package net.juniper.junos.pulse.android.util;

import android.annotation.SuppressLint;
import android.app.enterprise.SecurityPolicy;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.text.TextUtils;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import net.juniper.junos.pulse.android.JunosApplication;
import net.juniper.junos.pulse.android.enterprise.CertificateElement;
import net.juniper.junos.pulse.android.sql.VpnProfile;
import net.juniper.junos.pulse.android.vpn.Profile;

/* loaded from: classes.dex */
public class CertUtil {
    public static final String CERT_DELIMETER = " CERTIFICATE-----";
    public static final String KEY_DELIMETER = " PRIVATE KEY-----";
    private static final String TAG = "CertUtil";

    public static boolean checkForCombinedCertKeyPair(String str) {
        return (TextUtils.isEmpty(str) || loadPEMCertificate(str) == null || loadPEMPrivateKey(str) == null) ? false : true;
    }

    @SuppressLint({"NewApi"})
    public static ClientCertificate getCertficate(Profile profile) throws KeyChainException {
        InputStream inputStream;
        byte[] decode;
        String certAlias = profile.getCertAlias();
        InputStream inputStream2 = null;
        ClientCertificate clientCertificate = new ClientCertificate();
        PrivateKey privateKey = null;
        X509Certificate[] x509CertificateArr = null;
        try {
            try {
            } catch (Throwable th) {
                th = th;
            }
        } catch (Exception e) {
            e = e;
        }
        if ((((VpnProfile) profile).getFlags() & 128) != 0) {
            Log.d("vpn cert auth with local cert");
            CertificateElement localCertWithAlias = SettingsUtil.getLocalCertWithAlias(profile.getCertAlias());
            if (localCertWithAlias != null) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(android.util.Base64.decode(localCertWithAlias.certificateBase64String, 0));
                char[] charArray = localCertWithAlias.password.toCharArray();
                x509CertificateArr = new X509Certificate[1];
                try {
                    KeyStore keyStore = KeyStore.getInstance(SecurityPolicy.TYPE_PKCS12);
                    keyStore.load(byteArrayInputStream, charArray);
                    String nextElement = keyStore.aliases().nextElement();
                    X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                    privateKey = (PrivateKey) keyStore.getKey(nextElement, charArray);
                    x509CertificateArr[0] = x509Certificate;
                    if (x509Certificate == null) {
                        Log.e("vpn new api, Couldn't get certificate from p12");
                    } else if (privateKey == null) {
                        Log.e("vpn new api, Couldn't get PrivateKey from p12");
                    }
                } catch (IOException e2) {
                    Log.e("IOException : " + e2.getMessage());
                } catch (IllegalArgumentException e3) {
                    Log.e("IllegalArgumentException in decoding Base64 certificate string: " + e3.getMessage());
                } catch (KeyStoreException e4) {
                    Log.e("KeyStoreException : " + e4.getMessage());
                } catch (NoSuchAlgorithmException e5) {
                    Log.e("NoSuchAlgorithmException : " + e5.getMessage());
                } catch (UnrecoverableKeyException e6) {
                    Log.e("UnrecoverableKeyException : " + e6.getMessage());
                } catch (CertificateException e7) {
                    Log.e("CertificateException : " + e7.getMessage());
                }
            } else {
                Log.e("Could not get cert element from alias");
            }
        } else if (TextUtils.isEmpty(certAlias)) {
            String certPath = profile.getCertPath();
            String keyPath = profile.getKeyPath();
            int flags = ((VpnProfile) profile).getFlags();
            if ((flags & 4) != 0) {
                String stringValueForKey = SettingsUtil.getStringValueForKey(certPath);
                if (!TextUtils.isEmpty(stringValueForKey) && (decode = Base64.decode(stringValueForKey)) != null && decode.length > 0) {
                    inputStream2 = new ByteArrayInputStream(decode);
                }
                inputStream = inputStream2;
            } else {
                if (!isValidFilePath(certPath)) {
                    Log.e("Cert Path is invalid");
                    clientCertificate = null;
                    if (0 != 0) {
                        try {
                            inputStream2.close();
                        } catch (Exception e8) {
                            Log.e(TAG, "Cert Login Exception final block: " + e8);
                        }
                    }
                    return clientCertificate;
                }
                inputStream = null;
            }
            if (inputStream == null) {
                try {
                    inputStream = new FileInputStream(new File(certPath));
                } catch (Exception e9) {
                    e = e9;
                    inputStream2 = inputStream;
                    Log.e(TAG, "Cert Login Exception: " + e);
                    if (e instanceof KeyChainException) {
                        Log.d("exception is instance of KeyChainException");
                        throw ((KeyChainException) e);
                    }
                    if (inputStream2 != null) {
                        try {
                            inputStream2.close();
                        } catch (Exception e10) {
                            Log.e(TAG, "Cert Login Exception final block: " + e10);
                        }
                    }
                    clientCertificate.setCertArray(x509CertificateArr);
                    clientCertificate.setPrivateKey(privateKey);
                    return clientCertificate;
                } catch (Throwable th2) {
                    th = th2;
                    inputStream2 = inputStream;
                    if (inputStream2 != null) {
                        try {
                            inputStream2.close();
                        } catch (Exception e11) {
                            Log.e(TAG, "Cert Login Exception final block: " + e11);
                        }
                    }
                    throw th;
                }
            }
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
            x509CertificateArr = new X509Certificate[generateCertificates.size()];
            int i = 0;
            for (Certificate certificate : generateCertificates) {
                x509CertificateArr[i] = (X509Certificate) certificate;
                Log.d(TAG, "Cert type: " + certificate.getType());
                Log.d(TAG, "Cert Name: " + certificate.getClass().getName());
                i++;
            }
            byte[] bArr = null;
            if ((flags & 4) != 0) {
                String stringValueForKey2 = SettingsUtil.getStringValueForKey(keyPath);
                if (!TextUtils.isEmpty(stringValueForKey2)) {
                    bArr = Base64.decode(stringValueForKey2);
                }
            } else if (!isValidFilePath(keyPath)) {
                Log.e("Key Path is invalid");
                clientCertificate = null;
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e12) {
                        Log.e(TAG, "Cert Login Exception final block: " + e12);
                    }
                }
                return clientCertificate;
            }
            if ((bArr == null || bArr.length == 0) && ((bArr = loadPEMPrivateKey(keyPath)) == null || bArr.length == 0)) {
                File file = new File(keyPath);
                bArr = new byte[(int) file.length()];
                inputStream2 = new FileInputStream(file);
                inputStream2.read(bArr);
            } else {
                inputStream2 = inputStream;
            }
            privateKey = (Build.VERSION.SDK_INT <= 15 ? KeyFactory.getInstance("RSA") : KeyFactory.getInstance("RSA", "BC")).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } else {
            try {
                x509CertificateArr = KeyChain.getCertificateChain(JunosApplication.getApplication(), certAlias);
                if (x509CertificateArr == null) {
                    Log.e(TAG, "getCertficate certArray is null");
                }
                privateKey = KeyChain.getPrivateKey(JunosApplication.getApplication(), certAlias);
                if (privateKey == null) {
                    Log.e(TAG, "getCertficate private key is null");
                }
            } catch (KeyChainException e13) {
                Log.d(TAG, "KeyChainException exception: " + e13.getMessage());
                throw new KeyChainException();
            } catch (Exception e14) {
                Log.d(TAG, "Exception: " + e14.getMessage());
                clientCertificate = null;
                if (0 != 0) {
                    try {
                        inputStream2.close();
                    } catch (Exception e15) {
                        Log.e(TAG, "Cert Login Exception final block: " + e15);
                    }
                }
            }
        }
        if (inputStream2 != null) {
            try {
                inputStream2.close();
            } catch (Exception e16) {
                Log.e(TAG, "Cert Login Exception final block: " + e16);
            }
        }
        clientCertificate.setCertArray(x509CertificateArr);
        clientCertificate.setPrivateKey(privateKey);
        return clientCertificate;
    }

    public static X509Certificate getX509CertFromByteArray(byte[] bArr) {
        X509Certificate x509Certificate = null;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(byteArrayInputStream);
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                if (certificateFactory != null) {
                    while (bufferedInputStream.available() > 0) {
                        x509Certificate = (X509Certificate) certificateFactory.generateCertificate(bufferedInputStream);
                    }
                }
            } catch (IOException e) {
                e.printStackTrace();
                try {
                    bufferedInputStream.close();
                    byteArrayInputStream.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
            } catch (CertificateException e3) {
                e3.printStackTrace();
                try {
                    bufferedInputStream.close();
                    byteArrayInputStream.close();
                } catch (IOException e4) {
                    e4.printStackTrace();
                }
            }
            return x509Certificate;
        } finally {
            try {
                bufferedInputStream.close();
                byteArrayInputStream.close();
            } catch (IOException e5) {
                e5.printStackTrace();
            }
        }
    }

    public static boolean isValidFilePath(String str) {
        if (TextUtils.isEmpty(str)) {
            return false;
        }
        File file = new File(str);
        return file.exists() && file.isFile() && file.canRead();
    }

    public static byte[] loadPEMCertificate(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        return parsePEMFile(str, CERT_DELIMETER);
    }

    public static byte[] loadPEMPrivateKey(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        return parsePEMFile(str, KEY_DELIMETER);
    }

    public static byte[] parsePEMFile(String str, String str2) {
        FileInputStream fileInputStream;
        if (!isValidFilePath(str)) {
            return null;
        }
        Log.d(TAG, "Valid PEM file. Proceed with parsing.");
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(new File(str));
            } catch (Exception e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(fileInputStream));
            StringBuilder sb = new StringBuilder();
            boolean z = false;
            for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                if (z) {
                    if (readLine.startsWith("-----END ") && readLine.endsWith(str2)) {
                        break;
                    }
                    sb.append(readLine);
                } else if (readLine.startsWith("-----BEGIN ") && readLine.endsWith(str2)) {
                    z = true;
                }
            }
            byte[] decode = Base64.decode(sb.toString());
            if (fileInputStream == null) {
                return decode;
            }
            try {
                fileInputStream.close();
                return decode;
            } catch (IOException e2) {
                Log.e("parsePEMFile: IOException " + e2.getMessage());
                return decode;
            }
        } catch (Exception e3) {
            e = e3;
            fileInputStream2 = fileInputStream;
            Log.e("parsePEMFile: Exception " + e.getMessage());
            if (fileInputStream2 == null) {
                return null;
            }
            try {
                fileInputStream2.close();
                return null;
            } catch (IOException e4) {
                Log.e("parsePEMFile: IOException " + e4.getMessage());
                return null;
            }
        } catch (Throwable th2) {
            th = th2;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e5) {
                    Log.e("parsePEMFile: IOException " + e5.getMessage());
                }
            }
            throw th;
        }
    }
}
