package com.honeywell.hsps.certificateservice;

import android.app.Service;
import android.content.Intent;
import android.os.IBinder;
import android.os.RemoteException;
import android.security.KeyChain;
import android.security.KeyStore;
import android.util.Log;
import com.android.internal.widget.LockPatternUtils;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class CertificateService extends Service {
    static final int MIN_PASSWORD_QUALITY = 65536;
    private static final String TAG = CertificateService.class.getSimpleName();

    public boolean addWiFiCertificate(String str, String str2, String str3) throws RemoteException {
        byte[] loadFile;
        Log.d(TAG, "addWiFiCertificate");
        if (!checkCallingPermission()) {
            throw new RemoteException();
        }
        KeyStore keyStore = KeyStore.getInstance();
        if (!isKeyStoreReady(keyStore)) {
            return false;
        }
        CertificateServiceHelper certificateServiceHelper = new CertificateServiceHelper();
        CredentialHelper credentialHelper = new CredentialHelper();
        if (!certificateServiceHelper.isFileAcceptable(str) || (loadFile = certificateServiceHelper.loadFile(str)) == null) {
            return false;
        }
        credentialHelper.setName(str3);
        if (str.endsWith(".p12") || str.endsWith(".pfx")) {
            if (!credentialHelper.extractPkcs12(str2, loadFile)) {
                Log.e(TAG, "addCertificate: Unable to extract certificate using password");
                return false;
            }
        } else {
            if (!credentialHelper.parseCert(loadFile)) {
                Log.e(TAG, "addCertificate: Unable to parse certificate");
                return false;
            }
            X509Certificate userCertificate = credentialHelper.getUserCertificate();
            if (userCertificate != null) {
                String md5 = Util.toMd5(userCertificate.getPublicKey().getEncoded());
                Map<String, byte[]> pkeyMap = certificateServiceHelper.getPkeyMap(keyStore);
                byte[] bArr = pkeyMap.get(md5);
                if (bArr != null) {
                    Log.i(TAG, "addCertificate: Found private key");
                    pkeyMap.remove(md5);
                    certificateServiceHelper.savePkeyMap(keyStore, pkeyMap);
                    credentialHelper.setPrivateKey(bArr);
                } else {
                    Log.i(TAG, "addCertificate: Didn't find private key: " + md5);
                }
            }
        }
        if (!credentialHelper.hasAnyForSystemInstall()) {
            Log.i(TAG, "addCertificate: Nothing to do");
            return false;
        }
        boolean installCredentials = certificateServiceHelper.installCredentials(credentialHelper, keyStore);
        if (credentialHelper.hasCaCerts()) {
            try {
                KeyChain.KeyChainConnection bind = KeyChain.bind(this);
                try {
                    installCredentials = credentialHelper.installCaCertsToKeyChain(bind.getService());
                } finally {
                    bind.close();
                }
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                installCredentials = false;
            }
        }
        return installCredentials;
    }

    public boolean checkCallingPermission() {
        return checkCallingPermission("android.permission.WRITE_SECURE_SETTINGS") == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean deleteWiFiCertificate(String str) throws RemoteException {
        Log.d(TAG, "deleteWiFiCertificate");
        if (!checkCallingPermission()) {
            throw new RemoteException();
        }
        KeyStore keyStore = KeyStore.getInstance();
        if (isKeyStoreReady(keyStore)) {
            return new CertificateServiceHelper().deleteCredentials(keyStore, str);
        }
        return false;
    }

    public String getVersion() {
        Log.d(TAG, "getVersion");
        return BuildConfig.VERSION_NAME;
    }

    boolean isKeyStoreReady(KeyStore keyStore) {
        if (keyStore.state() != KeyStore.State.UNLOCKED) {
            Log.e(TAG, "isKeyStoreReady: KeyStore is locked");
            return false;
        }
        if (new LockPatternUtils(this).getActivePasswordQuality() >= 65536) {
            return true;
        }
        Log.d(TAG, "isKeyStoreReady: poor KeyStore password quality");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<CertificateMetaData> listWiFiCertificates() throws RemoteException {
        Log.d(TAG, "listWiFiCertificates");
        if (!checkCallingPermission()) {
            throw new RemoteException();
        }
        KeyStore keyStore = KeyStore.getInstance();
        if (isKeyStoreReady(keyStore)) {
            return new CertificateServiceHelper().listCredentials(keyStore);
        }
        return null;
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        if (ICertificateService.class.getName().equals(intent.getAction())) {
            return new CertificateServiceImpl(this);
        }
        return null;
    }

    @Override // android.app.Service
    public void onCreate() {
    }

    @Override // android.app.Service
    public void onDestroy() {
    }
}
