package device.apps.emkitagent.util;

import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.os.Process;
import android.os.RemoteException;
import android.security.Credentials;
import android.security.IKeyChainService;
import android.security.KeyChain;
import android.text.Html;
import android.text.TextUtils;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.x509.BasicConstraints;
import com.google.android.gms.measurement.api.AppMeasurementSdk;
import device.apps.emkitagent.R;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes.dex */
public class CredentialHelper {
    public static final String ACTION_INSTALL = "com.android.credentials.INSTALL";
    private static final String CERTS_KEY = "crts";
    private static final String DATA_KEY = "data";
    private static final String TAG = "CredentialHelper";
    private HashMap<String, byte[]> mBundle;
    private List<X509Certificate> mCaCerts;
    public Context mContext;
    private String mName;
    private int mUid;
    private X509Certificate mUserCert;
    private PrivateKey mUserKey;

    CredentialHelper() {
        this.mBundle = new HashMap<>();
        this.mName = "";
        this.mUid = -1;
        this.mCaCerts = new ArrayList();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialHelper(Intent intent) {
        this.mBundle = new HashMap<>();
        this.mName = "";
        this.mUid = -1;
        this.mCaCerts = new ArrayList();
        Bundle extras = intent.getExtras();
        if (extras == null) {
            return;
        }
        String string = extras.getString(AppMeasurementSdk.ConditionalUserProperty.NAME);
        extras.remove(AppMeasurementSdk.ConditionalUserProperty.NAME);
        if (string != null) {
            this.mName = string;
        }
        this.mUid = extras.getInt("install_as_uid", -1);
        extras.remove("install_as_uid");
        for (String str : extras.keySet()) {
            this.mBundle.put(str, extras.getByteArray(str));
        }
        parseCert(getData("CERT"));
    }

    private boolean extractPkcs12Internal(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        keyStore.load(new ByteArrayInputStream(getData("PKCS12")), passwordProtection.getPassword());
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            return false;
        }
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                if (TextUtils.isEmpty(this.mName)) {
                    this.mName = nextElement;
                }
                return installFrom((KeyStore.PrivateKeyEntry) entry);
            }
        }
        return true;
    }

    private synchronized boolean installFrom(KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.mUserKey = privateKeyEntry.getPrivateKey();
        this.mUserCert = (X509Certificate) privateKeyEntry.getCertificate();
        Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
        this.mCaCerts = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (isCa(x509Certificate)) {
                this.mCaCerts.add(x509Certificate);
            }
        }
        return true;
    }

    private boolean isCa(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.19");
            if (extensionValue == null) {
                return false;
            }
            return BasicConstraints.getInstance(new ASN1InputStream(new ASN1InputStream(extensionValue).readObject().getOctets()).readObject()).isCA();
        } catch (IOException unused) {
            return false;
        }
    }

    private void parseCert(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (isCa(x509Certificate)) {
                this.mCaCerts.add(x509Certificate);
            } else {
                this.mUserCert = x509Certificate;
            }
        } catch (CertificateException unused) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean containsAnyRawData() {
        return !this.mBundle.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean extractPkcs12(String str) {
        try {
            return extractPkcs12Internal(str);
        } catch (Exception unused) {
            return false;
        }
    }

    byte[] getData(String str) {
        return this.mBundle.get(str);
    }

    CharSequence getDescription(Context context) {
        StringBuilder sb = new StringBuilder();
        if (this.mUserKey != null) {
            sb.append(context.getString(R.string.one_userkey));
            sb.append("<br>");
        }
        if (this.mUserCert != null) {
            sb.append(context.getString(R.string.one_usercrt));
            sb.append("<br>");
        }
        int size = this.mCaCerts.size();
        if (size > 0) {
            if (size == 1) {
                sb.append(context.getString(R.string.one_cacrt));
            } else {
                sb.append(context.getString(R.string.n_cacrts, Integer.valueOf(size)));
            }
        }
        return Html.fromHtml(sb.toString());
    }

    int getInstallAsUid() {
        return this.mUid;
    }

    public String getName() {
        return this.mName;
    }

    X509Certificate getUserCertificate() {
        return this.mUserCert;
    }

    boolean hasAnyForSystemInstall() {
        return this.mUserKey != null || hasUserCertificate() || hasCaCerts();
    }

    boolean hasCaCerts() {
        return !this.mCaCerts.isEmpty();
    }

    boolean hasKeyPair() {
        return this.mBundle.containsKey("KEY") && this.mBundle.containsKey("PKEY");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasPkcs12KeyStore() {
        return this.mBundle.containsKey("PKCS12");
    }

    boolean hasUserCertificate() {
        return this.mUserCert != null;
    }

    boolean installCaCertsToKeyChain(IKeyChainService iKeyChainService) {
        Iterator<X509Certificate> it = this.mCaCerts.iterator();
        while (it.hasNext()) {
            try {
                byte[] encoded = it.next().getEncoded();
                if (encoded != null) {
                    try {
                        iKeyChainService.installCaCertificate(encoded);
                    } catch (RemoteException unused) {
                        return false;
                    }
                }
            } catch (CertificateEncodingException e) {
                throw new AssertionError(e);
            }
        }
        return true;
    }

    public boolean installIfAvailable() throws IOException, CertificateEncodingException {
        try {
            int i = Process.class.getField("WIFI_UID").getInt(null);
            android.security.KeyStore keyStore = android.security.KeyStore.getInstance();
            int i2 = this.mUid;
            if (this.mUserKey != null) {
                String str = "USRPKEY_" + this.mName;
                byte[] encoded = this.mUserKey.getEncoded();
                int i3 = i2 == i ? 0 : 1;
                if (i2 == -1) {
                    i3 = 0;
                }
                if (!keyStore.importKey(str, encoded, i2, i3)) {
                    return false;
                }
            }
            int i4 = i2 == i ? 0 : 1;
            if (i2 == -1) {
                i4 = 0;
            }
            if (this.mUserCert != null) {
                if (!keyStore.put("USRCERT_" + this.mName, Credentials.convertToPem(new Certificate[]{this.mUserCert}), i2, i4)) {
                    return false;
                }
            }
            if (!this.mCaCerts.isEmpty()) {
                String str2 = "CACERT_" + this.mName;
                List<X509Certificate> list = this.mCaCerts;
                byte[] convertToPem = Credentials.convertToPem((X509Certificate[]) list.toArray(new X509Certificate[list.size()]));
                try {
                    IKeyChainService service = KeyChain.bind(this.mContext).getService();
                    Method declaredMethod = IKeyChainService.class.getDeclaredMethod("installCaCertificate", byte[].class);
                    if (declaredMethod != null) {
                        declaredMethod.invoke(service, convertToPem);
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
                if (!keyStore.put(str2, convertToPem, i2, i4)) {
                    return false;
                }
            }
            return true;
        } catch (IllegalAccessException e2) {
            e2.printStackTrace();
            return false;
        } catch (NoSuchFieldException e3) {
            e3.printStackTrace();
            return false;
        }
    }

    boolean isInstallAsUidSet() {
        return this.mUid != -1;
    }

    void putPkcs12Data(byte[] bArr) {
        this.mBundle.put("PKCS12", bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setInstallAsUid(int i) {
        this.mUid = i;
    }

    public void setName(String str) {
        this.mName = str;
    }

    void setPrivateKey(byte[] bArr) {
        try {
            this.mUserKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (InvalidKeySpecException e2) {
            throw new AssertionError(e2);
        }
    }
}
