package com.fillr.browsersdk.tls;

import android.text.TextUtils;
import com.fillr.browsersdk.tls.asn1.ASN1ObjectId;
import com.fillr.browsersdk.tls.asn1.ASN1Time;
import com.fillr.browsersdk.tls.asn1.ASN1UtfString;
import com.fillr.browsersdk.tls.asn1.complextypes.PublicKeyInfo;
import com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate;
import com.fillr.browsersdk.tls.asn1.complextypes.TBSCertificate;
import com.fillr.browsersdk.tls.asn1.complextypes.Validity;
import com.fillr.core.FEDefaultFlow;
import java.math.BigInteger;
import java.security.KeyPair;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;

/* loaded from: classes7.dex */
public abstract class CertificateRegistry {
    public static final String[] BANNED_HOSTS = {"^(api|ft|schema)\\.fillr\\.com", "^rakuten\\.co\\.jp$", ".*\\.rakuten\\.co\\.jp$"};
    public static final Map GENERATED_CERTS = Collections.synchronizedMap(new HashMap());

    public static SSLCertificate generateSelfSignedCertificate(String str, KeyPair keyPair) {
        if (TextUtils.isEmpty(str) || keyPair == null) {
            return null;
        }
        String[] strArr = BANNED_HOSTS;
        for (int i = 0; i < 3; i++) {
            if (str.matches(strArr[i])) {
                return null;
            }
        }
        if (!TextUtils.isEmpty(str)) {
            str.startsWith("*.");
        }
        SSLCertificate whitelistedCertificate = getWhitelistedCertificate(str);
        if (whitelistedCertificate != null) {
            return whitelistedCertificate;
        }
        if (TextUtils.isEmpty(str)) {
            str = "FillrCA";
        }
        UUID randomUUID = UUID.randomUUID();
        BigInteger or = BigInteger.valueOf(randomUUID.getMostSignificantBits()).shiftLeft(64).or(BigInteger.valueOf(randomUUID.getLeastSignificantBits()));
        if (or.signum() < 1) {
            or = or.negate();
        }
        SSLCertificate sSLCertificate = new SSLCertificate(or, new Validity(new ASN1ObjectId(ASN1ObjectId.SHA256_WITH_RSA)), new PublicKeyInfo(keyPair.getPublic().getEncoded()), keyPair);
        TBSCertificate tBSCertificate = sSLCertificate.tbsCert;
        String bigInteger = ((BigInteger) tBSCertificate.serialNumber.date).toString(16);
        ASN1Time aSN1Time = tBSCertificate.issuer;
        ((List) aSN1Time.date).clear();
        ASN1Time aSN1Time2 = new ASN1Time(1);
        int[] iArr = ASN1ObjectId.COMMON_NAME;
        aSN1Time2.addValue(new Validity(new ASN1ObjectId(iArr), new ASN1UtfString(str)));
        aSN1Time.addValue(aSN1Time2);
        if (!TextUtils.isEmpty(bigInteger)) {
            ASN1Time aSN1Time3 = new ASN1Time(1);
            aSN1Time3.addValue(new Validity(new ASN1ObjectId(ASN1ObjectId.ORGANIZATIONAL_UNIT), new ASN1UtfString(bigInteger)));
            aSN1Time.addValue(aSN1Time3);
        }
        ASN1Time aSN1Time4 = tBSCertificate.subject;
        ((List) aSN1Time4.date).clear();
        ASN1Time aSN1Time5 = new ASN1Time(1);
        aSN1Time5.addValue(new Validity(new ASN1ObjectId(iArr), new ASN1UtfString(str)));
        aSN1Time4.addValue(aSN1Time5);
        FEDefaultFlow.d("Generated self-signed certificate for host=" + str + ", serial=" + ((BigInteger) tBSCertificate.serialNumber.date).toString(16));
        GENERATED_CERTS.put(str, sSLCertificate);
        FEDefaultFlow.d("Registering generated certificate");
        return sSLCertificate;
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x0065  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate getWhitelistedCertificate(java.lang.String r11) {
        /*
            boolean r0 = android.text.TextUtils.isEmpty(r11)
            if (r0 != 0) goto Lb
            java.lang.String r0 = "*."
            r11.startsWith(r0)
        Lb:
            java.util.Map r0 = com.fillr.browsersdk.tls.CertificateRegistry.GENERATED_CERTS
            java.lang.Object r1 = r0.get(r11)
            com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate r1 = (com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate) r1
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            java.lang.String r3 = "Getting whitelisted certificate "
            r2.<init>(r3)
            r2.append(r11)
            java.lang.String r2 = r2.toString()
            com.fillr.core.FEDefaultFlow.d(r2)
            if (r1 == 0) goto L7a
            r2 = 1
            com.fillr.browsersdk.tls.asn1.complextypes.TBSCertificate r1 = r1.tbsCert
            if (r1 == 0) goto L66
            com.fillr.browsersdk.tls.asn1.complextypes.Validity r1 = r1.validity
            r3 = 0
            if (r1 == 0) goto L61
            com.fillr.browsersdk.tls.asn1.ASN1Value r4 = r1.notBefore
            com.fillr.browsersdk.tls.asn1.ASN1Time r4 = (com.fillr.browsersdk.tls.asn1.ASN1Time) r4
            if (r4 == 0) goto L61
            com.fillr.browsersdk.tls.asn1.ASN1Value r1 = r1.notAfter
            com.fillr.browsersdk.tls.asn1.ASN1Time r1 = (com.fillr.browsersdk.tls.asn1.ASN1Time) r1
            if (r1 != 0) goto L3d
            goto L61
        L3d:
            java.util.Date r5 = new java.util.Date
            r5.<init>()
            long r5 = r5.getTime()
            java.io.Serializable r4 = r4.date
            java.util.Date r4 = (java.util.Date) r4
            long r7 = r4.getTime()
            java.io.Serializable r1 = r1.date
            java.util.Date r1 = (java.util.Date) r1
            long r9 = r1.getTime()
            int r1 = (r5 > r7 ? 1 : (r5 == r7 ? 0 : -1))
            if (r1 < 0) goto L61
            int r1 = (r5 > r9 ? 1 : (r5 == r9 ? 0 : -1))
            if (r1 <= 0) goto L5f
            goto L61
        L5f:
            r1 = r3
            goto L62
        L61:
            r1 = r2
        L62:
            if (r1 == 0) goto L65
            goto L66
        L65:
            r2 = r3
        L66:
            if (r2 == 0) goto L7a
            r0.remove(r11)
            java.lang.String r1 = "Removing expired certificate %s"
            java.lang.Object[] r2 = new java.lang.Object[]{r11}
            java.lang.String r1 = java.lang.String.format(r1, r2)
            java.lang.String r2 = "fillr.proxy"
            com.fillr.core.FEDefaultFlow.d(r2, r1)
        L7a:
            java.lang.Object r11 = r0.get(r11)
            com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate r11 = (com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate) r11
            return r11
        */
        throw new UnsupportedOperationException("Method not decompiled: com.fillr.browsersdk.tls.CertificateRegistry.getWhitelistedCertificate(java.lang.String):com.fillr.browsersdk.tls.asn1.complextypes.SSLCertificate");
    }
}
