package com.assaabloy.stg.cliq.go.android.main.certificates;

import android.util.Base64;
import com.assaabloy.stg.cliq.android.common.util.log.Logger;
import com.assaabloy.stg.cliq.go.android.backend.TestModeUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.PKCS10CertificationRequest;

/* loaded from: classes.dex */
public class CertificateHandler {
    private static final String CERTIFICATE_BEGIN = "-----BEGIN CERTIFICATE-----";
    private static final String CERTIFICATE_END = "-----END CERTIFICATE-----";
    private static final String CERTIFICATE_REQUEST_BEGIN = "-----BEGIN NEW CERTIFICATE REQUEST-----";
    private static final String CERTIFICATE_REQUEST_END = "-----END NEW CERTIFICATE REQUEST-----";
    private static final String INSTANCE = "AndroidKeyStore";
    private static final String PROPERTY_COMMON_NAME = "CN";
    private static final String PROPERTY_ORGANIZATIONAL_UNIT = "OU";
    public static final String TAG = "CertificateHandler";
    private final Logger logger = new Logger(this, TAG);

    /* loaded from: classes.dex */
    public static final class CallFromTestsOnly {
        private static final String CLIENT_CERTIFICATE_TYPE = "PKCS12";

        private CallFromTestsOnly() {
        }

        static /* synthetic */ KeyStore access$000() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
            return getEmptyTestClientKeyStore();
        }

        private static KeyStore getEmptyTestClientKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
            KeyStore keyStore = KeyStore.getInstance(CLIENT_CERTIFICATE_TYPE);
            keyStore.load(null, null);
            return keyStore;
        }
    }

    /* loaded from: classes.dex */
    public static final class CannotGenerateCsrException extends Exception {
        private static final long serialVersionUID = 5723667168589981399L;

        CannotGenerateCsrException(Exception exc) {
            super(exc);
        }
    }

    /* loaded from: classes.dex */
    private static final class CannotLoadCertificateException extends RuntimeException {
        private static final long serialVersionUID = -5366702006717814251L;

        CannotLoadCertificateException(Exception exc) {
            super(exc);
        }

        CannotLoadCertificateException(String str) {
            super(str);
        }
    }

    /* loaded from: classes.dex */
    public static final class CannotStoreCertificateException extends Exception {
        private static final long serialVersionUID = 72412930602453033L;

        CannotStoreCertificateException(Exception exc) {
            super(exc);
        }
    }

    private static Certificate generateCompleteCertificate(String str) throws CertificateException {
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replace(CERTIFICATE_BEGIN, "").replace(CERTIFICATE_END, ""), 0)));
    }

    public static String generateCsr(KeyPair keyPair) throws CannotGenerateCsrException {
        try {
            return CERTIFICATE_REQUEST_BEGIN + Base64.encodeToString(new PKCS10CertificationRequest("SHA256withRSA", new X500Principal("CN=Test V3 Certificate"), keyPair.getPublic(), null, keyPair.getPrivate()).getEncoded(), 0) + CERTIFICATE_REQUEST_END;
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            throw new CannotGenerateCsrException(e);
        }
    }

    public static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        return KeyPairGenerator.getInstance("RSA").generateKeyPair();
    }

    public static String getCommonName(X509Certificate x509Certificate) {
        return getPropertyFromSubjectName(x509Certificate, PROPERTY_COMMON_NAME);
    }

    public static String getOrganizationalUnit(X509Certificate x509Certificate) {
        return getPropertyFromSubjectName(x509Certificate, PROPERTY_ORGANIZATIONAL_UNIT);
    }

    private static String getPropertyFromSubjectName(X509Certificate x509Certificate, String str) {
        for (String str2 : x509Certificate.getSubjectX500Principal().getName().split(",")) {
            int indexOf = str2.indexOf(str + "=");
            if (indexOf >= 0) {
                return str2.substring(str.length() + indexOf + 1);
            }
        }
        return null;
    }

    private static KeyStore loadKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(INSTANCE);
        keyStore.load(null);
        return keyStore;
    }

    public static void storeCertificate(String str, String str2, KeyPair keyPair, String str3) throws CannotStoreCertificateException {
        try {
            KeyStore keyStore = KeyStore.getInstance(INSTANCE);
            keyStore.load(null);
            keyStore.setKeyEntry(str + "#" + str2, keyPair.getPrivate(), null, new Certificate[]{generateCompleteCertificate(str3)});
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new CannotStoreCertificateException(e);
        }
    }

    public void deleteCertificate(String str) {
        try {
            (TestModeUtil.isTestMode() ? CallFromTestsOnly.access$000() : loadKeyStore()).deleteEntry(str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            this.logger.error(String.format("Could not delete certificate: %s", str), e);
            throw new CannotLoadCertificateException(e);
        }
    }

    public Map<String, X509Certificate> getAllCertificates() {
        this.logger.debug("getAllCertificates()");
        HashMap hashMap = new HashMap();
        try {
            KeyStore access$000 = TestModeUtil.isTestMode() ? CallFromTestsOnly.access$000() : loadKeyStore();
            Enumeration<String> aliases = access$000.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                hashMap.put(nextElement, (X509Certificate) access$000.getCertificate(nextElement));
            }
            return hashMap;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new CannotLoadCertificateException(e);
        }
    }

    public X509Certificate getCertificate(String str) throws CertificateAliasDoesNotExistException {
        this.logger.debug(String.format("getCertificate(alias=[%s])", str));
        try {
            KeyStore loadKeyStore = loadKeyStore();
            if (loadKeyStore.containsAlias(str)) {
                return (X509Certificate) loadKeyStore.getCertificate(str);
            }
            throw new CertificateAliasDoesNotExistException("Could not find alias: " + str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            this.logger.error(e.getMessage(), e);
            throw new CannotLoadCertificateException(e);
        }
    }

    public Key getKey(String str) {
        this.logger.debug(String.format("getKey(alias=[%s])", str));
        try {
            KeyStore loadKeyStore = loadKeyStore();
            if (loadKeyStore.containsAlias(str)) {
                return loadKeyStore.getKey(str, null);
            }
            throw new CannotLoadCertificateException("Could not find alias: " + str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            this.logger.error(e.getMessage(), e);
            throw new CannotLoadCertificateException(e);
        }
    }

    public boolean hasAnyCertificate() {
        try {
            return (TestModeUtil.isTestMode() ? CallFromTestsOnly.access$000() : loadKeyStore()).size() > 0;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            this.logger.error(e.getMessage(), e);
            throw new CannotLoadCertificateException(e);
        }
    }
}
