package com.eero.android.pki;

import android.content.Context;
import com.eero.android.api.service.RemoteAssetsKt;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.SSLContext;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.TypeCastException;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.PropertyReference1Impl;
import kotlin.jvm.internal.Reflection;
import kotlin.jvm.internal.StringCompanionObject;
import kotlin.reflect.KProperty;
import kotlin.text.StringsKt__StringsJVMKt;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import timber.log.Timber;

/* compiled from: Keys.kt */
/* loaded from: classes.dex */
public final class LocalKeyStoreIdentity implements LocalIdentity {
    static final /* synthetic */ KProperty[] $$delegatedProperties = {Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "private", "getPrivate()Ljava/security/PrivateKey;")), Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "cert", "getCert()Ljava/security/cert/Certificate;")), Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "public", "getPublic()Ljava/security/PublicKey;")), Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "caAlias", "getCaAlias()Ljava/lang/String;")), Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "caCert", "getCaCert()Ljava/security/cert/Certificate;")), Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "leafAlias", "getLeafAlias()Ljava/lang/String;")), Reflection.property1(new PropertyReference1Impl(Reflection.getOrCreateKotlinClass(LocalKeyStoreIdentity.class), "leafCert", "getLeafCert()Ljava/security/cert/Certificate;"))};
    private final String authoritySuffix;
    private final Lazy caAlias$delegate;
    private final Lazy caCert$delegate;
    private final Lazy cert$delegate;
    private final Context context;
    private final SegmentedKeyStore keyStore;
    private final Lazy leafAlias$delegate;
    private final Lazy leafCert$delegate;
    private final String leafSuffix;
    private final Lazy private$delegate;
    private final Lazy public$delegate;
    private final String rootAlias;
    private final String x500Subject;

    public LocalKeyStoreIdentity(Context context, SegmentedKeyStore keyStore, String x500Subject, String rootAlias, boolean z) {
        Lazy lazy;
        Lazy lazy2;
        Lazy lazy3;
        Lazy lazy4;
        Lazy lazy5;
        Lazy lazy6;
        Lazy lazy7;
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(keyStore, "keyStore");
        Intrinsics.checkParameterIsNotNull(x500Subject, "x500Subject");
        Intrinsics.checkParameterIsNotNull(rootAlias, "rootAlias");
        this.context = context;
        this.keyStore = keyStore;
        this.x500Subject = x500Subject;
        this.rootAlias = rootAlias;
        this.authoritySuffix = "-ca";
        this.leafSuffix = "-leaf";
        lazy = LazyKt__LazyJVMKt.lazy(new Function0<PrivateKey>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$private$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final PrivateKey invoke() {
                Key key = LocalKeyStoreIdentity.this.getKeyStore().getKey(LocalKeyStoreIdentity.this.getRootAlias(), null);
                if (key != null) {
                    return (PrivateKey) key;
                }
                throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
            }
        });
        this.private$delegate = lazy;
        lazy2 = LazyKt__LazyJVMKt.lazy(new Function0<Certificate>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$cert$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final Certificate invoke() {
                Certificate certificate = LocalKeyStoreIdentity.this.getKeyStore().getCertificate(LocalKeyStoreIdentity.this.getRootAlias());
                if (certificate != null) {
                    return certificate;
                }
                Intrinsics.throwNpe();
                throw null;
            }
        });
        this.cert$delegate = lazy2;
        lazy3 = LazyKt__LazyJVMKt.lazy(new Function0<PublicKey>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$public$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final PublicKey invoke() {
                return LocalKeyStoreIdentity.this.getCert().getPublicKey();
            }
        });
        this.public$delegate = lazy3;
        lazy4 = LazyKt__LazyJVMKt.lazy(new Function0<String>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$caAlias$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final String invoke() {
                String convertAuthorityAlias;
                LocalKeyStoreIdentity localKeyStoreIdentity = LocalKeyStoreIdentity.this;
                convertAuthorityAlias = localKeyStoreIdentity.convertAuthorityAlias(localKeyStoreIdentity.getRootAlias());
                return convertAuthorityAlias;
            }
        });
        this.caAlias$delegate = lazy4;
        lazy5 = LazyKt__LazyJVMKt.lazy(new Function0<Certificate>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$caCert$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final Certificate invoke() {
                Certificate certificate = LocalKeyStoreIdentity.this.getKeyStore().getCertificate(LocalKeyStoreIdentity.this.getCaAlias());
                if (certificate != null) {
                    return certificate;
                }
                Intrinsics.throwNpe();
                throw null;
            }
        });
        this.caCert$delegate = lazy5;
        lazy6 = LazyKt__LazyJVMKt.lazy(new Function0<String>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$leafAlias$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final String invoke() {
                String convertLeafAlias;
                LocalKeyStoreIdentity localKeyStoreIdentity = LocalKeyStoreIdentity.this;
                convertLeafAlias = localKeyStoreIdentity.convertLeafAlias(localKeyStoreIdentity.getRootAlias());
                return convertLeafAlias;
            }
        });
        this.leafAlias$delegate = lazy6;
        lazy7 = LazyKt__LazyJVMKt.lazy(new Function0<Certificate>() { // from class: com.eero.android.pki.LocalKeyStoreIdentity$leafCert$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final Certificate invoke() {
                Certificate certificate = LocalKeyStoreIdentity.this.getKeyStore().getCertificate(LocalKeyStoreIdentity.this.getLeafAlias());
                if (certificate != null) {
                    return certificate;
                }
                Intrinsics.throwNpe();
                throw null;
            }
        });
        this.leafCert$delegate = lazy7;
        boolean contains = this.keyStore.contains(getLeafAlias());
        boolean contains2 = this.keyStore.contains(getCaAlias());
        if (z) {
            if (contains && contains2) {
                return;
            }
            if (contains || contains2) {
                Timber.w("Partial KeyStore detected! Regenerating CA and leaf certificates!", new Object[0]);
            }
            try {
                generateKeys();
                generateCerts();
            } catch (Exception e) {
                Timber.e(e, "Key or Certificate generation failed", new Object[0]);
                try {
                    delete();
                } catch (KeyStoreException unused) {
                }
            }
        }
    }

    public /* synthetic */ LocalKeyStoreIdentity(Context context, SegmentedKeyStore segmentedKeyStore, String str, String str2, boolean z, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(context, segmentedKeyStore, str, (i & 8) != 0 ? str : str2, (i & 16) != 0 ? true : z);
    }

    private final String aliasForKeyStore(X509Certificate x509Certificate) {
        MessageDigest messageDigest = MessageDigest.getInstance(RemoteAssetsKt.HASH_ALGO);
        messageDigest.update(x509Certificate.getEncoded());
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        Object[] objArr = {new BigInteger(1, messageDigest.digest())};
        String format = String.format("%X", Arrays.copyOf(objArr, objArr.length));
        Intrinsics.checkExpressionValueIsNotNull(format, "java.lang.String.format(format, *args)");
        return this.rootAlias + "-trusts-" + format.subSequence(0, 10);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String convertAuthorityAlias(String str) {
        return str + this.authoritySuffix;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String convertLeafAlias(String str) {
        return str + this.leafSuffix;
    }

    private final void generateCerts() {
        X509Certificate createLeafCertificate;
        Date expiryForStartDate = X509Kt.expiryForStartDate(new Date());
        X509Certificate createRootCertificateAuthority = X509Kt.createRootCertificateAuthority(getPrivate(), getPublic(), this.x500Subject, X509Kt.randomCertSerial(), expiryForStartDate);
        PrivateKey privateKey = getPrivate();
        PublicKey publicKey = getPublic();
        String str = this.x500Subject;
        BigInteger serialNumber = createRootCertificateAuthority.getSerialNumber();
        Intrinsics.checkExpressionValueIsNotNull(serialNumber, "caCert.serialNumber");
        createLeafCertificate = X509Kt.createLeafCertificate(privateKey, publicKey, str, str, X509Kt.leafCertSerialFromCaSerial(serialNumber), expiryForStartDate, (r14 & 64) != 0 ? (GeneralName[]) null : null);
        this.keyStore.setCertificate(getCaAlias(), createRootCertificateAuthority);
        this.keyStore.setCertificate(getLeafAlias(), createLeafCertificate);
    }

    private final void generateKeys() {
        this.keyStore.generateKey(this.context, this.rootAlias, this.x500Subject);
    }

    @Override // com.eero.android.pki.LocalIdentity
    public void addTrustedAuthority(InputStream certStream) {
        Intrinsics.checkParameterIsNotNull(certStream, "certStream");
        for (Object obj : new CertificateFactory().engineGenerateCertificates(certStream)) {
            if (obj == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) obj;
            String convertAuthorityAlias = convertAuthorityAlias(aliasForKeyStore(x509Certificate));
            Timber.d("Adding remote cert '" + x509Certificate.getSubjectX500Principal() + "'with alias " + convertAuthorityAlias + " to KeyStore", new Object[0]);
            this.keyStore.setCertificate(convertAuthorityAlias, (Certificate) obj);
        }
    }

    @Override // com.eero.android.pki.LocalIdentity
    public void delete() {
        boolean startsWith$default;
        List<String> aliases = this.keyStore.getAliases();
        ArrayList arrayList = new ArrayList();
        for (Object obj : aliases) {
            startsWith$default = StringsKt__StringsJVMKt.startsWith$default((String) obj, this.rootAlias, false, 2, null);
            if (startsWith$default) {
                arrayList.add(obj);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            this.keyStore.delete((String) it.next());
        }
    }

    public final boolean exists$pki_release() {
        return this.keyStore.contains(getCaAlias());
    }

    public final String getCaAlias() {
        Lazy lazy = this.caAlias$delegate;
        KProperty kProperty = $$delegatedProperties[3];
        return (String) lazy.getValue();
    }

    public final Certificate getCaCert() {
        Lazy lazy = this.caCert$delegate;
        KProperty kProperty = $$delegatedProperties[4];
        return (Certificate) lazy.getValue();
    }

    public final Certificate getCert() {
        Lazy lazy = this.cert$delegate;
        KProperty kProperty = $$delegatedProperties[1];
        return (Certificate) lazy.getValue();
    }

    @Override // com.eero.android.pki.LocalIdentity
    public Certificate getCertificateAuthority() {
        return getCaCert();
    }

    public final Context getContext() {
        return this.context;
    }

    public final SegmentedKeyStore getKeyStore() {
        return this.keyStore;
    }

    public final String getLeafAlias() {
        Lazy lazy = this.leafAlias$delegate;
        KProperty kProperty = $$delegatedProperties[5];
        return (String) lazy.getValue();
    }

    public final Certificate getLeafCert() {
        Lazy lazy = this.leafCert$delegate;
        KProperty kProperty = $$delegatedProperties[6];
        return (Certificate) lazy.getValue();
    }

    public final PrivateKey getPrivate() {
        Lazy lazy = this.private$delegate;
        KProperty kProperty = $$delegatedProperties[0];
        return (PrivateKey) lazy.getValue();
    }

    public final PublicKey getPublic() {
        Lazy lazy = this.public$delegate;
        KProperty kProperty = $$delegatedProperties[2];
        return (PublicKey) lazy.getValue();
    }

    public final String getRootAlias() {
        return this.rootAlias;
    }

    @Override // com.eero.android.pki.LocalIdentity
    public SSLContext getSslContext() {
        return SslKt.createSslContext(this);
    }

    @Override // com.eero.android.pki.LocalIdentity
    public X509Certificate[] getTrustedAuthorities() {
        boolean endsWith$default;
        List<String> aliases = this.keyStore.getAliases();
        ArrayList arrayList = new ArrayList();
        for (Object obj : aliases) {
            endsWith$default = StringsKt__StringsJVMKt.endsWith$default((String) obj, this.authoritySuffix, false, 2, null);
            if (endsWith$default) {
                arrayList.add(obj);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Certificate certificate = this.keyStore.getCertificate((String) it.next());
            if (!(certificate instanceof X509Certificate)) {
                certificate = null;
            }
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (x509Certificate != null) {
                arrayList2.add(x509Certificate);
            }
        }
        Object[] array = arrayList2.toArray(new X509Certificate[0]);
        if (array != null) {
            return (X509Certificate[]) array;
        }
        throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
    }

    public final String getX500Subject() {
        return this.x500Subject;
    }

    @Override // com.eero.android.pki.LocalIdentity
    public void removeTrustedAuthority(InputStream certStream) {
        Intrinsics.checkParameterIsNotNull(certStream, "certStream");
        for (Object obj : new CertificateFactory().engineGenerateCertificates(certStream)) {
            if (obj == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
            }
            X509Certificate x509Certificate = (X509Certificate) obj;
            String convertAuthorityAlias = convertAuthorityAlias(aliasForKeyStore(x509Certificate));
            Timber.d("Removing remote cert '" + x509Certificate.getSubjectX500Principal() + "' with alias " + convertAuthorityAlias + " from KeyStore", new Object[0]);
            this.keyStore.delete(convertAuthorityAlias);
        }
    }

    @Override // com.eero.android.pki.LocalIdentity
    public byte[] sign(byte[] data, String signatureAlgorithm) {
        Intrinsics.checkParameterIsNotNull(data, "data");
        Intrinsics.checkParameterIsNotNull(signatureAlgorithm, "signatureAlgorithm");
        Signature signature = Signature.getInstance(signatureAlgorithm);
        signature.initSign(getPrivate());
        signature.update(data);
        byte[] sign = signature.sign();
        Intrinsics.checkExpressionValueIsNotNull(sign, "signer.sign()");
        return sign;
    }

    @Override // com.eero.android.pki.LocalIdentity
    public boolean verify(byte[] data, byte[] signature, String signatureAlgorithm) {
        Intrinsics.checkParameterIsNotNull(data, "data");
        Intrinsics.checkParameterIsNotNull(signature, "signature");
        Intrinsics.checkParameterIsNotNull(signatureAlgorithm, "signatureAlgorithm");
        Signature signature2 = Signature.getInstance(signatureAlgorithm);
        signature2.initVerify(getPublic());
        signature2.update(data);
        return signature2.verify(signature);
    }
}
