package com.blackberry.security.sb.pkic;

import android.util.Log;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;

/* loaded from: classes2.dex */
public class TpX509CertKeyStore extends TpX509CertStore {
    private static final String LOG_TAG = "certmgr:libSbPkic:TpX509CertKeyStore";
    private boolean mDefaultStore;
    private final KeyStore mKeyStore;
    private List<String> mKeyStoreAliases;

    /* loaded from: classes2.dex */
    private class CertIterator implements Iterator<X509Certificate> {
        private final Enumeration<String> mAliasEnum;
        private X509Certificate mNextCert;

        CertIterator() {
            this.mAliasEnum = TpX509CertKeyStore.this.mKeyStore.aliases();
            advanceCursor();
        }

        private void advanceCursor() {
            this.mNextCert = null;
            while (this.mAliasEnum.hasMoreElements()) {
                try {
                    Certificate certificate = TpX509CertKeyStore.this.mKeyStore.getCertificate(this.mAliasEnum.nextElement());
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        this.mNextCert = (X509Certificate) certificate;
                        return;
                    }
                } catch (KeyStoreException e) {
                    Log.d(TpX509CertKeyStore.LOG_TAG, "Failed to retrieve certificate from key store", e);
                }
            }
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return this.mNextCert != null;
        }

        @Override // java.util.Iterator
        public X509Certificate next() {
            if (this.mNextCert == null) {
                throw new NoSuchElementException();
            }
            X509Certificate x509Certificate = this.mNextCert;
            advanceCursor();
            return x509Certificate;
        }

        @Override // java.util.Iterator
        public void remove() {
            throw new UnsupportedOperationException();
        }
    }

    public TpX509CertKeyStore(KeyStore keyStore) {
        this(keyStore, null, false);
    }

    public TpX509CertKeyStore(KeyStore keyStore, X509Certificate x509Certificate, boolean z) {
        this.mDefaultStore = false;
        if (keyStore == null) {
            throw new IllegalArgumentException("key store is null");
        }
        this.mKeyStore = keyStore;
        if (x509Certificate != null) {
            try {
                if (keyStore.getCertificateAlias(x509Certificate) != null) {
                    this.mtrustedIdentity = x509Certificate;
                }
            } catch (KeyStoreException e) {
                e.printStackTrace();
            }
        }
        this.mDefaultStore = z;
        if (this.mDefaultStore) {
            this.mAliasHashAlgorithm = "MD5";
        } else {
            setAliasIndexing(keyStore);
        }
    }

    private boolean determineHash(String str, byte[] bArr, String str2) {
        String subjectNameHash = getSubjectNameHash(bArr, str2);
        if (subjectNameHash == null || !str.contains(subjectNameHash)) {
            return false;
        }
        this.mAliasHashAlgorithm = str2;
        return true;
    }

    private String getSubjectNameHash(byte[] bArr, String str) {
        try {
            byte[] digest = MessageDigest.getInstance(str).digest(bArr);
            return String.format("%08x", Integer.valueOf(((digest[3] & 255) << 24) | (digest[0] & 255) | ((digest[1] & 255) << 8) | ((digest[2] & 255) << 16)));
        } catch (NoSuchAlgorithmException e) {
            Log.e(LOG_TAG, "Exception, hash " + str + " not supported", e);
            return null;
        }
    }

    private boolean setAliasIndexing(KeyStore keyStore) {
        int indexOf;
        try {
            this.mKeyStoreAliases = Collections.list(keyStore.aliases());
            this.mAliasHashAlgorithm = null;
            for (String str : this.mKeyStoreAliases) {
                int indexOf2 = str.indexOf(":");
                if (indexOf2 != -1 && indexOf2 == str.lastIndexOf(":") && (indexOf = str.indexOf(".")) != -1 && indexOf == str.lastIndexOf(".")) {
                    for (int i = indexOf2 + 1; i < indexOf; i++) {
                        if (Character.digit(str.charAt(i), 16) == -1) {
                            return false;
                        }
                    }
                }
                return false;
            }
            if (this.mKeyStoreAliases.size() > 0) {
                String str2 = this.mKeyStoreAliases.get(0);
                byte[] encoded = ((X509Certificate) this.mKeyStore.getCertificate(str2)).getSubjectX500Principal().getEncoded();
                if (!determineHash(str2, encoded, "SHA1") && !determineHash(str2, encoded, "MD5")) {
                    Log.d(LOG_TAG, "Unrecognized hash digest for certificate alias");
                }
                return true;
            }
            return false;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    @Override // com.blackberry.security.sb.pkic.TpX509CertStore
    public byte[] getCertificateByAlias(byte[] bArr) {
        byte[] bArr2;
        try {
            String subjectNameHash = getSubjectNameHash(bArr, this.mAliasHashAlgorithm);
            if (subjectNameHash != null) {
                if (this.mDefaultStore) {
                    Certificate certificate = this.mKeyStore.getCertificate("system:" + subjectNameHash + ".0");
                    if (certificate != null) {
                        bArr2 = certificate.getEncoded();
                    } else {
                        Certificate certificate2 = this.mKeyStore.getCertificate("user:" + subjectNameHash + ".0");
                        if (certificate2 != null) {
                            bArr2 = certificate2.getEncoded();
                        }
                    }
                    return bArr2;
                }
                for (String str : this.mKeyStoreAliases) {
                    if (str.contains(subjectNameHash)) {
                        bArr2 = this.mKeyStore.getCertificate(str).getEncoded();
                        break;
                    }
                }
            }
            bArr2 = null;
            return bArr2;
        } catch (KeyStoreException | CertificateEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.blackberry.security.sb.pkic.TpX509CertStore
    protected Iterable<X509Certificate> getCertificates() {
        return new Iterable<X509Certificate>() { // from class: com.blackberry.security.sb.pkic.TpX509CertKeyStore.1
            @Override // java.lang.Iterable
            public Iterator<X509Certificate> iterator() {
                try {
                    return new CertIterator();
                } catch (KeyStoreException e) {
                    Log.d(TpX509CertKeyStore.LOG_TAG, "Failed to initialize certificate iterator", e);
                    return Collections.emptyIterator();
                }
            }
        };
    }
}
