package fi.neusoft.musa.core.ims.security.cert;

import fi.neusoft.musa.core.ims.ImsModule;
import fi.neusoft.musa.platform.AndroidFactory;
import fi.neusoft.musa.provider.settings.RcsSettings;
import fi.neusoft.musa.provider.settings.RcsSettingsData;
import fi.neusoft.musa.utils.CloseableUtils;
import fi.neusoft.musa.utils.logger.Logger;
import fi.telekom.bouncycastle.wrapper.SimpleContentSignerBuilder;
import gov2.nist.core.Separators;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FilenameFilter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import local.org.bouncycastle.asn1.x500.X500Name;
import local.org.bouncycastle.asn1.x509.BasicConstraints;
import local.org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import local.org.bouncycastle.asn1.x509.GeneralName;
import local.org.bouncycastle.asn1.x509.GeneralNames;
import local.org.bouncycastle.asn1.x509.KeyPurposeId;
import local.org.bouncycastle.asn1.x509.KeyUsage;
import local.org.bouncycastle.asn1.x509.X509Extension;
import local.org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import local.org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import local.org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;

/* loaded from: classes.dex */
public class KeyStoreManager {
    protected static final String CLIENT_CERT_ALIAS = "myJoynCertificate";
    private static final String KEYSTORE_NAME = "rcs_keystore.jks";
    private static final String KEYSTORE_PASSWORD = "01RCSrcs";
    private static Logger logger = Logger.getLogger(KeyStoreManager.class.getName());
    private static String fingerprint = null;
    private static String lastIpAddress = null;

    private static void addCertificates(String str) {
        try {
            KeyStore loadKeyStoreFromFile = loadKeyStoreFromFile();
            if (loadKeyStoreFromFile == null) {
                return;
            }
            File file = new File(str);
            if (!file.isDirectory()) {
                if (str.endsWith(RcsSettingsData.CERTIFICATE_FILE_TYPE)) {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    FileInputStream fileInputStream = new FileInputStream(str);
                    X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                    fileInputStream.close();
                    loadKeyStoreFromFile.setCertificateEntry(buildCertificateAlias(str), x509Certificate);
                    saveKeyStoreToFile(loadKeyStoreFromFile);
                    return;
                }
                return;
            }
            File[] listFiles = file.listFiles(new FilenameFilter() { // from class: fi.neusoft.musa.core.ims.security.cert.KeyStoreManager.2
                @Override // java.io.FilenameFilter
                public boolean accept(File file2, String str2) {
                    return str2.endsWith(RcsSettingsData.CERTIFICATE_FILE_TYPE);
                }
            });
            if (listFiles != null) {
                for (File file2 : listFiles) {
                    CertificateFactory certificateFactory2 = CertificateFactory.getInstance("X.509");
                    FileInputStream fileInputStream2 = new FileInputStream(file2);
                    X509Certificate x509Certificate2 = (X509Certificate) certificateFactory2.generateCertificate(fileInputStream2);
                    fileInputStream2.close();
                    loadKeyStoreFromFile.setCertificateEntry(buildCertificateAlias(str), x509Certificate2);
                    saveKeyStoreToFile(loadKeyStoreFromFile);
                }
            }
        } catch (Exception e) {
            if (logger.isActivated()) {
                logger.error("adding certificate " + str + " failed: ", e);
            }
        }
    }

    private static String buildCertificateAlias(String str) {
        File file = new File(str);
        String name = file.getName();
        long lastModified = file.lastModified();
        int lastIndexOf = name.lastIndexOf(46);
        return lastIndexOf > 0 ? name.substring(0, lastIndexOf) + lastModified : name + lastModified;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized void createClientCertificate(String str) {
        PrivateKey privateKey;
        PublicKey publicKey;
        synchronized (KeyStoreManager.class) {
            if (str != null) {
                try {
                } catch (Exception e) {
                    if (logger.isActivated()) {
                        logger.error("Creating client certificate failed: ", e);
                    }
                }
                if (str.equals(lastIpAddress)) {
                    if (logger.isActivated()) {
                        logger.debug("IP address hasn't changed. No update needed.");
                    }
                }
            }
            lastIpAddress = str;
            KeyStore loadKeyStoreFromFile = loadKeyStoreFromFile();
            if (loadKeyStoreFromFile != null) {
                if (loadKeyStoreFromFile.isKeyEntry(CLIENT_CERT_ALIAS)) {
                    if (logger.isActivated()) {
                        logger.debug("old keypair is recycled");
                    }
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) loadKeyStoreFromFile.getEntry(CLIENT_CERT_ALIAS, new KeyStore.PasswordProtection("01RCSrcs".toCharArray()));
                    privateKey = privateKeyEntry.getPrivateKey();
                    publicKey = privateKeyEntry.getCertificate().getPublicKey();
                    loadKeyStoreFromFile.deleteEntry(CLIENT_CERT_ALIAS);
                } else {
                    if (logger.isActivated()) {
                        logger.debug("new keypair is generated");
                    }
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                    keyPairGenerator.initialize(1024, new SecureRandom());
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    privateKey = generateKeyPair.getPrivate();
                    publicKey = generateKeyPair.getPublic();
                }
                X500Name x500Name = new X500Name("CN=fi.neusoft.rcs.client");
                JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, BigInteger.ONE, new Date(System.currentTimeMillis() - 86400000), new Date(System.currentTimeMillis() + 34164000000L), x500Name, publicKey);
                JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
                jcaX509v3CertificateBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(publicKey));
                jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, false, new KeyUsage(132));
                jcaX509v3CertificateBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
                jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName[]{new GeneralName(7, str), new GeneralName(6, ImsModule.IMS_USER_PROFILE.getPublicUri())}));
                jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
                X509Certificate[] x509CertificateArr = {new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new SimpleContentSignerBuilder().build(privateKey)))};
                setClientCertificateFingerprint(x509CertificateArr[0]);
                loadKeyStoreFromFile.setEntry(CLIENT_CERT_ALIAS, new KeyStore.PrivateKeyEntry(privateKey, x509CertificateArr), new KeyStore.PasswordProtection("01RCSrcs".toCharArray()));
                saveKeyStoreToFile(loadKeyStoreFromFile);
                if (logger.isActivated()) {
                    logger.debug("Client certificate myJoynCertificate for IP address " + str + " with fingerprint " + getClientCertificateFingerprint() + " added");
                }
            }
        }
    }

    private static void createKeyStore() throws KeyStoreManagerException {
        File file = new File(getKeystorePath());
        if (file == null || !file.exists()) {
            try {
                KeyStore keyStore = KeyStore.getInstance(getKeystoreType());
                synchronized (KeyStoreManager.class) {
                    keyStore.load(null, "01RCSrcs".toCharArray());
                }
                saveKeyStoreToFile(keyStore);
            } catch (Exception e) {
                throw new KeyStoreManagerException(e.getMessage());
            }
        }
    }

    public static String getCertFingerprint(Certificate certificate, String str) {
        if (certificate == null) {
            return null;
        }
        try {
            if (logger.isActivated()) {
                logger.debug("Getting " + str + " fingerprint for certificate: " + certificate.toString());
            }
            MessageDigest messageDigest = MessageDigest.getInstance(str);
            messageDigest.update(certificate.getEncoded());
            return hexify(messageDigest.digest());
        } catch (Exception e) {
            if (!logger.isActivated()) {
                return null;
            }
            logger.error("getCertFingerprint failed: ", e);
            return null;
        }
    }

    public static String getClientCertificateFingerprint() {
        return fingerprint;
    }

    public static String getKeystorePassword() {
        return "01RCSrcs";
    }

    public static String getKeystorePath() {
        return AndroidFactory.getApplicationContext().getFilesDir().getAbsolutePath() + Separators.SLASH + "rcs_keystore.jks";
    }

    public static String getKeystoreType() {
        return KeyStore.getDefaultType();
    }

    private static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            if (i != 0) {
                stringBuffer.append(Separators.COLON);
            }
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    private static boolean isCertificateEntry(String str) {
        KeyStore loadKeyStoreFromFile;
        boolean z = false;
        try {
            loadKeyStoreFromFile = loadKeyStoreFromFile();
        } catch (Exception e) {
            if (logger.isActivated()) {
                logger.error("Checking key " + str + " failed: ", e);
            }
        }
        if (loadKeyStoreFromFile == null) {
            return false;
        }
        z = loadKeyStoreFromFile.isCertificateEntry(str);
        return z;
    }

    private static boolean isKeystoreExists() {
        File file = new File(getKeystorePath());
        return (file == null || !file.exists() || loadKeyStoreFromFile() == null) ? false : true;
    }

    public static boolean isOwnCertificateUsed() {
        try {
            String tlsCertificateRoot = RcsSettings.getInstance().getTlsCertificateRoot();
            if (tlsCertificateRoot == null || tlsCertificateRoot.length() <= 0) {
                return false;
            }
            return isCertificateEntry(buildCertificateAlias(tlsCertificateRoot));
        } catch (Exception e) {
            return false;
        }
    }

    public static void loadKeyStore() throws KeyStoreManagerException {
        if (logger.isActivated()) {
            Provider[] providers = Security.getProviders();
            if (providers.length > 0) {
                for (Provider provider : providers) {
                    logger.debug("Registered provider: " + provider.getName() + "; info: " + provider.getInfo());
                }
            }
        }
        if (!isKeystoreExists()) {
            if (logger.isActivated()) {
                logger.debug("Create new keystore file " + getKeystorePath());
            }
            createKeyStore();
        }
        String tlsCertificateRoot = RcsSettings.getInstance().getTlsCertificateRoot();
        if (tlsCertificateRoot != null && tlsCertificateRoot.length() > 0 && !isCertificateEntry(buildCertificateAlias(tlsCertificateRoot))) {
            addCertificates(tlsCertificateRoot);
        }
        String tlsCertificateIntermediate = RcsSettings.getInstance().getTlsCertificateIntermediate();
        if (tlsCertificateIntermediate == null || tlsCertificateIntermediate.length() <= 0 || isCertificateEntry(buildCertificateAlias(tlsCertificateIntermediate))) {
            return;
        }
        addCertificates(tlsCertificateIntermediate);
    }

    private static KeyStore loadKeyStoreFromFile() {
        FileInputStream fileInputStream = null;
        KeyStore keyStore = null;
        File file = null;
        try {
            try {
                File file2 = new File(getKeystorePath());
                if (file2 != null) {
                    try {
                        if (file2.exists()) {
                            FileInputStream fileInputStream2 = new FileInputStream(getKeystorePath());
                            try {
                                keyStore = KeyStore.getInstance(getKeystoreType());
                                synchronized (KeyStoreManager.class) {
                                    keyStore.load(fileInputStream2, "01RCSrcs".toCharArray());
                                }
                                fileInputStream = fileInputStream2;
                            } catch (Exception e) {
                                e = e;
                                file = file2;
                                fileInputStream = fileInputStream2;
                                if (logger.isActivated()) {
                                    logger.error("Loading " + getKeystorePath() + " of type " + getKeystoreType() + " failed: ", e);
                                }
                                if (file != null && file.exists()) {
                                    file.delete();
                                }
                                CloseableUtils.close(fileInputStream);
                                return null;
                            } catch (Throwable th) {
                                th = th;
                                fileInputStream = fileInputStream2;
                                CloseableUtils.close(fileInputStream);
                                throw th;
                            }
                        }
                    } catch (Exception e2) {
                        e = e2;
                        file = file2;
                    } catch (Throwable th2) {
                        th = th2;
                    }
                }
                CloseableUtils.close(fileInputStream);
                return keyStore;
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (Exception e3) {
            e = e3;
        }
    }

    private static void saveKeyStoreToFile(KeyStore keyStore) {
        FileOutputStream fileOutputStream;
        if (keyStore == null) {
            return;
        }
        FileOutputStream fileOutputStream2 = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(getKeystorePath());
            } catch (Throwable th) {
                th = th;
            }
        } catch (Exception e) {
            e = e;
        }
        try {
            synchronized (KeyStoreManager.class) {
                keyStore.store(fileOutputStream, "01RCSrcs".toCharArray());
            }
            CloseableUtils.close(fileOutputStream);
        } catch (Exception e2) {
            e = e2;
            fileOutputStream2 = fileOutputStream;
            if (logger.isActivated()) {
                logger.error("Saving " + getKeystorePath() + " of type " + getKeystoreType() + " failed: ", e);
            }
            CloseableUtils.close(fileOutputStream2);
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            CloseableUtils.close(fileOutputStream2);
            throw th;
        }
    }

    public static void setClientCertificateFingerprint(Certificate certificate) {
        fingerprint = getCertFingerprint(certificate, "SHA-1");
    }

    public static void updateClientCertificate(final String str) {
        try {
            if (isKeystoreExists()) {
                if (logger.isActivated()) {
                    logger.debug("Update client certificate");
                }
                new Thread() { // from class: fi.neusoft.musa.core.ims.security.cert.KeyStoreManager.1
                    @Override // java.lang.Thread, java.lang.Runnable
                    public void run() {
                        KeyStoreManager.createClientCertificate(str);
                    }
                }.start();
            } else if (logger.isActivated()) {
                logger.debug("Client certificate not created as keystore file " + getKeystorePath() + " is not available");
            }
        } catch (Exception e) {
            if (logger.isActivated()) {
                logger.error("Updating client certificate while checking keystore failed: ", e);
            }
        }
    }
}
