package com.avaya.clientservices.provider.certificate.internal;

import android.content.Context;
import com.avaya.clientservices.base.App;
import com.avaya.clientservices.client.Log;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
class AndroidCertificateProvider {
    private static final char[] AVAYA_KEY_STORE_PASSWORD = "password".toCharArray();
    private static final String AVAYA_PRIVATE_KEY_STORE = "AvayaTrust";
    private static final String TAG = "AndroidCertificateProvider";
    private static CertificateFactory mCertificateFactory;
    private final Lock _mKeyStoreLock;
    private boolean isCertificateStoreInUse;
    private Method mCheckServerTrusted;
    private Context mContext;
    private final PKCS12BackedClientIdentityCertificateStore mIdentitySecureStore;
    private Class mRootTrustManager;
    private final AndroidCertificateProviderSecurityPolicy mSecurityPolicy;
    private TrustManager[] mTrustManagers;

    static {
        mCertificateFactory = null;
        try {
            mCertificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            Log.w("Unable to get an instance of a certificate factory. ", e);
        }
    }

    private AndroidCertificateProvider() {
        this(new AndroidCertificateProviderSecurityPolicy());
    }

    public AndroidCertificateProvider(AndroidCertificateProviderSecurityPolicy androidCertificateProviderSecurityPolicy) {
        this._mKeyStoreLock = new ReentrantLock();
        this.isCertificateStoreInUse = false;
        Context context = App.getContext();
        this.mContext = context;
        this.mSecurityPolicy = androidCertificateProviderSecurityPolicy;
        PKCS12BackedClientIdentityCertificateStore pKCS12BackedClientIdentityCertificateStore = new PKCS12BackedClientIdentityCertificateStore(context, new AESEncrypter(context));
        this.mIdentitySecureStore = pKCS12BackedClientIdentityCertificateStore;
        pKCS12BackedClientIdentityCertificateStore.mayLoad();
        String str = TAG + ".AndroidCertificateProvider(): ";
        Log.d(str);
        try {
            Class<?> cls = Class.forName("android.security.net.config.RootTrustManager");
            this.mRootTrustManager = cls;
            this.mCheckServerTrusted = cls.getDeclaredMethod("checkServerTrusted", X509Certificate[].class, String.class, String.class);
        } catch (ClassNotFoundException unused) {
            Log.d(str + "RootTrustManager Class not found.");
        } catch (NoSuchMethodException unused2) {
            Log.d(str + " Method not found.");
        }
    }

    private void checkServerTrusted(X509Certificate[] x509CertificateArr, TrustManager[] trustManagerArr, String str) throws CertificateException {
        CertificateException certificateException = new CertificateException("Untrusted certificate chain; unable to find trusted anchors");
        String str2 = TAG + ".checkServerTrusted(): ";
        for (TrustManager trustManager : trustManagerArr) {
            if (str != null) {
                try {
                    Class cls = this.mRootTrustManager;
                    if (cls != null && this.mCheckServerTrusted != null && cls.isInstance(trustManager)) {
                        Log.d(str2 + "Validating Certificate using hostname :" + str);
                        this.mCheckServerTrusted.invoke(trustManager, x509CertificateArr, "RSA", str);
                        return;
                    }
                } catch (IllegalAccessException | InvocationTargetException | CertificateException e) {
                    certificateException = new CertificateException(e);
                }
            }
            if (trustManager instanceof X509TrustManager) {
                Log.d(str2 + "Host not specified validating without host.");
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, "RSA");
                return;
            }
        }
        throw certificateException;
    }

    private void checkValidity(X509Certificate[] x509CertificateArr) throws CertificateExpiredException, CertificateNotYetValidException {
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("Invalid certificate chain received.");
        }
        for (X509Certificate x509Certificate : x509CertificateArr) {
            x509Certificate.checkValidity();
        }
    }

    private TrustManager[] concatTrustManagers(TrustManager[] trustManagerArr, TrustManager[] trustManagerArr2) {
        TrustManager[] trustManagerArr3 = new TrustManager[trustManagerArr.length + trustManagerArr2.length];
        System.arraycopy(trustManagerArr, 0, trustManagerArr3, 0, trustManagerArr.length);
        System.arraycopy(trustManagerArr2, 0, trustManagerArr3, trustManagerArr.length, trustManagerArr2.length);
        return trustManagerArr3;
    }

    private KeyStore createJavaKeyStore() throws CertificateStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e) {
            throw new CertificateStoreException(e);
        } catch (KeyStoreException e2) {
            throw new CertificateStoreException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertificateStoreException(e3);
        } catch (CertificateException e4) {
            throw new CertificateStoreException(e4);
        }
    }

    private static String generateCertificateAlias() {
        return UUID.randomUUID().toString();
    }

    private X509Certificate[] getAcceptedIssuers() {
        String str = TAG + ".getAcceptedIssuers(): ";
        if (!isCertificateStoreInUse()) {
            Log.w(str + "Application certificate store is not in-use");
            return null;
        }
        try {
            this._mKeyStoreLock.lock();
            if (this.mTrustManagers == null) {
                Log.e(str + "Application certificate store does not contain any issuers.");
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (TrustManager trustManager : this.mTrustManagers) {
                if (trustManager instanceof X509TrustManager) {
                    for (X509Certificate x509Certificate : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
                        arrayList.add(x509Certificate);
                    }
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    private TrustManager[] getCombinedTrustManagers() {
        TrustManager[] trustManagerArr = this.mTrustManagers;
        return trustManagerArr != null ? concatTrustManagers(trustManagerArr, getSystemTrustManagers()) : getSystemTrustManagers();
    }

    private TrustManager[] getDelegates(boolean z) {
        TrustManager[] combinedTrustManagers;
        String str = TAG + ".getDelegates(): ";
        this._mKeyStoreLock.lock();
        try {
            if (z) {
                Log.d(str + "Private Trust store override: Using the trusted anchors from system trust store.");
                combinedTrustManagers = getSystemTrustManagers();
            } else if (this.mSecurityPolicy.getTrustStoreMode() != TrustStoreMode.PRIVATE_ONLY) {
                Log.i(str + "Trust store mode has been set to \"privateAndSystem\" using the trusted anchors from private and system trust store.");
                combinedTrustManagers = getCombinedTrustManagers();
            } else if (this.mSecurityPolicy.isPrivateTrustStoreEnabled() && isCertificateStoreInUse()) {
                Log.i(str + "Trust store mode has been set to \"privateOnly\"; using the trusted anchors from private trust store.");
                combinedTrustManagers = this.mTrustManagers;
            } else {
                Log.i(str + "Trust store mode has been set to \"privateOnly\", but the private trust store has not been created; using system trust store for certificate validation");
                combinedTrustManagers = getSystemTrustManagers();
            }
            return combinedTrustManagers;
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    private static Throwable getRootCause(Throwable th) {
        List<Throwable> throwableList = getThrowableList(th);
        if (throwableList.isEmpty()) {
            return null;
        }
        return throwableList.get(throwableList.size() - 1);
    }

    private static TrustManager[] getSystemTrustManagers() {
        return getTrustManagers(null);
    }

    private static List<Throwable> getThrowableList(Throwable th) {
        ArrayList arrayList = new ArrayList();
        while (th != null && !arrayList.contains(th)) {
            arrayList.add(th);
            th = th.getCause();
        }
        return arrayList;
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new AssertionError(e2);
        }
    }

    private void persistCertificateStore(KeyStore keyStore) throws CertificateException {
        String str = TAG + ".persistCertificateStore(): ";
        if (keyStore == null) {
            Log.i(str + "Deleting certificate store.");
            this.mContext.deleteFile(AVAYA_PRIVATE_KEY_STORE);
        } else {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    try {
                        fileOutputStream = this.mContext.openFileOutput(AVAYA_PRIVATE_KEY_STORE, 0);
                        keyStore.store(fileOutputStream, AVAYA_KEY_STORE_PASSWORD);
                        try {
                            fileOutputStream.close();
                        } catch (IOException unused) {
                        }
                    } catch (IOException e) {
                        Log.e(str + "Error occurred while closing certificate store.", e);
                        throw new CertificateException(e);
                    }
                } catch (KeyStoreException e2) {
                    Log.e(str + "Error occurred while closing certificate store.", e2);
                    throw new CertificateException(e2);
                } catch (NoSuchAlgorithmException e3) {
                    Log.e(str + "Error occurred while closing certificate store.", e3);
                    throw new CertificateException(e3);
                }
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (IOException unused2) {
                }
                throw th;
            }
        }
        setKeyStore(keyStore);
    }

    private void setKeyStore(KeyStore keyStore) {
        String str = TAG + ".setKeyStore(): ";
        this._mKeyStoreLock.lock();
        try {
            this.mTrustManagers = getTrustManagers(keyStore);
            this.isCertificateStoreInUse = keyStore != null;
            StringBuilder sb = new StringBuilder();
            sb.append(str);
            sb.append("Application certificate store is ");
            sb.append(this.isCertificateStoreInUse ? "in use." : "not in use");
            Log.i(sb.toString());
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    public void createStore() throws CertificateStoreException {
        String str = TAG + ".createStore(): ";
        KeyStore createJavaKeyStore = createJavaKeyStore();
        KeyStore keyStore = null;
        try {
            if (this.mSecurityPolicy.isPrivateTrustStoreEnabled()) {
                createJavaKeyStore.load(this.mContext.openFileInput(AVAYA_PRIVATE_KEY_STORE), AVAYA_KEY_STORE_PASSWORD);
                this.isCertificateStoreInUse = true;
            } else {
                Log.i(str + "Private trust store has not been enabled.");
                this.isCertificateStoreInUse = false;
                createJavaKeyStore = null;
            }
            keyStore = createJavaKeyStore;
        } catch (FileNotFoundException unused) {
            Log.w(str + "Could not find the KeyStore file to load.");
        } catch (IOException e) {
            throw new CertificateStoreException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new CertificateStoreException(e2);
        } catch (CertificateException e3) {
            throw new CertificateStoreException(e3);
        }
        setKeyStore(keyStore);
        Log.i(str + "Using application's certificate store = " + this.isCertificateStoreInUse);
    }

    public void deleteCertStore() throws AppCertificateStoreException, AppCertificateStoreNotInUseException {
        String str = TAG + ".deleteCertStore(): ";
        if (!isCertificateStoreInUse()) {
            Log.w(str + "Application's certificate store is not in use.");
            throw new AppCertificateStoreNotInUseException();
        }
        try {
            this.isCertificateStoreInUse = false;
            persistCertificateStore(null);
        } catch (CertificateException e) {
            Log.w(str + "Exception received while deleting certificate store");
            throw new AppCertificateStoreException(e);
        }
    }

    public void deleteClientIdentityCertificateChain() throws CertificateStoreException {
        this.mIdentitySecureStore.deleteCertificateStore();
    }

    public String[] getCertificates() throws AppCertificateStoreException, AppCertificateStoreNotInUseException {
        String str = TAG + ".getCertificates(): ";
        if (!isCertificateStoreInUse()) {
            Log.w(str + "Application certificate store is not in use");
            throw new AppCertificateStoreNotInUseException();
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
            try {
                arrayList.add(CertificateUtils.convertToPEMString(x509Certificate));
            } catch (CertificateEncodingException e) {
                Log.w(str + "Encoding error occurred = " + e.getMessage());
                Log.w(str + "Root cause:" + getRootCause(e).toString());
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String[] getClientIdentityCertificateChain() {
        String str = TAG + ".getClientIdentityCertificateChain(): ";
        try {
            String[] identityCertificateChainAsPEMStringArray = this.mIdentitySecureStore.getIdentityCertificateChainAsPEMStringArray();
            if (identityCertificateChainAsPEMStringArray.length != 0) {
                Log.w(str + "Endpoint certificate = " + identityCertificateChainAsPEMStringArray);
                return identityCertificateChainAsPEMStringArray;
            }
        } catch (CertificateStoreException e) {
            Log.w(str + "Unable to retrieve endpoint certificate", e);
        } catch (CertificateEncodingException e2) {
            Log.w(str + "Unable to encode endpoint certificate ", e2);
        }
        return new String[0];
    }

    public String getClientPrivateKey() {
        return this.mIdentitySecureStore.getPEMEncodedPrivateKeyString();
    }

    public boolean isCertificateStoreInUse() {
        return this.isCertificateStoreInUse;
    }

    public void setCertificates(String[] strArr) throws CertificateException {
        String str = TAG + ".setCertificates(): ";
        KeyStore createJavaKeyStore = createJavaKeyStore();
        if (createJavaKeyStore == null) {
            Log.e(str + "Unable to create a keystore to create an application's certificate store.");
            throw new CertificateException();
        }
        for (String str2 : strArr) {
            X509Certificate convertToX509Certificate = CertificateUtils.convertToX509Certificate(str2);
            if (convertToX509Certificate == null) {
                Log.e(str + "Invalid formatted certificate received, cannot add to certificate store");
                throw new CertificateException();
            }
            try {
                Log.d(str + "Adding certificate = " + convertToX509Certificate.getSubjectDN().getName());
                createJavaKeyStore.setCertificateEntry(generateCertificateAlias(), convertToX509Certificate);
            } catch (KeyStoreException e) {
                Log.e(str + "Failed to add a certificate to the store.", e);
                throw new CertificateStoreException(e);
            }
        }
        setKeyStore(createJavaKeyStore);
        this.isCertificateStoreInUse = true;
        persistCertificateStore(createJavaKeyStore);
        Log.d(str + "Certificate store is populated successfully, put it to use.");
    }

    public void setClientIdentityCertificateChain(String[] strArr, String str) throws CertificateException, CertificateStoreException {
        this.mIdentitySecureStore.saveCertificateChainAndKey(strArr, str.toCharArray());
    }

    public void validateCertificates(String[] strArr, String str, String str2, int i, boolean z, int i2) throws CertificateException {
        String str3 = TAG + ".validateCertificates(): ";
        ArrayList arrayList = new ArrayList();
        for (String str4 : strArr) {
            X509Certificate convertToX509Certificate = CertificateUtils.convertToX509Certificate(str4);
            if (convertToX509Certificate == null) {
                throw new CertificateParsingException();
            }
            arrayList.add(convertToX509Certificate);
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        if (x509CertificateArr == null) {
            throw new IllegalArgumentException("Invalid certificate chain received.");
        }
        try {
            checkServerTrusted(x509CertificateArr, getDelegates(z), str2);
            checkValidity(x509CertificateArr);
            Log.seci(str3 + RequestIdLogger.create(i2) + "The certificate is not revoked.");
            new AndroidHostnameValidator().validateHostname(x509CertificateArr[0], str, str2, i, i2);
            Log.seci(str3 + RequestIdLogger.create(i2) + "Certificate hostname is valid.");
        } catch (CertificateException e) {
            Log.e(str3 + " Certificate exception occurred due to " + e.getMessage());
            Log.e(str3 + " Root cause:" + getRootCause(e).toString());
            StringBuilder sb = new StringBuilder();
            sb.append(str3);
            sb.append(" Verifying if this exception is due to expired certificate chain.");
            Log.i(sb.toString());
            checkValidity(x509CertificateArr);
            throw e;
        }
    }
}
