package com.eero.android.nimble;

import android.content.Context;
import android.content.SharedPreferences;
import com.eero.android.pki.KeysKt;
import com.eero.android.pki.LocalIdentity;
import com.eero.android.pki.X509Kt;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.security.auth.x500.X500Principal;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;
import timber.log.Timber;

/* compiled from: Identity.kt */
/* loaded from: classes.dex */
public final class IdentityKt {
    private static final String ID_KEYSTORE_PREFIX_A = "nimble-a/";
    private static final String ID_KEYSTORE_PREFIX_B = "nimble-b/";
    private static final String ID_PREFS = "nixid.prefs";
    private static final String ID_PREF_ACTIVE_PREFIX = "NIMBLE_IDENTIFIER";
    private static final String ID_PREF_IS_ROLLING = "NIMBLE_ROLLING";

    public static final X509Certificate beginIdentityRoll(Context context, String name) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        if (getPrefixedLocalIdentity$default(context, name, null, 4, null) == null) {
            Timber.w("Cannot roll identity '" + name + "', no such identity exists", new Object[0]);
            return null;
        }
        if (getIsAliasRolling(context, name)) {
            Timber.w("Cannot roll identity '" + name + "', roll already in progress", new Object[0]);
            return null;
        }
        setIsAliasRolling(context, name, true);
        LocalIdentity createLocalIdentity$default = KeysKt.createLocalIdentity$default(context, name, null, getKeystoreAliasInactivePrefix(context, name) + name, 4, null);
        Certificate certificateAuthority = createLocalIdentity$default != null ? createLocalIdentity$default.getCertificateAuthority() : null;
        if (!(certificateAuthority instanceof X509Certificate)) {
            certificateAuthority = null;
        }
        return (X509Certificate) certificateAuthority;
    }

    public static final boolean cancelIdentityRoll(Context context, String name) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        String keystoreAliasInactivePrefix = getKeystoreAliasInactivePrefix(context, name);
        LocalIdentity prefixedLocalIdentity = getPrefixedLocalIdentity(context, name, keystoreAliasInactivePrefix);
        if (prefixedLocalIdentity$default == null || prefixedLocalIdentity == null) {
            Timber.w("Cannot cancel identity roll, no identity pair exists for '" + name + "' ", new Object[0]);
            return false;
        }
        X509Certificate[] trustedAuthorities = prefixedLocalIdentity$default.getTrustedAuthorities();
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : trustedAuthorities) {
            if (true ^ Intrinsics.areEqual(x509Certificate, prefixedLocalIdentity.getCertificateAuthority())) {
                arrayList.add(x509Certificate);
            }
        }
        ArrayList arrayList2 = arrayList;
        if (!deletePrefixedLocalIdentity(context, name, keystoreAliasInactivePrefix)) {
            Timber.w("Cannot cancel identity roll, failed to delete rolling identity", new Object[0]);
            return false;
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            prefixedLocalIdentity$default.addTrustedAuthority(new ByteArrayInputStream(((X509Certificate) it.next()).getEncoded()));
        }
        setIsAliasRolling(context, name, false);
        return true;
    }

    public static final String certToPem(X509Certificate cert) {
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        return X509Kt.getPemEncodedString(cert);
    }

    public static final void clearTrustedAuthorities(Context context, String name) {
        X509Certificate[] trustedAuthorities;
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        Certificate certificateAuthority = prefixedLocalIdentity$default != null ? prefixedLocalIdentity$default.getCertificateAuthority() : null;
        if (prefixedLocalIdentity$default == null || (trustedAuthorities = prefixedLocalIdentity$default.getTrustedAuthorities()) == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : trustedAuthorities) {
            if (!Intrinsics.areEqual(x509Certificate, certificateAuthority)) {
                arrayList.add(x509Certificate);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            byte[] encoded = ((X509Certificate) it.next()).getEncoded();
            Intrinsics.checkExpressionValueIsNotNull(encoded, "it.encoded");
            prefixedLocalIdentity$default.removeTrustedAuthority(new ByteArrayInputStream(encoded));
        }
    }

    public static final boolean commitIdentityRoll(Context context, String name) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        String keystoreAliasInactivePrefix = getKeystoreAliasInactivePrefix(context, name);
        LocalIdentity prefixedLocalIdentity = getPrefixedLocalIdentity(context, name, keystoreAliasInactivePrefix);
        if (prefixedLocalIdentity$default == null || prefixedLocalIdentity == null) {
            Timber.w("Cannot commit identity roll, no identity pair exists for '" + name + "' ", new Object[0]);
            return false;
        }
        if (!getIsAliasRolling(context, name)) {
            Timber.w("Cannot commit identity roll, no roll in progress for '" + name + '\'', new Object[0]);
            return false;
        }
        String keystoreAliasActivePrefix = getKeystoreAliasActivePrefix(context, name);
        X509Certificate[] trustedAuthorities = prefixedLocalIdentity$default.getTrustedAuthorities();
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : trustedAuthorities) {
            if (true ^ Intrinsics.areEqual(x509Certificate, prefixedLocalIdentity$default.getCertificateAuthority())) {
                arrayList.add(x509Certificate);
            }
        }
        ArrayList arrayList2 = arrayList;
        if (!deletePrefixedLocalIdentity(context, name, keystoreAliasActivePrefix)) {
            Timber.w("Failed to delete old identity after roll", new Object[0]);
            return false;
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            prefixedLocalIdentity$default.addTrustedAuthority(new ByteArrayInputStream(((X509Certificate) it.next()).getEncoded()));
        }
        setKeystoreAliasActivePrefix(context, name, keystoreAliasInactivePrefix);
        setIsAliasRolling(context, name, false);
        return true;
    }

    private static final String createActivePrefixPrefKey(String str) {
        return ID_PREF_ACTIVE_PREFIX + str;
    }

    public static final X509Certificate createIdentity(Context context, String name) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity localIdentity$default = KeysKt.getLocalIdentity$default(context, name, null, ID_KEYSTORE_PREFIX_A + name, 4, null);
        LocalIdentity localIdentity$default2 = KeysKt.getLocalIdentity$default(context, name, null, ID_KEYSTORE_PREFIX_B + name, 4, null);
        if (localIdentity$default != null || localIdentity$default2 != null) {
            Timber.w("An identity already exists for '" + name + "' ", new Object[0]);
            return null;
        }
        String keystoreAliasActivePrefix = getKeystoreAliasActivePrefix(context, name);
        LocalIdentity createLocalIdentity$default = KeysKt.createLocalIdentity$default(context, name, null, keystoreAliasActivePrefix + name, 4, null);
        setKeystoreAliasActivePrefix(context, name, keystoreAliasActivePrefix);
        Certificate certificateAuthority = createLocalIdentity$default != null ? createLocalIdentity$default.getCertificateAuthority() : null;
        if (!(certificateAuthority instanceof X509Certificate)) {
            certificateAuthority = null;
        }
        return (X509Certificate) certificateAuthority;
    }

    private static final String createIsRollingPrefKey(String str) {
        return ID_PREF_IS_ROLLING + str;
    }

    public static final void deleteIdentity(Context context, String name) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        deletePrefixedLocalIdentity(context, name, getKeystoreAliasActivePrefix(context, name));
    }

    private static final boolean deletePrefixedLocalIdentity(Context context, String str, String str2) {
        int collectionSizeOrDefault;
        boolean endsWith$default;
        LocalIdentity prefixedLocalIdentity = getPrefixedLocalIdentity(context, str, str2);
        if (prefixedLocalIdentity == null) {
            Timber.w("Cannot delete identity which does not exist: '" + str + "' ", new Object[0]);
            return false;
        }
        SharedPreferences prefs = context.getSharedPreferences(ID_PREFS, 0);
        SharedPreferences.Editor edit = prefs.edit();
        Intrinsics.checkExpressionValueIsNotNull(prefs, "prefs");
        Set<Map.Entry<String, ?>> entrySet = prefs.getAll().entrySet();
        collectionSizeOrDefault = CollectionsKt__IterablesKt.collectionSizeOrDefault(entrySet, 10);
        ArrayList arrayList = new ArrayList(collectionSizeOrDefault);
        Iterator<T> it = entrySet.iterator();
        while (it.hasNext()) {
            arrayList.add((String) ((Map.Entry) it.next()).getKey());
        }
        ArrayList arrayList2 = new ArrayList();
        for (Object obj : arrayList) {
            String it2 = (String) obj;
            Intrinsics.checkExpressionValueIsNotNull(it2, "it");
            endsWith$default = StringsKt__StringsJVMKt.endsWith$default(it2, str, false, 2, null);
            if (endsWith$default) {
                arrayList2.add(obj);
            }
        }
        Iterator it3 = arrayList2.iterator();
        while (it3.hasNext()) {
            edit.remove((String) it3.next());
        }
        boolean commit = edit.commit();
        if (commit) {
            prefixedLocalIdentity.delete();
        }
        return commit;
    }

    public static final String getAddressFromNimbleCert(X509Certificate cert) {
        Object obj;
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        Collection<List<?>> subjectAlternativeNames = cert.getSubjectAlternativeNames();
        Intrinsics.checkExpressionValueIsNotNull(subjectAlternativeNames, "cert.subjectAlternativeNames");
        Iterator<T> it = subjectAlternativeNames.iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            if (Intrinsics.areEqual(((List) obj).get(0), 7)) {
                break;
            }
        }
        List list = (List) obj;
        Object obj2 = list != null ? list.get(1) : null;
        if (obj2 != null) {
            return (String) obj2;
        }
        throw new TypeCastException("null cannot be cast to non-null type kotlin.String");
    }

    public static final X509Certificate[] getEeroIdentityAuthorities(Context context, String name) {
        boolean startsWith$default;
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        X509Certificate[] identityAuthorities = getIdentityAuthorities(context, name);
        if (identityAuthorities == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : identityAuthorities) {
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal, "it.subjectX500Principal");
            String subjName = subjectX500Principal.getName();
            Intrinsics.checkExpressionValueIsNotNull(subjName, "subjName");
            startsWith$default = StringsKt__StringsJVMKt.startsWith$default(subjName, "CN=eero-", false, 2, null);
            if (startsWith$default) {
                arrayList.add(x509Certificate);
            }
        }
        Object[] array = arrayList.toArray(new X509Certificate[0]);
        if (array != null) {
            return (X509Certificate[]) array;
        }
        throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
    }

    public static final X509Certificate getIdentity(Context context, String name, boolean z) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity prefixedLocalIdentity = getPrefixedLocalIdentity(context, name, getIsAliasRolling(context, name) && z ? getKeystoreAliasInactivePrefix(context, name) : getKeystoreAliasActivePrefix(context, name));
        Certificate certificateAuthority = prefixedLocalIdentity != null ? prefixedLocalIdentity.getCertificateAuthority() : null;
        if (!(certificateAuthority instanceof X509Certificate)) {
            certificateAuthority = null;
        }
        return (X509Certificate) certificateAuthority;
    }

    public static /* synthetic */ X509Certificate getIdentity$default(Context context, String str, boolean z, int i, Object obj) {
        if ((i & 4) != 0) {
            z = false;
        }
        return getIdentity(context, str, z);
    }

    public static final X509Certificate[] getIdentityAuthorities(Context context, String name) {
        X509Certificate[] trustedAuthorities;
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        LocalIdentity prefixedLocalIdentity = getPrefixedLocalIdentity(context, name, getKeystoreAliasInactivePrefix(context, name));
        Certificate certificateAuthority = prefixedLocalIdentity != null ? prefixedLocalIdentity.getCertificateAuthority() : null;
        if (prefixedLocalIdentity$default == null || (trustedAuthorities = prefixedLocalIdentity$default.getTrustedAuthorities()) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : trustedAuthorities) {
            if (!Intrinsics.areEqual(x509Certificate, certificateAuthority)) {
                arrayList.add(x509Certificate);
            }
        }
        Object[] array = arrayList.toArray(new X509Certificate[0]);
        if (array != null) {
            return (X509Certificate[]) array;
        }
        throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
    }

    private static final boolean getIsAliasRolling(Context context, String str) {
        return context.getSharedPreferences(ID_PREFS, 0).getBoolean(createIsRollingPrefKey(str), false);
    }

    public static final int getKeyVersion() {
        return 2;
    }

    private static final String getKeystoreAliasActivePrefix(Context context, String str) {
        String string = context.getSharedPreferences(ID_PREFS, 0).getString(createActivePrefixPrefKey(str), ID_KEYSTORE_PREFIX_A);
        Intrinsics.checkExpressionValueIsNotNull(string, "prefs\n            .getSt…ey, ID_KEYSTORE_PREFIX_A)");
        return string;
    }

    private static final String getKeystoreAliasInactivePrefix(Context context, String str) {
        return Intrinsics.areEqual(getKeystoreAliasActivePrefix(context, str), ID_KEYSTORE_PREFIX_A) ? ID_KEYSTORE_PREFIX_B : ID_KEYSTORE_PREFIX_A;
    }

    private static final LocalIdentity getPrefixedLocalIdentity(Context context, String str, String str2) {
        return KeysKt.getLocalIdentity$default(context, str, null, str2 + str, 4, null);
    }

    static /* synthetic */ LocalIdentity getPrefixedLocalIdentity$default(Context context, String str, String str2, int i, Object obj) {
        if ((i & 4) != 0) {
            str2 = getKeystoreAliasActivePrefix(context, str);
        }
        return getPrefixedLocalIdentity(context, str, str2);
    }

    public static final SSLContext getSslContextForIdentityName(Context context, String name) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        if (prefixedLocalIdentity$default != null) {
            return prefixedLocalIdentity$default.getSslContext();
        }
        Timber.w("Cannot get SSL ccontext on behalf of identity which does not exist: '" + name + '\'', new Object[0]);
        return null;
    }

    public static final void revokeTrustedCertificateAuthority(Context context, String name, InputStream certificateAuthority) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        Intrinsics.checkParameterIsNotNull(certificateAuthority, "certificateAuthority");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        if (prefixedLocalIdentity$default != null) {
            prefixedLocalIdentity$default.removeTrustedAuthority(certificateAuthority);
            return;
        }
        Timber.w("Cannot revoke authority on behalf of identity which does not exist: '" + name + '\'', new Object[0]);
    }

    private static final void setIsAliasRolling(Context context, String str, boolean z) {
        context.getSharedPreferences(ID_PREFS, 0).edit().putBoolean(createIsRollingPrefKey(str), z).commit();
    }

    private static final void setKeystoreAliasActivePrefix(Context context, String str, String str2) {
        SharedPreferences sharedPreferences = context.getSharedPreferences(ID_PREFS, 0);
        sharedPreferences.edit().putString(createActivePrefixPrefKey(str), str2).commit();
    }

    public static final void trustCertificateAuthority(Context context, String name, InputStream certificateAuthority) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(name, "name");
        Intrinsics.checkParameterIsNotNull(certificateAuthority, "certificateAuthority");
        LocalIdentity prefixedLocalIdentity$default = getPrefixedLocalIdentity$default(context, name, null, 4, null);
        if (prefixedLocalIdentity$default != null) {
            prefixedLocalIdentity$default.addTrustedAuthority(certificateAuthority);
            return;
        }
        Timber.w("Cannot trust authority on behalf of identity which does not exist: '" + name + '\'', new Object[0]);
    }
}
