package com.wapi.wapicertstore;

import android.os.SystemProperties;
import android.security.KeyStore2;
import android.security.LegacyVpnProfileStore;
import android.system.keystore2.KeyDescriptor;
import android.util.Log;
import java.util.ArrayList;

/* loaded from: classes.dex */
public class WapiCertStore {
    public static final int KS2_NAMESPACE_WIFI = 102;
    private static final int REQUIRED_VENDOR_API_LEVEL = 33;
    private static final String TAG = "WapiCertStore";
    public static final String WAPI = "WAPI_";
    public static final String WAPI_CA_CERTIFICATE = "WAPI_CA_";
    public static final String WAPI_USER_CERTIFICATE = "WAPI_USER_";
    public static final String WAPI_USER_CERTIFICATE_INFO = "WAPI_USRCERTINFO_";
    public static final String WAPI_USER_PRIVATE_KEY = "WAPI_KEY_";
    private KeyStore2 mKeyStore2 = KeyStore2.getInstance();
    private static final String PROP_FIRST_API_LEVEL = "ro.board.first_api_level";
    private static final int FIRST_API_LEVEL = SystemProperties.getInt(PROP_FIRST_API_LEVEL, FIRST_API_LEVEL);
    private static final int FIRST_API_LEVEL = SystemProperties.getInt(PROP_FIRST_API_LEVEL, FIRST_API_LEVEL);

    static {
        System.loadLibrary("systemwapi_cert");
    }

    public static native int checkUserCaCertNative(byte[] bArr, byte[] bArr2, byte[] bArr3);

    private KeyDescriptor generateKeyDescriptor(String str) {
        KeyDescriptor keyDescriptor = new KeyDescriptor();
        keyDescriptor.domain = 2;
        keyDescriptor.nspace = 102L;
        keyDescriptor.alias = str;
        keyDescriptor.blob = null;
        return keyDescriptor;
    }

    public static native String getCertInfoNative(byte[] bArr);

    public static native int isP12CertNative(byte[] bArr);

    public static native UserCertParam parseP12CertNative(byte[] bArr, String str);

    public static native int testJniNative(String str);

    public boolean checkUserCaCert(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return checkUserCaCertNative(bArr, bArr2, bArr3) == 0;
    }

    public boolean deleteCert(String str) {
        if (FIRST_API_LEVEL >= REQUIRED_VENDOR_API_LEVEL) {
            KeyDescriptor generateKeyDescriptor = generateKeyDescriptor(WAPI_USER_CERTIFICATE + str);
            KeyDescriptor generateKeyDescriptor2 = generateKeyDescriptor(WAPI_CA_CERTIFICATE + str);
            KeyDescriptor generateKeyDescriptor3 = generateKeyDescriptor(WAPI_USER_PRIVATE_KEY + str);
            try {
                this.mKeyStore2.deleteKey(generateKeyDescriptor);
                this.mKeyStore2.deleteKey(generateKeyDescriptor2);
                this.mKeyStore2.deleteKey(generateKeyDescriptor3);
            } catch (Exception e) {
                Log.e(TAG, "Exception when deleting cert");
                e.printStackTrace();
                return false;
            }
        } else {
            if (!LegacyVpnProfileStore.remove(WAPI_USER_CERTIFICATE + str)) {
                Log.e(TAG, "Failed to remove " + str + " user cert ");
                return false;
            }
            if (!LegacyVpnProfileStore.remove(WAPI_CA_CERTIFICATE + str)) {
                Log.e(TAG, "Failed to remove " + str + " ca cert ");
                return false;
            }
            if (!LegacyVpnProfileStore.remove(WAPI_USER_PRIVATE_KEY + str)) {
                Log.e(TAG, "Failed to remove " + str + " user private key ");
                return false;
            }
        }
        Log.d(TAG, "remove cert " + str + " success");
        return true;
    }

    public String[] getCertAliasList() {
        if (FIRST_API_LEVEL < REQUIRED_VENDOR_API_LEVEL) {
            return LegacyVpnProfileStore.list(WAPI_USER_CERTIFICATE);
        }
        try {
            KeyDescriptor[] list = this.mKeyStore2.list(2, 102L);
            ArrayList arrayList = new ArrayList();
            int length = list.length;
            for (int i = FIRST_API_LEVEL; i < length; i++) {
                KeyDescriptor keyDescriptor = list[i];
                if (keyDescriptor.alias.startsWith(WAPI_USER_CERTIFICATE)) {
                    arrayList.add(keyDescriptor.alias.substring(10));
                    Log.d(TAG, "get alias " + keyDescriptor.alias.substring(10));
                }
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (Exception e) {
            Log.e(TAG, "Exception when get cert alias list");
            return new String[FIRST_API_LEVEL];
        }
    }

    public String getCertInfo(byte[] bArr) {
        return getCertInfoNative(bArr);
    }

    public byte[] getUserCert(String str) {
        if (str == null) {
            throw new NullPointerException("certAlias == null");
        }
        if (FIRST_API_LEVEL < REQUIRED_VENDOR_API_LEVEL) {
            return LegacyVpnProfileStore.get(WAPI_USER_CERTIFICATE + str);
        }
        try {
            return this.mKeyStore2.getKeyEntry(generateKeyDescriptor(str)).metadata.certificateChain;
        } catch (Exception e) {
            Log.e(TAG, "Exception when get user cert fail");
            e.printStackTrace();
            return null;
        }
    }

    public boolean installCert(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        StringBuilder append = new StringBuilder().append("Install cert in API LEVEL: ");
        int i = FIRST_API_LEVEL;
        Log.d(TAG, append.append(i).toString());
        if (i >= REQUIRED_VENDOR_API_LEVEL) {
            KeyDescriptor generateKeyDescriptor = generateKeyDescriptor(WAPI_USER_CERTIFICATE + str);
            KeyDescriptor generateKeyDescriptor2 = generateKeyDescriptor(WAPI_CA_CERTIFICATE + str);
            KeyDescriptor generateKeyDescriptor3 = generateKeyDescriptor(WAPI_USER_PRIVATE_KEY + str);
            try {
                this.mKeyStore2.updateSubcomponents(generateKeyDescriptor, (byte[]) null, bArr);
                this.mKeyStore2.updateSubcomponents(generateKeyDescriptor2, (byte[]) null, bArr3);
                this.mKeyStore2.updateSubcomponents(generateKeyDescriptor3, (byte[]) null, bArr2);
            } catch (Exception e) {
                Log.e(TAG, "Exception when installing cert");
                e.printStackTrace();
                return false;
            }
        } else {
            if (!LegacyVpnProfileStore.put(WAPI_USER_CERTIFICATE + str, bArr)) {
                Log.e(TAG, "Failed to install " + str + " user cert");
                return false;
            }
            if (!LegacyVpnProfileStore.put(WAPI_USER_PRIVATE_KEY + str, bArr2)) {
                Log.e(TAG, "Failed to install " + str + " user private key");
                return false;
            }
            if (!LegacyVpnProfileStore.put(WAPI_CA_CERTIFICATE + str, bArr3)) {
                Log.e(TAG, "Failed to install " + str + " ca cert");
                return false;
            }
        }
        Log.d(TAG, "Install cert " + str + " success");
        return true;
    }

    public int isP12Cert(byte[] bArr) {
        return isP12CertNative(bArr);
    }

    public UserCertParam parseP12Cert(byte[] bArr, String str) {
        return parseP12CertNative(bArr, str);
    }

    public int testJni(String str) {
        return testJniNative(str);
    }
}
