package com.amazon.aws.argon.crypto;

import android.content.Context;
import android.security.KeyChain;
import android.security.KeyChainException;
import com.amazon.aws.argon.data.PersistentStore;
import com.amazon.aws.argon.logging.ArgonLogger;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import lombok.NonNull;

/* loaded from: classes.dex */
public class VpnCertificateManager {
    private static final String ARGON_VPN_CERT_ALIAS = "ARGON_VPN_CERT_ALIAS";
    private static final String TAG = VpnCertificateManager.class.getSimpleName();
    private final Context context;
    private final PersistentStore persistentStore;

    public VpnCertificateManager(@NonNull Context context, @NonNull PersistentStore persistentStore) {
        if (context == null) {
            throw new NullPointerException("context");
        }
        if (persistentStore == null) {
            throw new NullPointerException("persistentStore");
        }
        this.context = context;
        this.persistentStore = persistentStore;
    }

    public String getArgonVpnCertificateAlias() {
        try {
            return (String) this.persistentStore.retrieveObject(ARGON_VPN_CERT_ALIAS, String.class);
        } catch (IOException e) {
            ArgonLogger.e(TAG, "Failed to retrieve argon vpn cert alias.", e);
            throw new CryptoToolException("Failed to retrieve argon vpn cert alias.");
        }
    }

    public List<byte[]> getCertificateChain(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("certAlias");
        }
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(this.context, str);
            if (certificateChain == null || certificateChain.length == 0) {
                return null;
            }
            ArrayList arrayList = new ArrayList(certificateChain.length);
            for (X509Certificate x509Certificate : certificateChain) {
                new StringBuilder("keychainitem:: ").append(x509Certificate.getIssuerDN().getName());
                try {
                    arrayList.add(x509Certificate.getEncoded());
                } catch (CertificateEncodingException e) {
                    String str2 = "Ex while extracting raw cert. For: " + x509Certificate.getIssuerDN().getName();
                    ArgonLogger.e(TAG, str2, e);
                    throw new CryptoToolException(str2);
                }
            }
            return arrayList;
        } catch (KeyChainException | InterruptedException e2) {
            ArgonLogger.e(TAG, "Ex while querying keyChain for certs.", e2);
            throw new CryptoToolException("Ex while querying keyChain for certs.");
        }
    }

    public void setArgonVpnCertificateAlias(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("alias");
        }
        try {
            this.persistentStore.persist(ARGON_VPN_CERT_ALIAS, str);
        } catch (IOException e) {
            ArgonLogger.e(TAG, "Failed to persist argon vpn cert alias.", e);
            throw new CryptoToolException("Failed to persist argon vpn cert alias.");
        }
    }

    public byte[] signMessageWithCert(@NonNull String str, @NonNull String str2) {
        if (str == null) {
            throw new NullPointerException("certAlias");
        }
        if (str2 == null) {
            throw new NullPointerException("message");
        }
        try {
            PrivateKey privateKey = KeyChain.getPrivateKey(this.context, str);
            if (privateKey == null) {
                return null;
            }
            try {
                Signature signature = Signature.getInstance("SHA512withRSA");
                try {
                    signature.initSign(privateKey);
                    signature.update(str2.getBytes(StandardCharsets.UTF_8));
                    try {
                        return signature.sign();
                    } catch (SignatureException e) {
                        ArgonLogger.e(TAG, "Failed to sign message.", e);
                        throw new CryptoToolException("Failed to sign message.");
                    }
                } catch (InvalidKeyException | SignatureException e2) {
                    ArgonLogger.e(TAG, "Failed to initialize signature.", e2);
                    throw new CryptoToolException("Failed to initialize signature.");
                }
            } catch (NoSuchAlgorithmException e3) {
                ArgonLogger.e(TAG, "Failed to get a signature for algorithm: SHA512withRSA", e3);
                throw new CryptoToolException("Failed to get a signature for algorithm: SHA512withRSA");
            }
        } catch (KeyChainException | InterruptedException e4) {
            ArgonLogger.e(TAG, "Ex while querying keyChain for keys.", e4);
            throw new CryptoToolException("Ex while querying keyChain for keys.");
        }
    }
}
