package com.oracle.iot.client.impl.trust;

import com.oracle.iot.client.impl.util.Base64;
import com.oracle.iot.client.trust.TrustException;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.noggit.JSONUtil;

/* loaded from: classes.dex */
public class UnifiedTrustedAssetsManager extends TrustedAssetsManagerBase {
    static final int AES_BLOCK_SIZE = 16;
    static final int AES_KEY_SIZE = 128;
    static final int CLIENT_ID_TAG = 2;
    static final int CONNECTED_DEVICE_TAG = 8;
    static final int ENDPOINT_ID_TAG = 4;
    static final byte FORMAT_VERSION = 33;
    private static final int INTEGER_BYTES = 4;
    static final byte MAX_FORMAT_VERSION = 126;
    static final int PBKDF2_ITERATIONS = 10000;
    static final int PRIVATE_KEY_TAG = 6;
    static final int PUBLIC_KEY_TAG = 7;
    static final int SERVER_URI_TAG = 1;
    static final int SHARED_SECRET_TAG = 3;
    static final int TRUST_ANCHOR_TAG = 5;
    static final Logger logger = Logger.getAnonymousLogger();
    byte[] sharedSecretUtf;
    File taStoreFile;
    String taStorePwd;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public static class TLV {
        int length;
        int offsetToNext;
        int tag;
        byte[] value;

        TLV(byte[] bArr, int i) {
            this.tag = bArr[i] & 255;
            int i2 = i + 1;
            this.length = bArr[i2] & 255;
            this.length <<= 8;
            int i3 = i2 + 1;
            this.length += bArr[i3] & 255;
            int i4 = i3 + 1;
            this.value = new byte[this.length];
            System.arraycopy(bArr, i4, this.value, 0, this.length);
            this.offsetToNext = this.length + i4;
        }

        static void writeValue(OutputStream outputStream, int i, byte[] bArr) throws IOException {
            outputStream.write(i);
            outputStream.write(bArr.length >>> 8);
            outputStream.write(bArr.length);
            outputStream.write(bArr);
        }
    }

    UnifiedTrustedAssetsManager() {
    }

    public UnifiedTrustedAssetsManager(String str, String str2, Object obj) throws TrustException {
        load(new File(str), str2);
    }

    static SecretKey createKey(String str, byte[] bArr) {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, PBKDF2_ITERATIONS, 128)).getEncoded(), "AES");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] createTas(String str, String str2, String str3, int i, String str4, String str5, String str6, X509Certificate x509Certificate, PrivateKey privateKey, PublicKey publicKey, Map<String, SecretKey> map) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        StringBuffer stringBuffer = new StringBuffer(str2);
        stringBuffer.append("://");
        stringBuffer.append(str3);
        if (i >= 0) {
            stringBuffer.append(JSONUtil.NAME_SEPARATOR);
            stringBuffer.append(i);
        }
        byte[] bytes = stringBuffer.toString().getBytes("UTF-8");
        TLV.writeValue(byteArrayOutputStream, 1, bytes);
        byte[] bytes2 = str4.getBytes("UTF8");
        TLV.writeValue(byteArrayOutputStream, 2, bytes2);
        TLV.writeValue(byteArrayOutputStream, 3, str5.getBytes("UTF8"));
        if (str6 != null) {
            TLV.writeValue(byteArrayOutputStream, 4, str6.getBytes("UTF8"));
        }
        if (x509Certificate != null) {
            TLV.writeValue(byteArrayOutputStream, 5, x509Certificate.getEncoded());
        }
        if (privateKey != null) {
            TLV.writeValue(byteArrayOutputStream, 6, privateKey.getEncoded());
        }
        if (publicKey != null) {
            TLV.writeValue(byteArrayOutputStream, 7, publicKey.getEncoded());
        }
        if (map != null) {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            for (Map.Entry<String, SecretKey> entry : map.entrySet()) {
                TLV.writeValue(byteArrayOutputStream2, 2, entry.getKey().getBytes("UTF-8"));
                TLV.writeValue(byteArrayOutputStream2, 3, entry.getValue().getEncoded());
                TLV.writeValue(byteArrayOutputStream, 8, byteArrayOutputStream2.toByteArray());
                byteArrayOutputStream2.reset();
            }
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        byte[] generateIv = generateIv();
        byte[] encode = Base64.getMimeEncoder().encode(encrypt(createKey(str, generateIv), generateIv, byteArray));
        byteArrayOutputStream.reset();
        byteArrayOutputStream.write(33);
        byteArrayOutputStream.write(encode);
        byteArrayOutputStream.write("\n#serverUri:".getBytes());
        byteArrayOutputStream.write(bytes);
        byteArrayOutputStream.write("\n#clientId:".getBytes());
        byteArrayOutputStream.write(bytes2);
        byteArrayOutputStream.write("\n".getBytes());
        return byteArrayOutputStream.toByteArray();
    }

    private static int decodeInt(byte[] bArr) {
        int i = 0;
        for (byte b : bArr) {
            i = (i << 8) | (b & 255);
        }
        return i;
    }

    static byte[] decrypt(SecretKey secretKey, byte[] bArr) {
        return decrypt(secretKey, bArr, 0, bArr.length);
    }

    static byte[] decrypt(SecretKey secretKey, byte[] bArr, int i, int i2) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, secretKey, new IvParameterSpec(bArr, 0, 16));
            return cipher.doFinal(bArr, i + 16, i2 - 16);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static byte[] encodeInt(int i) {
        byte[] bArr = new byte[4];
        for (int i2 = 3; i2 >= 0; i2--) {
            bArr[i2] = (byte) (i & 255);
            i >>>= 8;
        }
        return bArr;
    }

    static byte[] encrypt(SecretKey secretKey, byte[] bArr, byte[] bArr2) {
        return encrypt(secretKey, bArr, bArr2, 0, bArr2.length);
    }

    static byte[] encrypt(SecretKey secretKey, byte[] bArr, byte[] bArr2, int i, int i2) {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(1, secretKey, new IvParameterSpec(bArr));
            byte[] bArr3 = new byte[bArr.length + cipher.getOutputSize(i2)];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            cipher.doFinal(bArr2, i, i2, bArr3, bArr.length);
            return bArr3;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    static byte[] generateIv() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    String getSharedSecret() {
        return new String(this.sharedSecretUtf);
    }

    void initialize(String str, byte[] bArr) throws Exception {
        this.taStorePwd = str;
        if (bArr[0] != 33) {
            throw new Exception("Unknown trusted asset store version");
        }
        int i = 1;
        while (i < bArr.length && bArr[i] != 35) {
            i++;
        }
        byte[] decode = Base64.getMimeDecoder().decode(bArr, 1, i - 1);
        byte[] bArr2 = new byte[16];
        System.arraycopy(decode, 0, bArr2, 0, bArr2.length);
        byte[] decrypt = decrypt(createKey(str, bArr2), decode);
        int length = decrypt.length;
        int i2 = 0;
        while (i2 < length) {
            TLV tlv = new TLV(decrypt, i2);
            switch (tlv.tag) {
                case 1:
                    setServer(new String(tlv.value));
                    break;
                case 2:
                    this.clientId = new String(tlv.value);
                    break;
                case 3:
                    this.sharedSecretUtf = tlv.value;
                    setSharedSecret(this.sharedSecretUtf);
                    break;
                case 4:
                    this.endpointId = new String(tlv.value);
                    break;
                case 5:
                    addTrustAnchor(tlv.value);
                    break;
                case 6:
                    setPrivateKey(tlv.value);
                    break;
                case 7:
                    setPublicKey(tlv.value);
                    break;
                case 8:
                    TLV tlv2 = new TLV(tlv.value, 0);
                    addSharedSecret(new String(tlv2.value), new TLV(tlv.value, tlv2.offsetToNext).value);
                    break;
                default:
                    logger.log(Level.FINEST, "Unknown value tag " + tlv.tag);
                    break;
            }
            i2 = tlv.offsetToNext;
        }
    }

    void load(File file, String str) throws TrustException {
        FileInputStream fileInputStream;
        this.taStoreFile = file;
        this.taStorePwd = str;
        if (file == null) {
            throw new TrustException("Path is null");
        }
        if (str == null) {
            throw new TrustException("Password is null");
        }
        try {
            try {
                byte[] bArr = new byte[(int) this.taStoreFile.length()];
                fileInputStream = new FileInputStream(this.taStoreFile);
                try {
                    fileInputStream.read(bArr);
                    initialize(str, bArr);
                } catch (Exception e) {
                    logger.log(Level.SEVERE, "caught '" + e + "' while loading trusted assets file " + this.taStoreFile);
                    throw new TrustException("Error loading trusted assets file " + this.taStoreFile, e);
                }
            } catch (FileNotFoundException e2) {
                logger.log(Level.SEVERE, this.taStoreFile + " not found");
                throw new TrustException("Error loading trusted assets...", e2);
            }
        } finally {
            try {
                fileInputStream.close();
            } catch (Exception e3) {
            }
        }
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase
    protected void store() throws Exception {
        X509Certificate x509Certificate = null;
        if (this.trustAnchors != null) {
            Iterator<X509Certificate> it = this.trustAnchors.iterator();
            if (it.hasNext()) {
                x509Certificate = it.next();
            }
        }
        byte[] createTas = createTas(this.taStorePwd, this.serverScheme, this.serverHost, this.serverPort, this.clientId, new String(this.sharedSecretUtf), this.endpointId, x509Certificate, this.privateKey, this.publicKey, this.icdMap);
        FileOutputStream fileOutputStream = new FileOutputStream(this.taStoreFile);
        try {
            fileOutputStream.write(createTas);
            fileOutputStream.flush();
        } finally {
            try {
                fileOutputStream.close();
            } catch (IOException e) {
            }
        }
    }
}
