package com.bosch.sh.ui.android.connect.cert;

import android.annotation.SuppressLint;
import android.content.Context;
import android.util.Base64;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.Calendar;
import java.util.Date;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.x500.RDN;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.operator.OperatorCreationException;

/* loaded from: classes.dex */
public abstract class ClientCertKeyStore implements KeyManagerProvider {
    private static final String CLIENT_CERT_ALIAS = "clientCert";
    protected static final int KEY_LENGTH = 2048;
    protected static final String KEY_PAIR_ALGORITHM = "RSA";
    private static final Logger LOG = LoggerFactory.getLogger(ClientCertKeyStore.class);
    private static final String PEM_CERT_FOOTER = "\n-----END CERTIFICATE-----";
    private static final String PEM_CERT_HEADER = "-----BEGIN CERTIFICATE-----\n";
    protected static final String SIGNATURE_ALGORITHM = "SHA512withRSA";
    protected static final int VALID_TIME_YEARS = 100;
    private final CertificateIdStore certificateIdStore;
    private final Context context;
    private KeyStore keyStore;

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientCertKeyStore(Context context) {
        this.context = context.getApplicationContext();
        this.certificateIdStore = new CertificateIdStore(this.context);
    }

    private static boolean containsKeyPair(String str, KeyStore keyStore) throws KeyStoreException {
        return keyStore.containsAlias(str) && keyStore.isKeyEntry(str);
    }

    @SuppressLint({"TrulyRandom"})
    protected abstract void generateRsaKeyPair(String str, X500Principal x500Principal, Date date, Date date2) throws GeneralSecurityException, IOException, OperatorCreationException;

    public final String getCertificateId() {
        return this.certificateIdStore.generateOrGetCertificateId();
    }

    public final Certificate getClientCertificate() {
        try {
            return getKeyStore().getCertificate(CLIENT_CERT_ALIAS);
        } catch (KeyStoreException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Context getContext() {
        return this.context;
    }

    @Override // com.bosch.sh.ui.android.connect.cert.KeyManagerProvider
    public final KeyManager[] getKeyManagers() {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(getKeyStore(), getPassword());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            KeyManager[] keyManagerArr = new KeyManager[keyManagers.length];
            for (int i = 0; i < keyManagers.length; i++) {
                keyManagerArr[i] = new FilteringKeyManager((X509KeyManager) keyManagers[i], CLIENT_CERT_ALIAS);
            }
            return keyManagerArr;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new IllegalStateException(e);
        }
    }

    public final synchronized KeyStore getKeyStore() {
        if (this.keyStore != null) {
            return this.keyStore;
        }
        try {
            this.keyStore = loadKeyStore();
            if (!containsKeyPair(CLIENT_CERT_ALIAS, this.keyStore) && !importKeyPair(CLIENT_CERT_ALIAS, this.keyStore)) {
                Calendar calendar = Calendar.getInstance();
                Calendar calendar2 = Calendar.getInstance();
                calendar2.add(1, 100);
                X500NameBuilder x500NameBuilder = new X500NameBuilder();
                ASN1ObjectIdentifier aSN1ObjectIdentifier = BCStyle.CN;
                x500NameBuilder.rdns.addElement(new RDN(aSN1ObjectIdentifier, x500NameBuilder.template.stringToValue(aSN1ObjectIdentifier, getCertificateId())));
                RDN[] rdnArr = new RDN[x500NameBuilder.rdns.size()];
                for (int i = 0; i != rdnArr.length; i++) {
                    rdnArr[i] = (RDN) x500NameBuilder.rdns.elementAt(i);
                }
                generateRsaKeyPair(CLIENT_CERT_ALIAS, new X500Principal(new X500Name(x500NameBuilder.template, rdnArr).getEncoded()), calendar.getTime(), calendar2.getTime());
            }
            return this.keyStore;
        } catch (IOException | GeneralSecurityException | OperatorCreationException e) {
            throw new IllegalStateException(e);
        }
    }

    protected abstract char[] getPassword();

    public final String getPemEncodedClientCertificate() {
        try {
            return PEM_CERT_HEADER + Base64.encodeToString(getClientCertificate().getEncoded(), 0) + PEM_CERT_FOOTER;
        } catch (CertificateEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    protected abstract boolean importKeyPair(String str, KeyStore keyStore);

    protected abstract KeyStore loadKeyStore() throws GeneralSecurityException, IOException;
}
