package com.android.certinstaller;

import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.os.RemoteException;
import android.security.Credentials;
import android.security.IKeyChainService;
import android.text.Html;
import android.text.TextUtils;
import android.util.Log;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.x509.BasicConstraints;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class CredentialHelper {
    private HashMap<String, byte[]> mBundle;
    private List<X509Certificate> mCaCerts;
    private String mName;
    private int mUid;
    private X509Certificate mUserCert;
    private PrivateKey mUserKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialHelper() {
        this.mBundle = new HashMap<>();
        this.mName = "";
        this.mUid = -1;
        this.mCaCerts = new ArrayList();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialHelper(Intent intent) {
        this.mBundle = new HashMap<>();
        this.mName = "";
        this.mUid = -1;
        this.mCaCerts = new ArrayList();
        Bundle extras = intent.getExtras();
        if (extras == null) {
            return;
        }
        String string = extras.getString("name");
        extras.remove("name");
        if (string != null) {
            this.mName = string;
        }
        this.mUid = extras.getInt("install_as_uid", -1);
        extras.remove("install_as_uid");
        Log.d("CredentialHelper", "# extras: " + extras.size());
        for (String str : extras.keySet()) {
            byte[] byteArray = extras.getByteArray(str);
            Log.d("CredentialHelper", "   " + str + ": " + (byteArray == null ? -1 : byteArray.length));
            this.mBundle.put(str, byteArray);
        }
        parseCert(getData("CERT"));
    }

    private boolean extractPkcs12Internal(String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        keyStore.load(new ByteArrayInputStream(getData("PKCS12")), passwordProtection.getPassword());
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            return false;
        }
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
            Log.d("CredentialHelper", "extracted alias = " + nextElement + ", entry=" + entry.getClass());
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                if (TextUtils.isEmpty(this.mName)) {
                    this.mName = nextElement;
                }
                return installFrom((KeyStore.PrivateKeyEntry) entry);
            }
        }
        return true;
    }

    private synchronized boolean installFrom(KeyStore.PrivateKeyEntry privateKeyEntry) {
        this.mUserKey = privateKeyEntry.getPrivateKey();
        this.mUserCert = (X509Certificate) privateKeyEntry.getCertificate();
        Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
        Log.d("CredentialHelper", "# certs extracted = " + certificateChain.length);
        this.mCaCerts = new ArrayList(certificateChain.length);
        for (Certificate certificate : certificateChain) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (isCa(x509Certificate)) {
                this.mCaCerts.add(x509Certificate);
            }
        }
        Log.d("CredentialHelper", "# ca certs extracted = " + this.mCaCerts.size());
        return true;
    }

    private boolean isCa(X509Certificate x509Certificate) {
        try {
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.19");
            if (extensionValue == null) {
                return false;
            }
            return BasicConstraints.getInstance(new ASN1InputStream(new ASN1InputStream(extensionValue).readObject().getOctets()).readObject()).isCA();
        } catch (IOException e) {
            return false;
        }
    }

    private void parseCert(byte[] bArr) {
        if (bArr == null) {
            return;
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (isCa(x509Certificate)) {
                Log.d("CredentialHelper", "got a CA cert");
                this.mCaCerts.add(x509Certificate);
            } else {
                Log.d("CredentialHelper", "got a user cert");
                this.mUserCert = x509Certificate;
            }
        } catch (CertificateException e) {
            Log.w("CredentialHelper", "parseCert(): " + e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean containsAnyRawData() {
        return !this.mBundle.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Intent createSystemInstallIntent() {
        Intent intent = new Intent("com.android.credentials.INSTALL");
        intent.setClassName("com.android.settings", "com.android.settings.CredentialStorage");
        intent.putExtra("install_as_uid", this.mUid);
        try {
            if (this.mUserKey != null) {
                intent.putExtra("user_private_key_name", "USRPKEY_" + this.mName);
                intent.putExtra("user_private_key_data", this.mUserKey.getEncoded());
            }
            if (this.mUserCert != null) {
                intent.putExtra("user_certificate_name", "USRCERT_" + this.mName);
                intent.putExtra("user_certificate_data", Credentials.convertToPem(new Certificate[]{this.mUserCert}));
            }
            if (!this.mCaCerts.isEmpty()) {
                intent.putExtra("ca_certificates_name", "CACERT_" + this.mName);
                intent.putExtra("ca_certificates_data", Credentials.convertToPem((X509Certificate[]) this.mCaCerts.toArray(new X509Certificate[this.mCaCerts.size()])));
            }
            return intent;
        } catch (IOException e) {
            throw new AssertionError(e);
        } catch (CertificateEncodingException e2) {
            throw new AssertionError(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean extractPkcs12(String str) {
        try {
            return extractPkcs12Internal(str);
        } catch (Exception e) {
            Log.w("CredentialHelper", "extractPkcs12(): " + e, e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getData(String str) {
        return this.mBundle.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CharSequence getDescription(Context context) {
        StringBuilder sb = new StringBuilder();
        if (this.mUserKey != null) {
            sb.append(context.getString(R.string.one_userkey)).append("<br>");
        }
        if (this.mUserCert != null) {
            sb.append(context.getString(R.string.one_usercrt)).append("<br>");
        }
        int size = this.mCaCerts.size();
        if (size > 0) {
            if (size == 1) {
                sb.append(context.getString(R.string.one_cacrt));
            } else {
                sb.append(context.getString(R.string.n_cacrts, Integer.valueOf(size)));
            }
        }
        return Html.fromHtml(sb.toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getName() {
        return this.mName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate getUserCertificate() {
        return this.mUserCert;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasAnyForSystemInstall() {
        return this.mUserKey != null || hasUserCertificate() || hasCaCerts();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasCaCerts() {
        return !this.mCaCerts.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasKeyPair() {
        return this.mBundle.containsKey("KEY") && this.mBundle.containsKey("PKEY");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasPkcs12KeyStore() {
        return this.mBundle.containsKey("PKCS12");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasUserCertificate() {
        return this.mUserCert != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean installCaCertsToKeyChain(IKeyChainService iKeyChainService) {
        Iterator<X509Certificate> it = this.mCaCerts.iterator();
        while (it.hasNext()) {
            try {
                byte[] encoded = it.next().getEncoded();
                if (encoded != null) {
                    try {
                        iKeyChainService.installCaCertificate(encoded);
                    } catch (RemoteException e) {
                        Log.w("CredentialHelper", "installCaCertsToKeyChain(): " + e);
                        return false;
                    }
                }
            } catch (CertificateEncodingException e2) {
                throw new AssertionError(e2);
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInstallAsUidSet() {
        return this.mUid != -1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onRestoreStates(Bundle bundle) {
        this.mBundle = (HashMap) bundle.getSerializable("data");
        this.mName = bundle.getString("name");
        byte[] byteArray = bundle.getByteArray("USRPKEY_");
        if (byteArray != null) {
            setPrivateKey(byteArray);
        }
        Iterator it = ((ArrayList) Util.fromBytes(bundle.getByteArray("crts"))).iterator();
        while (it.hasNext()) {
            parseCert((byte[]) it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void onSaveStates(Bundle bundle) {
        try {
            bundle.putSerializable("data", this.mBundle);
            bundle.putString("name", this.mName);
            if (this.mUserKey != null) {
                bundle.putByteArray("USRPKEY_", this.mUserKey.getEncoded());
            }
            ArrayList arrayList = new ArrayList(this.mCaCerts.size() + 1);
            if (this.mUserCert != null) {
                arrayList.add(this.mUserCert.getEncoded());
            }
            Iterator<X509Certificate> it = this.mCaCerts.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getEncoded());
            }
            bundle.putByteArray("crts", Util.toBytes(arrayList));
        } catch (CertificateEncodingException e) {
            throw new AssertionError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setInstallAsUid(int i) {
        this.mUid = i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setName(String str) {
        this.mName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPrivateKey(byte[] bArr) {
        try {
            this.mUserKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (InvalidKeySpecException e2) {
            throw new AssertionError(e2);
        }
    }
}
