package com.android.certinstaller;

import android.app.KeyguardManager;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.os.RemoteException;
import android.os.UserHandle;
import android.security.Credentials;
import android.security.IKeyChainService;
import android.text.TextUtils;
import android.util.Log;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.x509.BasicConstraints;
import com.android.org.conscrypt.TrustedCertificateStore;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private HashMap<String, Object> f2353a;

    /* renamed from: b, reason: collision with root package name */
    private String f2354b;

    /* renamed from: c, reason: collision with root package name */
    private String f2355c;

    /* renamed from: d, reason: collision with root package name */
    private String f2356d;

    /* renamed from: e, reason: collision with root package name */
    private int f2357e;

    /* renamed from: f, reason: collision with root package name */
    private PrivateKey f2358f;

    /* renamed from: g, reason: collision with root package name */
    private X509Certificate f2359g;

    /* renamed from: h, reason: collision with root package name */
    private List<X509Certificate> f2360h;

    /* renamed from: i, reason: collision with root package name */
    private byte[] f2361i;

    /* renamed from: j, reason: collision with root package name */
    private boolean f2362j;

    /* renamed from: k, reason: collision with root package name */
    private boolean f2363k;

    /* JADX INFO: Access modifiers changed from: package-private */
    public a() {
        this.f2353a = new HashMap<>();
        this.f2354b = "";
        this.f2355c = "";
        this.f2356d = "";
        this.f2357e = -1;
        this.f2360h = new ArrayList();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public a(Map<String, Object> map, String str, String str2, String str3, int i2) {
        this.f2353a = new HashMap<>();
        this.f2354b = "";
        this.f2355c = "";
        this.f2356d = "";
        this.f2357e = -1;
        this.f2360h = new ArrayList();
        if (str != null) {
            this.f2354b = str;
        }
        if (str2 != null) {
            this.f2356d = str2;
        }
        if (str3 != null) {
            this.f2355c = str3;
            this.f2357e = i(str3);
        } else {
            this.f2357e = i2;
        }
        for (String str4 : map.keySet()) {
            this.f2353a.put(str4, map.get(str4));
        }
        x(g("CERT"));
    }

    private boolean e(KeyStore.PasswordProtection passwordProtection) {
        KeyStore u2 = u(passwordProtection);
        Enumeration<String> aliases = u2.aliases();
        if (!aliases.hasMoreElements()) {
            Log.e("CredentialHelper", "PKCS12 file has no elements");
            return false;
        }
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (u2.isKeyEntry(nextElement)) {
                KeyStore.Entry entry = u2.getEntry(nextElement, passwordProtection);
                if (entry != null) {
                    k0.a.c("CredentialHelper", "extracted alias = " + nextElement + ", entry=" + entry.getClass());
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        if (TextUtils.isEmpty(this.f2354b)) {
                            this.f2354b = nextElement;
                        }
                        return r((KeyStore.PrivateKeyEntry) entry);
                    }
                } else {
                    continue;
                }
            } else {
                k0.a.c("CredentialHelper", "Skip non-key entry, alias = " + nextElement);
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String q(byte[] bArr) {
        try {
            ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr))).checkValidity();
            return Long.toHexString(ByteBuffer.wrap(MessageDigest.getInstance("SHA-256").digest(bArr), 0, 8).getLong());
        } catch (NoSuchAlgorithmException | CertificateException e2) {
            Log.e("CredentialHelper", "Invalid app source certificate: " + e2);
            return null;
        }
    }

    private synchronized boolean r(KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.f2358f = privateKeyEntry.getPrivateKey();
        this.f2359g = (X509Certificate) privateKeyEntry.getCertificate();
        Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
        k0.a.c("CredentialHelper", "# certs extracted = " + certificateChain.length);
        this.f2360h = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (t(x509Certificate)) {
                this.f2360h.add(x509Certificate);
            }
        }
        k0.a.c("CredentialHelper", "# ca certs extracted = " + this.f2360h.size());
        return true;
    }

    private boolean t(X509Certificate x509Certificate) {
        byte[] octets;
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.19");
            if (extensionValue == null || (octets = new ASN1InputStream(extensionValue).readObject().getOctets()) == null) {
                return false;
            }
            return BasicConstraints.getInstance(new ASN1InputStream(octets).readObject()).isCA();
        } catch (IOException unused) {
            return false;
        }
    }

    private KeyStore u(KeyStore.PasswordProtection passwordProtection) {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        byte[] g2 = g("PKCS12");
        if (g2 == null) {
            return keyStore;
        }
        keyStore.load(new ByteArrayInputStream(g2), passwordProtection.getPassword());
        return keyStore;
    }

    private void v(Context context, String str) {
        if (((KeyguardManager) context.getSystemService(KeyguardManager.class)).isDeviceSecure(UserHandle.myUserId())) {
            ((DevicePolicyManager) context.getSystemService(DevicePolicyManager.class)).approveCaCert(str, UserHandle.myUserId(), true);
        }
    }

    private void x(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (t(x509Certificate)) {
                k0.a.c("CredentialHelper", "got a CA cert");
                this.f2360h.add(x509Certificate);
                return;
            }
            k0.a.c("CredentialHelper", "got a user cert");
            this.f2359g = x509Certificate;
            String[] split = x509Certificate.toString().split("\n");
            int length = split.length;
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    break;
                }
                String str = split[i2];
                if (str.contains("Public Key Algorithm:") && str.contains("id-ecPublicKey")) {
                    this.f2362j = true;
                    k0.a.e("CredentialHelper", "User certificate in EC");
                    this.f2361i = bArr;
                    String str2 = new String(bArr, StandardCharsets.UTF_8);
                    if (str2.contains("-----BEGIN EC PRIVATE KEY-----") && str2.contains("-----END EC PRIVATE KEY-----")) {
                        this.f2363k = true;
                        k0.a.e("CredentialHelper", "User certificate includes EC private key");
                    }
                } else {
                    i2++;
                }
            }
            k0.a.c("CredentialHelper", "Certificate info : mECC : " + this.f2362j + " mHasPkey : " + this.f2363k);
        } catch (CertificateException e2) {
            Log.w("CredentialHelper", "parseCert(): " + e2.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a() {
        String str = this.f2356d;
        return str != null && (str.equals("com.android.settings") || this.f2356d.equals("com.oplus.wirelesssettings"));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean b() {
        return !this.f2353a.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Intent c(Context context) {
        String str;
        String str2;
        String str3;
        Intent intent = new Intent("com.android.credentials.INSTALL");
        intent.setComponent(ComponentName.unflattenFromString(context.getString(R.string.config_system_install_component)));
        intent.putExtra("install_as_uid", this.f2357e);
        intent.putExtra("user_key_pair_name", this.f2354b);
        try {
            PrivateKey privateKey = this.f2358f;
            if (privateKey != null) {
                intent.putExtra("user_private_key_data", privateKey.getEncoded());
            }
            if (this.f2359g != null) {
                if (this.f2362j) {
                    if (this.f2363k) {
                        str = "WAPIUSERCERT_";
                        str2 = "wapi_user_certificate_name";
                        str3 = "wapi_user_certificate_data";
                    } else {
                        str = "WAPISERVERCERT_";
                        str2 = "wapi_server_certificate_name";
                        str3 = "wapi_server_certificate_data";
                    }
                    intent.putExtra(str2, str + this.f2354b);
                    intent.putExtra(str3, this.f2361i);
                } else {
                    intent.putExtra("user_certificate_name", "USRCERT_" + this.f2354b);
                    intent.putExtra("user_certificate_data", Credentials.convertToPem(new Certificate[]{this.f2359g}));
                }
            }
            if (!this.f2360h.isEmpty()) {
                List<X509Certificate> list = this.f2360h;
                intent.putExtra("ca_certificates_data", Credentials.convertToPem((X509Certificate[]) list.toArray(new X509Certificate[list.size()])));
            }
            return intent;
        } catch (IOException e2) {
            throw new AssertionError(e2);
        } catch (CertificateEncodingException e3) {
            throw new AssertionError(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean d(String str) {
        try {
            return e(new KeyStore.PasswordProtection(str.toCharArray()));
        } catch (Exception e2) {
            Log.w("CredentialHelper", "extractPkcs12(): " + e2, e2);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String f() {
        return this.f2355c;
    }

    byte[] g(String str) {
        Object obj = this.f2353a.get(str);
        if (obj instanceof byte[]) {
            return (byte[]) obj;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String h() {
        return this.f2354b;
    }

    int i(String str) {
        if ("wifi".equals(str)) {
            return 1010;
        }
        return "appsrc".equals(str) ? 1075 : -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean j() {
        return this.f2358f != null || p() || k();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean k() {
        return !this.f2360h.isEmpty();
    }

    public boolean l() {
        return k() && this.f2357e == -1 && this.f2358f == null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean m() {
        if (!n()) {
            return false;
        }
        try {
            return u(new KeyStore.PasswordProtection(new char[0])) == null;
        } catch (Exception unused) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean n() {
        return this.f2353a.containsKey("PKCS12");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean o() {
        return this.f2353a.containsKey("PKEY");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean p() {
        return this.f2359g != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean s(Context context, IKeyChainService iKeyChainService) {
        TrustedCertificateStore trustedCertificateStore = new TrustedCertificateStore();
        for (X509Certificate x509Certificate : this.f2360h) {
            byte[] bArr = null;
            try {
                bArr = x509Certificate.getEncoded();
            } catch (CertificateEncodingException e2) {
                Log.e("CredentialHelper", "installVpnAndAppsTrustAnchors: catch the exception- " + e2.toString());
            }
            if (bArr != null) {
                try {
                    iKeyChainService.installCaCertificate(bArr);
                    String certificateAlias = trustedCertificateStore.getCertificateAlias(x509Certificate);
                    if (certificateAlias == null) {
                        Log.e("CredentialHelper", "alias is null");
                        return false;
                    }
                    v(context, certificateAlias);
                } catch (RemoteException e3) {
                    Log.w("CredentialHelper", "installCaCertsToKeyChain(): " + e3.toString());
                    return false;
                }
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void w(Bundle bundle) {
        try {
            bundle.putSerializable("data", this.f2353a);
            bundle.putString("name", this.f2354b);
            bundle.putInt("install_as_uid", this.f2357e);
            if (this.f2358f != null) {
                k0.a.c("CredentialHelper", "Key algorithm: " + this.f2358f.getAlgorithm());
                bundle.putString("user_key_algorithm", this.f2358f.getAlgorithm());
                bundle.putByteArray("USRPKEY_", this.f2358f.getEncoded());
            }
            ArrayList arrayList = new ArrayList(this.f2360h.size() + 1);
            X509Certificate x509Certificate = this.f2359g;
            if (x509Certificate != null) {
                arrayList.add(x509Certificate.getEncoded());
            }
            Iterator<X509Certificate> it = this.f2360h.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getEncoded());
            }
            bundle.putByteArray("crts", b.g(arrayList));
        } catch (CertificateEncodingException e2) {
            Log.e("CredentialHelper", "onSaveStates: catch the exception- " + e2.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void y(String str) {
        this.f2355c = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void z(String str) {
        this.f2354b = str;
    }
}
