package com.bosch.sh.connector.certificate;

import android.content.Context;
import android.content.SharedPreferences;
import ch.qos.logback.core.net.SyslogConstants;
import com.android.tools.r8.GeneratedOutlineSupport;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1Boolean;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1Integer;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.DERBitString;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERTaggedObject;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.Certificate;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.TBSCertificate;
import org.spongycastle.asn1.x509.Time;
import org.spongycastle.asn1.x509.V3TBSCertificateGenerator;
import org.spongycastle.cert.CertIOException;
import org.spongycastle.cert.CertUtils;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.operator.jcajce.OperatorHelper;

/* loaded from: classes.dex */
public class ClientCertKeyStoreLegacy extends ClientCertKeyStore {
    private static final String KEYSTORE_FILENAME = "clientCert.keystore";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ClientCertKeyStoreLegacy.class);
    private static final String PREF_FILE = "pref.store.keystorePassword";
    private static final String PREF_KEY_PASSWORD = "pref.key.keystorePassword";
    private final File keyStoreFile;
    private final SharedPreferences passwordPreferences;

    public ClientCertKeyStoreLegacy(Context context) {
        super(context);
        this.keyStoreFile = new File(getContext().getFilesDir(), KEYSTORE_FILENAME);
        this.passwordPreferences = context.getSharedPreferences(PREF_FILE, 0);
    }

    private KeyStore loadKeyStoreFromFile(KeyStore keyStore, File file, char[] cArr) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            keyStore.load(fileInputStream, cArr);
            return keyStore;
        } finally {
            fileInputStream.close();
        }
    }

    private void saveKeyStore() throws IOException, GeneralSecurityException {
        FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
        try {
            getKeyStore().store(fileOutputStream, getPassword());
        } finally {
            fileOutputStream.close();
        }
    }

    private void savePassword(String str) {
        this.passwordPreferences.edit().putString(PREF_KEY_PASSWORD, str).apply();
    }

    public boolean deleteKeyStore() {
        return this.keyStoreFile.delete();
    }

    @Override // com.bosch.sh.connector.certificate.ClientCertKeyStore
    public void generateRsaKeyPair(String str, X500Principal x500Principal, Date date, Date date2) throws GeneralSecurityException, IOException, OperatorCreationException {
        Signature createSignature;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        BigInteger bigInteger = BigInteger.ONE;
        PublicKey publicKey = generateKeyPair.getPublic();
        X500Name x500Name = X500Name.getInstance(x500Principal.getEncoded());
        X500Name x500Name2 = X500Name.getInstance(x500Principal.getEncoded());
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        Time time = new Time(date);
        Time time2 = new Time(date2);
        V3TBSCertificateGenerator v3TBSCertificateGenerator = new V3TBSCertificateGenerator();
        v3TBSCertificateGenerator.serialNumber = new ASN1Integer(bigInteger);
        v3TBSCertificateGenerator.issuer = x500Name;
        v3TBSCertificateGenerator.startDate = time;
        v3TBSCertificateGenerator.endDate = time2;
        v3TBSCertificateGenerator.subject = x500Name2;
        v3TBSCertificateGenerator.subjectPublicKeyInfo = subjectPublicKeyInfo;
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.basicConstraints;
        ASN1Boolean.getInstance(false);
        List list = CertUtils.EMPTY_LIST;
        try {
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            if (0 != 0) {
                aSN1EncodableVector.v.addElement(null);
            }
            byte[] encoded = new DERSequence(aSN1EncodableVector).getEncoded("DER");
            if (extensionsGenerator.extensions.containsKey(aSN1ObjectIdentifier)) {
                throw new IllegalArgumentException("extension " + aSN1ObjectIdentifier + " already added");
            }
            extensionsGenerator.extOrdering.addElement(aSN1ObjectIdentifier);
            extensionsGenerator.extensions.put(aSN1ObjectIdentifier, new Extension(aSN1ObjectIdentifier, true, new DEROctetString(encoded)));
            DERBitString dERBitString = new DERBitString(SyslogConstants.LOG_LOCAL5);
            ASN1ObjectIdentifier aSN1ObjectIdentifier2 = Extension.keyUsage;
            List list2 = CertUtils.EMPTY_LIST;
            try {
                byte[] encoded2 = dERBitString.getEncoded("DER");
                if (extensionsGenerator.extensions.containsKey(aSN1ObjectIdentifier2)) {
                    throw new IllegalArgumentException("extension " + aSN1ObjectIdentifier2 + " already added");
                }
                extensionsGenerator.extOrdering.addElement(aSN1ObjectIdentifier2);
                extensionsGenerator.extensions.put(aSN1ObjectIdentifier2, new Extension(aSN1ObjectIdentifier2, true, new DEROctetString(encoded2)));
                JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(ClientCertKeyStore.SIGNATURE_ALGORITHM);
                PrivateKey privateKey = generateKeyPair.getPrivate();
                try {
                    OperatorHelper operatorHelper = jcaContentSignerBuilder.helper;
                    AlgorithmIdentifier algorithmIdentifier = jcaContentSignerBuilder.sigAlgId;
                    Objects.requireNonNull(operatorHelper);
                    try {
                        createSignature = operatorHelper.helper.createSignature(OperatorHelper.getSignatureName(algorithmIdentifier));
                    } catch (NoSuchAlgorithmException e) {
                        Map map = OperatorHelper.oids;
                        if (map.get(algorithmIdentifier.getAlgorithm()) == null) {
                            throw e;
                        }
                        createSignature = operatorHelper.helper.createSignature((String) map.get(algorithmIdentifier.getAlgorithm()));
                    }
                    createSignature.initSign(privateKey);
                    JcaContentSignerBuilder.AnonymousClass1 anonymousClass1 = new JcaContentSignerBuilder.AnonymousClass1(createSignature);
                    JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
                    v3TBSCertificateGenerator.signature = jcaContentSignerBuilder.sigAlgId;
                    if (!extensionsGenerator.extOrdering.isEmpty()) {
                        Extension[] extensionArr = new Extension[extensionsGenerator.extOrdering.size()];
                        for (int i = 0; i != extensionsGenerator.extOrdering.size(); i++) {
                            extensionArr[i] = (Extension) extensionsGenerator.extensions.get(extensionsGenerator.extOrdering.elementAt(i));
                        }
                        Extensions extensions = new Extensions(extensionArr);
                        v3TBSCertificateGenerator.extensions = extensions;
                        Extension extension = extensions.getExtension(Extension.subjectAlternativeName);
                        if (extension != null && extension.critical) {
                            v3TBSCertificateGenerator.altNamePresentAndCritical = true;
                        }
                    }
                    if (v3TBSCertificateGenerator.serialNumber == null || v3TBSCertificateGenerator.signature == null || v3TBSCertificateGenerator.issuer == null || v3TBSCertificateGenerator.startDate == null || v3TBSCertificateGenerator.endDate == null || ((v3TBSCertificateGenerator.subject == null && !v3TBSCertificateGenerator.altNamePresentAndCritical) || v3TBSCertificateGenerator.subjectPublicKeyInfo == null)) {
                        throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
                    }
                    ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                    aSN1EncodableVector2.v.addElement(v3TBSCertificateGenerator.version);
                    aSN1EncodableVector2.v.addElement(v3TBSCertificateGenerator.serialNumber);
                    aSN1EncodableVector2.v.addElement(v3TBSCertificateGenerator.signature);
                    aSN1EncodableVector2.v.addElement(v3TBSCertificateGenerator.issuer);
                    ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                    aSN1EncodableVector3.v.addElement(v3TBSCertificateGenerator.startDate);
                    aSN1EncodableVector3.v.addElement(v3TBSCertificateGenerator.endDate);
                    aSN1EncodableVector2.v.addElement(new DERSequence(aSN1EncodableVector3));
                    X500Name x500Name3 = v3TBSCertificateGenerator.subject;
                    if (x500Name3 != null) {
                        aSN1EncodableVector2.v.addElement(x500Name3);
                    } else {
                        aSN1EncodableVector2.v.addElement(new DERSequence());
                    }
                    aSN1EncodableVector2.v.addElement(v3TBSCertificateGenerator.subjectPublicKeyInfo);
                    Extensions extensions2 = v3TBSCertificateGenerator.extensions;
                    if (extensions2 != null) {
                        aSN1EncodableVector2.v.addElement(new DERTaggedObject(true, 3, extensions2));
                    }
                    TBSCertificate tBSCertificate = TBSCertificate.getInstance(new DERSequence(aSN1EncodableVector2));
                    List list3 = CertUtils.EMPTY_LIST;
                    try {
                        AlgorithmIdentifier algorithmIdentifier2 = JcaContentSignerBuilder.this.sigAlgId;
                        byte[] generateSig = CertUtils.generateSig(anonymousClass1, tBSCertificate);
                        ASN1EncodableVector aSN1EncodableVector4 = new ASN1EncodableVector();
                        aSN1EncodableVector4.v.addElement(tBSCertificate);
                        aSN1EncodableVector4.v.addElement(algorithmIdentifier2);
                        aSN1EncodableVector4.v.addElement(new DERBitString(generateSig));
                        Certificate certificate = Certificate.getInstance(new DERSequence(aSN1EncodableVector4));
                        Extensions extensions3 = certificate.tbsCert.extensions;
                        try {
                            Objects.requireNonNull(jcaX509CertificateConverter.helper);
                            getKeyStore().setKeyEntry(str, generateKeyPair.getPrivate(), getPassword(), new java.security.cert.Certificate[]{(X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.getEncoded()))});
                            saveKeyStore();
                        } catch (IOException e2) {
                            throw new JcaX509CertificateConverter.ExCertificateParsingException(jcaX509CertificateConverter, GeneratedOutlineSupport.outline16(e2, GeneratedOutlineSupport.outline41("exception parsing certificate: ")), e2);
                        } catch (NoSuchProviderException e3) {
                            StringBuilder outline41 = GeneratedOutlineSupport.outline41("cannot find required provider:");
                            outline41.append(e3.getMessage());
                            throw new JcaX509CertificateConverter.ExCertificateException(jcaX509CertificateConverter, outline41.toString(), e3);
                        }
                    } catch (IOException unused) {
                        throw new IllegalStateException("cannot produce certificate signature");
                    }
                } catch (GeneralSecurityException e4) {
                    StringBuilder outline412 = GeneratedOutlineSupport.outline41("cannot create signer: ");
                    outline412.append(e4.getMessage());
                    throw new OperatorCreationException(outline412.toString(), e4);
                }
            } catch (IOException e5) {
                throw new CertIOException(GeneratedOutlineSupport.outline16(e5, GeneratedOutlineSupport.outline41("cannot encode extension: ")), e5);
            }
        } catch (IOException e6) {
            throw new CertIOException(GeneratedOutlineSupport.outline16(e6, GeneratedOutlineSupport.outline41("cannot encode extension: ")), e6);
        }
    }

    @Override // com.bosch.sh.connector.certificate.ClientCertKeyStore
    public char[] getPassword() {
        if (!this.passwordPreferences.contains(PREF_KEY_PASSWORD)) {
            savePassword(UUID.randomUUID().toString());
        }
        return this.passwordPreferences.getString(PREF_KEY_PASSWORD, null).toCharArray();
    }

    @Override // com.bosch.sh.connector.certificate.ClientCertKeyStore
    public boolean importKeyPair(String str, KeyStore keyStore) {
        return false;
    }

    @Override // com.bosch.sh.connector.certificate.ClientCertKeyStore
    public KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (this.keyStoreFile.exists()) {
            try {
                loadKeyStoreFromFile(keyStore, this.keyStoreFile, getPassword());
            } catch (IOException | GeneralSecurityException e) {
                LOG.error("Error loading key store, creating new one...", e);
                keyStore.load(null);
            }
        } else {
            keyStore.load(null);
        }
        return keyStore;
    }
}
