package com.honeywell.hsps.certificateservice;

import android.os.RemoteException;
import android.security.IKeyChainService;
import android.text.TextUtils;
import android.util.Log;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.x509.BasicConstraints;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import net.soti.mobicontrol.k.l;

/* loaded from: classes.dex */
class CredentialHelper {
    private static final String CERTS_KEY = "crts";
    private static final String DATA_KEY = "data";
    private static final String TAG = CredentialHelper.class.getSimpleName();
    public X509Certificate mUserCert;
    public String mName = "";
    public PrivateKey mUserKey = null;
    public List<X509Certificate> mCaCerts = new ArrayList();

    private boolean extractPkcs12Internal(String str, byte[] bArr) throws Exception {
        Log.d(TAG, "extractPkcs12Internal");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        keyStore.load(new ByteArrayInputStream(bArr), passwordProtection.getPassword());
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            return false;
        }
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
            Log.i(TAG, "extracted alias = " + nextElement + ", entry=" + entry.getClass());
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                if (TextUtils.isEmpty(this.mName)) {
                    this.mName = nextElement;
                }
                return installFrom((KeyStore.PrivateKeyEntry) entry);
            }
        }
        return true;
    }

    private boolean installFrom(KeyStore.PrivateKeyEntry privateKeyEntry) {
        synchronized (this) {
            Log.d(TAG, "installFrom");
            this.mUserKey = privateKeyEntry.getPrivateKey();
            this.mUserCert = (X509Certificate) privateKeyEntry.getCertificate();
            Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
            Log.i(TAG, "# certs extracted = " + certificateChain.length);
            this.mCaCerts = new ArrayList(certificateChain.length);
            for (Certificate certificate : certificateChain) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (isCa(x509Certificate)) {
                    this.mCaCerts.add(x509Certificate);
                }
            }
            Log.i(TAG, "# ca certs extracted = " + this.mCaCerts.size());
        }
        return true;
    }

    private boolean isCa(X509Certificate x509Certificate) {
        Log.d(TAG, "isCa");
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.19");
            if (extensionValue == null) {
                return false;
            }
            return BasicConstraints.getInstance(new ASN1InputStream(new ASN1InputStream(extensionValue).readObject().getOctets()).readObject()).isCA();
        } catch (IOException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean extractPkcs12(String str, byte[] bArr) {
        Log.d(TAG, "extractPkcs12");
        try {
            return extractPkcs12Internal(str, bArr);
        } catch (Exception e) {
            Log.e(TAG, "extractPkcs12: " + e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getName() {
        return this.mName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getUserCertificate() {
        return this.mUserCert;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasAnyForSystemInstall() {
        return this.mUserKey != null || hasUserCertificate() || hasCaCerts();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasCaCerts() {
        return !this.mCaCerts.isEmpty();
    }

    boolean hasUserCertificate() {
        return this.mUserCert != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean installCaCertsToKeyChain(IKeyChainService iKeyChainService) {
        Log.d(TAG, "installCaCertsToKeyChain");
        Iterator<X509Certificate> it = this.mCaCerts.iterator();
        while (it.hasNext()) {
            try {
                byte[] encoded = it.next().getEncoded();
                if (encoded != null) {
                    try {
                        iKeyChainService.installCaCertificate(encoded);
                    } catch (RemoteException e) {
                        Log.e(TAG, "installCaCertsToKeyChain: " + e);
                        return false;
                    }
                }
            } catch (CertificateEncodingException e2) {
                throw new AssertionError(e2);
            }
        }
        return true;
    }

    public boolean parseCert(byte[] bArr) {
        boolean z;
        Log.d(TAG, "parseCert");
        if (bArr != null) {
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(l.b).generateCertificate(new ByteArrayInputStream(bArr));
                if (isCa(x509Certificate)) {
                    Log.d(TAG, "got a CA cert");
                    this.mCaCerts.add(x509Certificate);
                } else {
                    Log.d(TAG, "got a user cert");
                    this.mUserCert = x509Certificate;
                }
                z = true;
            } catch (CertificateException e) {
                Log.w(TAG, "parseCert(): " + e);
                return false;
            }
        } else {
            z = false;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setName(String str) {
        this.mName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPrivateKey(byte[] bArr) {
        Log.d(TAG, "setPrivateKey");
        try {
            this.mUserKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (InvalidKeySpecException e2) {
            throw new AssertionError(e2);
        }
    }
}
