package org.strongswan.android.logic;

import android.text.TextUtils;
import defpackage.cq1;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;

/* loaded from: classes.dex */
class CredentialHelper {
    private static final Class TAG = CredentialHelper.class;
    private byte[] data;
    private X509Certificate mUserCert;
    private PrivateKey mUserKey;
    private String mName = "";
    private List<X509Certificate> mCaCerts = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialHelper(byte[] bArr, String str) {
        this.data = bArr;
        parseCert(bArr);
        extractPkcs12(str);
    }

    private boolean extractPkcs12Internal(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        keyStore.load(new ByteArrayInputStream(this.data), passwordProtection.getPassword());
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            return false;
        }
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
            cq1.a(TAG, "extracted alias = " + nextElement + ", entry=" + entry.getClass());
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                if (TextUtils.isEmpty(this.mName)) {
                    this.mName = nextElement;
                }
                return installFrom((KeyStore.PrivateKeyEntry) entry);
            }
        }
        return true;
    }

    private synchronized boolean installFrom(KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.mUserKey = privateKeyEntry.getPrivateKey();
        this.mUserCert = (X509Certificate) privateKeyEntry.getCertificate();
        Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
        cq1.a(TAG, "# certs extracted = " + certificateChain.length);
        this.mCaCerts = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (isCa(x509Certificate)) {
                this.mCaCerts.add(x509Certificate);
            }
        }
        cq1.a(TAG, "# ca certs extracted = " + this.mCaCerts.size());
        return true;
    }

    private boolean isCa(X509Certificate x509Certificate) {
        return (x509Certificate.getExtensionValue("2.5.29.19") == null || x509Certificate.getBasicConstraints() == -1) ? false : true;
    }

    private void parseCert(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (isCa(x509Certificate)) {
                cq1.a(TAG, "got a CA cert");
                this.mCaCerts.add(x509Certificate);
            } else {
                cq1.a(TAG, "got a user cert");
                this.mUserCert = x509Certificate;
            }
        } catch (CertificateException e) {
            cq1.h(TAG, "parseCert(): " + e);
        }
    }

    boolean extractPkcs12(String str) {
        try {
            return extractPkcs12Internal(str);
        } catch (Exception e) {
            cq1.i(TAG, "extractPkcs12(): " + e, e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getName() {
        return this.mName;
    }

    X509Certificate getUserCertificate() {
        return this.mUserCert;
    }

    public List<X509Certificate> getmCaCerts() {
        return this.mCaCerts;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasCaCerts() {
        return !this.mCaCerts.isEmpty();
    }

    boolean hasUserCertificate() {
        return this.mUserCert != null;
    }

    void setName(String str) {
        this.mName = str;
    }

    void setPrivateKey(byte[] bArr) {
        try {
            this.mUserKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (InvalidKeySpecException e2) {
            throw new AssertionError(e2);
        }
    }
}
