package com.fillr.browsersdk.tls;

import android.text.TextUtils;
import com.fillr.browsersdk.Fillr;
import com.fillr.browsersdk.FillrConfig;
import com.fillr.browsersdk.tls.asn1.ASN1Null;
import com.fillr.browsersdk.tls.asn1.ASN1ObjectId;
import com.fillr.browsersdk.tls.asn1.ASN1Time;
import com.fillr.browsersdk.tls.asn1.ASN1UtfString;
import com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate;
import com.fillr.browsersdk.tls.asn1.complextypes.TBSCertificate;
import com.fillr.browsersdk.tls.asn1.complextypes.Validity;
import java.math.BigInteger;
import java.security.KeyPair;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.UUID;
import kotlin.jvm.internal.Intrinsics;

/* loaded from: classes7.dex */
public abstract class CertificateRegistry {
    public static final String[] BANNED_HOSTS = {"^(api|ft|schema)\\.fillr\\.com", "^rakuten\\.co\\.jp$", ".*\\.rakuten\\.co\\.jp$"};
    public static final Map GENERATED_CERTS = Collections.synchronizedMap(new HashMap());

    /* JADX WARN: Type inference failed for: r3v6, types: [com.fillr.browsersdk.tls.asn1.ASN1ObjectId, com.fillr.browsersdk.tls.asn1.complextypes.PublicKeyInfo] */
    public static SSLCertificate generateSelfSignedCertificate(String str, KeyPair keyPair) {
        if (TextUtils.isEmpty(str) || keyPair == null) {
            return null;
        }
        String[] strArr = BANNED_HOSTS;
        for (int i = 0; i < 3; i++) {
            if (str.matches(strArr[i])) {
                return null;
            }
        }
        if (!TextUtils.isEmpty(str)) {
            str.startsWith("*.");
        }
        SSLCertificate whitelistedCertificate = getWhitelistedCertificate(str);
        if (whitelistedCertificate != null) {
            return whitelistedCertificate;
        }
        if (TextUtils.isEmpty(str)) {
            str = "FillrCA";
        }
        String str2 = str;
        UUID randomUUID = UUID.randomUUID();
        BigInteger or = BigInteger.valueOf(randomUUID.getMostSignificantBits()).shiftLeft(64).or(BigInteger.valueOf(randomUUID.getLeastSignificantBits()));
        if (or.signum() < 1) {
            or = or.negate();
        }
        ASN1ObjectId aSN1ObjectId = new ASN1ObjectId(ASN1ObjectId.SHA256_WITH_RSA);
        Validity validity = new Validity(1);
        validity.notBefore = aSN1ObjectId;
        validity.notAfter = new ASN1Null();
        byte[] encoded = keyPair.getPublic().getEncoded();
        ?? aSN1ObjectId2 = new ASN1ObjectId();
        aSN1ObjectId2.preformattedData = encoded;
        SSLCertificate sSLCertificate = new SSLCertificate(or, validity, aSN1ObjectId2, keyPair);
        TBSCertificate tBSCertificate = sSLCertificate.tbsCert;
        String bigInteger = ((BigInteger) tBSCertificate.serialNumber.date).toString(16);
        ASN1ObjectId aSN1ObjectId3 = tBSCertificate.issuer;
        aSN1ObjectId3.valueChain.clear();
        ASN1Time aSN1Time = new ASN1Time();
        int[] iArr = ASN1ObjectId.COMMON_NAME;
        ((HashSet) aSN1Time.date).add(new Validity(new ASN1ObjectId(iArr), new ASN1UtfString(str)));
        aSN1ObjectId3.addValue(aSN1Time);
        if (!TextUtils.isEmpty(bigInteger)) {
            ASN1Time aSN1Time2 = new ASN1Time();
            ((HashSet) aSN1Time2.date).add(new Validity(new ASN1ObjectId(ASN1ObjectId.ORGANIZATIONAL_UNIT), new ASN1UtfString(bigInteger)));
            aSN1ObjectId3.addValue(aSN1Time2);
        }
        ASN1ObjectId aSN1ObjectId4 = tBSCertificate.subject;
        aSN1ObjectId4.valueChain.clear();
        ASN1Time aSN1Time3 = new ASN1Time();
        ((HashSet) aSN1Time3.date).add(new Validity(new ASN1ObjectId(iArr), new ASN1UtfString(str2)));
        aSN1ObjectId4.addValue(aSN1Time3);
        String message = "Generated self-signed certificate for host=" + str2 + ", serial=" + ((BigInteger) tBSCertificate.serialNumber.date).toString(16);
        Intrinsics.checkNotNullParameter(message, "message");
        FillrConfig fillrConfig = Fillr.getInstance().fillrConfig;
        GENERATED_CERTS.put(str2, sSLCertificate);
        Intrinsics.checkNotNullParameter("Registering generated certificate", "message");
        FillrConfig fillrConfig2 = Fillr.getInstance().fillrConfig;
        return sSLCertificate;
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0063, code lost:
    
        if (r4 <= r1) goto L21;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate getWhitelistedCertificate(java.lang.String r8) {
        /*
            boolean r0 = android.text.TextUtils.isEmpty(r8)
            if (r0 != 0) goto Lb
            java.lang.String r0 = "*."
            r8.startsWith(r0)
        Lb:
            java.util.Map r0 = com.fillr.browsersdk.tls.CertificateRegistry.GENERATED_CERTS
            java.lang.Object r1 = r0.get(r8)
            com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate r1 = (com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate) r1
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            java.lang.String r3 = "Getting whitelisted certificate "
            r2.<init>(r3)
            r2.append(r8)
            java.lang.String r2 = r2.toString()
            java.lang.String r3 = "message"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r2, r3)
            com.fillr.browsersdk.Fillr r2 = com.fillr.browsersdk.Fillr.getInstance()
            com.fillr.browsersdk.FillrConfig r2 = r2.fillrConfig
            if (r1 == 0) goto L87
            com.fillr.browsersdk.tls.asn1.complextypes.TBSCertificate r1 = r1.tbsCert
            if (r1 == 0) goto L65
            com.fillr.browsersdk.tls.asn1.complextypes.Validity r1 = r1.validity
            if (r1 == 0) goto L65
            com.fillr.browsersdk.tls.asn1.ASN1Value r2 = r1.notBefore
            com.fillr.browsersdk.tls.asn1.ASN1Time r2 = (com.fillr.browsersdk.tls.asn1.ASN1Time) r2
            if (r2 == 0) goto L65
            com.fillr.browsersdk.tls.asn1.ASN1Value r1 = r1.notAfter
            com.fillr.browsersdk.tls.asn1.ASN1Time r1 = (com.fillr.browsersdk.tls.asn1.ASN1Time) r1
            if (r1 != 0) goto L44
            goto L65
        L44:
            java.util.Date r4 = new java.util.Date
            r4.<init>()
            long r4 = r4.getTime()
            java.io.Serializable r2 = r2.date
            java.util.Date r2 = (java.util.Date) r2
            long r6 = r2.getTime()
            java.io.Serializable r1 = r1.date
            java.util.Date r1 = (java.util.Date) r1
            long r1 = r1.getTime()
            int r6 = (r4 > r6 ? 1 : (r4 == r6 ? 0 : -1))
            if (r6 < 0) goto L65
            int r1 = (r4 > r1 ? 1 : (r4 == r1 ? 0 : -1))
            if (r1 <= 0) goto L87
        L65:
            r0.remove(r8)
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            java.lang.String r2 = "Removing expired certificate "
            r1.<init>(r2)
            r1.append(r8)
            java.lang.String r1 = r1.toString()
            java.lang.String r2 = "tag"
            java.lang.String r4 = "fillr.proxy"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r4, r2)
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r1, r3)
            com.fillr.browsersdk.Fillr r1 = com.fillr.browsersdk.Fillr.getInstance()
            com.fillr.browsersdk.FillrConfig r1 = r1.fillrConfig
        L87:
            java.lang.Object r8 = r0.get(r8)
            com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate r8 = (com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate) r8
            return r8
        */
        throw new UnsupportedOperationException("Method not decompiled: com.fillr.browsersdk.tls.CertificateRegistry.getWhitelistedCertificate(java.lang.String):com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate");
    }
}
