package com.archos.athome.lib.connect.pki;

import android.content.Context;
import android.util.Log;
import com.archos.athome.lib.utils.IOUtils;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import java.util.UUID;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.pkcs.Attribute;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.X509AttributeIdentifiers;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.cert.CertIOException;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: classes.dex */
public class Pki {
    public static final String CLIENT_ALIAS = "client";
    private static final String DEFAULT_KEY_STORE_PASSWORD = "Archos";
    private static final String DEFAULT_KEY_STORE_PATH = "client-key-store.bks";
    public static final String FILE_EXTENSION = ".bks";
    private static final String KEY_STORE_TYPE = "BKS";
    public static final String REGISTRATION_ALIAS = "registration";
    private static final String TAG = "ArchosPki";
    private static final long initTime;
    private final Context mContext;
    private ArchosKeyManager mKeyManager;
    private KeyStore mKeyStore;
    private String mKeyStorePassword;
    private String mKeyStorePath;
    private X509TrustManager mTrustManager;

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        initTime = System.nanoTime();
    }

    public Pki(Context context) throws PkiException {
        this.mKeyStorePath = null;
        this.mKeyStorePassword = null;
        this.mKeyStore = null;
        this.mKeyManager = null;
        this.mTrustManager = null;
        this.mContext = context;
        this.mKeyStorePath = DEFAULT_KEY_STORE_PATH;
        this.mKeyStorePassword = DEFAULT_KEY_STORE_PASSWORD;
        ensureDefaultKeyStore(context);
        try {
            this.mKeyStore = loadKeyStore(this.mKeyStorePath, this.mKeyStorePassword, this.mContext);
            loadManagers();
        } catch (FileNotFoundException e) {
            throw new PkiException("Cannot find keystore", e);
        }
    }

    public Pki(Context context, UUID uuid, String str) throws PkiException {
        this(context, uuid, null, str);
    }

    public Pki(Context context, UUID uuid, UUID uuid2, String str) throws PkiException {
        this.mKeyStorePath = null;
        this.mKeyStorePassword = null;
        this.mKeyStore = null;
        this.mKeyManager = null;
        this.mTrustManager = null;
        this.mContext = context;
        Log.d(TAG, "Pki Constructor:");
        ensureDefaultKeyStore(context);
        if (uuid == null && uuid2 == null) {
            this.mKeyStorePath = DEFAULT_KEY_STORE_PATH;
            this.mKeyStorePassword = DEFAULT_KEY_STORE_PASSWORD;
        } else {
            if (uuid != null) {
                Log.d(TAG, "Pki Constructor: uuid: " + uuid.toString());
            }
            if (uuid2 != null) {
                Log.d(TAG, "Pki Constructor: home uuid: " + uuid2.toString());
            }
            if (uuid2 == null) {
                this.mKeyStorePath = uuid.toString() + FILE_EXTENSION;
            } else {
                this.mKeyStorePath = "home-" + uuid2.toString() + FILE_EXTENSION;
            }
        }
        if (str == null) {
            this.mKeyStorePassword = DEFAULT_KEY_STORE_PASSWORD;
        } else {
            this.mKeyStorePassword = str;
        }
        try {
            this.mKeyStore = loadKeyStore(this.mKeyStorePath, this.mKeyStorePassword, this.mContext);
            loadManagers();
        } catch (FileNotFoundException e) {
            Log.d(TAG, "Pki " + this.mKeyStorePath + " is empty");
        }
    }

    private static void ensureDefaultKeyStore(Context context) throws PkiException {
        try {
            if (keyStoreExists(DEFAULT_KEY_STORE_PATH, context)) {
                return;
            }
            installKeystore(context);
        } catch (IOException e) {
            throw new PkiException("Cannot install registration key store", e);
        }
    }

    private static void installKeystore(Context context) throws IOException {
        Log.d(TAG, "Installing default key store");
        InputStream inputStream = null;
        FileOutputStream fileOutputStream = null;
        try {
            inputStream = context.getAssets().open(DEFAULT_KEY_STORE_PATH);
            fileOutputStream = context.openFileOutput(DEFAULT_KEY_STORE_PATH, 0);
            IOUtils.streamCopy(inputStream, fileOutputStream);
            fileOutputStream.close();
        } finally {
            IOUtils.closeSilently(fileOutputStream);
            IOUtils.closeSilently(inputStream);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long installProvider() {
        return initTime;
    }

    private static boolean keyStoreExists(String str, Context context) {
        return new File(context.getFilesDir(), str).exists();
    }

    private static KeyStore loadKeyStore(String str, String str2, Context context) throws PkiException, FileNotFoundException {
        Log.d(TAG, "Loading pki " + str + ". This can take a while");
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
            if (keyStoreExists(str, context)) {
                loadKeyStoreFromStream(keyStore, context.openFileInput(str), str2);
            } else if (str.startsWith("home-")) {
                loadKeyStoreFromStream(keyStore, context.openFileInput(DEFAULT_KEY_STORE_PATH), str2);
            } else {
                loadKeyStoreFromStream(keyStore, null, str2);
            }
            return keyStore;
        } catch (FileNotFoundException e) {
            throw e;
        } catch (IOException e2) {
            throw new PkiException("Unable to load key and certificate", e2);
        } catch (KeyStoreException e3) {
            throw new PkiException("Unable to load key and certificate", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new PkiException("Unable to load key and certificate", e4);
        } catch (CertificateException e5) {
            throw new PkiException("Unable to load key and certificate", e5);
        }
    }

    private static void loadKeyStoreFromStream(KeyStore keyStore, InputStream inputStream, String str) throws NoSuchAlgorithmException, CertificateException, IOException {
        try {
            keyStore.load(inputStream, str.toCharArray());
        } finally {
            IOUtils.closeSilently(inputStream);
        }
    }

    private void loadManagers() throws PkiException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.mKeyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.mTrustManager = (X509TrustManager) trustManager;
                }
            }
            if (this.mTrustManager == null) {
                throw new PkiException("Cannot find X509 trust manager");
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.mKeyStore, this.mKeyStorePassword.toCharArray());
            for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                if (keyManager instanceof X509KeyManager) {
                    if (this.mKeyManager != null) {
                        this.mKeyManager.updateKeyManager((X509KeyManager) keyManager);
                    } else {
                        this.mKeyManager = new ArchosKeyManager((X509KeyManager) keyManager);
                    }
                }
            }
            if (this.mKeyManager == null) {
                throw new PkiException("Cannot find X509 key manager");
            }
        } catch (KeyStoreException e) {
            throw new PkiException("Unable to load key and certificate", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new PkiException("Unable to load key and certificate", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new PkiException("Unable to load key and certificate", e3);
        }
    }

    public X509CertificateHolder createSelfSignedCRT(UUID uuid, UUID uuid2, KeyPair keyPair) {
        if (this.mKeyStore == null) {
            Log.e(TAG, "No Keystore");
            return null;
        }
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.DC, "com");
        x500NameBuilder.addRDN(BCStyle.DC, "archos");
        x500NameBuilder.addRDN(BCStyle.OU, uuid2.toString());
        x500NameBuilder.addRDN(BCStyle.SN, uuid.toString());
        x500NameBuilder.addRDN(BCStyle.UNIQUE_IDENTIFIER, uuid.toString());
        x500NameBuilder.addRDN(X509AttributeIdentifiers.id_at_role, CLIENT_ALIAS);
        Calendar calendar = Calendar.getInstance();
        calendar.add(1, 100);
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500NameBuilder.build(), new BigInteger(512, new Random()), new Date(), calendar.getTime(), x500NameBuilder.build(), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(keyPair.getPublic().getEncoded())));
        try {
            x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
        } catch (CertIOException e) {
            e.printStackTrace();
        }
        try {
            return x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(keyPair.getPrivate()));
        } catch (OperatorCreationException e2) {
            e2.printStackTrace();
            Log.e(TAG, "Could not create a ContentSigner: " + e2.getMessage());
            return null;
        }
    }

    public KeyManager[] getKeyManager() {
        return new KeyManager[]{this.mKeyManager};
    }

    public TrustManager[] getTrustManager() {
        return new TrustManager[]{this.mTrustManager};
    }

    public boolean hasClientKey() {
        return (this.mKeyManager == null || this.mKeyManager.getPrivateKey(CLIENT_ALIAS) == null) ? false : true;
    }

    public X509CertificateHolder processCSR(PKCS10CertificationRequest pKCS10CertificationRequest, UUID uuid, PrivateKey privateKey) {
        X509CertificateHolder x509CertificateHolder;
        Log.d(TAG, "Processing CSR");
        if (this.mKeyStore == null) {
            Log.e(TAG, "No Keystore");
            return null;
        }
        Attribute[] attributes = pKCS10CertificationRequest.getAttributes(BCStyle.UNIQUE_IDENTIFIER);
        if (attributes == null || attributes.length == 0) {
            return null;
        }
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.DC, "com");
        x500NameBuilder.addRDN(BCStyle.DC, "archos");
        x500NameBuilder.addRDN(BCStyle.OU, uuid.toString());
        x500NameBuilder.addRDN(BCStyle.SN, attributes[0].getAttributeValues()[0]);
        x500NameBuilder.addRDN(X509AttributeIdentifiers.id_at_role, CLIENT_ALIAS);
        x500NameBuilder.addRDN(BCStyle.UNIQUE_IDENTIFIER, attributes[0].getAttributeValues()[0]);
        Log.d(TAG, "Processing CSR from " + attributes[0].getAttrValues());
        Log.d(TAG, pKCS10CertificationRequest.getSubject().toString());
        Log.d(TAG, x500NameBuilder.build().toString());
        Calendar calendar = Calendar.getInstance();
        calendar.add(1, 100);
        try {
            if (this.mKeyStore.containsAlias(uuid.toString())) {
                X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X509CertificateHolder(this.mKeyStore.getCertificate(uuid.toString()).getEncoded()).getSubject(), new BigInteger(512, new Random()), new Date(), calendar.getTime(), x500NameBuilder.build(), pKCS10CertificationRequest.getSubjectPublicKeyInfo());
                try {
                    x509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
                } catch (CertIOException e) {
                    e.printStackTrace();
                }
                try {
                    ContentSigner build = new JcaContentSignerBuilder("SHA1withRSA").build(privateKey);
                    Log.d(TAG, "About to build " + x509v3CertificateBuilder.build(build).getSubject());
                    x509CertificateHolder = x509v3CertificateBuilder.build(build);
                } catch (OperatorCreationException e2) {
                    e2.printStackTrace();
                    Log.e(TAG, "Could not create a ContentSigner: " + e2.getMessage());
                    x509CertificateHolder = null;
                }
            } else {
                Log.e(TAG, "Signing certificate not found");
                x509CertificateHolder = null;
            }
            return x509CertificateHolder;
        } catch (IOException e3) {
            e3.printStackTrace();
            Log.e(TAG, "Could not read the signing Cert: " + e3.getMessage());
            return null;
        } catch (KeyStoreException e4) {
            e4.printStackTrace();
            Log.e(TAG, "Could not read the signing Cert: " + e4.getMessage());
            return null;
        } catch (CertificateEncodingException e5) {
            e5.printStackTrace();
            Log.e(TAG, "Could not read the signing Cert: " + e5.getMessage());
            return null;
        }
    }

    public void saveCert(X509Certificate x509Certificate, String str, KeyPair keyPair) throws PkiException {
        try {
            Log.d(TAG, "Save cert " + this.mKeyStorePath + ". This can take a while");
            char[] charArray = this.mKeyStorePassword.toCharArray();
            Certificate[] certificateArr = {x509Certificate};
            this.mKeyStore = loadKeyStore(this.mKeyStorePath, this.mKeyStorePassword, this.mContext);
            if (keyPair != null) {
                PrivateKey privateKey = keyPair.getPrivate();
                if (str.equals(CLIENT_ALIAS)) {
                    this.mKeyStore.setKeyEntry(CLIENT_ALIAS, privateKey, charArray, certificateArr);
                    if (this.mKeyStore.containsAlias(REGISTRATION_ALIAS)) {
                        this.mKeyStore.deleteEntry(REGISTRATION_ALIAS);
                    }
                } else {
                    if (this.mKeyStore.containsAlias(str)) {
                        this.mKeyStore.deleteEntry(str);
                    }
                    this.mKeyStore.setKeyEntry(str, privateKey, charArray, certificateArr);
                }
            } else {
                this.mKeyStore.setCertificateEntry(str, x509Certificate);
            }
            loadManagers();
            FileOutputStream openFileOutput = this.mContext.openFileOutput(this.mKeyStorePath, 0);
            this.mKeyStore.store(openFileOutput, this.mKeyStorePassword.toCharArray());
            openFileOutput.close();
        } catch (FileNotFoundException e) {
            throw new PkiException("Cannot save cert to private storage", e);
        } catch (IOException e2) {
            throw new PkiException("Cannot save cert to private storage", e2);
        } catch (KeyStoreException e3) {
            throw new PkiException("Cannot save cert to private storage", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new PkiException("Cannot save cert to private storage", e4);
        } catch (CertificateException e5) {
            throw new PkiException("Cannot save cert to private storage", e5);
        }
    }

    public void saveCert(X509Certificate x509Certificate, KeyPair keyPair) throws PkiException {
        saveCert(x509Certificate, CLIENT_ALIAS, keyPair);
    }
}
