package com.novell.zapp.framework.utility;

import com.novell.zapp.framework.ConfigManager;
import com.novell.zapp.framework.logging.ZENLogger;
import com.novell.zapp.plugins.ReversePlugin;
import com.novell.zapp.ssl.CertificateDetails;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes17.dex */
public class ZenTrustManager implements X509TrustManager {
    private static final String LOGGER_MODULE = "ZENTrustManager";
    public static X509Certificate certificate;
    static ZenTrustManager instance;
    private static X509TrustManager systemTrustManager;
    private X509Certificate[] chain = null;
    ConfigManager configManager = ConfigManager.getInstance();
    private boolean isHostNameVerified = false;
    private ZenTrustStore zenTrustStore = ZenTrustStore.getInstance();
    private static final String IPV4_REGEX = "(([0-1]?[0-9]{1,2}\\.)|(2[0-4][0-9]\\.)|(25[0-5]\\.)){3}(([0-1]?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5]))";
    private static Pattern IPV4_PATTERN = Pattern.compile(IPV4_REGEX);
    public static ThreadWaitNotify locker = new ThreadWaitNotify();

    static {
        instance = null;
        systemTrustManager = null;
        instance = new ZenTrustManager();
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            systemTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException e) {
            ZENLogger.debug(LOGGER_MODULE, "Exception while initializing Default Trust Manager", e, new Object[0]);
            systemTrustManager = null;
        } catch (NoSuchAlgorithmException e2) {
            ZENLogger.debug(LOGGER_MODULE, "Exception while initializing Default Trust Manager", e2, new Object[0]);
            systemTrustManager = null;
        }
    }

    private ZenTrustManager() {
    }

    private void addRootCertToZENTrustStore(X509Certificate x509Certificate) {
        try {
            this.zenTrustStore.addCertToTrustStore(x509Certificate);
        } catch (KeyStoreException e) {
            ZENLogger.debug(LOGGER_MODULE, "KeyStoreException while adding the certificate to trust store: ", e, new Object[0]);
        } catch (Exception e2) {
            ZENLogger.debug(LOGGER_MODULE, "Exception while adding the certificate to trust store: ", e2, new Object[0]);
        }
    }

    public static ZenTrustManager getInstance() {
        return instance;
    }

    private void promptUserForUntrustedCert() {
        ZENCertificateParameters details = new CertificateDetails(certificate).getDetails();
        details.setUntrustedCert(Constants.UNTRUSTED_CERT_MESSAGE);
        ReversePlugin.sendUntrustedCertResult(details);
        locker.doWait();
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.zenTrustStore.getTrustManager().checkClientTrusted(x509CertificateArr, str);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        this.configManager.retrieveString(Constants.SERVERIP, null);
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new CertificateException("No certificates in certificate chain.");
        }
        try {
            certificate = x509CertificateArr[0];
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509Certificate.checkValidity();
            }
            if (systemTrustManager != null) {
                systemTrustManager.checkServerTrusted(x509CertificateArr, str);
            } else {
                this.zenTrustStore.getTrustManager().checkServerTrusted(x509CertificateArr, str);
            }
        } catch (CertificateExpiredException e) {
            ZENLogger.debug(LOGGER_MODULE, "The certificate chain presented contains expired certificates: ", e, new Object[0]);
            throw e;
        } catch (CertificateNotYetValidException e2) {
            ZENLogger.debug(LOGGER_MODULE, "The certificate chain presented contains certificates not yet valid: ", e2, new Object[0]);
            throw e2;
        } catch (Exception e3) {
            try {
                this.zenTrustStore.getTrustManager().checkServerTrusted(x509CertificateArr, str);
            } catch (Exception e4) {
                promptUserForUntrustedCert();
                if (e4.getCause() == null || !(e4.getCause() instanceof CertPathValidatorException) || !e4.getCause().getMessage().contains("Trust anchor for certification path not found")) {
                    ZENLogger.debug(LOGGER_MODULE, "Exception while validating the certificate: ", e3, new Object[0]);
                    throw new CertificateException();
                }
                addRootCertToZENTrustStore(x509CertificateArr[x509CertificateArr.length - 1]);
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return this.zenTrustStore.getTrustManager().getAcceptedIssuers();
    }

    public Enumeration<String> getAliases() throws KeyStoreException {
        return this.zenTrustStore.getAliases();
    }

    public Certificate getCertificate(String str) throws KeyStoreException {
        return this.zenTrustStore.getCertificate(str);
    }

    public X509Certificate[] getChain() {
        return this.chain;
    }

    public void setChain(X509Certificate[] x509CertificateArr) {
        this.chain = x509CertificateArr;
    }
}
