package com.avaya.clientservices.provider.certificate.internal;

import android.content.Context;
import android.util.Base64;
import android.util.Log;
import com.avaya.clientservices.base.App;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes.dex */
public class AndroidCertificateProvider {
    private static final String AUTHORITY_KEY_IDENTIFIER_OID = "2.5.29.35";
    private static final String AVAYA_PRIVATE_KEY_STORE = "AvayaTrust";
    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n";
    public static final String END_CERT = "-----END CERTIFICATE-----\n";
    private static CertificateFactory mCertificateFactory;
    private final Lock _mKeyStoreLock = new ReentrantLock();
    private boolean isCertificateStoreInUse = false;
    private Context mContext = App.getContext();
    private TrustManager[] mTrustManagers;
    private static final char[] AVAYA_KEY_STORE_PASSWORD = "password".toCharArray();
    private static final byte[] AVAYA_SIP_CA_KEY_ID = {-96, -126, 7, 41, 92, 58, -96, -60, 41, -72, 61, -61, 29, -71, 6, 85, 19, -66, 86, 42};

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.avaya.clientservices.provider.certificate.internal.AndroidCertificateProvider$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$avaya$clientservices$provider$certificate$internal$SubjectAlternateNameId = new int[SubjectAlternateNameId.values().length];

        static {
            try {
                $SwitchMap$com$avaya$clientservices$provider$certificate$internal$SubjectAlternateNameId[SubjectAlternateNameId.DNS_NAME.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$provider$certificate$internal$SubjectAlternateNameId[SubjectAlternateNameId.URI.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$avaya$clientservices$provider$certificate$internal$SubjectAlternateNameId[SubjectAlternateNameId.IP_ADDRESS.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ASN1Helper {
        private static final int BYTE_LENGTH = 8;
        private static final int BYTE_MASK = 255;
        private static final byte CONSTRUCTED_SEQUENCE_TAG = 48;
        private static final byte LENGTH_INDICATOR = Byte.MIN_VALUE;
        private static final byte LONG_FORM_LENGTH_FLAG = Byte.MIN_VALUE;
        private static final byte LONG_FORM_LENGTH_MASK = Byte.MAX_VALUE;
        private static final byte OCTET_STRING_TAG = 4;
        private int current = 0;
        private final byte[] raw;

        ASN1Helper(byte[] bArr) {
            this.raw = bArr;
        }

        private int parseLength() {
            byte[] bArr = this.raw;
            int i = this.current;
            this.current = i + 1;
            byte b2 = bArr[i];
            if ((b2 & Byte.MIN_VALUE) == 0) {
                return b2;
            }
            int i2 = 0;
            for (int i3 = b2 & LONG_FORM_LENGTH_MASK; i3 > 0; i3--) {
                byte[] bArr2 = this.raw;
                int i4 = this.current;
                this.current = i4 + 1;
                i2 = (i2 << 8) + (bArr2[i4] & 255);
            }
            return i2;
        }

        byte[] extractAuthorityKeyIdentifier() {
            byte[] bArr = this.raw;
            if (bArr == null) {
                return null;
            }
            int i = this.current;
            this.current = i + 1;
            if (bArr[i] != 4) {
                return null;
            }
            parseLength();
            byte[] bArr2 = this.raw;
            int i2 = this.current;
            this.current = i2 + 1;
            if (bArr2[i2] != 48) {
                return null;
            }
            parseLength();
            byte[] bArr3 = this.raw;
            int i3 = this.current;
            this.current = i3 + 1;
            if (bArr3[i3] != Byte.MIN_VALUE) {
                return null;
            }
            int parseLength = parseLength();
            byte[] bArr4 = this.raw;
            int i4 = this.current;
            return Arrays.copyOfRange(bArr4, i4, parseLength + i4);
        }

        byte[] extractSubjectKeyIdentifier() {
            byte[] bArr = this.raw;
            if (bArr == null) {
                return null;
            }
            int i = this.current;
            this.current = i + 1;
            if (bArr[i] != 4) {
                return null;
            }
            parseLength();
            byte[] bArr2 = this.raw;
            int i2 = this.current;
            this.current = i2 + 1;
            if (bArr2[i2] != 4) {
                return null;
            }
            int parseLength = parseLength();
            byte[] bArr3 = this.raw;
            int i3 = this.current;
            return Arrays.copyOfRange(bArr3, i3, parseLength + i3);
        }
    }

    static {
        mCertificateFactory = null;
        try {
            mCertificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e2) {
            log(5, "Unable to get an instance of a certificate factory: " + e2.getMessage());
        }
    }

    private static String convertToBase64(byte[] bArr) {
        return BEGIN_CERT + Base64.encodeToString(bArr, 0) + END_CERT;
    }

    private static X509Certificate convertToX509Certificate(String str) throws AssertionError {
        ByteArrayInputStream byteArrayInputStream;
        ByteArrayInputStream byteArrayInputStream2 = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
            } catch (CertificateException e2) {
                e = e2;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) mCertificateFactory.generateCertificate(byteArrayInputStream);
            try {
                byteArrayInputStream.close();
            } catch (IOException e3) {
                log(5, "unable to close stream " + e3.getMessage());
            }
            return x509Certificate;
        } catch (CertificateException e4) {
            e = e4;
            byteArrayInputStream2 = byteArrayInputStream;
            log(5, "[PEM->X509]: Error encountered " + e.getMessage());
            throw new AssertionError("Certificate encoding failed" + e.getMessage());
        } catch (Throwable th2) {
            th = th2;
            byteArrayInputStream2 = byteArrayInputStream;
            try {
                byteArrayInputStream2.close();
            } catch (IOException e5) {
                log(5, "unable to close stream " + e5.getMessage());
            }
            throw th;
        }
    }

    private KeyStore createJavaKeyStore() throws CertificateStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            return keyStore;
        } catch (IOException e2) {
            throw new CertificateStoreException(e2);
        } catch (KeyStoreException e3) {
            throw new CertificateStoreException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new CertificateStoreException(e4);
        } catch (CertificateException e5) {
            throw new CertificateStoreException(e5);
        }
    }

    private static byte[] extractAuthorityKeyIdentifier(X509Certificate x509Certificate) {
        return new ASN1Helper(x509Certificate.getExtensionValue(AUTHORITY_KEY_IDENTIFIER_OID)).extractAuthorityKeyIdentifier();
    }

    private static String generateCertificateAlias() {
        return UUID.randomUUID().toString();
    }

    private X509Certificate[] getAcceptedIssuers() {
        if (!isCertificateStoreInUse()) {
            log(5, "Application certificate store is not in-use");
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (TrustManager trustManager : getDelegates()) {
            if (trustManager instanceof X509TrustManager) {
                for (X509Certificate x509Certificate : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
                    arrayList.add(x509Certificate);
                }
            }
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private TrustManager[] getDelegates() {
        this._mKeyStoreLock.lock();
        try {
            return this.mTrustManagers;
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    private static TrustManager[] getTrustManagers(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e2) {
            throw new AssertionError(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new AssertionError(e3);
        }
    }

    private boolean isCertIssuedByAvayaSIPCA(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        if (Arrays.equals(extractAuthorityKeyIdentifier(x509Certificate), AVAYA_SIP_CA_KEY_ID)) {
            log(3, "Certificate is issued by Avaya SIP CA ");
            return true;
        }
        log(3, "Certificate is NOT issued by Avaya SIP CA ");
        return false;
    }

    private static void log(int i, String str) {
        Log.println(i, "AvayaClientServices", str);
    }

    private void persistCertificateStore(KeyStore keyStore) throws CertificateException {
        if (keyStore == null) {
            log(4, "Deleting certificate store.");
            this.mContext.deleteFile(AVAYA_PRIVATE_KEY_STORE);
        } else {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    try {
                        Context context = this.mContext;
                        Context context2 = this.mContext;
                        fileOutputStream = context.openFileOutput(AVAYA_PRIVATE_KEY_STORE, 0);
                        keyStore.store(fileOutputStream, AVAYA_KEY_STORE_PASSWORD);
                        try {
                            fileOutputStream.close();
                        } catch (IOException unused) {
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        log(6, "error occurred while closing certificate store." + e2.getMessage());
                        throw new CertificateException(e2);
                    }
                } catch (IOException e3) {
                    log(6, "error occurred while closing certificate store." + e3.getMessage());
                    throw new CertificateException(e3);
                } catch (KeyStoreException e4) {
                    log(6, "error occurred while closing certificate store." + e4.getMessage());
                    throw new CertificateException(e4);
                }
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (IOException unused2) {
                }
                throw th;
            }
        }
        setKeyStore(keyStore);
    }

    private void setKeyStore(KeyStore keyStore) {
        this._mKeyStoreLock.lock();
        try {
            this.mTrustManagers = getTrustManagers(keyStore);
            this.isCertificateStoreInUse = keyStore != null;
            log(4, "Application certificate store in use= " + this.isCertificateStoreInUse);
        } finally {
            this._mKeyStoreLock.unlock();
        }
    }

    private void validateHostname(X509Certificate x509Certificate, String str, String str2, int i) throws CertificateIdentityValidationException {
        String str3;
        if (isCertIssuedByAvayaSIPCA(x509Certificate)) {
            log(5, "The server certificate is issued by Avaya SIP CA, skipping hostname validation");
            return;
        }
        if (str.isEmpty() && str2.isEmpty()) {
            log(5, "Service domain and Remote hostname values are empty, cannot validate server identity");
            return;
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        boolean z = false;
        try {
            log(3, "Looking for SubjectAltName in " + x509Certificate.getSubjectX500Principal().getName());
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    SubjectAlternateNameId subjectAlternateNameId = SubjectAlternateNameId.values()[((Integer) list.get(0)).intValue()];
                    Object obj = list.get(1);
                    int i2 = AnonymousClass1.$SwitchMap$com$avaya$clientservices$provider$certificate$internal$SubjectAlternateNameId[subjectAlternateNameId.ordinal()];
                    if (i2 == 1) {
                        arrayList.add(obj.toString());
                    } else if (i2 == 2) {
                        arrayList2.add(obj.toString());
                    } else if (i2 == 3) {
                        arrayList3.add(obj.toString());
                    }
                }
            } else {
                log(3, "Subject Alternative Name extension not available, use CN for hostname validation");
                z = true;
            }
        } catch (CertificateParsingException e2) {
            log(5, "Exception occurred while parsing the certificate: " + e2.getMessage());
        }
        if (z && !str.isEmpty()) {
            log(5, "Hostname validation cannot proceed with incompatible certificate.");
            throw new CertificateIdentityValidationException("Incompatible SIP certificate.");
        }
        if (z) {
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            if (subjectX500Principal == null) {
                throw new CertificateIdentityValidationException("Failed to extract Subject DN");
            }
            String find = new DNParser(subjectX500Principal).find("CN");
            if (find.isEmpty()) {
                throw new CertificateIdentityValidationException("Empty CN in the Certificate Subject.");
            }
            if (find.equalsIgnoreCase(str2)) {
                return;
            }
            log(5, "Hostname validation failed. {expected =" + str2 + " actual = " + find + "}");
            throw new CertificateIdentityValidationException("Server identity validation failed");
        }
        if (str.isEmpty()) {
            if (containsOnlyValidIPAddrChars(str2)) {
                try {
                    InetAddress byName = InetAddress.getByName(str2);
                    Iterator it = arrayList3.iterator();
                    while (it.hasNext()) {
                        if (InetAddress.getByName((String) it.next()).getHostAddress().equals(byName.getHostAddress())) {
                            log(3, "IP address [" + str2 + "] matched.");
                            return;
                        }
                    }
                } catch (UnknownHostException e3) {
                    log(5, "Exception received while parsing IP address values from SubjectAltName extension");
                    throw new CertificateIdentityValidationException(e3.getMessage());
                }
            }
            Iterator it2 = arrayList.iterator();
            while (it2.hasNext()) {
                if (((String) it2.next()).equalsIgnoreCase(str2)) {
                    log(3, "DNS Name [" + str2 + "] matched.");
                    return;
                }
            }
            str3 = "Server identity validation failed because of mismatched DNS name.";
        } else {
            Iterator it3 = arrayList2.iterator();
            while (it3.hasNext()) {
                if (((String) it3.next()).equalsIgnoreCase(str)) {
                    log(3, "Service domain [" + str + "] matched.");
                    return;
                }
            }
            str3 = "Server identity validation failed because service domains match failed.";
        }
        log(3, "Server identity validation failed.");
        throw new CertificateIdentityValidationException(str3);
    }

    boolean containsOnlyValidIPAddrChars(String str) {
        int length = str.length();
        char[] charArray = str.toCharArray();
        if (length == 0) {
            return false;
        }
        for (int i = 0; i < length; i++) {
            if (!isxdigit(charArray[i]) && charArray[i] != '.' && charArray[i] != ':' && charArray[i] != '[' && charArray[i] != ']') {
                return false;
            }
        }
        return true;
    }

    public void createStore() throws CertificateStoreException {
        KeyStore createJavaKeyStore = createJavaKeyStore();
        try {
            createJavaKeyStore.load(this.mContext.openFileInput(AVAYA_PRIVATE_KEY_STORE), AVAYA_KEY_STORE_PASSWORD);
            this.isCertificateStoreInUse = true;
        } catch (FileNotFoundException unused) {
            log(5, "Could not find the KeyStore file to load");
            createJavaKeyStore = null;
        } catch (IOException e2) {
            throw new CertificateStoreException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertificateStoreException(e3);
        } catch (CertificateException e4) {
            throw new CertificateStoreException(e4);
        }
        log(4, "Using application's certificate store = " + this.isCertificateStoreInUse);
        setKeyStore(createJavaKeyStore);
    }

    public void deleteCertStore() throws AppCertificateStoreException, AppCertificateStoreNotInUseException {
        if (!isCertificateStoreInUse()) {
            log(5, "Application's certificate store is not in use");
            throw new AppCertificateStoreNotInUseException();
        }
        try {
            this.isCertificateStoreInUse = false;
            persistCertificateStore(null);
        } catch (CertificateException e2) {
            log(5, "Exception received while deleting certificate store");
            throw new AppCertificateStoreException(e2);
        }
    }

    public String[] getCertificates() throws AppCertificateStoreException, AppCertificateStoreNotInUseException {
        String convertToBase64;
        if (!isCertificateStoreInUse()) {
            log(5, "Application certificate store is not in use");
            throw new AppCertificateStoreNotInUseException();
        }
        ArrayList arrayList = new ArrayList();
        for (X509Certificate x509Certificate : getAcceptedIssuers()) {
            try {
                convertToBase64 = convertToBase64(x509Certificate.getEncoded());
            } catch (CertificateEncodingException e2) {
                log(5, "Encoding error occurred = " + e2.getMessage());
            }
            if (convertToBase64 == null || convertToBase64.isEmpty()) {
                log(3, "[DER->PEM]: Encoding failed for " + x509Certificate.getSubjectDN().getName());
                throw new CertificateEncodingException();
                break;
            }
            arrayList.add(convertToBase64);
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String getEndpointCertificate() {
        return null;
    }

    public boolean isCertificateStoreInUse() {
        return this.isCertificateStoreInUse;
    }

    boolean isxdigit(char c2) {
        return Character.digit(c2, 16) != -1;
    }

    public void setCertificates(String[] strArr) throws CertificateException {
        KeyStore createJavaKeyStore = createJavaKeyStore();
        if (createJavaKeyStore == null) {
            log(6, "Unable to create a keystore to create an application's certificate store.");
            throw new CertificateException();
        }
        for (String str : strArr) {
            X509Certificate convertToX509Certificate = convertToX509Certificate(str);
            if (convertToX509Certificate == null) {
                log(6, "Invalid formatted certificate received, cannot add to certificate store");
                throw new CertificateException();
            }
            try {
                log(3, "Adding certificate = " + convertToX509Certificate.getSubjectDN().getName());
                createJavaKeyStore.setCertificateEntry(generateCertificateAlias(), convertToX509Certificate);
            } catch (KeyStoreException e2) {
                log(6, "failed to add a certificate, error =" + e2.getMessage());
                throw new CertificateStoreException(e2);
            }
        }
        setKeyStore(createJavaKeyStore);
        this.isCertificateStoreInUse = true;
        persistCertificateStore(createJavaKeyStore);
        log(3, "Certificate store is populated successfully, put it to use.");
    }

    public void validateCertificates(String[] strArr, String str, String str2, int i) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        for (String str3 : strArr) {
            X509Certificate convertToX509Certificate = convertToX509Certificate(str3);
            if (convertToX509Certificate == null) {
                log(5, "Server certificate parsing failed, cannot proceed with validation.");
                throw new CertificateParsingException();
            }
            arrayList.add(convertToX509Certificate);
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        for (TrustManager trustManager : getDelegates()) {
            if (trustManager instanceof X509TrustManager) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, "RSA");
            }
        }
        log(3, "Server certificates are trusted.");
        validateHostname(x509CertificateArr[0], str, str2, i);
        log(3, "Server certificate chain has passed all the validations and can be trusted.");
    }
}
