package net.soti.mobicontrol.security;

import com.google.common.base.Optional;
import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.cert.g0;
import net.soti.mobicontrol.cert.m0;
import net.soti.mobicontrol.cert.p0;
import net.soti.mobicontrol.cert.v0;
import net.soti.mobicontrol.messagebus.v;
import net.soti.mobicontrol.messagebus.w;
import net.soti.mobicontrol.messagebus.z;
import net.soti.mobicontrol.util.v1;
import net.soti.ssl.KeyStorePasswordProvider;
import net.soti.ssl.certificate.CertificateStore;
import net.soti.ssl.certificate.ClientAuthPKI;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@w
/* loaded from: classes4.dex */
public class g {

    /* renamed from: d, reason: collision with root package name */
    private static final Logger f33283d = LoggerFactory.getLogger((Class<?>) g.class);

    /* renamed from: e, reason: collision with root package name */
    private static final byte[] f33284e = new byte[0];

    /* renamed from: f, reason: collision with root package name */
    private static final String f33285f = "client_cert_name";

    /* renamed from: g, reason: collision with root package name */
    private static final String f33286g = "client_cert";

    /* renamed from: a, reason: collision with root package name */
    private final KeyStorePasswordProvider f33287a;

    /* renamed from: b, reason: collision with root package name */
    private final net.soti.comm.connectionsettings.b f33288b;

    /* renamed from: c, reason: collision with root package name */
    private final CertificateStore f33289c;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static final class b implements X509KeyManager {

        /* renamed from: a, reason: collision with root package name */
        private final X509KeyManager f33290a;

        private b(X509KeyManager x509KeyManager) {
            this.f33290a = x509KeyManager;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.f33290a.chooseClientAlias(strArr, null, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.f33290a.chooseServerAlias(str, null, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.f33290a.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.f33290a.getClientAliases(str, null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.f33290a.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.f33290a.getServerAliases(str, null);
        }
    }

    @Inject
    public g(net.soti.comm.connectionsettings.b bVar, @ClientAuthPKI CertificateStore certificateStore, KeyStorePasswordProvider keyStorePasswordProvider) {
        this.f33288b = bVar;
        this.f33289c = certificateStore;
        this.f33287a = keyStorePasswordProvider;
    }

    private boolean c(String str) throws KeyStoreException {
        if (!k().containsAlias(str)) {
            return false;
        }
        this.f33289c.getKeyStore(l()).deleteEntry(str);
        return true;
    }

    private static KeyManager[] e(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            return null;
        }
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i10 = 0; i10 < keyManagerArr.length; i10++) {
            KeyManager keyManager = keyManagerArr[i10];
            if (keyManager instanceof X509KeyManager) {
                keyManagerArr2[i10] = new b((X509KeyManager) keyManager);
            } else {
                keyManagerArr2[i10] = keyManager;
            }
        }
        return keyManagerArr2;
    }

    private byte[] g() {
        KeyStore f10 = f();
        if (f10 != null) {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    f10.store(byteArrayOutputStream, l());
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    return byteArray;
                } catch (Throwable th2) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th3) {
                        th2.addSuppressed(th3);
                    }
                    throw th2;
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e10) {
                f33283d.error("Failed to store client certificate", e10);
            }
        }
        return f33284e;
    }

    private String h() {
        Logger logger = f33283d;
        logger.debug("Get Client Alias");
        String r10 = g0.r(this.f33288b.v());
        logger.debug("Client Alias is {}", r10);
        return r10;
    }

    private KeyStore k() {
        return this.f33289c.getKeyStore(l());
    }

    private char[] l() {
        return this.f33287a.getPassword();
    }

    private void q(String str, KeyStore keyStore, char[] cArr) throws f {
        try {
            KeyStore.Entry entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                f33283d.warn("Entry does not contain private key {}", entry);
                return;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            String c10 = g0.c((X509Certificate) privateKeyEntry.getCertificate());
            f33283d.debug("Storing client cert {} -> {}", str, c10);
            this.f33289c.storePrivateKeyEntry(c10, privateKeyEntry, l());
        } catch (Exception e10) {
            throw new f(e10);
        }
    }

    public void a(net.soti.mobicontrol.agent.config.e eVar) {
        f33283d.debug("Saving client certificate into bundle");
        eVar.put(f33285f, this.f33288b.v());
        eVar.f(f33286g, g());
    }

    @v({@z(Messages.b.L)})
    public void b() {
        f33283d.debug("Certificate wipe");
        try {
            c(this.f33288b.v());
        } catch (KeyStoreException e10) {
            f33283d.error("Certificate wipe exception ", (Throwable) e10);
        }
    }

    public boolean d(p0 p0Var) {
        try {
            return c(g0.a(p0Var.z0(), p0Var.A0()));
        } catch (Exception e10) {
            f33283d.error("Failed to delete client certificate", (Throwable) e10);
            return false;
        }
    }

    public KeyStore f() {
        KeyStore k10 = k();
        String h10 = h();
        char[] l10 = l();
        try {
        } catch (IOException e10) {
            e = e10;
            f33283d.error("Failed to load client certificate", e);
            return null;
        } catch (KeyStoreException e11) {
            e = e11;
            f33283d.error("Failed to load client certificate", e);
            return null;
        } catch (NoSuchAlgorithmException e12) {
            e = e12;
            f33283d.error("Failed to load client certificate", e);
            return null;
        } catch (UnrecoverableKeyException e13) {
            e = e13;
            f33283d.error("Failed to load client certificate", e);
            return null;
        } catch (CertificateException e14) {
            e = e14;
            f33283d.error("Failed to load client certificate", e);
            return null;
        }
        if (!k10.containsAlias(h10)) {
            f33283d.info("Cannot find certificate {} for client authentication", h10);
            return null;
        }
        f33283d.info("Using {} for client authentication", h10);
        Key key = k10.getKey(h10, l10);
        Certificate[] certificateChain = k10.getCertificateChain(h10);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, l10);
        keyStore.setKeyEntry("client certificate", key, l10, certificateChain);
        return keyStore;
    }

    public Optional<m0> i() {
        try {
            return g0.f(k().getCertificate(h()));
        } catch (Exception unused) {
            f33283d.warn("No client certificate found");
            return Optional.absent();
        }
    }

    public KeyManager[] j() {
        KeyStore f10 = f();
        if (f10 == null) {
            return null;
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(f10, l());
            return e(keyManagerFactory.getKeyManagers());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e10) {
            f33283d.error("Failed to create keyManagerFactory", e10);
            return null;
        }
    }

    public boolean m() {
        try {
            return k().getCertificate(h()) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    public void n(net.soti.mobicontrol.agent.config.e eVar) {
        f33283d.debug("Reading client certificate from backupStorage");
        this.f33288b.r(eVar.getString(f33285f));
        byte[] e10 = eVar.e(f33286g);
        if (e10 != null) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(e10);
            try {
                try {
                    o(byteArrayInputStream, l(), KeyStore.getDefaultType());
                } catch (Exception e11) {
                    f33283d.error("Cannot import client certificate", (Throwable) e11);
                }
            } finally {
                v1.a(byteArrayInputStream);
            }
        }
    }

    public void o(InputStream inputStream, char[] cArr, String str) throws f {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            Iterator it = net.soti.mobicontrol.util.func.collections.d.b(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                q((String) it.next(), keyStore, cArr);
            }
        } catch (Exception e10) {
            throw new f(e10);
        }
    }

    public void p(p0 p0Var) throws f {
        FileInputStream fileInputStream;
        String v02 = p0Var.v0();
        f33283d.debug("Certificate path is {}", v02);
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(v02);
            } catch (FileNotFoundException e10) {
                e = e10;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        try {
            o(fileInputStream, p0Var.u0().toCharArray(), v0.PKCS12.b());
            v1.a(fileInputStream);
        } catch (FileNotFoundException e11) {
            e = e11;
            fileInputStream2 = fileInputStream;
            throw new f(e);
        } catch (Throwable th3) {
            th = th3;
            fileInputStream2 = fileInputStream;
            v1.a(fileInputStream2);
            throw th;
        }
    }
}
