package net.soti.ssl;

import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import net.soti.mobicontrol.certificate.CertificateDetector;
import net.soti.mobicontrol.hardware.HardwareInfo;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.util.Assert;
import net.soti.mobicontrol.util.IOUtils;

/* loaded from: classes.dex */
public class PersistentKeyStore {
    private static final String certAlias = "MC.Root.Cert";
    private final File file;
    private final HardwareInfo hardwareInfo;
    private KeyManagerFactory keyManagerFactory;
    private KeyStore keyStore;
    private List<KeyStoreListener> listeners;
    private final Logger logger;
    private final KeyStore.PasswordProtection password;
    private TrustManagerFactory trustManagerFactory;

    /* loaded from: classes.dex */
    public interface KeyStoreListener {
        void keystoreUpdated(PersistentKeyStore persistentKeyStore);
    }

    public PersistentKeyStore(File file, KeyStore.PasswordProtection passwordProtection, HardwareInfo hardwareInfo, Logger logger) {
        Assert.notNull(file, "file parameter can't be null.");
        Assert.notNull(passwordProtection, "password parameter can't be null.");
        Assert.notNull(hardwareInfo, "hardwareInfo parameter can't be null.");
        Assert.notNull(logger, "logger parameter can't be null.");
        this.file = file;
        this.password = passwordProtection;
        this.hardwareInfo = hardwareInfo;
        this.logger = logger;
        this.keyStore = null;
        this.listeners = new LinkedList();
    }

    public static boolean checkCert(Certificate certificate, Certificate certificate2) {
        try {
            certificate2.verify(certificate.getPublicKey());
            return true;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }

    public static Certificate decodeCertificate(String str) throws SotiSslException {
        try {
            int length = str.length() / 2;
            byte[] bArr = new byte[length];
            for (int i = 0; i < length; i++) {
                bArr[i] = (byte) Integer.parseInt(str.substring(i * 2, (i * 2) + 2), 16);
            }
            return decodeCertificate(bArr);
        } catch (NumberFormatException e) {
            throw new SotiSslException("Exception parsing Certificate", e);
        }
    }

    public static Certificate decodeCertificate(byte[] bArr) throws SotiSslException {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new SotiSslException(e);
        }
    }

    private Certificate[] fixChain(Certificate[] certificateArr) throws SotiSslException {
        if (certificateArr != null && certificateArr.length > 0) {
            Certificate certificate = certificateArr[certificateArr.length - 1];
            X509Certificate findTrustedCertificate = findTrustedCertificate(certificate);
            if (findTrustedCertificate == null && checkCert(certificate, certificate)) {
                this.logger.debug("DEBUG: Adding self-signed cert to trusted certs: ", certificate);
                addTrustedCertificate(certificate);
            } else if (findTrustedCertificate != null && !findTrustedCertificate.equals(certificate)) {
                this.logger.debug("DEBUG: Adding trusted cert to end of certificate chain: ", findTrustedCertificate);
                Certificate[] certificateArr2 = new Certificate[certificateArr.length + 1];
                System.arraycopy(certificateArr, 0, certificateArr2, 0, certificateArr.length);
                certificateArr2[certificateArr.length] = findTrustedCertificate;
                return certificateArr2;
            }
        }
        return certificateArr;
    }

    private char[] getPassword() {
        return hashString(this.password.getPassword() + this.hardwareInfo.getAndroidDeviceId());
    }

    public static char[] hashString(String str) {
        return hashString(str, 0);
    }

    public static char[] hashString(String str, int i) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(CertificateDetector.ALGORITHM);
            messageDigest.update(str.getBytes());
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 3);
            if (i > 0 && encodeToString.length() > i) {
                encodeToString = encodeToString.substring(0, i);
            }
            return encodeToString.toCharArray();
        } catch (NoSuchAlgorithmException e) {
            throw new SotiSslRuntimeException("Error creating SHA1 digest", e);
        }
    }

    public synchronized void addListener(KeyStoreListener keyStoreListener) {
        Assert.notNull(keyStoreListener, "listener parameter can't be null.");
        this.listeners.add(keyStoreListener);
    }

    public void addPfxFile(InputStream inputStream, char[] cArr) throws SotiSslException {
        if (!isValid()) {
            reset();
        }
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(inputStream, cArr);
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        this.logger.debug("Adding key '%s' to Key Store '%s'.", nextElement, this.file);
                        if (this.keyStore.containsAlias(nextElement)) {
                            this.logger.debug("Key '%s' is replacing an entry in Key Store '%s'.", nextElement, this.file);
                        }
                        this.keyStore.setKeyEntry(nextElement, keyStore.getKey(nextElement, cArr), getPassword(), fixChain(keyStore.getCertificateChain(nextElement)));
                    }
                    if (keyStore.isCertificateEntry(nextElement)) {
                        Certificate certificate = keyStore.getCertificate(nextElement);
                        this.logger.debug("Adding certificate '%s' to Key Store '%s'.", nextElement, this.file);
                        if (this.keyStore.containsAlias(nextElement)) {
                            this.logger.debug("Certificate '%s' is replacing an entry in Key Store '%s'.", nextElement, this.file);
                        }
                        this.keyStore.setCertificateEntry(nextElement, certificate);
                    }
                }
                save();
            } catch (KeyStoreException e) {
                throw new SotiSslRuntimeException("Error creating PKCS12 KeyStore", e);
            }
        } catch (IOException e2) {
            throw new SotiSslException("KeyStore add pfx file failed", e2);
        } catch (GeneralSecurityException e3) {
            throw new SotiSslException("KeyStore add pfx file failed", e3);
        }
    }

    public void addTrustedCertificate(Certificate certificate) throws SotiSslException {
        if (!isValid()) {
            reset();
        }
        try {
            if (this.keyStore.containsAlias(certAlias)) {
                this.logger.debug("Certificate '%s' is replacing an entry in Key Store '%s'.", certAlias, this.file);
            }
            this.keyStore.setCertificateEntry(certAlias, certificate);
            save();
        } catch (KeyStoreException e) {
            throw new SotiSslException("KeyStore add root certificate failed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void dump() {
        if (this.keyStore == null) {
            this.logger.debug("KeyStore dump keystore invalid!");
            return;
        }
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                this.logger.debug("KeyStore dump found alias: \"" + nextElement + '\"');
                if (this.keyStore.isKeyEntry(nextElement)) {
                    Key key = this.keyStore.getKey(nextElement, getPassword());
                    this.logger.debug("KeyStore dump alias " + nextElement + " has private key (" + key.getEncoded().length + " bytes, algorithm " + key.getAlgorithm() + ", encoded as " + key.getFormat() + "): " + key.toString());
                    Certificate[] certificateChain = this.keyStore.getCertificateChain(nextElement);
                    this.logger.debug("KeyStore dump alias " + nextElement + " has certificate chain with " + certificateChain.length + " entries");
                    for (int i = 0; i < certificateChain.length; i++) {
                        this.logger.debug("KeyStore dump alias " + nextElement + " certificate[" + i + "] (" + certificateChain[i].getEncoded().length + " bytes, type " + certificateChain[i].getType() + ") : " + certificateChain[i].toString());
                    }
                }
                if (this.keyStore.isCertificateEntry(nextElement)) {
                    Certificate certificate = this.keyStore.getCertificate(nextElement);
                    this.logger.debug("KeyStore dump alias " + nextElement + " has certificate (" + certificate.getEncoded().length + " bytes, type " + certificate.getType() + "): " + certificate.toString());
                }
            }
        } catch (GeneralSecurityException e) {
            this.logger.debug("KeyStore dump exception: ", e);
        }
    }

    public KeyStore exportKeyStore(String str, char[] cArr) throws SotiSslException {
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                keyStore.load(null, null);
                Enumeration<String> aliases = this.keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (this.keyStore.isKeyEntry(nextElement)) {
                        this.logger.debug("Exporting key '%s' to Key Store", nextElement);
                        keyStore.setKeyEntry(nextElement, this.keyStore.getKey(nextElement, getPassword()), cArr, this.keyStore.getCertificateChain(nextElement));
                    }
                    if (this.keyStore.isCertificateEntry(nextElement)) {
                        Certificate certificate = this.keyStore.getCertificate(nextElement);
                        this.logger.debug("Exporting certificate '%s' to Key Store", nextElement);
                        keyStore.setCertificateEntry(nextElement, certificate);
                    }
                }
                return keyStore;
            } catch (IOException e) {
                throw new SotiSslRuntimeException("Error creating KeyStore of type " + str, e);
            } catch (KeyStoreException e2) {
                throw new SotiSslException("Error creating KeyStore of type " + str, e2);
            }
        } catch (GeneralSecurityException e3) {
            throw new SotiSslException("KeyStore export failed", e3);
        }
    }

    public void exportPfxFile(File file, char[] cArr) throws SotiSslException {
        FileOutputStream fileOutputStream;
        KeyStore exportKeyStore = exportKeyStore("PKCS12", cArr);
        FileOutputStream fileOutputStream2 = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(file);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            e = e;
        } catch (GeneralSecurityException e2) {
            e = e2;
        }
        try {
            exportKeyStore.store(fileOutputStream, cArr);
            IOUtils.closeQuietly(fileOutputStream);
        } catch (IOException e3) {
            e = e3;
            throw new SotiSslException("KeyStore export to pfx file: " + file + " failed", e);
        } catch (GeneralSecurityException e4) {
            e = e4;
            throw new SotiSslException("KeyStore export to pfx file: " + file + " failed", e);
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            IOUtils.closeQuietly(fileOutputStream2);
            throw th;
        }
    }

    public X509Certificate findTrustedCertificate(Certificate certificate) {
        Iterator<X509Certificate> it = getTrustedCertificates().iterator();
        while (it.hasNext()) {
            X509Certificate next = it.next();
            if (!next.equals(certificate) && !checkCert(next, certificate)) {
            }
            return next;
        }
        return null;
    }

    public X509Certificate findTrustedCertificate(Certificate[] certificateArr) {
        if (certificateArr.length <= 0) {
            return null;
        }
        Certificate certificate = certificateArr[0];
        for (int i = 1; certificate != null && i < certificateArr.length; i++) {
            certificate = checkCert(certificateArr[i], certificate) ? certificateArr[i] : null;
        }
        if (certificate != null) {
            return findTrustedCertificate(certificate);
        }
        return null;
    }

    public List<String> getKeyAliases() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement)) {
                    arrayList.add(nextElement);
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new SotiSslRuntimeException("Error listing certificate aliases", e);
        }
    }

    public KeyManagerFactory getKeyManagerFactory() throws SotiSslException {
        if (isValid()) {
            return this.keyManagerFactory;
        }
        throw new SotiSslException("Missing or corrupt key store");
    }

    public KeyStore getKeyStore() throws SotiSslException {
        if (isValid()) {
            return this.keyStore;
        }
        throw new SotiSslException("Missing or corrupt key store");
    }

    public TrustManagerFactory getTrustManagerFactory() throws SotiSslException {
        if (isValid()) {
            return this.trustManagerFactory;
        }
        throw new SotiSslException("Missing or corrupt key store");
    }

    public List<String> getTrustedCertificateAliases() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isCertificateEntry(nextElement)) {
                    arrayList.add(nextElement);
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new SotiSslRuntimeException("Error listing certificate aliases", e);
        }
    }

    public List<X509Certificate> getTrustedCertificates() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isCertificateEntry(nextElement)) {
                    Certificate certificate = this.keyStore.getCertificate(nextElement);
                    if (certificate instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate);
                    }
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new SotiSslRuntimeException("Error listing certificates", e);
        }
    }

    public boolean isValid() {
        return this.keyStore != null || tryLoad();
    }

    public void load() throws SotiSslException {
        FileInputStream fileInputStream;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                try {
                    this.keyStore = KeyStore.getInstance("BKS");
                    fileInputStream = new FileInputStream(this.file);
                } catch (KeyStoreException e) {
                    throw new SotiSslRuntimeException("Error creating BKS KeyStore", e);
                }
            } catch (IOException e2) {
                e = e2;
            } catch (GeneralSecurityException e3) {
                e = e3;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            this.keyStore.load(fileInputStream, getPassword());
            this.trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            this.trustManagerFactory.init(this.keyStore);
            this.keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.keyManagerFactory.init(this.keyStore, getPassword());
            IOUtils.closeQuietly(fileInputStream);
        } catch (IOException e4) {
            e = e4;
            this.keyStore = null;
            throw new SotiSslException(e);
        } catch (GeneralSecurityException e5) {
            e = e5;
            this.keyStore = null;
            throw new SotiSslException(e);
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            IOUtils.closeQuietly(fileInputStream2);
            throw th;
        }
    }

    public void reset() throws SotiSslException {
        try {
            this.keyStore = KeyStore.getInstance("BKS");
            this.keyStore.load(null, null);
            save();
        } catch (IOException e) {
            throw new SotiSslRuntimeException("Error creating empty BKS KeyStore", e);
        } catch (GeneralSecurityException e2) {
            throw new SotiSslRuntimeException("Error creating empty BKS KeyStore", e2);
        }
    }

    public void save() throws SotiSslException {
        FileOutputStream fileOutputStream;
        FileOutputStream fileOutputStream2 = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(this.file);
            } catch (Throwable th) {
                th = th;
            }
        } catch (IOException e) {
            e = e;
        } catch (GeneralSecurityException e2) {
            e = e2;
        }
        try {
            this.keyStore.store(fileOutputStream, getPassword());
            load();
            synchronized (this) {
                Iterator<KeyStoreListener> it = this.listeners.iterator();
                while (it.hasNext()) {
                    it.next().keystoreUpdated(this);
                }
            }
            IOUtils.closeQuietly(fileOutputStream);
        } catch (IOException e3) {
            e = e3;
            throw new SotiSslException("KeyStore reset failed", e);
        } catch (GeneralSecurityException e4) {
            e = e4;
            throw new SotiSslException("KeyStore reset failed", e);
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            IOUtils.closeQuietly(fileOutputStream2);
            throw th;
        }
    }

    boolean tryLoad() {
        try {
            load();
            return true;
        } catch (SotiSslException e) {
            this.logger.warn("Key Store '%s' is not properly initialized.", this.file);
            return false;
        }
    }
}
