package c;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class h implements p {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f106a = Logger.getLogger("psdz.log");
    private static Class t = null;
    private static n u = null;
    private KeyStore h;
    private Hashtable p;
    private Hashtable q;
    private Hashtable r;
    private v s;
    private Hashtable v;

    /* renamed from: b, reason: collision with root package name */
    private final String f107b = "sec_security.lic";

    /* renamed from: c, reason: collision with root package name */
    private final String f108c = "sec_certificates.pem";
    private final String d = "No valid tester license file given.";
    private boolean e = false;
    private String f = "";
    private boolean g = false;
    private final X509Certificate[] i = new X509Certificate[3];
    private X509Certificate j = null;
    private X509Certificate k = null;
    private X509Certificate l = null;
    private X509Certificate m = null;
    private String n = "";
    private String o = "";

    private void a(File file) {
        this.g = false;
        ag agVar = new ag(file);
        this.q = new Hashtable();
        f106a.info("Found " + agVar.f95a.size() + " certificates within PEM file.");
        Hashtable hashtable = agVar.f95a;
        Enumeration keys = hashtable.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            X509Certificate x509Certificate = (X509Certificate) hashtable.get(str);
            String lowerCase = str.toLowerCase();
            if (lowerCase.indexOf("fzg-root-ca") >= 0) {
                String name = x509Certificate.getIssuerDN().getName();
                if (name.indexOf("fzg-root-ca") < 0) {
                    throw new ac(aa.ROOT_CERTIFICATE_IS_NOT_SELF_SIGNED_ISSUER_IS_SUBJECT_IS, new Object[]{name, "fzg-root-ca"});
                }
                this.i[2] = x509Certificate;
            } else if (lowerCase.indexOf("fzgsec-ca") >= 0) {
                this.i[1] = x509Certificate;
            } else if (lowerCase.indexOf("codier-sign") >= 0) {
                byte[] a2 = d.a(x509Certificate.getPublicKey().getEncoded());
                if (lowerCase.startsWith("uid=develop")) {
                    this.n = e.a(a2);
                    this.k = x509Certificate;
                } else if (lowerCase.startsWith("uid=field")) {
                    this.o = e.a(a2);
                    this.l = x509Certificate;
                } else {
                    f106a.warning("Found a coding certficate with an wrong UID in Subject: " + lowerCase);
                }
            } else if (lowerCase.indexOf("kis-sign") >= 0) {
                this.m = x509Certificate;
            } else if (lowerCase.indexOf("zentrale master freischaltcodestelle") >= 0) {
                f106a.info("Found a FSCS certificate: " + lowerCase);
                this.q.put(x509Certificate.getSerialNumber(), x509Certificate);
            } else {
                f106a.warning("Certificate is not listed as trusted certificates! This certificate is not used! SubjectCN is: " + lowerCase);
            }
        }
    }

    private void a(File file, String str) {
        try {
            x xVar = new x(file);
            this.p = new Hashtable();
            PrivateKey b2 = b(this.f);
            Enumeration keys = xVar.f136a.keys();
            while (keys.hasMoreElements()) {
                String str2 = (String) keys.nextElement();
                t tVar = (t) xVar.f136a.get(str2);
                if (tVar.f130c.compareToIgnoreCase(str) == 0) {
                    try {
                        this.p.put(str2, d.a(d.a(tVar.d, b2), tVar.f129b));
                    } catch (Exception e) {
                        throw new Exception("Double keyReference entry for same license key." + e.toString());
                    }
                }
            }
            g.a(xVar.f137b);
            if (this.p == null || this.p.isEmpty()) {
                this.g = false;
                throw new ac(aa.NO_SESSION_KEY_FOUND_FOR_TLD_ACCESS_TO_AUTH_AND_NCD_KEYS_AREN_T_ALLOWED);
            }
        } catch (Exception e2) {
            f106a.warning("Clearing key reference table!");
            this.p.clear();
            this.g = false;
            throw new ac(aa.ERROR_ANALYSING_KEYREFERENCE_FILE, e2);
        }
    }

    private static void a(Certificate[] certificateArr) {
        X509Certificate x509Certificate = null;
        String str = "";
        if (certificateArr == null || certificateArr.length == 0) {
            throw new ac(aa.NULL_ARGUMENTS_AREN_T_ALLOWED);
        }
        try {
            try {
                int length = certificateArr.length - 1;
                String str2 = "";
                String str3 = "";
                while (length >= 0) {
                    try {
                        X509Certificate b2 = d.b(certificateArr[length].getEncoded());
                        str3 = b2.getSubjectDN().getName();
                        String name = b2.getIssuerDN().getName();
                        if (x509Certificate == null) {
                            if (str3.compareTo(name) != 0) {
                                throw new ac(aa.SUBJECT_AND_ISSUER_FROM_ROOT_CERTIFICATE_DOESN_T_MATCH, new Object[]{str3, name});
                            }
                            b2.verify(b2.getPublicKey());
                        } else {
                            if (str2.compareTo(name) != 0) {
                                throw new ac(aa.SUBJECT_OF_PARENT_CERTIFICATE_DOESN_T_MATCH_TO_ISSUER_OF_CLIENT_CERTIFICATE, new Object[]{str2, name});
                            }
                            b2.verify(x509Certificate.getPublicKey());
                        }
                        try {
                            b2.checkValidity();
                        } catch (CertificateExpiredException e) {
                            f106a.warning("Client certificate " + str3 + " validity has expired!");
                        } catch (CertificateNotYetValidException e2) {
                            f106a.warning("Client Certificate " + str3 + " is not yet valid!");
                        }
                        length--;
                        str2 = str3;
                        x509Certificate = b2;
                    } catch (SignatureException e3) {
                        e = e3;
                        str = str3;
                        throw new ac(aa.COULDN_T_VERIFY_CLIENT_SIGNATURE_OF_CERTIFICATE, e, new Object[]{str});
                    }
                }
            } catch (SignatureException e4) {
                e = e4;
            }
        } catch (InvalidKeyException e5) {
            throw new ac(aa.INVALID_KEY_USED_TO_CHECK_CERTIFICATE_SIGNATURE, e5);
        } catch (NoSuchAlgorithmException e6) {
            throw new ac(aa.UNABLE_TO_OPTAIN_CRYPTOGRAPHIKAL_ALGORITHM_TO_CHECK_CERTIFICATE_SIGNATURE, e6);
        } catch (NoSuchProviderException e7) {
            throw new ac(aa.COULDN_T_USE_JCE_PROVIDER_TO_VERIFY_CERTIFICATE_SIGNATURE, e7);
        } catch (CertificateException e8) {
            throw new ac(aa.COULDN_T_CHECK_CERTIFICATE_CHAIN, e8);
        }
    }

    private PrivateKey b(String str) {
        Enumeration keys = this.v.keys();
        PrivateKey privateKey = null;
        while (keys.hasMoreElements()) {
            String str2 = (String) keys.nextElement();
            if (str2 != null && str2.indexOf(str) >= 0) {
                privateKey = (PrivateKey) this.v.get(str2);
            }
        }
        if (privateKey == null) {
            throw new ac(aa.TLD_RSA_KEY_WAS_NOT_FOUND_WITHIN_THE_TLD_INVALID_TLD_FILE);
        }
        return privateKey;
    }

    private void b(File file) {
        this.g = false;
        af afVar = new af(file);
        this.r = new Hashtable();
        this.v = new Hashtable();
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    this.s = new v();
                                    char[] charArray = e.a(d.a(this.s.a(afVar.a()), "SHA1")).toCharArray();
                                    this.h = KeyStore.getInstance("PKCS12");
                                    this.h.load(afVar.b(), charArray);
                                    Enumeration<String> aliases = this.h.aliases();
                                    while (aliases.hasMoreElements()) {
                                        String nextElement = aliases.nextElement();
                                        Certificate[] certificateChain = this.h.getCertificateChain(nextElement);
                                        if (certificateChain == null) {
                                            this.g = false;
                                            throw new ac(aa.NO_CERTIFICATES_FOUND_IN_TLD);
                                        }
                                        if (certificateChain.length == 1) {
                                            f106a.warning("****** Using workaround for buggy TLD.");
                                            if (nextElement.toLowerCase().indexOf("codier-encrypt") >= 0) {
                                                certificateChain[0] = f.a("codier-encrypt");
                                            } else if (nextElement.toLowerCase().indexOf("e-sys") >= 0) {
                                                certificateChain[0] = f.a("e-sys");
                                            }
                                        }
                                        if (!((X509Certificate) certificateChain[0]).getSubjectDN().toString().equalsIgnoreCase(nextElement)) {
                                            throw new ac(aa.CERTIFICATE_SUBJECT_IS_NOT_A_WELL_DEFINED_TLD_SUBJECT, new Object[]{"[Different TLD alias (" + nextElement + ") and Certificate subject: " + ((X509Certificate) certificateChain[0]).getSubjectDN().toString() + "]"});
                                        }
                                        Key key = this.h.getKey(nextElement, charArray);
                                        if (key == null) {
                                            throw new ac(aa.NO_CRYPTOGRAPHIC_KEYS_FOUND_WITHIN_TLD_INVALID_TLD_FILE);
                                        }
                                        this.v.put(nextElement, (PrivateKey) key);
                                        if (nextElement.toLowerCase().indexOf("codier-encrypt") >= 0) {
                                            this.r.put((X509Certificate) certificateChain[0], nextElement);
                                        } else {
                                            if (nextElement.toLowerCase().indexOf("-sys") < 0) {
                                                this.g = false;
                                                throw new ac(aa.CERTIFICATE_SUBJECT_IS_NOT_A_WELL_DEFINED_TLD_SUBJECT, new Object[]{nextElement});
                                            }
                                            this.j = (X509Certificate) certificateChain[0];
                                            this.f = nextElement;
                                        }
                                    }
                                    afVar.c();
                                    if (this.r.isEmpty() || this.j == null) {
                                        this.g = false;
                                        throw new ac(aa.IT_WAS_NOT_POSSIBLE_TO_READ_COMPLETE_CERTIFICATE_CHAIN_FROM, new Object[]{"sec_security.lic"});
                                    }
                                    this.i[0] = this.j;
                                    a(this.i);
                                    Enumeration keys = this.r.keys();
                                    while (keys.hasMoreElements()) {
                                        this.i[0] = (X509Certificate) keys.nextElement();
                                        a(this.i);
                                    }
                                    this.i[0] = null;
                                } catch (CertificateException e) {
                                    this.g = false;
                                    throw new ac(aa.UNABLE_TO_DECRYPT_TLD, e);
                                }
                            } catch (FileNotFoundException e2) {
                                this.g = false;
                                throw new y(aa.TESTER_LICENSE_FILE_NOT_FOUND, e2, new Object[]{file.getAbsolutePath()});
                            }
                        } catch (NoSuchAlgorithmException e3) {
                            this.g = false;
                            throw new ac(aa.UNABLE_TO_DECRYPT_TLD, e3);
                        }
                    } catch (IllegalArgumentException e4) {
                        this.g = false;
                        throw new y(aa.TESTER_LICENSE_FILE_NOT_FOUND, e4, new Object[]{file.getAbsolutePath()});
                    }
                } catch (IOException e5) {
                    this.g = false;
                    throw new y(aa.COULDN_T_READ, e5, new Object[]{file.getAbsolutePath()});
                }
            } catch (KeyStoreException e6) {
                this.g = false;
                throw new ac(aa.UNABLE_TO_DECRYPT_TLD, e6, new Object[]{file.getAbsolutePath()});
            } catch (UnrecoverableKeyException e7) {
                this.g = false;
                throw new ac(aa.UNABLE_TO_DECRYPT_TLD, e7);
            }
        } catch (Throwable th) {
            afVar.c();
            throw th;
        }
    }

    private byte[] e() {
        if (!this.e) {
            throw new RuntimeException("EST-CM isn't connected; unable to read EST certificate serial number.");
        }
        try {
            t.getMethod("getEstSerialNo", new Class[0]);
            return e.a(u.b());
        } catch (Exception e) {
            f106a.log(Level.WARNING, "EST-CM object may not be initialized or EST is not activated. Unable to read EST certificate serial number!");
            throw new RuntimeException("Unable to read EST certificate serial number.", e);
        }
    }

    @Override // c.p
    public final Key a(s sVar, String str) {
        if (!this.g) {
            throw new ac(aa.INVALID_CALL_FOR_DECRYPT_WITH_SESSION_KEY, new Object[]{"No valid tester license file given."});
        }
        if (sVar == null || sVar.d == null || sVar.f127c == null || str == null) {
            throw new y(aa.NULL_ARGUMENTS_AREN_T_ALLOWED_PLEASE_CALL_WITH_CORRECT_PARAMETERS);
        }
        if (sVar.f125a) {
            return d.a(sVar.d, sVar.f126b);
        }
        if (!this.g) {
            throw new ac(aa.INVALID_CALL_FOR_KEY_REFERENCE_KEYS, new Object[]{"No valid tester license file given."});
        }
        if (str == null || str.length() == 0) {
            throw new y(aa.NULL_ARGUMENTS_AREN_T_ALLOWED);
        }
        Key key = (Key) this.p.get(str);
        if (key == null) {
            throw new y(aa.UNABLE_TO_GET_SESSION_KEY_WITH_NAME, new Object[]{str});
        }
        return d.a(sVar, key);
    }

    public final void a(File file, File file2) {
        try {
            Object[] objArr = new Object[0];
            Class<?>[] clsArr = new Class[0];
            if (t == null) {
                t = Class.forName("com.bmw.est.cm.core.ESTCM", false, Thread.currentThread().getContextClassLoader());
            }
            Method declaredMethod = t.getDeclaredMethod("getInstance", clsArr);
            if (u == null) {
                u = (n) declaredMethod.invoke(objArr, objArr);
            }
            f106a.log(Level.INFO, "Connection to est-cm established (est-cm Version: " + u.a() + ").");
            this.e = true;
        } catch (ClassNotFoundException e) {
            this.e = false;
            f106a.log(Level.FINE, "CAF / FDL developer mode deactivated. Working with developer signed CAFs / FDLs aren't allowed!");
        } catch (Exception e2) {
            this.e = false;
            f106a.log(Level.WARNING, "Unexpected error while connection to est-cm. Working with developer signed CAFs aren't allowed!", (Throwable) e2);
        }
        a(new File(file2.getAbsolutePath(), "sec_certificates.pem"));
        b(new File(file.getAbsolutePath(), "sec_security.lic"));
        if (this.l == null) {
            this.g = false;
            throw new ad(aa.ERROR_CHECKING_CERTIFICATE_CHAIN_NO_CLIENT_CERTIFICATES_WERE_READ);
        }
        this.i[0] = this.l;
        a(this.i);
        if (this.k != null) {
            this.i[0] = this.k;
            a(this.i);
        }
        if (this.m != null) {
            this.i[0] = this.m;
            a(this.i);
        }
        this.i[0] = null;
        this.g = true;
        if (!this.g) {
            throw new ad(aa.INVALID_CALL_FOR_INIT_PLEASE_AUTHENTICATE_TESTER_FIRST);
        }
        a(file2, this.j.getSubjectDN().toString().replaceAll(" ", ""));
    }

    @Override // c.p
    public final boolean a() {
        return this.g;
    }

    @Override // c.p
    public final boolean a(String str) {
        if (!this.g) {
            throw new ac(aa.INVALID_CALL_VALIDATE_SESSION_KEY_REFERENCE, new Object[]{"No valid tester license file given."});
        }
        if (str == null || str.length() == 0) {
            throw new ac(aa.NULL_ARGUMENTS_AREN_T_ALLOWED_PLEASE_CALL_WITH_A_NOT_NULL_ARGUMENT);
        }
        if (this.p == null || this.p.isEmpty()) {
            throw new ac(aa.SESSION_KEY_LIST_IS_NULL_OR_CONTAINS_NO_SESSION_KEYS);
        }
        return this.p.containsKey(str);
    }

    @Override // c.p
    public final byte[] a(byte[] bArr, String str) {
        if (this.g) {
            return d.a(20, b(this.f), bArr, str);
        }
        throw new ac(aa.INVALID_CALL_FOR_CRYPTO_ROUTINES_FOR_MSM, new Object[]{"No valid tester license file given."});
    }

    @Override // c.p
    public final X509Certificate b() {
        if (this.g) {
            return this.j;
        }
        return null;
    }

    @Override // c.p
    public final byte[] c() {
        byte[] byteArray;
        try {
            byteArray = e();
            if (f106a.isLoggable(Level.FINE)) {
                f106a.fine("Got EST certificate serial number: " + e.a(byteArray));
            }
        } catch (RuntimeException e) {
            byteArray = this.j.getSerialNumber().toByteArray();
            if (f106a.isLoggable(Level.FINE)) {
                f106a.fine("Got TLD certificate serial number: " + e.a(byteArray));
            }
        }
        return byteArray;
    }

    @Override // c.p
    public final k d() {
        return k.Common;
    }
}
