package com.cisco.anyconnect.acruntime.support;

import com.cisco.anyconnect.acruntime.utils.AppLog;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.CertificateRevokedException;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class CertificateManager {
    private static final String ENTITY_NAME = "com.cisco.anyconnect.acruntime.support.CertificateManager";
    private TrustManagerFactory trustManagerFactory = null;
    private X509TrustManager defaultTrustManager = null;
    private TrustManager[] trustManagers = null;
    private final String CERTIFICATE_TYPE = "X.509";

    private int checkTrustManager(byte[][] bArr, boolean z, String str) {
        X509Certificate[] derToX509Certificates;
        X509Certificate x509Certificate;
        try {
            derToX509Certificates = derToX509Certificates(bArr);
        } catch (IOException e) {
            e = e;
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Exception while verifiying certificate : " + e.getCause());
            return -1;
        } catch (IllegalArgumentException e2) {
            e = e2;
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Exception while verifiying certificate : " + e.getCause());
            return -1;
        } catch (CertificateException e3) {
            AppLog.Severity severity = AppLog.Severity.DBG_ERROR;
            String str2 = ENTITY_NAME;
            AppLog.logDebugMessage(severity, str2, "Exception while verifiying certificate : " + e3.getCause());
            if ((e3 instanceof CertificateExpiredException) || (e3 instanceof CertificateNotYetValidException)) {
                return 8;
            }
            if ((e3 instanceof CertificateParsingException) || (e3 instanceof CertificateEncodingException)) {
                return 4;
            }
            if (!(e3 instanceof CertificateRevokedException)) {
                return 1;
            }
            if (z) {
                return 64;
            }
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, str2, "Status: Certificate is revoked, but revocation errors are being ignored.");
        } catch (Exception e4) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Exception while verifiying certificate : " + e4.getCause());
            return 1;
        }
        if (derToX509Certificates == null || (x509Certificate = derToX509Certificates[0]) == null) {
            return -1;
        }
        this.defaultTrustManager.checkServerTrusted(derToX509Certificates, x509Certificate.getPublicKey().getAlgorithm());
        return 0;
    }

    private X509Certificate[] derToX509Certificates(byte[][] bArr) throws CertificateException, IOException {
        int length = bArr.length;
        if (length == 0) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i < length; i++) {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr[i]);
                x509CertificateArr[i] = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
            } catch (IOException e) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "derToX509Certificates: IOException while parsing certificate: ", e);
                throw e;
            } catch (CertificateException e2) {
                AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "derToX509Certificates: CertificateException while parsing certificate: ", e2);
                throw e2;
            }
        }
        return x509CertificateArr;
    }

    private native int registerCertificateManagerInterface();

    private native int unregisterCertificateManagerInterface();

    public int clean() {
        try {
            return unregisterCertificateManagerInterface();
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, " Error while unregistering FlowController ", e);
            return -1;
        }
    }

    public int init() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.trustManagerFactory = trustManagerFactory;
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = this.trustManagerFactory.getTrustManagers();
            this.trustManagers = trustManagers;
            for (TrustManager trustManager : trustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    this.defaultTrustManager = (X509TrustManager) trustManager;
                }
            }
            if (this.defaultTrustManager == null) {
                return -1;
            }
            return registerCertificateManagerInterface();
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, " Error while registering CertificateManager ", e);
            return -1;
        }
    }

    public int verifyCertificate(byte[][] bArr, boolean z, String str) {
        AppLog.logDebugBuildDebugMessage(AppLog.Severity.DBG_TRACE, ENTITY_NAME, "Called verifyCertificate java ");
        if (bArr == null) {
            return -1;
        }
        return checkTrustManager(bArr, z, str);
    }
}
