package com.avaya.clientservices.provider.certificate;

import com.avaya.clientservices.client.Log;
import com.avaya.clientservices.common.ScepConfiguration;
import com.avaya.clientservices.credentials.EnrollmentCredential;
import com.avaya.clientservices.credentials.EnrollmentCredentialProvider;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.concurrent.CopyOnWriteArraySet;

/* loaded from: classes.dex */
public class CertificateManager {
    private static final String TAG = "CertificateManager";
    private long mNativeStorage = 0;
    private CopyOnWriteArraySet<CertificateStatusListener> mListeners = new CopyOnWriteArraySet<>();

    private CertificateManager() {
    }

    private String encodeRSAPrivateKeyToPKCS8(PrivateKey privateKey) throws InvalidKeyException, CertificateEncodingException {
        if (privateKey == null) {
            throw new IllegalArgumentException("Private key is null.");
        }
        String algorithm = privateKey.getAlgorithm();
        if (!algorithm.equalsIgnoreCase("RSA")) {
            throw new InvalidKeyException("Unsupported private key algorithm : ".concat(algorithm));
        }
        String format = privateKey.getFormat();
        if (format == null) {
            throw new InvalidKeyException("Private key does not support encoding.");
        }
        byte[] encoded = privateKey.getEncoded();
        if (encoded == null) {
            throw new InvalidKeyException("Private key does not support encoding.");
        }
        if (format.equalsIgnoreCase("PKCS#8")) {
            return CertificateUtils.convertPKCS8ToPEMString(encoded);
        }
        if (!format.equalsIgnoreCase("PKCS#1")) {
            throw new InvalidKeyException("Unsupported key encoding format.");
        }
        String nativeConvertPKCS1ToPKCS8RSAPrivateKey = nativeConvertPKCS1ToPKCS8RSAPrivateKey(CertificateUtils.convertPKCS1ToPEMString(encoded));
        if (nativeConvertPKCS1ToPKCS8RSAPrivateKey != null) {
            return nativeConvertPKCS1ToPKCS8RSAPrivateKey;
        }
        throw new CertificateEncodingException("Failed to convert the private key from PKCS#1 to PKCS#8");
    }

    private native String nativeConvertPKCS1ToPKCS8RSAPrivateKey(String str);

    private native void nativeDeleteCertificateStore();

    private native void nativeDeleteClientIdentityCertificateChain();

    private native void nativeEnroll(ScepConfiguration scepConfiguration, CertificateEnrollmentCompletionHandler certificateEnrollmentCompletionHandler);

    private native String[] nativeGetCertificates();

    private native String nativeGetClientIdentityCertificate();

    private native String[] nativeGetClientIdentityCertificateChain();

    private native String nativeGetClientPrivateKey();

    private native boolean nativeIsCertificateStoreInUse();

    private native void nativeSetCertificates(String[] strArr);

    private native void nativeSetClientIdentityCertificateChain(String[] strArr, String str);

    private native void nativeValidateCertificates(String[] strArr, CertificateValidationCompletionHandler certificateValidationCompletionHandler);

    private native void nativeValidateCertificates(String[] strArr, String str, String str2, int i6, CertificateValidationCompletionHandler certificateValidationCompletionHandler);

    private native void nativeValidateCertificates(String[] strArr, String str, String str2, int i6, boolean z7, CertificateValidationCompletionHandler certificateValidationCompletionHandler);

    private native void nativeValidateCertificates(String[] strArr, boolean z7, CertificateValidationCompletionHandler certificateValidationCompletionHandler);

    private void onCertificateEnrollmentResult(String[] strArr, String str, CertificateEnrollmentResult certificateEnrollmentResult, String str2, CertificateEnrollmentCompletionHandler certificateEnrollmentCompletionHandler) {
        Log.d(TAG + ".onCertificateEnrollmentResult()");
        if (certificateEnrollmentCompletionHandler != null) {
            if (certificateEnrollmentResult == CertificateEnrollmentResult.SUCCESS) {
                certificateEnrollmentCompletionHandler.onSuccess(CertificateUtils.convertToX509CertificateList(strArr), CertificateUtils.convertPKCS8ToPrivateKey(str));
            } else {
                certificateEnrollmentCompletionHandler.onError(new CertificateEnrollmentException(certificateEnrollmentResult, str2));
            }
        }
    }

    private void onCertificateExpiryNotification(String str, int i6) {
        Log.d(TAG + ".onCertificateExpiryNotification()");
        CopyOnWriteArraySet<CertificateStatusListener> copyOnWriteArraySet = this.mListeners;
        if (copyOnWriteArraySet == null) {
            return;
        }
        Iterator<CertificateStatusListener> it = copyOnWriteArraySet.iterator();
        while (it.hasNext()) {
            it.next().onCertificateExpiryNotification(CertificateUtils.convertToX509Certificate(str), i6);
        }
    }

    private void onCertificateValidationResult(CertificateValidationResult certificateValidationResult, String str, CertificateValidationCompletionHandler certificateValidationCompletionHandler) {
        Log.d(TAG + ".onCertificateValidationResult()");
        if (certificateValidationCompletionHandler != null) {
            if (certificateValidationResult == CertificateValidationResult.CERT_VALIDATION_TRUSTED) {
                certificateValidationCompletionHandler.onSuccess();
            } else {
                certificateValidationCompletionHandler.onError(new CertificateValidationException(certificateValidationResult, str));
            }
        }
    }

    public void addCertificateStatusListener(CertificateStatusListener certificateStatusListener) {
        this.mListeners.add(certificateStatusListener);
    }

    public void deleteCertificateStore() throws AppCertificateStoreNotInUseException {
        if (isCertificateStoreInUse()) {
            nativeDeleteCertificateStore();
        } else {
            Log.w("Cannot delete System certificate store");
            throw new AppCertificateStoreNotInUseException();
        }
    }

    public void deleteClientIdentityCertificateChain() throws CertificateStoreException {
        nativeDeleteClientIdentityCertificateChain();
    }

    public native void dispose();

    public void enroll(ScepConfiguration scepConfiguration, EnrollmentCredentialProvider enrollmentCredentialProvider, CertificateEnrollmentCompletionHandler certificateEnrollmentCompletionHandler) {
        if (scepConfiguration.getChallengePassword() == null || scepConfiguration.getChallengePassword().isEmpty() || scepConfiguration.getCertificateCommonName() == null || scepConfiguration.getCertificateCommonName().isEmpty()) {
            EnrollmentCredential OnEnrollmentAuthenticationChallenge = enrollmentCredentialProvider.OnEnrollmentAuthenticationChallenge();
            scepConfiguration.setCertificateCommonName(OnEnrollmentAuthenticationChallenge.getCommonName());
            scepConfiguration.setChallengePassword(OnEnrollmentAuthenticationChallenge.getEnrollmentPassword());
        }
        nativeEnroll(scepConfiguration, certificateEnrollmentCompletionHandler);
    }

    public X509Certificate[] getCertificates() throws AppCertificateStoreNotInUseException {
        if (!isCertificateStoreInUse()) {
            Log.w("Cannot retrieve certificate details from System certificate store");
            throw new AppCertificateStoreNotInUseException();
        }
        String[] nativeGetCertificates = nativeGetCertificates();
        if (nativeGetCertificates == null) {
            Log.d("Failed to retrieve certificate details from the private trust store");
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[nativeGetCertificates.length];
        short s4 = 0;
        for (String str : nativeGetCertificates) {
            X509Certificate convertToX509Certificate = CertificateUtils.convertToX509Certificate(str);
            if (convertToX509Certificate != null) {
                x509CertificateArr[s4] = convertToX509Certificate;
                s4 = (short) (s4 + 1);
            }
        }
        return x509CertificateArr;
    }

    public KeyStore getClientIdentityAsPKCS12KeyStore(char[] cArr) throws KeyStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, cArr);
            X509Certificate[] clientIdentityCertificateChain = getClientIdentityCertificateChain();
            PrivateKey clientPrivateKey = getClientPrivateKey();
            if (clientIdentityCertificateChain == null || clientPrivateKey == null) {
                throw new KeyStoreException("Certificate chain or private key is null");
            }
            keyStore.setKeyEntry("av-identity", clientPrivateKey, cArr, clientIdentityCertificateChain);
            return keyStore;
        } catch (IOException e6) {
            throw new KeyStoreException(e6);
        } catch (NoSuchAlgorithmException e8) {
            throw new KeyStoreException(e8);
        } catch (CertificateException e10) {
            throw new KeyStoreException(e10);
        }
    }

    public X509Certificate getClientIdentityCertificate() {
        return CertificateUtils.convertToX509Certificate(nativeGetClientIdentityCertificate());
    }

    public X509Certificate[] getClientIdentityCertificateChain() {
        String[] nativeGetClientIdentityCertificateChain = nativeGetClientIdentityCertificateChain();
        if (nativeGetClientIdentityCertificateChain == null) {
            return null;
        }
        return CertificateUtils.convertToX509CertificateList(nativeGetClientIdentityCertificateChain);
    }

    public PrivateKey getClientPrivateKey() {
        String nativeGetClientPrivateKey = nativeGetClientPrivateKey();
        if (nativeGetClientPrivateKey.isEmpty()) {
            return null;
        }
        return CertificateUtils.convertPKCS8ToPrivateKey(nativeGetClientPrivateKey);
    }

    public boolean isCertificateStoreInUse() {
        return nativeIsCertificateStoreInUse();
    }

    public void removeCertificateStatusListener(CertificateStatusListener certificateStatusListener) {
        this.mListeners.remove(certificateStatusListener);
    }

    public void setCertificates(X509Certificate[] x509CertificateArr) throws AppCertificateStoreException, CertificateEncodingException {
        if (isCertificateStoreInUse()) {
            Log.e("Private trust store already exists; cannot add new certificates");
            throw new AppCertificateStoreException("Cannot add certificates to an existing certificate store.");
        }
        String[] strArr = new String[x509CertificateArr.length];
        short s4 = 0;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            strArr[s4] = CertificateUtils.convertToPEMString(x509Certificate);
            s4 = (short) (s4 + 1);
        }
        nativeSetCertificates(strArr);
    }

    public void setClientIdentityCertificateChain(X509Certificate[] x509CertificateArr, PrivateKey privateKey) throws CertificateEncodingException, AppCertificateStoreException, InvalidKeyException {
        if (privateKey == null) {
            Log.e("Private Key is null, cannot proceed.");
            throw new IllegalArgumentException("Private key is null.");
        }
        if (privateKey.getAlgorithm().equals("RSA")) {
            nativeSetClientIdentityCertificateChain(CertificateUtils.convertToPEMStringArray(x509CertificateArr), encodeRSAPrivateKeyToPKCS8(privateKey));
            return;
        }
        Log.e("Only RSA Private keys are supported.");
        throw new InvalidKeyException("Unsupported Key algorithm " + privateKey.getAlgorithm());
    }

    public void validateCertificates(X509Certificate[] x509CertificateArr, CertificateValidationCompletionHandler certificateValidationCompletionHandler) {
        try {
            nativeValidateCertificates(CertificateUtils.convertToPEMStringArray(x509CertificateArr), certificateValidationCompletionHandler);
        } catch (IllegalStateException e6) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to an internal API error.", e6);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_INTERNAL_ERROR));
            }
        } catch (CertificateEncodingException e8) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to corrupted certificates.", e8);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_CERT_ENCODING));
            }
        }
    }

    public void validateCertificates(X509Certificate[] x509CertificateArr, String str, String str2, int i6, CertificateValidationCompletionHandler certificateValidationCompletionHandler) {
        try {
            nativeValidateCertificates(CertificateUtils.convertToPEMStringArray(x509CertificateArr), str, str2, i6, certificateValidationCompletionHandler);
        } catch (IllegalStateException e6) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to an internal API error.", e6);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_INTERNAL_ERROR));
            }
        } catch (CertificateEncodingException e8) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to corrupted certificates.", e8);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_CERT_ENCODING));
            }
        }
    }

    public void validateCertificates(X509Certificate[] x509CertificateArr, String str, String str2, int i6, boolean z7, CertificateValidationCompletionHandler certificateValidationCompletionHandler) {
        try {
            nativeValidateCertificates(CertificateUtils.convertToPEMStringArray(x509CertificateArr), str, str2, i6, z7, certificateValidationCompletionHandler);
        } catch (IllegalStateException e6) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to an internal API error.", e6);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_INTERNAL_ERROR));
            }
        } catch (CertificateEncodingException e8) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to corrupted certificates.", e8);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_CERT_ENCODING));
            }
        }
    }

    public void validateCertificates(X509Certificate[] x509CertificateArr, boolean z7, CertificateValidationCompletionHandler certificateValidationCompletionHandler) {
        try {
            nativeValidateCertificates(CertificateUtils.convertToPEMStringArray(x509CertificateArr), z7, certificateValidationCompletionHandler);
        } catch (IllegalStateException e6) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to an internal API error.", e6);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_INTERNAL_ERROR));
            }
        } catch (CertificateEncodingException e8) {
            if (certificateValidationCompletionHandler != null) {
                Log.d("Certificate validation failed due to corrupted certificates.", e8);
                certificateValidationCompletionHandler.onError(new CertificateValidationException(CertificateValidationResult.CERT_VALIDATION_ERR_CERT_ENCODING));
            }
        }
    }
}
