package com.android.org.conscrypt;

import com.android.org.conscrypt.ct.LogInfo;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/android/org/conscrypt/CertBlocklistImpl.class */
public final class CertBlocklistImpl implements CertBlocklist {
    private final Set<BigInteger> serialBlocklist;
    private final Set<ByteArray> sha1PubkeyBlocklist;
    private final Set<ByteArray> sha256PubkeyBlocklist;
    private Map<ByteArray, Boolean> cache;
    private static final int CACHE_SIZE = 64;
    private static final Logger logger = Logger.getLogger(CertBlocklistImpl.class.getName());
    static final byte[][] SHA1_BUILTINS = {"bae78e6bed65a2bf60ddedde7fd91e825865e93d".getBytes(StandardCharsets.UTF_8), "410f36363258f30b347d12ce4863e433437806a8".getBytes(StandardCharsets.UTF_8), "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(StandardCharsets.UTF_8), "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(StandardCharsets.UTF_8), "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(StandardCharsets.UTF_8), "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(StandardCharsets.UTF_8), "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(StandardCharsets.UTF_8), "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(StandardCharsets.UTF_8), "783333c9687df63377efceddd82efa9101913e8e".getBytes(StandardCharsets.UTF_8), "3ecf4bbbe46096d514bb539bb913d77aa4ef31bf".getBytes(StandardCharsets.UTF_8)};
    static final byte[][] SHA256_BUILTINS = {"809964b15e9bd312993d9984045551f503f2cf8e68f39188921ba30fe623f9fd".getBytes(StandardCharsets.UTF_8)};
    private static final byte[] HEX_TABLE = {48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102};

    public CertBlocklistImpl(Set<BigInteger> set, Set<ByteArray> set2) {
        this(set, set2, Collections.emptySet());
    }

    public CertBlocklistImpl(Set<BigInteger> set, Set<ByteArray> set2, Set<ByteArray> set3) {
        this.cache = Collections.synchronizedMap(new LinkedHashMap<ByteArray, Boolean>() { // from class: com.android.org.conscrypt.CertBlocklistImpl.1
            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry<ByteArray, Boolean> entry) {
                return size() > CertBlocklistImpl.CACHE_SIZE;
            }
        });
        this.serialBlocklist = set;
        this.sha1PubkeyBlocklist = set2;
        this.sha256PubkeyBlocklist = set3;
    }

    public static CertBlocklist getDefault() {
        String str = System.getenv("ANDROID_DATA") + "/misc/keychain/";
        String str2 = str + "pubkey_blacklist.txt";
        return new CertBlocklistImpl(readSerialBlockList(str + "serial_blacklist.txt"), readPublicKeyBlockList(str2, "SHA-1"), readPublicKeyBlockList(str + "pubkey_sha256_blocklist.txt", "SHA-256"));
    }

    private static boolean isHex(String str) {
        try {
            new BigInteger(str, 16);
            return true;
        } catch (NumberFormatException e) {
            logger.log(Level.WARNING, "Could not parse hex value " + str, (Throwable) e);
            return false;
        }
    }

    private static boolean isPubkeyHash(String str, int i) {
        if (str.length() == i) {
            return isHex(str);
        }
        logger.log(Level.WARNING, "Invalid pubkey hash length: " + str.length());
        return false;
    }

    private static String readBlocklist(String str) {
        try {
            return readFileAsString(str);
        } catch (FileNotFoundException e) {
            return "";
        } catch (IOException e2) {
            logger.log(Level.WARNING, "Could not read blocklist", (Throwable) e2);
            return "";
        }
    }

    private static String readFileAsString(String str) throws IOException {
        return readFileAsBytes(str).toString("UTF-8");
    }

    private static ByteArrayOutputStream readFileAsBytes(String str) throws IOException {
        RandomAccessFile randomAccessFile = null;
        try {
            randomAccessFile = new RandomAccessFile(str, "r");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((int) randomAccessFile.length());
            byte[] bArr = new byte[8192];
            while (true) {
                int read = randomAccessFile.read(bArr);
                if (read == -1) {
                    closeQuietly(randomAccessFile);
                    return byteArrayOutputStream;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            closeQuietly(randomAccessFile);
            throw th;
        }
    }

    private static void closeQuietly(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
            }
        }
    }

    private static Set<BigInteger> readSerialBlockList(String str) {
        HashSet hashSet = new HashSet();
        String readBlocklist = readBlocklist(str);
        if (!readBlocklist.equals("")) {
            for (String str2 : readBlocklist.split(",", -1)) {
                try {
                    hashSet.add(new BigInteger(str2, 16));
                } catch (NumberFormatException e) {
                    logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + str2, (Throwable) e);
                }
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    private static Set<ByteArray> readPublicKeyBlockList(String str, String str2) {
        HashSet hashSet;
        boolean z = -1;
        switch (str2.hashCode()) {
            case -1523887726:
                if (str2.equals("SHA-256")) {
                    z = true;
                    break;
                }
                break;
            case 78861104:
                if (str2.equals("SHA-1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case LogInfo.STATE_UNKNOWN /* 0 */:
                hashSet = new HashSet(toByteArrays(SHA1_BUILTINS));
                break;
            case true:
                hashSet = new HashSet(toByteArrays(SHA256_BUILTINS));
                break;
            default:
                throw new RuntimeException("Unknown hashType: " + str2 + ". Expected SHA-1 or SHA-256");
        }
        try {
            int digestLength = MessageDigest.getInstance(str2).getDigestLength() * 2;
            String readBlocklist = readBlocklist(str);
            if (!readBlocklist.equals("")) {
                for (String str3 : readBlocklist.split(",", -1)) {
                    String trim = str3.trim();
                    if (isPubkeyHash(trim, digestLength)) {
                        hashSet.add(new ByteArray(trim.getBytes(StandardCharsets.UTF_8)));
                    } else {
                        logger.log(Level.WARNING, "Tried to blocklist invalid pubkey " + trim);
                    }
                }
            }
            return hashSet;
        } catch (NoSuchAlgorithmException e) {
            logger.log(Level.SEVERE, "Unable to get " + str2 + " MessageDigest", (Throwable) e);
            return hashSet;
        }
    }

    private static boolean isPublicKeyBlockListed(byte[] bArr, Set<ByteArray> set, String str) {
        try {
            return set.contains(new ByteArray(toHex(MessageDigest.getInstance(str).digest(bArr))));
        } catch (NoSuchAlgorithmException e) {
            logger.log(Level.SEVERE, "Unable to get " + str + " MessageDigest", (Throwable) e);
            return false;
        }
    }

    @Override // com.android.org.conscrypt.CertBlocklist
    public boolean isPublicKeyBlockListed(PublicKey publicKey) {
        byte[] encoded = publicKey.getEncoded();
        ByteArray byteArray = new ByteArray(encoded);
        Boolean bool = this.cache.get(byteArray);
        if (bool != null) {
            return bool.booleanValue();
        }
        if (!this.sha1PubkeyBlocklist.isEmpty() && isPublicKeyBlockListed(encoded, this.sha1PubkeyBlocklist, "SHA-1")) {
            this.cache.put(byteArray, true);
            return true;
        }
        if (this.sha256PubkeyBlocklist.isEmpty() || !isPublicKeyBlockListed(encoded, this.sha256PubkeyBlocklist, "SHA-256")) {
            this.cache.put(byteArray, false);
            return false;
        }
        this.cache.put(byteArray, true);
        return true;
    }

    private static byte[] toHex(byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length * 2];
        int i = 0;
        for (byte b : bArr) {
            int i2 = b & 255;
            int i3 = i;
            int i4 = i + 1;
            bArr2[i3] = HEX_TABLE[i2 >> 4];
            i = i4 + 1;
            bArr2[i4] = HEX_TABLE[i2 & 15];
        }
        return bArr2;
    }

    @Override // com.android.org.conscrypt.CertBlocklist
    public boolean isSerialNumberBlockListed(BigInteger bigInteger) {
        return this.serialBlocklist.contains(bigInteger);
    }

    private static List<ByteArray> toByteArrays(byte[]... bArr) {
        ArrayList arrayList = new ArrayList(bArr.length + 1);
        for (byte[] bArr2 : bArr) {
            arrayList.add(new ByteArray(bArr2));
        }
        return arrayList;
    }
}
