(e10);
                return false;
            }
        }
    }

    private static boolean createOrUpdateStore(Context context, File file, char[] cArr, boolean z10, boolean z11) {
        int i10;
        String absolutePath = file.getAbsolutePath();
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Trying to ");
        sb2.append(z11 ? "update" : "create");
        sb2.append(" the store = ");
        sb2.append(absolutePath);
        JCPLogger.fine(sb2.toString());
        try {
            KeyStore keyStore = KeyStore.getInstance(STORAGE_TYPE);
            if (z11) {
                keyStore.load(new FileInputStream(file), cArr);
                i10 = keyStore.size();
            } else {
                keyStore.load(null, null);
                i10 = 0;
            }
            boolean z12 = true;
            if (z10) {
                JCPLogger.fine("Adding certificates...");
                List<X509Certificate> readCertificates = readCertificates(context);
                Date time = Calendar.getInstance().getTime();
                for (X509Certificate x509Certificate : readCertificates) {
                    String hex = HexString.toHex(x509Certificate.getSerialNumber().toByteArray(), z12);
                    if (x509Certificate.getNotAfter().before(time)) {
                        JCPLogger.fine("*** Certificate\nsn: " + HexString.toHex(x509Certificate.getSerialNumber().toByteArray(), true) + "\nsubject: " + x509Certificate.getSubjectDN() + "\nissuer: " + x509Certificate.getIssuerDN() + "\nvalid from: " + x509Certificate.getNotBefore() + "\nvalid till: " + x509Certificate.getNotAfter() + "\nhas not been stored because it expired!");
                    } else {
                        String certificateAlias = keyStore.getCertificateAlias(x509Certificate);
                        if (certificateAlias != null) {
                            JCPLogger.info("*** Certificate\nsn: " + hex + "\nsubject: " + x509Certificate.getSubjectDN() + "\nissuer: " + x509Certificate.getIssuerDN() + "\nvalid from: " + x509Certificate.getNotBefore() + "\nvalid till: " + x509Certificate.getNotAfter() + "\nalready exists as " + certificateAlias);
                        } else {
                            keyStore.setCertificateEntry("root_csp_" + i10 + "_" + hex, x509Certificate);
                            i10++;
                        }
                    }
                    z12 = true;
                }
            }
            keyStore.store(new FileOutputStream(file), cArr);
            StringBuilder sb3 = new StringBuilder();
            sb3.append("Store has been ");
            sb3.append(z11 ? "updated" : "created");
            sb3.append(" = ");
            sb3.append(absolutePath);
            JCPLogger.fine(sb3.toString());
            return true;
        } catch (Exception e10) {
            JCPLogger.thrown(e10);
            return false;
        }
    }

    public static boolean createOrUpdateTrustStore(Context context, String str, String str2, char[] cArr) {
        if (cArr == null) {
            cArr = STORAGE_PASSWORD;
        }
        synchronized (BKSTrustStore.class) {
            File file = new File(str);
            if (!file.exists() && !file.mkdirs()) {
                JCPLogger.warning("Couldn't create store directory = " + file.getAbsolutePath());
                return false;
            }
            File file2 = new File(file, str2);
            boolean exists = file2.exists();
            if (!str2.equalsIgnoreCase("cacerts")) {
                return createOrUpdateStore(context, file2, cArr, false, exists);
            }
            JCPLogger.fine("Checking if creating/updating is needed, store exists = " + exists);
            AnonymousClass1 anonymousClass1 = new AnonymousClass1(context, context);
            if (!anonymousClass1.needUpdate() || !createOrUpdateStore(context, file2, cArr, true, exists)) {
                return true;
            }
            JCPLogger.fine("Store has been updated = " + anonymousClass1.markUpdated());
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<File> getCertificateFiles(AssetManager assetManager) {
        String[] list = assetManager.list(ROOT_CERTS_DIRECTORY);
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; list != null && i10 < list.length; i10++) {
            String extractFileExtension = UtilFile.extractFileExtension(list[i10]);
            if (extractFileExtension == null || !(extractFileExtension.equalsIgnoreCase("cer") || extractFileExtension.equalsIgnoreCase("crt") || extractFileExtension.equalsIgnoreCase("p7b"))) {
                JCPLogger.fine("File " + list[i10] + " has been ignored.");
            } else {
                arrayList.add(new File(list[i10]));
            }
        }
        return arrayList;
    }

    private static List<X509Certificate> readCertificates(Context context) {
        ArrayList arrayList = new ArrayList();
        AssetManager assets = context.getAssets();
        List<File> certificateFiles = getCertificateFiles(assets);
        CertificateFactory certificateFactory = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME);
        Iterator<File> it = certificateFiles.iterator();
        while (it.hasNext()) {
            arrayList.add((X509Certificate) certificateFactory.generateCertificate(assets.open(ROOT_CERTS_DIRECTORY + File.separator + it.next().getName())));
        }
        return arrayList;
    }
}
