package org.strongswan.android.logic;

import android.util.Log;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes.dex */
public class TrustedCertificateManager {
    private static final String TAG = TrustedCertificateManager.class.getSimpleName();
    private Hashtable<String, X509Certificate> mCACerts;
    private boolean mLoaded;
    private final ReentrantReadWriteLock mLock;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class Singleton {
        public static final TrustedCertificateManager mInstance = new TrustedCertificateManager(null);

        private Singleton() {
        }
    }

    private TrustedCertificateManager() {
        this.mLock = new ReentrantReadWriteLock();
        this.mCACerts = new Hashtable<>();
    }

    /* synthetic */ TrustedCertificateManager(TrustedCertificateManager trustedCertificateManager) {
        this();
    }

    private Hashtable<String, X509Certificate> fetchCertificates(KeyStore keyStore) {
        Hashtable<String, X509Certificate> hashtable = new Hashtable<>();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null && (certificate instanceof X509Certificate)) {
                    hashtable.put(nextElement, (X509Certificate) certificate);
                }
            }
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
        return hashtable;
    }

    public static TrustedCertificateManager getInstance() {
        return Singleton.mInstance;
    }

    private void loadCertificates() {
        Log.d(TAG, "Load cached CA certificates");
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            this.mCACerts = fetchCertificates(keyStore);
            this.mLoaded = true;
            Log.d(TAG, "Cached CA certificates loaded");
        } catch (Exception e) {
            e.printStackTrace();
            this.mCACerts = new Hashtable<>();
        }
    }

    public Hashtable<String, X509Certificate> getAllCACertificates() {
        this.mLock.readLock().lock();
        Hashtable<String, X509Certificate> hashtable = (Hashtable) this.mCACerts.clone();
        this.mLock.readLock().unlock();
        return hashtable;
    }

    public X509Certificate getCACertificateFromAlias(String str) {
        if (this.mLock.readLock().tryLock()) {
            X509Certificate x509Certificate = this.mCACerts.get(str);
            this.mLock.readLock().unlock();
            return x509Certificate;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
            keyStore.load(null, null);
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null || !(certificate instanceof X509Certificate)) {
                return null;
            }
            return (X509Certificate) certificate;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public Hashtable<String, X509Certificate> getSystemCACertificates() {
        Hashtable<String, X509Certificate> hashtable = new Hashtable<>();
        this.mLock.readLock().lock();
        for (String str : this.mCACerts.keySet()) {
            if (str.startsWith("system:")) {
                hashtable.put(str, this.mCACerts.get(str));
            }
        }
        this.mLock.readLock().unlock();
        return hashtable;
    }

    public Hashtable<String, X509Certificate> getUserCACertificates() {
        Hashtable<String, X509Certificate> hashtable = new Hashtable<>();
        this.mLock.readLock().lock();
        for (String str : this.mCACerts.keySet()) {
            if (str.startsWith("user:")) {
                hashtable.put(str, this.mCACerts.get(str));
            }
        }
        this.mLock.readLock().unlock();
        return hashtable;
    }

    public TrustedCertificateManager load() {
        Log.d(TAG, "Ensure cached CA certificates are loaded");
        this.mLock.writeLock().lock();
        if (!this.mLoaded) {
            loadCertificates();
        }
        this.mLock.writeLock().unlock();
        return this;
    }

    public TrustedCertificateManager reload() {
        Log.d(TAG, "Force reload of cached CA certificates");
        this.mLock.writeLock().lock();
        loadCertificates();
        this.mLock.writeLock().unlock();
        return this;
    }
}
