package com.avaya.flare.security;

import android.content.Context;
import com.avaya.android.flare.FlareApplication;
import com.avaya.android.flare.credentials.CredentialsStoreException;
import com.avaya.android.flare.util.CryptoUtil;
import com.avaya.clientservices.provider.certificate.CertificateManager;
import com.avaya.clientservices.uccl.UCClient;
import com.avaya.clientservices.uccl.UCClientCreationListener;
import com.avaya.clientservices.uccl.UCClientCreationNotifierImpl;
import com.avaya.clientservices.uccl.logging.Logger;
import com.avaya.clientservices.uccl.logging.LoggerFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public final class SecurityUtil {
    public static final String LEGACY_KEYSTORE_FILENAME = "trusted-credentials";
    private static final String MARKUP_TAG_PATTERN = "<(\"[^\"]*\"|'[^']*'|[^'\">])*>";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityUtil.class);
    private static final TrustManager[] EMPTY_TRUST_MANAGERS = new TrustManager[0];

    /* loaded from: classes2.dex */
    public static class PrivateTrustStoreMigrator implements UCClientCreationListener {
        static final /* synthetic */ boolean $assertionsDisabled = false;
        private CertificateManager certificateManager;
        private final Context context;
        private final Logger log = LoggerFactory.getLogger((Class<?>) PrivateTrustStoreMigrator.class);

        public PrivateTrustStoreMigrator(Context context) {
            this.context = context;
        }

        private void deletePreviousCertificateManagerPrivateTrustStore() {
            if (this.certificateManager.isCertificateStoreInUse()) {
                this.log.debug("Removing previous instance of new certificate manager private trust store.");
                this.certificateManager.deleteCertificateStore();
            }
        }

        private void importLegacyCertificatesIntoCertificateManager() throws CertificateEncodingException {
            this.log.info("Importing legacy private trust store into new certificate manager.");
            this.certificateManager.setCertificates(SecurityUtil.getAcceptedIssuers(SecurityUtil.getDelegates(this.context)));
        }

        private void migratePrivateTrustStore() {
            try {
                deletePreviousCertificateManagerPrivateTrustStore();
                importLegacyCertificatesIntoCertificateManager();
                removeLegacyPrivateTrustStore();
            } catch (CertificateEncodingException e) {
                this.log.debug("Unable to migrate legacy private trust store: {}", e.getMessage());
            }
        }

        private void preventThisTaskFromRunningAgain() {
            UCClientCreationNotifierImpl.getInstance().removeClientCreationListener(this);
        }

        private void removeLegacyPrivateTrustStore() {
            this.log.debug("Removing legacy private trust store.");
            this.context.getFileStreamPath("trusted-credentials").delete();
        }

        @Override // com.avaya.clientservices.uccl.UCClientCreationListener
        public void onClientCreated(UCClient uCClient) {
            this.certificateManager = uCClient.getCertificateManager();
            try {
                migratePrivateTrustStore();
            } finally {
                preventThisTaskFromRunningAgain();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public interface X509TrustManagerRunnable {
        void run(X509TrustManager x509TrustManager);
    }

    private SecurityUtil() {
    }

    public static boolean doesLegacyPrivateTrustStoreExist(Context context) {
        return CryptoUtil.doesKeyStoreFileExist(context, "trusted-credentials");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static X509Certificate[] getAcceptedIssuers(TrustManager[] trustManagerArr) {
        final ArrayList arrayList = new ArrayList();
        iterate(trustManagerArr, new X509TrustManagerRunnable() { // from class: com.avaya.flare.security.SecurityUtil.1
            @Override // com.avaya.flare.security.SecurityUtil.X509TrustManagerRunnable
            public void run(X509TrustManager x509TrustManager) {
                Collections.addAll(arrayList, x509TrustManager.getAcceptedIssuers());
            }
        });
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static TrustManager[] getDelegates(Context context) {
        try {
            return getTrustManagers(CryptoUtil.loadKeyStoreFromFile(context, "trusted-credentials", getTrustStoreSerialNumber()));
        } catch (CredentialsStoreException e) {
            LOG.warn("Error dealing with TrustManager delegates", (Throwable) e);
            return EMPTY_TRUST_MANAGERS;
        }
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    private static char[] getTrustStoreSerialNumber() {
        char[] copyOfRange = Arrays.copyOfRange(FlareApplication.getDeviceSerialNumber(), 10, 26);
        char[] cArr = new char[8];
        int i = 0;
        for (int i2 = 0; i2 < copyOfRange.length; i2++) {
            if (i2 % 2 == 0) {
                cArr[i] = copyOfRange[i2];
                i++;
            }
        }
        return cArr;
    }

    private static void iterate(TrustManager[] trustManagerArr, X509TrustManagerRunnable x509TrustManagerRunnable) {
        for (TrustManager trustManager : trustManagerArr) {
            if (trustManager instanceof X509TrustManager) {
                x509TrustManagerRunnable.run((X509TrustManager) trustManager);
            }
        }
    }

    public static String sanitize(String str) {
        return str.replaceAll(MARKUP_TAG_PATTERN, "");
    }
}
