package com.avaya.android.flare.certs.model;

import com.avaya.android.flare.util.CryptoUtil;
import com.avaya.clientservices.uccl.logging.Logger;
import com.avaya.clientservices.uccl.logging.LoggerFactory;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import javax.inject.Inject;

/* loaded from: classes.dex */
public class IdentityCertificateFactoryImpl implements IdentityCertificateFactory {
    private static final String IMPORT_PKCS12_ERROR_MESSAGE = "Failed to read PKCS#12 data";
    private IdentityCertificateExtractor extractor;

    /* loaded from: classes.dex */
    private static class IdentityCertificateExtractor {
        static final /* synthetic */ boolean $assertionsDisabled = false;
        private static final String CERTIFICATE_EXPIRED_MESSAGE = "Certificate %s in identity certificate chain has expired.";
        private static final String CERTIFICATE_NOT_YET_VALID_MESSAGE = "Certificate %s in identity certificate chain is not yet valid.";
        private String alias;
        private X509Certificate[] certificateChain;
        private final KeyStore keyStore;
        private final Logger log = LoggerFactory.getLogger((Class<?>) IdentityCertificateExtractor.class);
        private final char[] password;
        private PrivateKey privateKey;

        public IdentityCertificateExtractor(KeyStore keyStore, char[] cArr) {
            this.keyStore = keyStore;
            this.password = cArr;
        }

        private void checkCertificateChainValidityPeriods() throws IdentityCertificateCreationException {
            Date date = new Date();
            for (X509Certificate x509Certificate : this.certificateChain) {
                try {
                    x509Certificate.checkValidity(date);
                } catch (CertificateExpiredException e) {
                    handleCertificateValidityException(x509Certificate, CERTIFICATE_EXPIRED_MESSAGE, IdentityCertificateImportFailure.CERTIFICATE_EXPIRED, e);
                } catch (CertificateNotYetValidException e2) {
                    handleCertificateValidityException(x509Certificate, CERTIFICATE_NOT_YET_VALID_MESSAGE, IdentityCertificateImportFailure.CERTIFICATE_NOT_VALID_YET, e2);
                    return;
                }
            }
        }

        private void determineSolePrivateKey() throws IdentityCertificateCreationException {
            try {
                Enumeration<String> aliases = this.keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    PrivateKey privateKey = getPrivateKey(nextElement);
                    if (privateKey != null) {
                        if (this.alias != null) {
                            this.log.warn("More than one private key entry found in keystore");
                            throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.TOO_MANY_PRIVATE_KEYS, "More than one private key entry found in keystore");
                        }
                        this.alias = nextElement;
                        this.privateKey = privateKey;
                    }
                }
                if (this.alias != null) {
                    return;
                }
                this.log.warn("No private key entry found in keystore");
                throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, "No private key entry found in keystore");
            } catch (KeyStoreException e) {
                String str = "Error accessing aliases in keystore: " + e.getMessage();
                this.log.warn(str);
                throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, str, e);
            }
        }

        private PrivateKey getPrivateKey(String str) throws IdentityCertificateCreationException {
            try {
                if (!this.keyStore.isKeyEntry(str)) {
                    this.log.debug("Ignoring entry for alias \"{}\" which does not contain a key", str);
                    return null;
                }
                try {
                    Key key = this.keyStore.getKey(str, this.password);
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    this.log.debug("Ignoring entry for alias \"{}\" which does not contain a private key", str);
                    return null;
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                    String str2 = "Failed to get key for alias \"" + str + "\": " + e.getMessage();
                    this.log.warn(str2);
                    throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, str2, e);
                }
            } catch (KeyStoreException e2) {
                this.log.error("Failed to check if entry in a keystore is a key");
                throw new AssertionError(e2);
            }
        }

        private X509Certificate[] getX509CertificateChain(String str) throws IdentityCertificateCreationException {
            try {
                Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
                if (certificateChain == null) {
                    this.log.warn("No certificate chain found in keystore for alias \"{}\"", str);
                    return null;
                }
                ArrayList arrayList = new ArrayList(certificateChain.length);
                for (Certificate certificate : certificateChain) {
                    if (certificate instanceof X509Certificate) {
                        arrayList.add((X509Certificate) certificate);
                    } else {
                        this.log.warn("Found non-X.509 certificate in certificate chain for alias \"{}\"", str);
                    }
                }
                return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
            } catch (KeyStoreException e) {
                String str2 = "Failed to get certificate chain for alias \"" + str + "\": " + e.getMessage();
                this.log.warn(str2);
                throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, str2, e);
            }
        }

        private void handleCertificateValidityException(X509Certificate x509Certificate, String str, IdentityCertificateImportFailure identityCertificateImportFailure, CertificateException certificateException) throws IdentityCertificateCreationException {
            String format = String.format(str, CryptoUtil.getCertificateCommonName(x509Certificate));
            this.log.warn(format);
            throw new IdentityCertificateCreationException(identityCertificateImportFailure, format, certificateException);
        }

        public void extractIdentityCertificate() throws IdentityCertificateCreationException {
            determineSolePrivateKey();
            this.certificateChain = getX509CertificateChain(this.alias);
            if (this.certificateChain != null) {
                checkCertificateChainValidityPeriods();
                return;
            }
            String str = "Unable to find certificate chain for alias \"" + this.alias + '\"';
            this.log.warn(str);
            throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, str);
        }

        public X509Certificate[] getCertificateChain() {
            return this.certificateChain;
        }

        public PrivateKey getPrivateKey() {
            return this.privateKey;
        }
    }

    @Inject
    public IdentityCertificateFactoryImpl() {
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateFactory
    public void extractIdentityCertificateFromPKCS12(byte[] bArr, char[] cArr) throws IdentityCertificateCreationException {
        try {
            this.extractor = new IdentityCertificateExtractor(CryptoUtil.loadKeyStoreFromPkcs12Data(bArr, cArr), cArr);
            this.extractor.extractIdentityCertificate();
        } catch (CryptoUtil.Pkcs12ImportException e) {
            throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, IMPORT_PKCS12_ERROR_MESSAGE, e);
        } catch (AssertionError e2) {
            throw new IdentityCertificateCreationException(IdentityCertificateImportFailure.CORRUPT_FILE_OR_BAD_PASSWORD, IMPORT_PKCS12_ERROR_MESSAGE, e2.getCause());
        }
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateFactory
    public X509Certificate[] getIdentityCertificateChain() {
        IdentityCertificateExtractor identityCertificateExtractor = this.extractor;
        if (identityCertificateExtractor == null) {
            return null;
        }
        return identityCertificateExtractor.getCertificateChain();
    }

    @Override // com.avaya.android.flare.certs.model.IdentityCertificateFactory
    public PrivateKey getIdentityPrivateKey() {
        IdentityCertificateExtractor identityCertificateExtractor = this.extractor;
        if (identityCertificateExtractor == null) {
            return null;
        }
        return identityCertificateExtractor.getPrivateKey();
    }
}
