package com.oracle.iot.client.impl.trust;

import com.oracle.iot.client.impl.device.DirectActivationRequest;
import com.oracle.iot.client.trust.TrustException;
import com.oracle.iot.client.trust.TrustedAssetsManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public abstract class TrustedAssetsManagerBase implements TrustedAssetsManager {
    public static final String TA_STORE_PASSWORD_PROPERTY = "oracle.iot.client.trustedAssetsStorePassword";
    public static final String TA_STORE_PROPERTY = "oracle.iot.client.trustedAssetsStore";
    protected String clientId;
    protected String endpointId;
    protected Map<String, SecretKey> icdMap;
    protected PrivateKey privateKey;
    protected PublicKey publicKey;
    protected String serverHost;
    protected String serverScheme;
    protected SecretKey sharedSecret;
    protected int serverPort = -1;
    protected Set<X509Certificate> trustAnchors = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSharedSecret(String str, byte[] bArr) {
        if (this.icdMap == null) {
            this.icdMap = new HashMap();
        }
        this.icdMap.put(str, new SecretKeySpec(bArr, "Hmac"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addTrustAnchor(byte[] bArr) throws Exception {
        if (this.trustAnchors == null) {
            this.trustAnchors = new HashSet();
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        this.trustAnchors.add((X509Certificate) CertificateFactory.getInstance(DirectActivationRequest.PUBLIC_KEY_ENCODING_FORMAT_X509).generateCertificate(byteArrayInputStream));
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public void generateKeyPair(String str, int i) throws TrustException {
        if (this.endpointId != null) {
            throw new IllegalStateException("Already activated: EndpointId already assigned.");
        }
        if (str == null) {
            throw new NullPointerException("Algorithm cannot be null.");
        }
        try {
            if (i <= 0) {
                throw new IllegalArgumentException("Key size cannot be negative or 0.");
            }
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
                keyPairGenerator.initialize(i);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                this.privateKey = generateKeyPair.getPrivate();
                this.publicKey = generateKeyPair.getPublic();
            } catch (NoSuchAlgorithmException e) {
                throw new TrustException("Can't find public key algorithm " + str, e);
            }
        } catch (GeneralSecurityException e2) {
            throw new TrustException(e2.getMessage(), e2);
        }
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public String getClientId() {
        return this.clientId;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    @Deprecated
    public final byte[] getEncryptedSharedSecret() throws TrustException {
        throw new TrustException("Unsupported operation...");
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public byte[] getEndpointCertificate() {
        if (isActivated()) {
            return new byte[0];
        }
        throw new IllegalStateException("Endpoint not activated.");
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public String getEndpointId() {
        if (this.endpointId == null) {
            throw new IllegalStateException("EndpointId not assigned.");
        }
        return this.endpointId;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public PublicKey getPublicKey() {
        if (this.privateKey == null) {
            throw new IllegalStateException("Key pair not yet generated.");
        }
        return this.publicKey;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public String getServerHost() {
        return this.serverHost;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public int getServerPort() {
        return this.serverPort;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public String getServerScheme() {
        return this.serverScheme;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public Vector<byte[]> getTrustAnchorCertificates() {
        Vector<byte[]> vector = new Vector<>();
        if (this.trustAnchors != null) {
            Iterator<X509Certificate> it = this.trustAnchors.iterator();
            while (it.hasNext()) {
                try {
                    vector.addElement(it.next().getEncoded());
                } catch (CertificateEncodingException e) {
                }
            }
        }
        return vector;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public boolean isActivated() {
        return this.endpointId != null;
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public void reset() throws TrustException {
        this.endpointId = null;
        this.privateKey = null;
        this.publicKey = null;
        try {
            store();
        } catch (Exception e) {
            throw new TrustException("Error resetting the trusted assets...", e);
        }
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public void setEndPointCredentials(String str, byte[] bArr) throws TrustException {
        if (this.privateKey == null) {
            throw new IllegalStateException("Key pair not yet generated.");
        }
        this.endpointId = str;
        try {
            store();
        } catch (Exception e) {
            throw new TrustException("Error storing the trusted assets...", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setPrivateKey(byte[] bArr) throws Exception {
        this.privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setPublicKey(byte[] bArr) throws Exception {
        this.publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(bArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setServer(String str) throws Exception {
        URI uri = new URI(str);
        this.serverScheme = uri.getScheme();
        if (!"https".equals(this.serverScheme)) {
            System.setProperty(TrustedAssetsManager.DISABLE_LONG_POLLING_PROPERTY, "true");
        }
        this.serverHost = uri.getHost();
        this.serverPort = uri.getPort();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSharedSecret(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        this.sharedSecret = new SecretKeySpec(bArr, "Hmac");
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public byte[] signWithPrivateKey(byte[] bArr, String str) throws TrustException {
        if (this.privateKey == null) {
            throw new IllegalStateException("key not yet generated.");
        }
        if (str == null) {
            throw new NullPointerException("Algorithm cannot be null.");
        }
        if (bArr == null) {
            throw new NullPointerException("Data cannot be null.");
        }
        try {
            try {
                Signature signature = Signature.getInstance(str);
                signature.initSign(this.privateKey);
                signature.update(bArr);
                return signature.sign();
            } catch (NoSuchAlgorithmException e) {
                throw new TrustException("Can't find signing algorithm " + str, e);
            }
        } catch (GeneralSecurityException e2) {
            throw new TrustException("Error signing with key...", e2);
        }
    }

    @Override // com.oracle.iot.client.trust.TrustedAssetsManager
    public byte[] signWithSharedSecret(byte[] bArr, String str, String str2) throws TrustException {
        if (str == null) {
            throw new NullPointerException("Algorithm cannot be null.");
        }
        if (bArr == null) {
            throw new NullPointerException("Data cannot be null.");
        }
        SecretKey secretKey = null;
        if (str2 == null || str2.equals(getClientId())) {
            secretKey = this.sharedSecret;
        } else if (this.icdMap != null) {
            secretKey = this.icdMap.get(str2);
        }
        try {
            if (secretKey == null) {
                throw new TrustException("Shared secret not provisioned.");
            }
            try {
                Mac mac = Mac.getInstance(str);
                mac.init(secretKey);
                mac.update(bArr);
                return mac.doFinal();
            } catch (NoSuchAlgorithmException e) {
                throw new TrustException("Can't find signing algorithm " + str, e);
            }
        } catch (GeneralSecurityException e2) {
            throw new TrustException("Error signing with shared secret...", e2);
        }
    }

    protected abstract void store() throws Exception;
}
