package by.avest.crypto.conscrypt;

import by.avest.crypto.conscrypt.util.ByteArrayUtil;
import by.avest.crypto.conscrypt.util.NativeLibraryLoader;
import by.avest.crypto.conscrypt.x509.X509CRLDirEntry;
import by.avest.crypto.conscrypt.x509.X509CRLEntry;
import by.avest.crypto.conscrypt.x509.X509CertDirEntry;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.MessageDigest;
import java.security.ProviderException;
import java.security.cert.CRL;
import java.security.cert.CRLException;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: classes.dex */
public class AvCACertStore extends CertStoreSpi {
    private X509CertDirEntry certsDir;
    private CertificateFactory cf;
    private X509CRLDirEntry crlsDir;
    private final boolean win;

    /* loaded from: classes.dex */
    private static final class FileCertStoreEntryHandle implements CertStoreEntryHandle<X509CRL> {
        private String fileName;
        private X509CRL item;

        public FileCertStoreEntryHandle(X509CRL x509crl, String str) {
            this.item = x509crl;
            this.fileName = str;
        }

        @Override // by.avest.crypto.conscrypt.CertStoreEntryHandle
        public X509CRL get() {
            return this.item;
        }

        @Override // by.avest.crypto.conscrypt.CertStoreEntryHandle
        public void set(X509CRL x509crl) {
            this.item = x509crl;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class WindowsCertStoreItemHolder implements CertStoreEntryHandle<X509CRL> {
        private X509CRL item;

        WindowsCertStoreItemHolder(X509CRL x509crl) {
            this.item = x509crl;
        }

        @Override // by.avest.crypto.conscrypt.CertStoreEntryHandle
        public X509CRL get() {
            return this.item;
        }

        @Override // by.avest.crypto.conscrypt.CertStoreEntryHandle
        public void set(X509CRL x509crl) {
            this.item = x509crl;
        }
    }

    public AvCACertStore(CertStoreParameters certStoreParameters) throws InvalidAlgorithmParameterException {
        super(certStoreParameters);
        long crlRefreshTime = certStoreParameters instanceof AvCaCertStoreParams ? ((AvCaCertStoreParams) certStoreParameters).getCrlRefreshTime() : getDefaultRefreshTime();
        try {
            crlRefreshTime = Integer.valueOf(Integer.parseInt(System.getProperty("by.avest.crypto.provider.certstore.crlupdateinterval")) * 60000).intValue();
        } catch (Exception unused) {
        }
        AvCaCertStoreImportParams avCaCertStoreImportParams = certStoreParameters instanceof AvCaCertStoreImportParams ? (AvCaCertStoreImportParams) certStoreParameters : null;
        try {
            NativeLibraryLoader nativeLibraryLoader = NativeLibraryLoader.getInstance("conscrypt");
            boolean isWin = nativeLibraryLoader.isWin();
            this.win = isWin;
            if (isWin) {
                loadWindows(avCaCertStoreImportParams, nativeLibraryLoader);
            } else {
                loadDirectory(avCaCertStoreImportParams, crlRefreshTime);
            }
        } catch (IOException e) {
            throw new ProviderException(e.getMessage(), e);
        } catch (CRLException e2) {
            throw new ProviderException(e2.getMessage(), e2);
        } catch (CertificateException e3) {
            throw new ProviderException(e3.getMessage(), e3);
        }
    }

    private void generateCRL(byte[] bArr, Collection<CRL> collection) {
        try {
            if (this.cf == null) {
                this.cf = CertificateFactory.getInstance("X.509");
            }
            collection.addAll(this.cf.generateCRLs(new ByteArrayInputStream(bArr)));
        } catch (Throwable unused) {
        }
    }

    private void generateCertificate(byte[] bArr, Collection<Certificate> collection) {
        try {
            if (this.cf == null) {
                this.cf = CertificateFactory.getInstance("X.509");
            }
            collection.addAll(this.cf.generateCertificates(new ByteArrayInputStream(bArr)));
        } catch (Throwable unused) {
        }
    }

    static File getAvPKIDir(String str) {
        return new File(new File(System.getProperty("user.home"), ".avpki"), str);
    }

    private long getDefaultRefreshTime() {
        return 1200000L;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public native boolean importMSCRL(byte[] bArr) throws CertStoreException;

    private void loadDirectory(AvCaCertStoreImportParams avCaCertStoreImportParams, long j) throws CertificateException, CRLException, IOException {
        this.certsDir = new X509CertDirEntry(getAvPKIDir("CA/certs"), false);
        this.crlsDir = new X509CRLDirEntry(getAvPKIDir("CA/crls"), true, j);
        if (avCaCertStoreImportParams != null) {
            avCaCertStoreImportParams.setImpl(new CertStoreImport() { // from class: by.avest.crypto.conscrypt.AvCACertStore.2
                @Override // by.avest.crypto.conscrypt.CertStoreImport
                public CertStoreEntryHandle<X509CRL> createCRLHandle(X509CRL x509crl) throws CertStoreException {
                    try {
                        return new FileCertStoreEntryHandle(x509crl, ByteArrayUtil.toHexString(MessageDigest.getInstance("SHA1").digest(x509crl.getIssuerX500Principal().getEncoded())) + ".crl");
                    } catch (Exception e) {
                        throw new CertStoreException(e.getMessage(), e);
                    }
                }

                @Override // by.avest.crypto.conscrypt.CertStoreImport
                public CertStoreEntryHandle<X509CRL> findOldCRL(X509CRL x509crl) throws CertStoreException {
                    try {
                        X509CRLEntry findEntry = AvCACertStore.this.crlsDir.findEntry(x509crl);
                        if (findEntry != null) {
                            return new FileCertStoreEntryHandle(findEntry.getCRL(), findEntry.getFile().getName());
                        }
                        return null;
                    } catch (Exception e) {
                        throw new CertStoreException(e.getMessage(), e);
                    }
                }

                @Override // by.avest.crypto.conscrypt.CertStoreImport
                public boolean importCRL(CertStoreEntryHandle<X509CRL> certStoreEntryHandle) throws CertStoreException {
                    try {
                        AvCACertStore.this.crlsDir.updateCRL(certStoreEntryHandle.get(), ((FileCertStoreEntryHandle) certStoreEntryHandle).fileName);
                        return true;
                    } catch (Exception e) {
                        throw new CertStoreException(e.getMessage(), e);
                    }
                }
            });
        }
    }

    private native void loadMSCRLs(Set<X509CRL> set) throws CertStoreException;

    private native void loadMSCertificates(Set<X509Certificate> set) throws CertStoreException;

    private void loadWindows(AvCaCertStoreImportParams avCaCertStoreImportParams, NativeLibraryLoader nativeLibraryLoader) throws IOException {
        nativeLibraryLoader.loadLibrary("AvUniversalJNI");
        if (avCaCertStoreImportParams != null) {
            avCaCertStoreImportParams.setImpl(new CertStoreImport() { // from class: by.avest.crypto.conscrypt.AvCACertStore.1
                @Override // by.avest.crypto.conscrypt.CertStoreImport
                public WindowsCertStoreItemHolder createCRLHandle(X509CRL x509crl) {
                    return new WindowsCertStoreItemHolder(x509crl);
                }

                @Override // by.avest.crypto.conscrypt.CertStoreImport
                public CertStoreEntryHandle<X509CRL> findOldCRL(X509CRL x509crl) throws CertStoreException {
                    X509CRLSelector x509CRLSelector = new X509CRLSelector();
                    x509CRLSelector.addIssuer(x509crl.getIssuerX500Principal());
                    for (CRL crl : AvCACertStore.this.engineGetCRLs(x509CRLSelector)) {
                        if (crl instanceof X509CRL) {
                            return createCRLHandle((X509CRL) crl);
                        }
                    }
                    return null;
                }

                @Override // by.avest.crypto.conscrypt.CertStoreImport
                public boolean importCRL(CertStoreEntryHandle<X509CRL> certStoreEntryHandle) throws CertStoreException {
                    try {
                        return AvCACertStore.this.importMSCRL(certStoreEntryHandle.get().getEncoded());
                    } catch (CRLException e) {
                        throw new CertStoreException(e.getMessage(), e);
                    }
                }
            });
        }
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<? extends CRL> engineGetCRLs(CRLSelector cRLSelector) throws CertStoreException {
        if (this.win) {
            HashSet hashSet = new HashSet();
            loadMSCRLs(hashSet);
            if (cRLSelector != null) {
                Iterator<X509CRL> it = hashSet.iterator();
                while (it.hasNext()) {
                    if (!cRLSelector.match(it.next())) {
                        it.remove();
                    }
                }
            }
            return hashSet;
        }
        HashSet hashSet2 = new HashSet();
        try {
            hashSet2.addAll(this.crlsDir.getCRLs(cRLSelector));
            return hashSet2;
        } catch (IOException e) {
            throw new CertStoreException(e.getMessage(), e);
        } catch (CRLException e2) {
            throw new CertStoreException(e2.getMessage(), e2);
        } catch (CertificateException e3) {
            throw new CertStoreException(e3.getMessage(), e3);
        }
    }

    @Override // java.security.cert.CertStoreSpi
    public Collection<? extends Certificate> engineGetCertificates(CertSelector certSelector) throws CertStoreException {
        if (!this.win) {
            HashSet hashSet = new HashSet();
            try {
                hashSet.addAll(this.certsDir.getCertificates(certSelector));
                return hashSet;
            } catch (IOException e) {
                throw new CertStoreException(e.getMessage(), e);
            } catch (CertificateException e2) {
                throw new CertStoreException(e2.getMessage(), e2);
            }
        }
        HashSet hashSet2 = new HashSet();
        loadMSCertificates(hashSet2);
        if (certSelector != null) {
            Iterator<X509Certificate> it = hashSet2.iterator();
            while (it.hasNext()) {
                if (!certSelector.match(it.next())) {
                    it.remove();
                }
            }
        }
        return hashSet2;
    }

    protected void finalize() throws Throwable {
        try {
            this.crlsDir.stopThread();
        } finally {
            super.finalize();
        }
    }
}
