package net.soti.mobicontrol.ej;

import com.google.common.base.Optional;
import com.google.inject.Inject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.net.Socket;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import net.soti.mobicontrol.Messages;
import net.soti.mobicontrol.am.aa;
import net.soti.mobicontrol.am.ag;
import net.soti.mobicontrol.am.aj;
import net.soti.mobicontrol.am.ap;
import net.soti.mobicontrol.cz.r;
import net.soti.mobicontrol.dg.o;
import net.soti.mobicontrol.dg.p;
import net.soti.mobicontrol.fo.av;
import net.soti.ssl.KeyStorePasswordProvider;
import net.soti.ssl.certificate.CertificateStore;
import net.soti.ssl.certificate.ClientAuthPKI;

@p
/* loaded from: classes14.dex */
public class e {

    /* renamed from: a, reason: collision with root package name */
    private static final byte[] f13804a = new byte[0];

    /* renamed from: b, reason: collision with root package name */
    private static final String f13805b = "client_cert_name";

    /* renamed from: c, reason: collision with root package name */
    private static final String f13806c = "client_cert";

    /* renamed from: d, reason: collision with root package name */
    private final KeyStorePasswordProvider f13807d;

    /* renamed from: e, reason: collision with root package name */
    private final r f13808e;

    /* renamed from: f, reason: collision with root package name */
    private final net.soti.comm.c.b f13809f;

    /* renamed from: g, reason: collision with root package name */
    private final CertificateStore f13810g;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes14.dex */
    public static final class a implements X509KeyManager {

        /* renamed from: a, reason: collision with root package name */
        private final X509KeyManager f13811a;

        private a(X509KeyManager x509KeyManager) {
            this.f13811a = x509KeyManager;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            return this.f13811a.chooseClientAlias(strArr, null, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return this.f13811a.chooseServerAlias(str, null, socket);
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            return this.f13811a.getCertificateChain(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return this.f13811a.getClientAliases(str, null);
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            return this.f13811a.getPrivateKey(str);
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return this.f13811a.getServerAliases(str, null);
        }
    }

    @Inject
    public e(net.soti.comm.c.b bVar, @ClientAuthPKI CertificateStore certificateStore, KeyStorePasswordProvider keyStorePasswordProvider, r rVar) {
        this.f13809f = bVar;
        this.f13810g = certificateStore;
        this.f13807d = keyStorePasswordProvider;
        this.f13808e = rVar;
    }

    private KeyStore a(KeyStore keyStore, String str, char[] cArr) throws d {
        try {
            Key key = keyStore.getKey(str, h());
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore2.load(null, cArr);
            keyStore2.setKeyEntry("client certificate", key, cArr, certificateChain);
            return keyStore2;
        } catch (Exception e2) {
            throw new d(e2);
        }
    }

    private void a(String str, KeyStore keyStore, char[] cArr) throws d {
        try {
            KeyStore.Entry entry = keyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                this.f13808e.d("[ClientCertificateStorage][storeKeyByAlias] Entry does not contain private key %s", entry);
                return;
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            String b2 = aa.b((X509Certificate) privateKeyEntry.getCertificate());
            this.f13808e.b("[ClientCertificateStorage][storeKeyByAlias] Storing client cert %s -> %s", str, b2);
            this.f13810g.storePrivateKeyEntry(b2, privateKeyEntry, h());
        } catch (Exception e2) {
            throw new d(e2);
        }
    }

    private boolean a(String str) throws KeyStoreException {
        if (!g().containsAlias(str)) {
            return false;
        }
        this.f13810g.getKeyStore(h()).deleteEntry(str);
        return true;
    }

    private static KeyManager[] a(KeyManager[] keyManagerArr) {
        if (keyManagerArr == null) {
            return null;
        }
        KeyManager[] keyManagerArr2 = new KeyManager[keyManagerArr.length];
        for (int i = 0; i < keyManagerArr.length; i++) {
            if (keyManagerArr[i] instanceof X509KeyManager) {
                keyManagerArr2[i] = new a((X509KeyManager) keyManagerArr[i]);
            } else {
                keyManagerArr2[i] = keyManagerArr[i];
            }
        }
        return keyManagerArr2;
    }

    private byte[] e() {
        KeyStore g2;
        String f2;
        try {
            g2 = g();
            f2 = f();
        } catch (Exception e2) {
            this.f13808e.e("[ClientCertificateStorage][getCertificateAsBytes] Failed to load client certificate", e2);
        }
        if (!g2.containsAlias(f2)) {
            this.f13808e.c("[ClientCertificateStorage][getCertificateAsBytes] Cannot find certificate %s", f2);
            return f13804a;
        }
        this.f13808e.c("[ClientCertificateStorage][getCertificateAsBytes] Using %s ", f2);
        KeyStore a2 = a(g2, f2, h());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        a2.store(byteArrayOutputStream, h());
        return byteArrayOutputStream.toByteArray();
    }

    private String f() {
        this.f13808e.b("[ClientCertificateStorage][getClientAlias]");
        String b2 = aa.b(this.f13809f.p());
        this.f13808e.b("[ClientCertificateStorage][getClientAlias] %s", b2);
        return b2;
    }

    private KeyStore g() {
        return this.f13810g.getKeyStore(h());
    }

    private char[] h() {
        return this.f13807d.getPassword();
    }

    public void a(InputStream inputStream, char[] cArr, String str) throws d {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(inputStream, cArr);
            Iterator it = net.soti.mobicontrol.fo.a.a.d.a(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                a((String) it.next(), keyStore, cArr);
            }
        } catch (Exception e2) {
            throw new d(e2);
        }
    }

    public void a(aj ajVar) throws d {
        FileInputStream fileInputStream;
        String c2 = ajVar.c();
        this.f13808e.b("[ClientCertificateStorage][setClientCertificate] %s", c2);
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(c2);
            } catch (Throwable th) {
                th = th;
            }
        } catch (FileNotFoundException e2) {
            e = e2;
        }
        try {
            a(fileInputStream, ajVar.e().toCharArray(), ap.PKCS12.asString());
            av.a(fileInputStream);
        } catch (FileNotFoundException e3) {
            e = e3;
            throw new d(e);
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            av.a(fileInputStream2);
            throw th;
        }
    }

    public void a(net.soti.mobicontrol.d.b.e eVar) {
        this.f13808e.b("[ClientCertificateStorage][saveIntoBundle] Saving client certificate into bundle");
        eVar.a(f13805b, this.f13809f.p());
        eVar.a(f13806c, e());
    }

    public KeyManager[] a() {
        try {
            KeyStore g2 = g();
            String f2 = f();
            if (!g2.containsAlias(f2)) {
                this.f13808e.c("[ClientCertificateStorage][getKeyManagers] Cannot find certificate %s for client authentication", f2);
                return null;
            }
            this.f13808e.c("[ClientCertificateStorage][getKeyManagers] Using %s for client authentication", f2);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(a(g2, f2, h()), h());
            return a(keyManagerFactory.getKeyManagers());
        } catch (Exception e2) {
            this.f13808e.e("[ClientCertificateStorage][getKeyManagers] Failed to load client certificate", e2);
            return null;
        }
    }

    public void b(net.soti.mobicontrol.d.b.e eVar) {
        this.f13808e.b("[ClientCertificateStorage][restoreFromBundle] Reading client certificate from backupStorage");
        this.f13809f.g(eVar.b(f13805b));
        byte[] d2 = eVar.d(f13806c);
        if (d2 != null) {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(d2);
            try {
                try {
                    a(byteArrayInputStream, h(), KeyStore.getDefaultType());
                } catch (Exception e2) {
                    this.f13808e.e("[ClientCertificateStorage][restoreFromBundle] Cannot import client certificate", e2);
                }
            } finally {
                av.a(byteArrayInputStream);
            }
        }
    }

    public boolean b() {
        try {
            return g().getCertificate(f()) != null;
        } catch (KeyStoreException unused) {
            return false;
        }
    }

    public boolean b(aj ajVar) {
        try {
            return a(aa.b(ajVar.k(), ajVar.l()));
        } catch (Exception e2) {
            this.f13808e.e("[ClientCertificateStorage][getKeyManagers] Failed to load client certificate", e2);
            return false;
        }
    }

    public Optional<ag> c() {
        try {
            return aa.a(g().getCertificate(f()));
        } catch (Exception unused) {
            this.f13808e.d("[ClientCertificateStorage][getClientCertificateMetadata] No client certificate found");
            return Optional.absent();
        }
    }

    @o(a = {@net.soti.mobicontrol.dg.r(a = Messages.b.J)})
    public void d() {
        this.f13808e.b("[ClientCertificateStorage][clearClientCertificateOnWipe]");
        try {
            a(this.f13809f.p());
        } catch (KeyStoreException e2) {
            this.f13808e.e("[ClientCertificateStorage][clearClientCertificateOnWipe] ", e2);
        }
    }
}
