package net.soti.mobicontrol.cert;

import android.util.Log;
import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.regex.Pattern;
import net.soti.mobicontrol.certificate.CertificateDetector;
import net.soti.mobicontrol.datacollection.custom.CustomDataStorage;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: classes.dex */
public final class CertificateHelper {
    public static final String CA_CERTIFICATE = "CACERT_";
    public static final String CERT = "CERT";
    private static final String CN = "CN";
    public static final int HEX = 16;
    public static final String PKCS12 = "PKCS12";
    public static final String X509 = "X.509";
    private static final Pattern LIST_DELIMITER = Pattern.compile(",");
    private static final Pattern KEY_VALUE_DELIMITER = Pattern.compile(CustomDataStorage.SEAPERATOR);
    private static final Pattern MARK_THAT_IT_IS_NOT_COMMON_NAME = Pattern.compile("C=|O=");
    private static final Pattern ALIAS_PATTERN = Pattern.compile("[^A-Za-z0-9]");

    private CertificateHelper() {
    }

    public static String createAlias(@NotNull String str, @NotNull BigInteger bigInteger) {
        return ALIAS_PATTERN.matcher(str + bigInteger.toString(16)).replaceAll("");
    }

    public static String createAlias(X509Certificate x509Certificate) {
        return createAlias(getCommonName(x509Certificate.getSubjectDN().getName()), x509Certificate.getSerialNumber());
    }

    @SuppressWarnings({"DE_MIGHT_IGNORE"})
    @Nullable
    public static CertificateMetadata fromRawData(byte[] bArr, String str) {
        Certificate certificate = getCertificate(bArr, str);
        X509Certificate x509Certificate = null;
        if (certificate != null && (certificate instanceof X509Certificate)) {
            x509Certificate = (X509Certificate) certificate;
            Log.i("soti", "CERT raw data determined to be X509 type");
        }
        if (x509Certificate != null) {
            return new CertificateMetadata(createAlias(x509Certificate), x509Certificate, Origin.MANAGED);
        }
        return null;
    }

    public static Certificate getCertificate(byte[] bArr, String str) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Certificate certificate = null;
        try {
            byteArrayInputStream.reset();
            certificate = CertificateFactory.getInstance(X509).generateCertificate(byteArrayInputStream);
        } catch (Exception e) {
            Log.e("soti", String.format("\tFailed resolving CERT from factory, err=%s", e));
        }
        if (certificate != null) {
            return certificate;
        }
        byteArrayInputStream.reset();
        return getCertificate(str, PKCS12, byteArrayInputStream);
    }

    public static X509Certificate getCertificate(@NotNull String str, @Nullable String str2, @NotNull ByteArrayInputStream byteArrayInputStream) {
        if (str2 == null) {
            try {
                str2 = KeyStore.getDefaultType();
            } catch (Exception e) {
                Log.e("soti", String.format("\nFailed resolving CERT from keyStore, err=%s", e));
                return null;
            }
        }
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(byteArrayInputStream, str.toCharArray());
        return (X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement());
    }

    public static byte[] getCertificateDigest(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(CertificateDetector.ALGORITHM);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    public static String getCertificateType(byte[] bArr, String str) {
        return getCertificate(str, PKCS12, new ByteArrayInputStream(bArr)) == null ? "CERT" : PKCS12;
    }

    public static String getCommonName(String str) {
        ArrayList<String> arrayList = new ArrayList();
        for (String str2 : LIST_DELIMITER.split(str)) {
            String[] split = KEY_VALUE_DELIMITER.split(str2);
            if (CN.equals(split[0])) {
                arrayList.add(split[1]);
            }
        }
        Collections.sort(arrayList);
        StringBuilder sb = new StringBuilder();
        for (String str3 : arrayList) {
            if (sb.length() > 0) {
                sb.append(',');
            }
            sb.append(str3);
        }
        return sb.toString();
    }

    public static boolean isCA(X509Certificate x509Certificate) {
        return x509Certificate.getBasicConstraints() != -1;
    }

    public static boolean isEqualCN(String str, String str2) {
        return new HashSet(Arrays.asList(LIST_DELIMITER.split(str))).equals(new HashSet(Arrays.asList(LIST_DELIMITER.split(str2))));
    }

    public static boolean isX509(@NotNull byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        try {
            byteArrayInputStream.reset();
            CertificateFactory.getInstance(X509).generateCertificate(byteArrayInputStream);
            return true;
        } catch (Exception e) {
            Log.e("soti", String.format("CertificateFactory failure, err=%s", e));
            return false;
        }
    }

    public static boolean needToBeParsed(String str) {
        return MARK_THAT_IT_IS_NOT_COMMON_NAME.matcher(str).find();
    }
}
