package com.bosch.sh.ui.android.connect.cert;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import com.bosch.sh.ui.android.connect.persistence.encryption.UserCredentialsEncryptionKeyStoreImpl;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Date;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.DERTaggedObject;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.Extensions;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.TBSCertificate;
import org.spongycastle.asn1.x509.V3TBSCertificateGenerator;
import org.spongycastle.cert.CertUtils;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class ClientCertKeyStoreLegacy extends ClientCertKeyStore {
    private static final String KEYSTORE_FILENAME = "clientCert.keystore";
    private static final Logger LOG = LoggerFactory.getLogger(ClientCertKeyStoreLegacy.class);
    private static final String PREF_FILE = "pref.store.keystorePassword";
    private static final String PREF_KEY_PASSWORD = "pref.key.keystorePassword";
    private final File keyStoreFile;
    private final SharedPreferences passwordPreferences;

    public ClientCertKeyStoreLegacy(Context context) {
        super(context);
        this.keyStoreFile = new File(getContext().getFilesDir(), KEYSTORE_FILENAME);
        this.passwordPreferences = context.getSharedPreferences(PREF_FILE, 0);
    }

    private KeyStore loadKeyStoreFromFile(KeyStore keyStore, File file, char[] cArr) throws GeneralSecurityException, IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            keyStore.load(fileInputStream, cArr);
            return keyStore;
        } finally {
            fileInputStream.close();
        }
    }

    private void saveKeyStore() throws IOException, GeneralSecurityException {
        FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
        try {
            getKeyStore().store(fileOutputStream, getPassword());
        } finally {
            fileOutputStream.close();
        }
    }

    private void savePassword(String str) {
        this.passwordPreferences.edit().putString(PREF_KEY_PASSWORD, str).apply();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean deleteKeyStore() {
        return this.keyStoreFile.delete();
    }

    @Override // com.bosch.sh.ui.android.connect.cert.ClientCertKeyStore
    @SuppressLint({"TrulyRandom"})
    protected void generateRsaKeyPair(String str, X500Principal x500Principal, Date date, Date date2) throws GeneralSecurityException, IOException, OperatorCreationException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(UserCredentialsEncryptionKeyStoreImpl.KEY_PAIR_ALGORITHM);
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, BigInteger.ONE, date, date2, x500Principal, generateKeyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension$5c1f8b6f(Extension.basicConstraints, new BasicConstraints());
        jcaX509v3CertificateBuilder.addExtension$5c1f8b6f(Extension.keyUsage, new KeyUsage());
        ContentSigner build = new JcaContentSignerBuilder("SHA512withRSA").build(generateKeyPair.getPrivate());
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509v3CertificateBuilder.tbsGen.signature = build.getAlgorithmIdentifier();
        if (!jcaX509v3CertificateBuilder.extGenerator.extOrdering.isEmpty()) {
            V3TBSCertificateGenerator v3TBSCertificateGenerator = jcaX509v3CertificateBuilder.tbsGen;
            ExtensionsGenerator extensionsGenerator = jcaX509v3CertificateBuilder.extGenerator;
            Extension[] extensionArr = new Extension[extensionsGenerator.extOrdering.size()];
            for (int i = 0; i != extensionsGenerator.extOrdering.size(); i++) {
                extensionArr[i] = (Extension) extensionsGenerator.extensions.get(extensionsGenerator.extOrdering.elementAt(i));
            }
            Extensions extensions = new Extensions(extensionArr);
            v3TBSCertificateGenerator.extensions = extensions;
            Extension extension = extensions.getExtension(Extension.subjectAlternativeName);
            if (extension != null && extension.critical) {
                v3TBSCertificateGenerator.altNamePresentAndCritical = true;
            }
        }
        V3TBSCertificateGenerator v3TBSCertificateGenerator2 = jcaX509v3CertificateBuilder.tbsGen;
        if (v3TBSCertificateGenerator2.serialNumber == null || v3TBSCertificateGenerator2.signature == null || v3TBSCertificateGenerator2.issuer == null || v3TBSCertificateGenerator2.startDate == null || v3TBSCertificateGenerator2.endDate == null || ((v3TBSCertificateGenerator2.subject == null && !v3TBSCertificateGenerator2.altNamePresentAndCritical) || v3TBSCertificateGenerator2.subjectPublicKeyInfo == null)) {
            throw new IllegalStateException("not all mandatory fields set in V3 TBScertificate generator");
        }
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(v3TBSCertificateGenerator2.version);
        aSN1EncodableVector.add(v3TBSCertificateGenerator2.serialNumber);
        aSN1EncodableVector.add(v3TBSCertificateGenerator2.signature);
        aSN1EncodableVector.add(v3TBSCertificateGenerator2.issuer);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(v3TBSCertificateGenerator2.startDate);
        aSN1EncodableVector2.add(v3TBSCertificateGenerator2.endDate);
        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
        if (v3TBSCertificateGenerator2.subject != null) {
            aSN1EncodableVector.add(v3TBSCertificateGenerator2.subject);
        } else {
            aSN1EncodableVector.add(new DERSequence());
        }
        aSN1EncodableVector.add(v3TBSCertificateGenerator2.subjectPublicKeyInfo);
        if (v3TBSCertificateGenerator2.issuerUniqueID != null) {
            aSN1EncodableVector.add(new DERTaggedObject(false, 1, v3TBSCertificateGenerator2.issuerUniqueID));
        }
        if (v3TBSCertificateGenerator2.subjectUniqueID != null) {
            aSN1EncodableVector.add(new DERTaggedObject(false, 2, v3TBSCertificateGenerator2.subjectUniqueID));
        }
        if (v3TBSCertificateGenerator2.extensions != null) {
            aSN1EncodableVector.add(new DERTaggedObject(true, 3, v3TBSCertificateGenerator2.extensions));
        }
        getKeyStore().setKeyEntry(str, generateKeyPair.getPrivate(), getPassword(), new Certificate[]{jcaX509CertificateConverter.getCertificate(CertUtils.generateFullCert(build, TBSCertificate.getInstance(new DERSequence(aSN1EncodableVector))))});
        saveKeyStore();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.bosch.sh.ui.android.connect.cert.ClientCertKeyStore
    public char[] getPassword() {
        if (!this.passwordPreferences.contains(PREF_KEY_PASSWORD)) {
            savePassword(UUID.randomUUID().toString());
        }
        return this.passwordPreferences.getString(PREF_KEY_PASSWORD, null).toCharArray();
    }

    @Override // com.bosch.sh.ui.android.connect.cert.ClientCertKeyStore
    protected boolean importKeyPair(String str, KeyStore keyStore) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.bosch.sh.ui.android.connect.cert.ClientCertKeyStore
    public KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (this.keyStoreFile.exists()) {
            try {
                loadKeyStoreFromFile(keyStore, this.keyStoreFile, getPassword());
            } catch (IOException | GeneralSecurityException unused) {
            }
            return keyStore;
        }
        keyStore.load(null);
        return keyStore;
    }
}
