package com.oracle.iot.client.impl.trust;

import com.oracle.iot.client.impl.device.DirectActivationRequest;
import com.oracle.iot.client.impl.util.Base64;
import com.oracle.iot.client.trust.TrustException;
import com.oracle.iot.client.trust.TrustedAssetsManager;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public class DefaultTrustedAssetsManager extends TrustedAssetsManagerBase {
    private static final String EP_NOT_SET = "__EP_NOT_SET__";
    private X509Certificate certificate;
    private KeyStore.ProtectionParameter taProtection;
    private KeyStore taStore;
    private KeyStore.Builder taStoreBuilder;
    private File taStoreFile;
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private static final String IOT_SCHEME = "iotcs";
    private static final String IOT_SCHEME_PREFIX = IOT_SCHEME.concat("+");
    private static final Logger LOGGER = Logger.getLogger("oracle.iot.client");

    /* loaded from: classes.dex */
    public static class ProvisioningSupport {
        private Certificate certificate;
        private String clientId;
        private String endpointId;
        private PrivateKey privateKey;
        private String serverHost;
        private int serverPort;
        private String serverScheme;
        private String sharedSecret;
        private KeyStore.Builder taStoreBuilder;
        private File taStoreFile;
        private String taStorePassword;
        private final Map<String, Certificate> trustAnchors;

        private ProvisioningSupport(File file, String str) {
            this.taStoreBuilder = null;
            this.taStoreFile = null;
            this.taStorePassword = null;
            this.trustAnchors = new HashMap();
            if (file == null) {
                throw new IllegalArgumentException("taStoreFile cannot be null...");
            }
            if (str == null) {
                throw new IllegalArgumentException("taStorePassword cannot be null...");
            }
            this.taStoreFile = file;
            this.taStorePassword = str;
        }

        private ProvisioningSupport(KeyStore.Builder builder) {
            this.taStoreBuilder = null;
            this.taStoreFile = null;
            this.taStorePassword = null;
            this.trustAnchors = new HashMap();
            if (builder == null) {
                throw new IllegalArgumentException("taStoreBuilder cannot be null...");
            }
            this.taStoreBuilder = builder;
        }

        public static ProvisioningSupport create() {
            return new ProvisioningSupport(new File(System.getProperty(TrustedAssetsManagerBase.TA_STORE_PROPERTY, "trustedAssetsStore.bks")), System.getProperty(TrustedAssetsManagerBase.TA_STORE_PASSWORD_PROPERTY));
        }

        public static ProvisioningSupport create(File file, String str) {
            return new ProvisioningSupport(file, str);
        }

        public static ProvisioningSupport create(KeyStore.Builder builder) {
            return new ProvisioningSupport(builder);
        }

        private void store() throws TrustException {
            KeyStore keyStore;
            KeyStore.ProtectionParameter passwordProtection;
            FileOutputStream fileOutputStream;
            try {
                if (this.taStoreBuilder != null) {
                    store(this.taStoreBuilder.getKeyStore(), null, this.taStoreBuilder);
                    return;
                }
                FileOutputStream fileOutputStream2 = null;
                FileInputStream fileInputStream = null;
                try {
                    keyStore = KeyStore.getInstance("BKS");
                    passwordProtection = this.taStorePassword != null ? new KeyStore.PasswordProtection(this.taStorePassword.toCharArray()) : null;
                    fileInputStream = this.taStoreFile.exists() ? new FileInputStream(this.taStoreFile) : null;
                    keyStore.load(fileInputStream, passwordProtection != null ? ((KeyStore.PasswordProtection) passwordProtection).getPassword() : null);
                    fileOutputStream = new FileOutputStream(this.taStoreFile);
                } catch (Throwable th) {
                    th = th;
                }
                try {
                    store(keyStore, passwordProtection, null);
                    keyStore.store(fileOutputStream, passwordProtection != null ? ((KeyStore.PasswordProtection) passwordProtection).getPassword() : null);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                } catch (Throwable th2) {
                    th = th2;
                    fileOutputStream2 = fileOutputStream;
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    if (fileOutputStream2 == null) {
                        throw th;
                    }
                    try {
                        fileOutputStream2.close();
                        throw th;
                    } catch (IOException e4) {
                        throw th;
                    }
                }
            } catch (Exception e5) {
                DefaultTrustedAssetsManager.access$000().log(Level.SEVERE, "caught '" + e5 + e5.getMessage() + "' while loading trusted assets from taStoreBuilder " + this.taStoreBuilder);
                throw new TrustException("Error loading trusted assets...", e5);
            }
        }

        private void store(KeyStore keyStore, KeyStore.ProtectionParameter protectionParameter, KeyStore.Builder builder) throws KeyStoreException, URISyntaxException {
            if (this.clientId == null && this.endpointId == null) {
                byte[] bArr = new byte[32];
                new SecureRandom().nextBytes(bArr);
                KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "Hmac"));
                String uri = new URI(DefaultTrustedAssetsManager.IOT_SCHEME_PREFIX + this.serverScheme, null, this.serverHost, this.serverPort, null, null, null).toString();
                if (builder != null) {
                    protectionParameter = builder.getProtectionParameter(uri);
                }
                keyStore.setEntry(uri, secretKeyEntry, protectionParameter);
            } else {
                if (this.sharedSecret != null) {
                    KeyStore.SecretKeyEntry secretKeyEntry2 = new KeyStore.SecretKeyEntry(new SecretKeySpec(this.sharedSecret.getBytes(DefaultTrustedAssetsManager.UTF_8), "Hmac"));
                    String uri2 = new URI(DefaultTrustedAssetsManager.IOT_SCHEME_PREFIX + this.serverScheme, DefaultTrustedAssetsManager.caseEncode(this.clientId), this.serverHost, this.serverPort, null, null, DefaultTrustedAssetsManager.caseEncode(this.endpointId)).toString();
                    keyStore.setEntry(uri2, secretKeyEntry2, builder != null ? builder.getProtectionParameter(uri2) : protectionParameter);
                }
                if (this.privateKey != null) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(this.privateKey, new Certificate[]{this.certificate});
                    String uri3 = new URI(DefaultTrustedAssetsManager.IOT_SCHEME_PREFIX + this.serverScheme, DefaultTrustedAssetsManager.caseEncode(this.clientId), this.serverHost, this.serverPort, null, null, DefaultTrustedAssetsManager.caseEncode(this.endpointId)).toString();
                    if (builder != null) {
                        protectionParameter = builder.getProtectionParameter(uri3);
                    }
                    keyStore.setEntry(uri3, privateKeyEntry, protectionParameter);
                }
            }
            if (this.trustAnchors == null || this.trustAnchors.isEmpty()) {
                return;
            }
            for (Map.Entry<String, Certificate> entry : this.trustAnchors.entrySet()) {
                keyStore.setEntry(entry.getKey(), new KeyStore.TrustedCertificateEntry(entry.getValue()), null);
            }
        }

        public ProvisioningSupport addTrustAnchor(String str, Certificate certificate) {
            if (certificate == null || str == null) {
                throw new IllegalArgumentException("Trust Anchor or alias cannot be null...");
            }
            this.trustAnchors.put(str, certificate);
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public void provision() throws TrustException {
            try {
                store();
            } finally {
                this.sharedSecret = null;
                this.privateKey = null;
            }
        }

        public ProvisioningSupport setClientCredentials(String str, String str2) {
            if (this.privateKey != null) {
                throw new IllegalStateException("Client cannot be provisioned with both a shared secret and a private key...");
            }
            if (str == null || str2 == null) {
                throw new IllegalArgumentException("Client Id and shared secret cannot be null...");
            }
            this.clientId = str;
            this.sharedSecret = str2;
            return this;
        }

        public ProvisioningSupport setClientCredentials(String str, PrivateKey privateKey, Certificate certificate) {
            if (this.sharedSecret != null) {
                throw new IllegalStateException("Client cannot be provisioned with both a shared secret and a private key...");
            }
            if (str == null || privateKey == null || certificate == null) {
                throw new IllegalArgumentException("Endpoint Id, private key and certificate cannot be null...");
            }
            this.clientId = str;
            this.endpointId = str;
            this.privateKey = privateKey;
            this.certificate = certificate;
            return this;
        }

        public ProvisioningSupport setEnterpriseClientCredentials(String str, String str2) {
            if (this.privateKey != null) {
                throw new IllegalStateException("Client cannot be provisioned with both a shared secret and a private key...");
            }
            if (str == null || str2 == null) {
                throw new IllegalArgumentException("Client Id and shared secret cannot be null...");
            }
            this.clientId = str;
            this.endpointId = str;
            this.sharedSecret = str2;
            return this;
        }

        public ProvisioningSupport setServer(String str, String str2, int i) {
            if (str == null || str2 == null || i < 0) {
                throw new IllegalArgumentException("Server host cannot be null and server port cannot be negative...");
            }
            this.serverScheme = str;
            this.serverHost = str2;
            this.serverPort = i;
            return this;
        }
    }

    private DefaultTrustedAssetsManager() {
    }

    public DefaultTrustedAssetsManager(String str, String str2, Object obj) throws TrustException {
        load(str, str2);
    }

    static /* synthetic */ Logger access$000() {
        return getLogger();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String caseEncode(String str) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (char c : str.toCharArray()) {
            if (Character.isUpperCase(c)) {
                sb.append('%').append(Integer.toHexString(c));
            } else {
                sb.append(c);
            }
        }
        return sb.toString();
    }

    private byte[] char2bytes(char[] cArr) {
        ByteBuffer encode = Charset.forName("UTF-8").encode(CharBuffer.wrap(cArr));
        byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
        Arrays.fill(encode.array(), (byte) 0);
        return copyOfRange;
    }

    public static DefaultTrustedAssetsManager create(File file, KeyStore.PasswordProtection passwordProtection, Object obj) throws TrustException {
        DefaultTrustedAssetsManager defaultTrustedAssetsManager = new DefaultTrustedAssetsManager();
        defaultTrustedAssetsManager.load(file, passwordProtection);
        return defaultTrustedAssetsManager;
    }

    public static DefaultTrustedAssetsManager create(KeyStore.Builder builder, Object obj) throws TrustException {
        DefaultTrustedAssetsManager defaultTrustedAssetsManager = new DefaultTrustedAssetsManager();
        defaultTrustedAssetsManager.load(builder);
        return defaultTrustedAssetsManager;
    }

    private KeyStore.PasswordProtection derivePassword(KeyStore.PasswordProtection passwordProtection) throws GeneralSecurityException {
        Mac mac;
        if (this.sharedSecret == null) {
            return passwordProtection;
        }
        byte[] char2bytes = char2bytes(passwordProtection.getPassword());
        try {
            mac = Mac.getInstance("HmacSHA256", this.taStore.getProvider());
        } catch (NoSuchAlgorithmException e) {
            mac = Mac.getInstance("HmacSHA256");
        }
        mac.init(this.sharedSecret);
        mac.update(char2bytes);
        String encodeToString = Base64.getEncoder().encodeToString(mac.doFinal());
        Arrays.fill(char2bytes, (byte) 0);
        return new KeyStore.PasswordProtection(encodeToString.toCharArray());
    }

    private static X509Certificate generateSelfSignedCertificate(PrivateKey privateKey, PublicKey publicKey, String str) throws GeneralSecurityException {
        if (!(privateKey instanceof RSAPrivateKey) || !(publicKey instanceof RSAPublicKey)) {
            throw new GeneralSecurityException("Unsupported Algorithm");
        }
        Date date = new Date();
        return SelfSignedX509CertificateFactory.generateSelfSignedCertificate((RSAPrivateKey) privateKey, (RSAPublicKey) publicKey, "SHA1WithRSA", str, date, new Date(date.getTime() + 31536000000L));
    }

    private static Logger getLogger() {
        return LOGGER;
    }

    private KeyStore.ProtectionParameter getProtection(String str) throws KeyStoreException {
        return this.taStoreBuilder != null ? this.taStoreBuilder.getProtectionParameter(str) : this.taProtection;
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    private void load() throws GeneralSecurityException, URISyntaxException, UnsupportedEncodingException {
        this.trustAnchors = new HashSet();
        Enumeration<String> aliases = this.taStore.aliases();
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            if (this.taStore.entryInstanceOf(nextElement, KeyStore.SecretKeyEntry.class)) {
                URI uri = null;
                try {
                    uri = new URI(nextElement);
                } catch (URISyntaxException e) {
                }
                if (uri != null && uri.getScheme() != null && IOT_SCHEME.regionMatches(0, uri.getScheme(), 0, IOT_SCHEME.length())) {
                    parseURI(uri);
                    this.sharedSecret = ((KeyStore.SecretKeyEntry) this.taStore.getEntry(nextElement, getProtection(nextElement))).getSecretKey();
                    break;
                }
            }
        }
        Enumeration<String> aliases2 = this.taStore.aliases();
        while (aliases2.hasMoreElements()) {
            String nextElement2 = aliases2.nextElement();
            if (this.taStore.entryInstanceOf(nextElement2, KeyStore.PrivateKeyEntry.class)) {
                URI uri2 = null;
                try {
                    uri2 = new URI(nextElement2);
                } catch (URISyntaxException e2) {
                }
                if (uri2 != null && uri2.getScheme() != null && IOT_SCHEME.regionMatches(0, uri2.getScheme(), 0, IOT_SCHEME.length())) {
                    parseURI(uri2);
                    KeyStore.ProtectionParameter protection = getProtection(nextElement2);
                    if (protection instanceof KeyStore.PasswordProtection) {
                        protection = derivePassword((KeyStore.PasswordProtection) protection);
                    }
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) this.taStore.getEntry(nextElement2, protection);
                    this.privateKey = privateKeyEntry.getPrivateKey();
                    this.certificate = (X509Certificate) privateKeyEntry.getCertificate();
                }
            } else if (this.taStore.entryInstanceOf(nextElement2, KeyStore.TrustedCertificateEntry.class)) {
                this.trustAnchors.add((X509Certificate) ((KeyStore.TrustedCertificateEntry) this.taStore.getEntry(nextElement2, null)).getTrustedCertificate());
            }
        }
        if (this.serverHost == null || this.serverPort == -1) {
            getLogger().log(Level.SEVERE, "Verify that you are referring to a device trusted assets store (that you generated using the TrustedAssetsProvisioner class).\n\tVerify that you used only the server name and not the server URL for serverHost...");
            throw new GeneralSecurityException("Trusted assets not properly provisioned...");
        }
    }

    private void load(File file, KeyStore.PasswordProtection passwordProtection) throws TrustException {
        FileInputStream fileInputStream;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                this.taStoreFile = file;
                this.taStore = KeyStore.getInstance("BKS");
                this.taProtection = passwordProtection;
                fileInputStream = new FileInputStream(this.taStoreFile);
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e) {
            e = e;
        } catch (IOException e2) {
            e = e2;
        } catch (Exception e3) {
            e = e3;
        }
        try {
            this.taStore.load(fileInputStream, ((KeyStore.PasswordProtection) this.taProtection).getPassword());
            load();
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e4) {
                }
            }
        } catch (FileNotFoundException e5) {
            e = e5;
            getLogger().log(Level.SEVERE, "Make sure that the filename/path specified by 'oracle.iot.client.trustedAssetsStore' property matches the filename/path of the trusted asset store that you created.");
            throw new TrustException("Error loading trusted assets...", e);
        } catch (IOException e6) {
            e = e6;
            getLogger().log(Level.SEVERE, "Make sure that the password specified by 'oracle.iot.client.trustedAssetsStorePassword' property matches the password you selected when you created your trusted assets store.");
            throw new TrustException("Error loading trusted assets...", e);
        } catch (Exception e7) {
            e = e7;
            getLogger().log(Level.SEVERE, "caught '" + e + "' while loading trusted assets file " + file);
            throw new TrustException("Error loading trusted assets...", e);
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e8) {
                }
            }
            throw th;
        }
    }

    private void load(String str, String str2) throws TrustException {
        if (str == null) {
            throw new TrustException("Store path is null");
        }
        if (str2 == null) {
            throw new TrustException("Store password is null");
        }
        load(new File(str), new KeyStore.PasswordProtection(str2.toCharArray()));
    }

    private void load(KeyStore.Builder builder) throws TrustException {
        try {
            this.taStoreFile = null;
            this.taStore = builder.getKeyStore();
            this.taProtection = null;
            this.taStoreBuilder = builder;
            load();
        } catch (Exception e) {
            getLogger().log(Level.SEVERE, "caught '" + e + e.getMessage() + "' while loading trusted assets from taStoreBuilder " + builder);
            throw new TrustException("Error loading trusted assets...", e);
        }
    }

    private void parseURI(URI uri) throws GeneralSecurityException, UnsupportedEncodingException {
        String host = uri.getHost();
        if (this.serverHost != null && host != null && !this.serverHost.equals(host)) {
            throw new KeyStoreException("Mismatching server host...");
        }
        this.serverHost = host;
        int port = uri.getPort();
        if (this.serverPort >= 0 && port >= 0 && this.serverPort != port) {
            throw new KeyStoreException("Mismatching server port...");
        }
        this.serverPort = port;
        String scheme = uri.getScheme();
        if (scheme != null && IOT_SCHEME_PREFIX.regionMatches(0, uri.getScheme(), 0, IOT_SCHEME_PREFIX.length())) {
            scheme = scheme.substring(IOT_SCHEME_PREFIX.length());
        } else if (scheme == null || IOT_SCHEME.equals(scheme)) {
            scheme = "https";
        }
        if (this.serverScheme != null && scheme != null && !this.serverScheme.equals(scheme)) {
            throw new KeyStoreException("Mismatching server scheme...");
        }
        this.serverScheme = scheme;
        if (!"https".equals(this.serverScheme)) {
            System.setProperty(TrustedAssetsManager.DISABLE_LONG_POLLING_PROPERTY, "true");
        }
        String userInfo = uri.getUserInfo();
        if (userInfo != null) {
            userInfo = URLDecoder.decode(userInfo, UTF_8.name());
        }
        if (this.clientId != null && userInfo != null && !this.clientId.equals(userInfo)) {
            throw new KeyStoreException("Mismatching client Id...");
        }
        this.clientId = userInfo;
        String fragment = uri.getFragment();
        if (fragment != null) {
            fragment = URLDecoder.decode(fragment, UTF_8.name());
            if (EP_NOT_SET.equals(fragment)) {
                fragment = null;
            }
        }
        if (this.endpointId != null && fragment != null && !this.endpointId.equals(fragment)) {
            throw new KeyStoreException("Mismatching endpoint Id...");
        }
        if (this.endpointId != null || EP_NOT_SET.equals(this.endpointId)) {
            return;
        }
        this.endpointId = fragment;
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public void generateKeyPair(String str, int i) throws TrustException {
        KeyPairGenerator keyPairGenerator;
        if (this.endpointId != null) {
            throw new IllegalStateException("Already activated: EndpointId already assigned.");
        }
        if (str == null) {
            throw new NullPointerException("Algorithm cannot be null.");
        }
        try {
            if (i <= 0) {
                throw new IllegalArgumentException("Key size cannot be negative or 0.");
            }
            try {
                keyPairGenerator = KeyPairGenerator.getInstance(str, this.taStore.getProvider());
            } catch (NoSuchAlgorithmException e) {
                keyPairGenerator = KeyPairGenerator.getInstance(str);
            }
            keyPairGenerator.initialize(i);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.privateKey = generateKeyPair.getPrivate();
            this.publicKey = generateKeyPair.getPublic();
            try {
                this.certificate = generateSelfSignedCertificate(this.privateKey, this.publicKey, this.clientId);
                store();
            } catch (GeneralSecurityException e2) {
                throw new TrustException(e2.getMessage(), e2);
            } catch (Exception e3) {
                throw new TrustException("Error storing the trusted assets...", e3);
            }
        } catch (GeneralSecurityException e4) {
            throw new TrustException(e4.getMessage(), e4);
        }
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public byte[] getEndpointCertificate() {
        if (this.certificate == null) {
            throw new IllegalStateException("Endpoint certificate not assigned.");
        }
        try {
            return !isSelfSigned(this.certificate) ? this.certificate.getEncoded() : new byte[0];
        } catch (CertificateEncodingException e) {
            throw new RuntimeException("Unexpected error retrieving certificate encoding...", e);
        }
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public PublicKey getPublicKey() {
        if (this.publicKey == null && this.certificate == null) {
            throw new IllegalStateException("Key pair not yet generated or certificate not yet assigned.");
        }
        return this.publicKey != null ? this.publicKey : this.certificate.getPublicKey();
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public void reset() throws TrustException {
        this.certificate = null;
        super.reset();
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public void setEndPointCredentials(String str, byte[] bArr) throws TrustException {
        CertificateFactory certificateFactory;
        if (this.privateKey == null) {
            throw new IllegalStateException("Private key not yet generated.");
        }
        if (this.endpointId != null) {
            throw new IllegalStateException("EndpointId already assigned.");
        }
        if (str == null) {
            throw new NullPointerException("EndpointId can't be null.");
        }
        if (bArr == null) {
            throw new NullPointerException("Certificate can't be null.");
        }
        this.endpointId = str;
        try {
            if (bArr.length != 0) {
                try {
                    certificateFactory = CertificateFactory.getInstance(DirectActivationRequest.PUBLIC_KEY_ENCODING_FORMAT_X509, this.taStore.getProvider());
                } catch (CertificateException e) {
                    certificateFactory = CertificateFactory.getInstance(DirectActivationRequest.PUBLIC_KEY_ENCODING_FORMAT_X509);
                }
                this.certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr));
            } else {
                this.certificate = generateSelfSignedCertificate(this.privateKey, this.publicKey, this.clientId);
            }
            try {
                store();
            } catch (Exception e2) {
                throw new TrustException("Error storing the trusted assets...", e2);
            }
        } catch (Exception e3) {
            throw new TrustException("Error generating certificate...", e3);
        }
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public byte[] signWithPrivateKey(byte[] bArr, String str) throws TrustException {
        Signature signature;
        if (this.privateKey == null) {
            throw new IllegalStateException("Private key not yet generated.");
        }
        if (str == null) {
            throw new NullPointerException("Algorithm cannot be null.");
        }
        if (bArr == null) {
            throw new NullPointerException("Data cannot be null.");
        }
        try {
            try {
                signature = Signature.getInstance(str, this.taStore.getProvider());
            } catch (NoSuchAlgorithmException e) {
                signature = Signature.getInstance(str);
            }
            signature.initSign(this.privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (GeneralSecurityException e2) {
            throw new TrustException("Error signing with private key...", e2);
        }
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase, com.oracle.iot.client.trust.TrustedAssetsManager
    public byte[] signWithSharedSecret(byte[] bArr, String str, String str2) throws TrustException {
        Mac mac;
        if (this.sharedSecret == null) {
            throw new IllegalStateException("Shared secret not provisioned.");
        }
        if (str == null) {
            throw new NullPointerException("Algorithm cannot be null.");
        }
        if (bArr == null) {
            throw new NullPointerException("Data cannot be null.");
        }
        try {
            try {
                mac = Mac.getInstance(str, this.taStore.getProvider());
            } catch (NoSuchAlgorithmException e) {
                mac = Mac.getInstance(str);
            }
            mac.init(this.sharedSecret);
            mac.update(bArr);
            return mac.doFinal();
        } catch (GeneralSecurityException e2) {
            throw new TrustException("Error signing with shared secret...", e2);
        }
    }

    @Override // com.oracle.iot.client.impl.trust.TrustedAssetsManagerBase
    protected void store() throws Exception {
        if (this.privateKey != null) {
            KeyStore.PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(this.privateKey, new Certificate[]{this.certificate});
            String uri = new URI(IOT_SCHEME_PREFIX + this.serverScheme, caseEncode(this.clientId), this.serverHost, this.serverPort, null, null, caseEncode(this.endpointId != null ? this.endpointId : EP_NOT_SET)).toString();
            KeyStore.ProtectionParameter protection = getProtection(uri);
            if (protection instanceof KeyStore.PasswordProtection) {
                protection = derivePassword((KeyStore.PasswordProtection) protection);
            }
            this.taStore.setEntry(uri, privateKeyEntry, protection);
        } else {
            this.taStore.deleteEntry(new URI(IOT_SCHEME_PREFIX + this.serverScheme, caseEncode(this.clientId), this.serverHost, this.serverPort, null, null, caseEncode(this.endpointId != null ? this.endpointId : EP_NOT_SET)).toString());
        }
        if (this.taStoreFile == null) {
            return;
        }
        FileOutputStream fileOutputStream = null;
        try {
            FileOutputStream fileOutputStream2 = new FileOutputStream(this.taStoreFile);
            try {
                this.taStore.store(fileOutputStream2, ((KeyStore.PasswordProtection) this.taProtection).getPassword());
                if (fileOutputStream2 != null) {
                    try {
                        fileOutputStream2.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                th = th;
                fileOutputStream = fileOutputStream2;
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }
}
