package net.soti.mobicontrol.security;

import com.google.common.base.Optional;
import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import net.soti.comm.connectionsettings.ConnectionSettings;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.agent.config.ConnectionBackupStorage;
import net.soti.mobicontrol.cert.CertificateHelper;
import net.soti.mobicontrol.cert.CertificateMetadata;
import net.soti.mobicontrol.cert.CertificateParameters;
import net.soti.mobicontrol.cert.CertificateType;
import net.soti.mobicontrol.logging.Logger;
import net.soti.mobicontrol.messagebus.Subscribe;
import net.soti.mobicontrol.messagebus.Subscriber;
import net.soti.mobicontrol.messagebus.To;
import net.soti.mobicontrol.util.IOUtils;
import net.soti.mobicontrol.util.func.collections.IterTools;
import net.soti.ssl.KeyStorePasswordProvider;
import net.soti.ssl.certificate.CertificateStore;
import net.soti.ssl.certificate.ClientAuthPKI;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Subscriber
/* loaded from: classes.dex */
public class ClientCertificateStorage {
    private static final byte[] a = new byte[0];
    private static final String b = "client_cert_name";
    private static final String c = "client_cert";
    private final KeyStorePasswordProvider d;
    private final Logger e;
    private final ConnectionSettings f;
    private final CertificateStore g;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes7.dex */
    public static final class a implements X509KeyManager {
        private final X509KeyManager a;

        private a(X509KeyManager x509KeyManager) {
            this.a = x509KeyManager;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.a.chooseClientAlias(strArr, null, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.a.chooseServerAlias(str, null, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.a.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.a.getClientAliases(str, null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.a.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.a.getServerAliases(str, null);
        }
    }

    @Inject
    public ClientCertificateStorage(ConnectionSettings connectionSettings, @ClientAuthPKI CertificateStore certificateStore, KeyStorePasswordProvider keyStorePasswordProvider, Logger logger) {
        this.f = connectionSettings;
        this.g = certificateStore;
        this.d = keyStorePasswordProvider;
        this.e = logger;
    }

    private KeyStore a(KeyStore keyStore, String str, char[] cArr) throws ClientCertificateException {
        try {
            Key key = keyStore.getKey(str, d());
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(null, cArr);
            keyStore2.setKeyEntry("client certificate", key, cArr, certificateChain);
            return keyStore2;
        } catch (Exception e) {
            throw new ClientCertificateException(e);
        }
    }

    private void a(String str, KeyStore keyStore, char[] cArr) throws ClientCertificateException {
        try {
            KeyStore.Entry entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                this.e.warn("[ClientCertificateStorage][storeKeyByAlias] Entry does not contain private key %s", entry);
                return;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            String createAliasForIssuer = CertificateHelper.createAliasForIssuer((X509Certificate) privateKeyEntry.getCertificate());
            this.e.debug("[ClientCertificateStorage][storeKeyByAlias] Storing client cert %s -> %s", str, createAliasForIssuer);
            this.g.storePrivateKeyEntry(createAliasForIssuer, privateKeyEntry, d());
        } catch (Exception e) {
            throw new ClientCertificateException(e);
        }
    }

    private boolean a(String str) throws KeyStoreException {
        if (!c().containsAlias(str)) {
            return false;
        }
        this.g.getKeyStore(d()).deleteEntry(str);
        return true;
    }

    private byte[] a() {
        KeyStore c2;
        String b2;
        try {
            c2 = c();
            b2 = b();
        } catch (Exception e) {
            this.e.error("[ClientCertificateStorage][getCertificateAsBytes] Failed to load client certificate", e);
        }
        if (!c2.containsAlias(b2)) {
            this.e.info("[ClientCertificateStorage][getCertificateAsBytes] Cannot find certificate %s", b2);
            return a;
        }
        this.e.info("[ClientCertificateStorage][getCertificateAsBytes] Using %s ", b2);
        KeyStore a2 = a(c2, b2, d());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        a2.store(byteArrayOutputStream, d());
        return byteArrayOutputStream.toByteArray();
    }

    @Nullable
    private static KeyManager[] a(@Nullable KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            return null;
        }
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i = 0; i < keyManagerArr.length; i++) {
            if (keyManagerArr[i] instanceof X509KeyManager) {
                keyManagerArr2[i] = new a((X509KeyManager) keyManagerArr[i]);
            } else {
                keyManagerArr2[i] = keyManagerArr[i];
            }
        }
        return keyManagerArr2;
    }

    private String b() {
        this.e.debug("[ClientCertificateStorage][getClientAlias]");
        String normalizeAlias = CertificateHelper.normalizeAlias(this.f.getClientCertificateAlias());
        this.e.debug("[ClientCertificateStorage][getClientAlias] %s", normalizeAlias);
        return normalizeAlias;
    }

    private KeyStore c() {
        return this.g.getKeyStore(d());
    }

    private char[] d() {
        return this.d.getPassword();
    }

    public void backup(ConnectionBackupStorage connectionBackupStorage) {
        this.e.debug("[ClientCertificateStorage][saveIntoBundle] Saving client certificate into bundle");
        connectionBackupStorage.put(b, this.f.getClientCertificateAlias());
        connectionBackupStorage.put(c, a());
    }

    @Subscribe({@To(Messages.Destinations.AGENT_WIPE)})
    public void clearClientCertificateOnWipe() {
        this.e.debug("[ClientCertificateStorage][clearClientCertificateOnWipe]");
        try {
            a(this.f.getClientCertificateAlias());
        } catch (KeyStoreException e) {
            this.e.error("[ClientCertificateStorage][clearClientCertificateOnWipe] ", e);
        }
    }

    public boolean deleteClientCertificate(CertificateParameters certificateParameters) {
        try {
            return a(CertificateHelper.createAlias(certificateParameters.getIssuerCn(), certificateParameters.getSerialNumber()));
        } catch (Exception e) {
            this.e.error("[ClientCertificateStorage][getKeyManagers] Failed to load client certificate", e);
            return false;
        }
    }

    public Optional<CertificateMetadata> getClientCertificateMetadata() {
        try {
            return CertificateHelper.fromCertificate(c().getCertificate(b()));
        } catch (Exception unused) {
            this.e.warn("[ClientCertificateStorage][getClientCertificateMetadata] No client certificate found");
            return Optional.absent();
        }
    }

    @Nullable
    public KeyManager[] getKeyManagers() {
        try {
            KeyStore c2 = c();
            String b2 = b();
            if (!c2.containsAlias(b2)) {
                this.e.info("[ClientCertificateStorage][getKeyManagers] Cannot find certificate %s for client authentication", b2);
                return null;
            }
            this.e.info("[ClientCertificateStorage][getKeyManagers] Using %s for client authentication", b2);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(a(c2, b2, d()), d());
            return a(keyManagerFactory.getKeyManagers());
        } catch (Exception e) {
            this.e.error("[ClientCertificateStorage][getKeyManagers] Failed to load client certificate", e);
            return null;
        }
    }

    public boolean hasClientCertificate() {
        try {
            return c().getCertificate(b()) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    public void restore(ConnectionBackupStorage connectionBackupStorage) {
        this.e.debug("[ClientCertificateStorage][restoreFromBundle] Reading client certificate from backupStorage");
        this.f.setClientCertificateAlias(connectionBackupStorage.getString(b));
        byte[] byteArray = connectionBackupStorage.getByteArray(c);
        if (byteArray != null) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArray);
            try {
                try {
                    setClientCertificate(byteArrayInputStream, d(), KeyStore.getDefaultType());
                } catch (Exception e) {
                    this.e.error("[ClientCertificateStorage][restoreFromBundle] Cannot import client certificate", e);
                }
            } finally {
                IOUtils.closeQuietly(byteArrayInputStream);
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void setClientCertificate(@NotNull InputStream inputStream, @NotNull char[] cArr, @NotNull String str) throws ClientCertificateException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            Iterator it = IterTools.asIterable(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                a((String) it.next(), keyStore, cArr);
            }
        } catch (Exception e) {
            throw new ClientCertificateException(e);
        }
    }

    public void setClientCertificate(CertificateParameters certificateParameters) throws ClientCertificateException {
        FileInputStream fileInputStream;
        String certPath = certificateParameters.getCertPath();
        this.e.debug("[ClientCertificateStorage][setClientCertificate] %s", certPath);
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(certPath);
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e) {
            e = e;
        }
        try {
            setClientCertificate(fileInputStream, certificateParameters.getCertPassword().toCharArray(), CertificateType.PKCS12.asString());
            IOUtils.closeQuietly(fileInputStream);
        } catch (FileNotFoundException e2) {
            e = e2;
            throw new ClientCertificateException(e);
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            IOUtils.closeQuietly(fileInputStream2);
            throw th;
        }
    }
}
