package android.security;

import android.net.wifi.WifiConfiguration;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.harmony.xnet.provider.jsse.OpenSSLDSAPrivateKey;
import org.apache.harmony.xnet.provider.jsse.OpenSSLEngine;
import org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey;

/* loaded from: input_file:res/raw/classes.jar:android/security/AndroidKeyStore.class */
public class AndroidKeyStore extends KeyStoreSpi {
    public static final String NAME = "AndroidKeyStore";
    private KeyStore mKeyStore;

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (!isKeyEntry(str)) {
            return null;
        }
        try {
            return OpenSSLEngine.getInstance(WifiConfiguration.KEYSTORE_ENGINE_ID).getPrivateKeyById(Credentials.USER_PRIVATE_KEY + str);
        } catch (InvalidKeyException e) {
            UnrecoverableKeyException unrecoverableKeyException = new UnrecoverableKeyException("Can't get key");
            unrecoverableKeyException.initCause(e);
            throw unrecoverableKeyException;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Certificate[] certificateArr;
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        X509Certificate x509Certificate = (X509Certificate) engineGetCertificate(str);
        if (x509Certificate == null) {
            return null;
        }
        byte[] bArr = this.mKeyStore.get(Credentials.CA_CERTIFICATE + str);
        if (bArr != null) {
            Collection<X509Certificate> certificates = toCertificates(bArr);
            certificateArr = new Certificate[certificates.size() + 1];
            Iterator<X509Certificate> it = certificates.iterator();
            int i = 1;
            while (it.hasNext()) {
                int i2 = i;
                i++;
                certificateArr[i2] = it.next();
            }
        } else {
            certificateArr = new Certificate[1];
        }
        certificateArr[0] = x509Certificate;
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        byte[] bArr = this.mKeyStore.get(Credentials.USER_CERTIFICATE + str);
        if (bArr != null) {
            return toCertificate(bArr);
        }
        byte[] bArr2 = this.mKeyStore.get(Credentials.CA_CERTIFICATE + str);
        if (bArr2 != null) {
            return toCertificate(bArr2);
        }
        return null;
    }

    private static X509Certificate toCertificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            Log.w(NAME, "Couldn't parse certificate in keystore", e);
            return null;
        }
    }

    private static Collection<X509Certificate> toCertificates(byte[] bArr) {
        try {
            return CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            Log.w(NAME, "Couldn't parse certificates in keystore", e);
            return new ArrayList();
        }
    }

    private Date getModificationDate(String str) {
        long j = this.mKeyStore.getmtime(str);
        if (j == -1) {
            return null;
        }
        return new Date(j);
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        Date modificationDate = getModificationDate(Credentials.USER_PRIVATE_KEY + str);
        if (modificationDate != null) {
            return modificationDate;
        }
        Date modificationDate2 = getModificationDate(Credentials.USER_CERTIFICATE + str);
        return modificationDate2 != null ? modificationDate2 : getModificationDate(Credentials.CA_CERTIFICATE + str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws java.security.KeyStoreException {
        if (cArr != null && cArr.length > 0) {
            throw new java.security.KeyStoreException("entries cannot be protected with passwords");
        }
        if (!(key instanceof PrivateKey)) {
            throw new java.security.KeyStoreException("Only PrivateKeys are supported");
        }
        setPrivateKeyEntry(str, (PrivateKey) key, certificateArr);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void setPrivateKeyEntry(String str, PrivateKey privateKey, Certificate[] certificateArr) throws java.security.KeyStoreException {
        boolean z;
        byte[] bArr;
        byte[] bArr2 = null;
        String pkeyAlias = privateKey instanceof OpenSSLRSAPrivateKey ? ((OpenSSLRSAPrivateKey) privateKey).getPkeyAlias() : privateKey instanceof OpenSSLDSAPrivateKey ? ((OpenSSLDSAPrivateKey) privateKey).getPkeyAlias() : null;
        if (pkeyAlias == null || !pkeyAlias.startsWith(Credentials.USER_PRIVATE_KEY)) {
            String format = privateKey.getFormat();
            if (format == null || !"PKCS#8".equals(format)) {
                throw new java.security.KeyStoreException("Only PrivateKeys that can be encoded into PKCS#8 are supported");
            }
            bArr2 = privateKey.getEncoded();
            if (bArr2 == null) {
                throw new java.security.KeyStoreException("PrivateKey has no encoding");
            }
            z = true;
        } else {
            String substring = pkeyAlias.substring(Credentials.USER_PRIVATE_KEY.length());
            if (!str.equals(substring)) {
                throw new java.security.KeyStoreException("Can only replace keys with same alias: " + str + " != " + substring);
            }
            z = false;
        }
        if (certificateArr == null || certificateArr.length == 0) {
            throw new java.security.KeyStoreException("Must supply at least one Certificate with PrivateKey");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i = 0; i < certificateArr.length; i++) {
            if (!"X.509".equals(certificateArr[i].getType())) {
                throw new java.security.KeyStoreException("Certificates must be in X.509 format: invalid cert #" + i);
            }
            if (!(certificateArr[i] instanceof X509Certificate)) {
                throw new java.security.KeyStoreException("Certificates must be in X.509 format: invalid cert #" + i);
            }
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        try {
            byte[] encoded = x509CertificateArr[0].getEncoded();
            if (certificateArr.length > 1) {
                byte[] bArr3 = new byte[x509CertificateArr.length - 1];
                int i2 = 0;
                for (int i3 = 0; i3 < bArr3.length; i3++) {
                    try {
                        bArr3[i3] = x509CertificateArr[i3 + 1].getEncoded();
                        i2 += bArr3[i3].length;
                    } catch (CertificateEncodingException e) {
                        throw new java.security.KeyStoreException("Can't encode Certificate #" + i3, e);
                    }
                }
                bArr = new byte[i2];
                int i4 = 0;
                for (int i5 = 0; i5 < bArr3.length; i5++) {
                    int length = bArr3[i5].length;
                    System.arraycopy(bArr3[i5], 0, bArr, i4, length);
                    i4 += length;
                    bArr3[i5] = 0;
                }
            } else {
                bArr = null;
            }
            if (z) {
                Credentials.deleteAllTypesForAlias(this.mKeyStore, str);
            } else {
                Credentials.deleteCertificateTypesForAlias(this.mKeyStore, str);
            }
            if (z && !this.mKeyStore.importKey(Credentials.USER_PRIVATE_KEY + str, bArr2)) {
                Credentials.deleteAllTypesForAlias(this.mKeyStore, str);
                throw new java.security.KeyStoreException("Couldn't put private key in keystore");
            }
            if (!this.mKeyStore.put(Credentials.USER_CERTIFICATE + str, encoded)) {
                Credentials.deleteAllTypesForAlias(this.mKeyStore, str);
                throw new java.security.KeyStoreException("Couldn't put certificate #1 in keystore");
            }
            if (bArr == null || this.mKeyStore.put(Credentials.CA_CERTIFICATE + str, bArr)) {
                return;
            }
            Credentials.deleteAllTypesForAlias(this.mKeyStore, str);
            throw new java.security.KeyStoreException("Couldn't put certificate chain in keystore");
        } catch (CertificateEncodingException e2) {
            throw new java.security.KeyStoreException("Couldn't encode certificate #1", e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws java.security.KeyStoreException {
        throw new java.security.KeyStoreException("Operation not supported because key encoding is unknown");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws java.security.KeyStoreException {
        if (isKeyEntry(str)) {
            throw new java.security.KeyStoreException("Entry exists and is not a trusted certificate");
        }
        if (certificate == null) {
            throw new NullPointerException("cert == null");
        }
        try {
            if (!this.mKeyStore.put(Credentials.CA_CERTIFICATE + str, certificate.getEncoded())) {
                throw new java.security.KeyStoreException("Couldn't insert certificate; is KeyStore initialized?");
            }
        } catch (CertificateEncodingException e) {
            throw new java.security.KeyStoreException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws java.security.KeyStoreException {
        if ((isKeyEntry(str) || isCertificateEntry(str)) && !Credentials.deleteAllTypesForAlias(this.mKeyStore, str)) {
            throw new java.security.KeyStoreException("No such entry " + str);
        }
    }

    private Set<String> getUniqueAliases() {
        String[] saw = this.mKeyStore.saw("");
        if (saw == null) {
            return new HashSet();
        }
        HashSet hashSet = new HashSet(saw.length);
        for (String str : saw) {
            int indexOf = str.indexOf(95);
            if (indexOf == -1 || str.length() <= indexOf) {
                Log.e(NAME, "invalid alias: " + str);
            } else {
                hashSet.add(new String(str.substring(indexOf + 1)));
            }
        }
        return hashSet;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(getUniqueAliases());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        return this.mKeyStore.contains(new StringBuilder().append(Credentials.USER_PRIVATE_KEY).append(str).toString()) || this.mKeyStore.contains(new StringBuilder().append(Credentials.USER_CERTIFICATE).append(str).toString()) || this.mKeyStore.contains(new StringBuilder().append(Credentials.CA_CERTIFICATE).append(str).toString());
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return getUniqueAliases().size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return isKeyEntry(str);
    }

    private boolean isKeyEntry(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        return this.mKeyStore.contains(Credentials.USER_PRIVATE_KEY + str);
    }

    private boolean isCertificateEntry(String str) {
        if (str == null) {
            throw new NullPointerException("alias == null");
        }
        return this.mKeyStore.contains(Credentials.CA_CERTIFICATE + str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return !isKeyEntry(str) && isCertificateEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        HashSet hashSet = new HashSet();
        for (String str : this.mKeyStore.saw(Credentials.USER_CERTIFICATE)) {
            byte[] bArr = this.mKeyStore.get(Credentials.USER_CERTIFICATE + str);
            if (bArr != null) {
                X509Certificate certificate2 = toCertificate(bArr);
                hashSet.add(str);
                if (certificate.equals(certificate2)) {
                    return str;
                }
            }
        }
        for (String str2 : this.mKeyStore.saw(Credentials.CA_CERTIFICATE)) {
            if (!hashSet.contains(str2) && this.mKeyStore.get(Credentials.CA_CERTIFICATE + str2) != null && certificate.equals(toCertificate(this.mKeyStore.get(Credentials.CA_CERTIFICATE + str2)))) {
                return str2;
            }
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException("Can not serialize AndroidKeyStore to OutputStream");
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (inputStream != null) {
            throw new IllegalArgumentException("InputStream not supported");
        }
        if (cArr != null) {
            throw new IllegalArgumentException("password not supported");
        }
        this.mKeyStore = KeyStore.getInstance();
    }
}
