package com.adguard.android.service;

import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.security.KeyChain;
import ch.qos.logback.core.joran.action.Action;
import com.adguard.android.R;
import com.adguard.android.filtering.api.CertificateStoreType;
import com.adguard.android.filtering.api.HttpsMitmMode;
import com.adguard.android.filtering.filter.AppRules;
import com.adguard.corelibs.proxy.ProxyUtils;
import java.io.File;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.compatible.digest.DigestUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.filefilter.IOFileFilter;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class t implements s {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.c f492a = org.slf4j.d.a((Class<?>) t.class);
    private final PreferencesService f;
    private final c g;
    private final z h;
    private final Context i;
    private byte[][] j;
    private final String b = "/data/misc/keychain/cacerts-added";
    private final String c = "/data/misc/user/0/cacerts-added";
    private final String d = "/data/misc/user/0/cacerts-removed";
    private final String e = "/system/etc/security/cacerts";
    private long k = 0;
    private String l = "";

    public t(Context context) {
        this.i = context;
        this.f = com.adguard.android.c.a(context).c();
        this.g = com.adguard.android.c.a(context).d();
        this.h = com.adguard.android.c.a(context).s();
    }

    private File a(String str, byte[][] bArr) {
        File file;
        String certKeyPairToPEM = ProxyUtils.certKeyPairToPEM(bArr);
        byte[] bArr2 = bArr[0];
        int indexOf = certKeyPairToPEM.indexOf("-----BEGIN RSA PRIVATE KEY-----");
        String substring = indexOf > 0 ? certKeyPairToPEM.substring(0, indexOf) : null;
        byte[] md5 = DigestUtils.md5(((X509Certificate) ProxyUtils.certKeyPairToKeyStoreEntry(bArr).getCertificate()).getIssuerX500Principal().getEncoded());
        final String hexString = Integer.toHexString(((md5[3] & 255) << 24) | (md5[0] & 255) | ((md5[1] & 255) << 8) | ((md5[2] & 255) << 16));
        Iterator<File> it = FileUtils.listFiles(new File(str), new IOFileFilter() { // from class: com.adguard.android.service.t.1
            @Override // org.apache.commons.io.filefilter.IOFileFilter, java.io.FileFilter
            public final boolean accept(File file2) {
                return StringUtils.startsWith(file2.getName(), hexString);
            }

            @Override // org.apache.commons.io.filefilter.IOFileFilter, java.io.FilenameFilter
            public final boolean accept(File file2, String str2) {
                return false;
            }
        }, (IOFileFilter) null).iterator();
        while (true) {
            if (!it.hasNext()) {
                file = null;
                break;
            }
            file = it.next();
            if (Arrays.equals(bArr2, FileUtils.readFileToByteArray(file)) || (substring != null && FileUtils.readFileToString(file, com.adguard.commons.c.a.b).startsWith(substring))) {
                break;
            }
        }
        return file;
    }

    private void p() {
        this.k = System.currentTimeMillis();
        this.l = null;
    }

    private String q() {
        String str = null;
        f492a.debug("Getting CA certificate alias");
        if (this.j == null) {
            f492a.debug("CA certificate is not loaded yet");
        }
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null);
        byte[] bArr = this.j[0];
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                String name = x509Certificate.getSubjectDN().getName();
                f492a.debug("Checking certificate {}", name);
                if (StringUtils.containsIgnoreCase(name, "AdGuard Personal CA")) {
                    if (Arrays.equals(bArr, x509Certificate.getEncoded())) {
                        f492a.debug("The AdGuard certificate is stored by alias {}", nextElement);
                        if (StringUtils.startsWith(nextElement, "system")) {
                            return nextElement;
                        }
                    } else {
                        nextElement = str;
                    }
                    str = nextElement;
                } else {
                    continue;
                }
            }
        }
        return str;
    }

    @Override // com.adguard.android.service.s
    public final void a(CertificateStoreType certificateStoreType) {
        try {
            f492a.info("Removing certificate from {} store", certificateStoreType);
            if (!com.adguard.android.filtering.commons.d.a() || certificateStoreType == CertificateStoreType.USER) {
                f492a.info("No root access given or the certificate was installed to the user store, opens security settings");
                com.adguard.android.ui.utils.o.b(this.i);
                p();
            } else if (com.adguard.android.filtering.commons.d.d()) {
                File a2 = a("/system/etc/security/cacerts", this.j);
                if (a2 != null) {
                    f492a.debug("The certificate file path: {}", a2);
                    f492a.debug("Remove certificate result: {}", StringUtils.join(com.adguard.android.filtering.commons.d.a(new String[]{"mount -o rw,remount /system", "rm " + a2.getAbsolutePath(), "mount -o ro,remount /system"}, 2, 10), "\n"));
                    f492a.info("The certificate has been removed");
                    p();
                    this.f.g((String) null);
                    this.j = null;
                    this.h.a(R.string.remove_certificate_success);
                } else {
                    f492a.warn("Could not remove the CA certificate");
                }
            } else {
                f492a.info("No root access given");
            }
        } catch (Exception e) {
            f492a.error("Error while removing certificate:\n", (Throwable) e);
            this.h.d();
        }
    }

    @Override // com.adguard.android.service.s
    public final void a(HttpsMitmMode httpsMitmMode) {
        this.f.a(httpsMitmMode);
    }

    @Override // com.adguard.android.service.s
    public final void a(List<String> list) {
        String str;
        List<String> f = com.adguard.android.filtering.api.a.f();
        if (CollectionUtils.isEmpty(f) || CollectionUtils.isEmpty(list)) {
            str = "";
        } else {
            str = com.adguard.commons.c.d.a((List) CollectionUtils.subtract(list, f), (List) CollectionUtils.subtract(f, list));
        }
        this.f.j(str);
        com.adguard.android.d.o.a().c();
    }

    @Override // com.adguard.android.service.s
    public final void a(boolean z) {
        f j = com.adguard.android.c.a(this.i).j();
        AppRules a2 = j.a();
        a2.setHttpsFiltering(Boolean.valueOf(z));
        j.a(a2, false);
    }

    @Override // com.adguard.android.service.s
    public final synchronized boolean a() {
        boolean z = true;
        synchronized (this) {
            try {
                if (this.j == null) {
                    try {
                        String J = this.f.J();
                        if (J == null) {
                            f492a.debug("Certificate is not yet generated");
                            z = false;
                        } else {
                            this.j = ProxyUtils.certKeyPairFromPEM(J);
                            f492a.info("Loading certificate from preferences: {}", Boolean.valueOf(this.j != null));
                            if (this.j == null) {
                                z = false;
                            }
                        }
                    } catch (Exception e) {
                        f492a.warn("Error while checking if our CA certificate is generated\n", (Throwable) e);
                        z = false;
                    }
                }
            } catch (Throwable th) {
                throw th;
            }
        }
        return z;
    }

    @Override // com.adguard.android.service.s
    public final boolean a(String str) {
        AppRules b;
        boolean z = false;
        if ((!com.adguard.android.filtering.commons.b.l() || !com.adguard.android.filtering.commons.j.a(str, this.i) || d(str)) && ((b = com.adguard.android.c.a(this.i).j().b(str)) == null || (b.isTrafficFiltering().booleanValue() && b.isHttpsFiltering().booleanValue() && b.isAdBlocking().booleanValue()))) {
            z = true;
        }
        return z;
    }

    @Override // com.adguard.android.service.s
    public final synchronized CertificateStoreType b() {
        CertificateStoreType certificateStoreType;
        try {
            if (a()) {
                try {
                    if (StringUtils.isBlank(this.l) || this.k + 1000 < System.currentTimeMillis()) {
                        this.l = q();
                        this.k = System.currentTimeMillis();
                    }
                } catch (Exception e) {
                    f492a.error("Error getting certificate store type", (Throwable) e);
                }
                if (StringUtils.startsWith(this.l, "system")) {
                    certificateStoreType = CertificateStoreType.SYSTEM;
                } else {
                    if (StringUtils.startsWith(this.l, "user")) {
                        certificateStoreType = CertificateStoreType.USER;
                    }
                    certificateStoreType = CertificateStoreType.NONE;
                }
            } else {
                certificateStoreType = CertificateStoreType.NONE;
            }
        } catch (Throwable th) {
            throw th;
        }
        return certificateStoreType;
    }

    @Override // com.adguard.android.service.s
    public final void b(String str) {
        List<String> c = this.g.c();
        if (c.contains(str) || !c.add(str)) {
            return;
        }
        this.g.a(c);
    }

    @Override // com.adguard.android.service.s
    public final void b(List<String> list) {
        this.f.i(StringUtils.join(list, "\n"));
        com.adguard.android.d.o.a().c();
    }

    @Override // com.adguard.android.service.s
    public final void b(boolean z) {
        this.f.k(z);
    }

    @Override // com.adguard.android.service.s
    public final void c(String str) {
        List<String> c = this.g.c();
        if (c.removeAll(Collections.singletonList(str))) {
            this.g.a(c);
        }
    }

    @Override // com.adguard.android.service.s
    public final boolean c() {
        return com.adguard.android.c.a(this.i).j().a().isHttpsFiltering().booleanValue();
    }

    @Override // com.adguard.android.service.s
    public final HttpsMitmMode d() {
        return this.f.H();
    }

    @Override // com.adguard.android.service.s
    public final boolean d(String str) {
        return this.g.c().contains(str);
    }

    @Override // com.adguard.android.service.s
    public final boolean e() {
        return this.f.K();
    }

    @Override // com.adguard.android.service.s
    public final Intent f() {
        try {
            byte[][] i = i();
            if (i != null) {
                byte[] bArr = i[0];
                Intent createInstallIntent = KeyChain.createInstallIntent();
                createInstallIntent.putExtra(Action.NAME_ATTRIBUTE, "AdGuard Certificate");
                createInstallIntent.putExtra("CERT", bArr);
                return createInstallIntent;
            }
        } catch (Exception e) {
            f492a.error("Error while encoding AdGuard root certificate\n", (Throwable) e);
        }
        return null;
    }

    @Override // com.adguard.android.service.s
    public final Intent g() {
        u.a(i());
        int a2 = u.a();
        Intent intent = new Intent("android.intent.action.VIEW");
        intent.setData(Uri.parse("http://127.0.0.1:" + a2 + "/adguard.crt"));
        return Intent.createChooser(intent, this.i.getText(R.string.choose_program));
    }

    @Override // com.adguard.android.service.s
    public final com.adguard.android.filtering.api.k h() {
        com.adguard.android.filtering.api.k kVar;
        f492a.info("Retrieving HTTPs filtering configuration");
        CertificateStoreType b = b();
        if (!c() || b == CertificateStoreType.NONE) {
            f492a.info("HTTPs filtering is disabled or CA certificate is not installed");
            kVar = null;
        } else {
            com.adguard.android.filtering.api.k kVar2 = new com.adguard.android.filtering.api.k();
            kVar2.a(i());
            HttpsMitmMode d = d();
            kVar2.a(d == HttpsMitmMode.BLACKLIST ? m() : k());
            kVar2.a(d);
            kVar2.a(e());
            kVar2.a(b);
            kVar2.b(this.g.c());
            if (b == CertificateStoreType.SYSTEM) {
                f492a.info("Certificate is installed to system store");
            }
            f492a.info("HTTPs filtering configuration is {}", kVar2);
            kVar = kVar2;
        }
        return kVar;
    }

    @Override // com.adguard.android.service.s
    public final synchronized byte[][] i() {
        byte[][] bArr;
        byte[][] certKeyPairFromPEM;
        try {
            if (this.j != null) {
                bArr = this.j;
            } else {
                try {
                    f492a.info("Retrieving CA certificate from preferences");
                    String J = this.f.J();
                    if (J == null) {
                        f492a.info("No CA certificate in preferences, generate it");
                        certKeyPairFromPEM = ProxyUtils.generateCACertKeyPair("AdGuard Personal CA");
                        this.f.g(ProxyUtils.certKeyPairToPEM(certKeyPairFromPEM));
                        f492a.info("CA certificate generated and saved to preferences");
                    } else {
                        f492a.info("Loading CA certificate from preferences");
                        certKeyPairFromPEM = ProxyUtils.certKeyPairFromPEM(J);
                    }
                    f492a.info("Returning CA certificate");
                    this.j = certKeyPairFromPEM;
                    bArr = this.j;
                } catch (Exception e) {
                    f492a.error("Unexpected error while generating CA certificate\n", (Throwable) e);
                    bArr = null;
                }
            }
        } catch (Throwable th) {
            throw th;
        }
        return bArr;
    }

    @Override // com.adguard.android.service.s
    public final void j() {
        try {
            f492a.info("Moving certificate to the system store");
            if (com.adguard.android.filtering.commons.d.d()) {
                File a2 = a(com.adguard.android.filtering.commons.b.i() ? "/data/misc/user/0/cacerts-added" : "/data/misc/keychain/cacerts-added", this.j);
                if (a2 != null) {
                    f492a.debug("The certificate file path: {}", a2);
                    String replaceAll = a2.getName().replaceAll("\\.[0-9a-z]{1,2}$", ".0");
                    File file = new File("/system/etc/security/cacerts", replaceAll);
                    String str = com.adguard.android.filtering.commons.b.i() ? "/data/misc/user/0/cacerts-removed" : null;
                    File file2 = str != null ? new File(str, replaceAll) : null;
                    ArrayList arrayList = new ArrayList();
                    arrayList.add("mount -o rw,remount /system");
                    arrayList.add("cp " + a2.getAbsolutePath() + " " + file.getAbsolutePath());
                    arrayList.add("chmod 644 " + file.getAbsolutePath());
                    arrayList.add("rm " + a2.getAbsolutePath());
                    if (file2 != null && file2.exists()) {
                        arrayList.add("rm " + file2.getAbsolutePath());
                    }
                    arrayList.add("mount -o ro,remount /system");
                    f492a.debug("Move certificate to the system store result: {}", StringUtils.join(com.adguard.android.filtering.commons.d.a((String[]) arrayList.toArray(new String[arrayList.size()]), 2, 10), "\n"));
                    this.k = System.currentTimeMillis();
                    this.l = q();
                    this.h.a(R.string.move_to_system_store_success);
                    f492a.info("The certificate has been moved");
                } else {
                    f492a.warn("Could not move the CA certificate to the system store");
                }
            } else {
                f492a.info("No root access given");
            }
        } catch (Exception e) {
            f492a.error("Error while moving certificate to system store:\n", (Throwable) e);
            this.h.d();
        }
    }

    @Override // com.adguard.android.service.s
    public final List<String> k() {
        List<String> f = com.adguard.android.filtering.api.a.f();
        String ad = this.f.ad();
        if (CollectionUtils.isEmpty(f)) {
            return null;
        }
        if (StringUtils.isBlank(ad)) {
            return f;
        }
        List<String> a2 = com.adguard.commons.b.a.a(ad, "\r\n", true);
        ArrayList arrayList = new ArrayList(f.size());
        arrayList.addAll(f);
        for (String str : a2) {
            String substring = str.substring(1);
            if (StringUtils.startsWith(str, "-")) {
                arrayList.remove(substring);
            }
            if (StringUtils.startsWith(str, "+") && !arrayList.contains(substring)) {
                arrayList.add(0, substring);
            }
        }
        return arrayList;
    }

    @Override // com.adguard.android.service.s
    public final void l() {
        this.f.j((String) null);
        com.adguard.android.d.o.a().c();
    }

    @Override // com.adguard.android.service.s
    public final List<String> m() {
        return com.adguard.commons.b.a.a(this.f.ac(), "\r\n", true);
    }

    @Override // com.adguard.android.service.s
    public final void n() {
        this.f.i(com.adguard.android.filtering.api.a.e());
        com.adguard.android.d.o.a().c();
    }
}
