package com.avira.common.security;

import android.content.Context;
import android.content.res.Resources;
import com.avira.common.R;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;

/* loaded from: classes.dex */
public class SystemKeyStore {
    private static SystemKeyStore b;

    /* renamed from: a, reason: collision with root package name */
    private final HashMap<Principal, X509Certificate> f1832a;
    final KeyStore trustStore;

    private SystemKeyStore(Context context) {
        KeyStore trustStore = getTrustStore(context);
        setUnknownCertificateAuthority(context, trustStore);
        this.f1832a = initializeTrustedRoots(trustStore);
        this.trustStore = trustStore;
    }

    public static synchronized SystemKeyStore getInstance(Context context) {
        SystemKeyStore systemKeyStore;
        synchronized (SystemKeyStore.class) {
            if (b == null) {
                b = new SystemKeyStore(context);
            }
            systemKeyStore = b;
        }
        return systemKeyStore;
    }

    private KeyStore getTrustStore(Context context) {
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("BKS");
                BufferedInputStream bufferedInputStream = new BufferedInputStream(context.getResources().openRawResource(R.raw.cacerts), 143360);
                try {
                    keyStore.load(bufferedInputStream, "changeit".toCharArray());
                    return keyStore;
                } finally {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException unused) {
                    }
                }
            } catch (IOException e) {
                throw new AssertionError(e);
            }
        } catch (Resources.NotFoundException e2) {
            throw new AssertionError(e2);
        } catch (KeyStoreException e3) {
            throw new AssertionError(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new AssertionError(e4);
        } catch (CertificateException e5) {
            throw new AssertionError(e5);
        }
    }

    private HashMap<Principal, X509Certificate> initializeTrustedRoots(KeyStore keyStore) {
        try {
            HashMap<Principal, X509Certificate> hashMap = new HashMap<>();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
                if (x509Certificate != null) {
                    hashMap.put(x509Certificate.getSubjectX500Principal(), x509Certificate);
                }
            }
            return hashMap;
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        }
    }

    private void setUnknownCertificateAuthority(Context context, KeyStore keyStore) {
        CertificateFactory certificateFactory;
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException unused) {
            certificateFactory = null;
        }
        if (certificateFactory == null) {
            return;
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(context.getResources().openRawResource(R.raw.aviraroot));
        try {
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(bufferedInputStream);
                String str = "ca= " + ((X509Certificate) generateCertificate).getSubjectDN();
                keyStore.setCertificateEntry("ca", generateCertificate);
            } catch (Throwable th) {
                try {
                    bufferedInputStream.close();
                } catch (IOException unused2) {
                }
                throw th;
            }
        } catch (KeyStoreException | CertificateException e) {
            e.printStackTrace();
        }
        try {
            bufferedInputStream.close();
        } catch (IOException unused3) {
        }
    }

    public X509Certificate getTrustRootFor(X509Certificate x509Certificate) {
        X509Certificate x509Certificate2 = this.f1832a.get(x509Certificate.getIssuerX500Principal());
        if (x509Certificate2 == null || x509Certificate2.getSubjectX500Principal().equals(x509Certificate.getSubjectX500Principal())) {
            return null;
        }
        try {
            x509Certificate.verify(x509Certificate2.getPublicKey());
            return x509Certificate2;
        } catch (GeneralSecurityException unused) {
            return null;
        }
    }

    public boolean isTrustRoot(X509Certificate x509Certificate) {
        X509Certificate x509Certificate2 = this.f1832a.get(x509Certificate.getSubjectX500Principal());
        return x509Certificate2 != null && x509Certificate2.getPublicKey().equals(x509Certificate.getPublicKey());
    }
}
