package com.amazon.whisperlink.feature.security.android;

import android.content.Context;
import android.os.Build;
import com.amazon.whisperlink.annotation.Concurrency;
import com.amazon.whisperlink.platform.PlatformManager;
import com.amazon.whisperlink.port.android.feature.AndroidApplicationContext;
import com.amazon.whisperlink.transport.EncryptionException;
import com.amazon.whisperlink.util.EncryptionUtil;
import com.amazon.whisperlink.util.Log;
import com.amazon.whisperlink.util.StringUtil;
import com.amazon.whisperplay.feature.security.CertificateSourceFeature;
import com.android.org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: classes2.dex */
public abstract class AbstractCertificateSource implements CertificateSourceFeature {
    private static final String BKS_KEYSTORE = "BKS";
    private static final int CERT_SIZE = 2048;
    protected static final String COMMON_NAME = "WhisperPlay";
    private static final String DEFAULT_DEVICE_NAME = "android_id";
    protected static final String KEYSTORE_NAME = "KeyStore.ks";
    protected static final String KEYSTORE_ROOT = "keystores";
    protected static final String KEY_GEN_ALG = "RSA";
    private static final String KEY_STORE_TYPE = "BKS";
    protected static final String ORG = "Amazon";
    protected static final String SIGNATURE_ALG = "SHA256WithRSA";
    private static final String TAG = "AbstractCertificateSource";
    protected static final String TRUSTSTORE_NAME = "TrustStore.ks";
    private static final String TRUST_STORE_TYPE = "BKS";

    @Concurrency.GuardedBy("this")
    private File keystoreFile;

    @Concurrency.GuardedBy("this")
    private Certificate mCachedCert;
    private Map<String, String> pwdMap = new ConcurrentHashMap();

    @Concurrency.GuardedBy("this")
    private File truststoreFile;

    private synchronized void getCertificateFromKeyStore(KeyStore keyStore) {
        Certificate certificate = null;
        try {
            certificate = keyStore.getCertificateChain(CertificateSourceFeature.WP_KEY_ENTRY_ALIAS)[0];
        } catch (KeyStoreException e) {
            Log.error(TAG, "Cannot find certificate", e);
        } catch (Exception e2) {
            Log.error(TAG, "Unknown error loading certificate", e2);
        }
        Log.debug(TAG, "Cert=" + certificate);
        Log.info(TAG, "Cert type :" + (certificate != null ? certificate.getType() : "NULL CERT TYPE"));
        if (certificate instanceof X509Certificate) {
            X509Certificate x509Certificate = (X509Certificate) certificate;
            if (SIGNATURE_ALG.equalsIgnoreCase(x509Certificate.getSigAlgName())) {
                this.mCachedCert = x509Certificate;
                Log.info(TAG, "Loaded the X509 Cert");
            } else {
                Log.info(TAG, "Key store was generate using a different algorithm. Expected :SHA256WithRSA. Actual :" + x509Certificate.getSigAlgName() + "");
                this.mCachedCert = null;
            }
        } else {
            Log.info(TAG, "Cached cert not an instance of X509 Cert :" + certificate);
        }
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized void clearKeyStore(Context context) throws IOException {
        Log.debug(TAG, "clearKeyStore");
        File file = new File(getKeyStoreRoot(context), KEYSTORE_NAME);
        if (file.exists()) {
            file.delete();
            Log.debug(TAG, "clearKeyStore - deleted key store file");
            this.mCachedCert = null;
        }
        this.keystoreFile = null;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized void clearTrustStore(Context context) throws IOException {
        File file = new File(getKeyStoreRoot(context), TRUSTSTORE_NAME);
        if (file.exists()) {
            file.delete();
        }
        this.truststoreFile = null;
    }

    public abstract Certificate createCertificate(Context context, PrivateKey privateKey, PublicKey publicKey, String str, String str2) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void fireCertChanged() {
        PlatformManager.getPlatformManager().certificateChanged();
    }

    protected synchronized File generateKeyStore(Context context, String str, String str2, String str3) throws Exception {
        File file;
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        char[] charArray = str2.toCharArray();
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(null);
        this.mCachedCert = createCertificate(context, generateKeyPair.getPrivate(), generateKeyPair.getPublic(), str3, str3);
        keyStore.setKeyEntry(CertificateSourceFeature.WP_KEY_ENTRY_ALIAS, generateKeyPair.getPrivate(), charArray, new Certificate[]{this.mCachedCert});
        file = new File(getKeyStoreRoot(context), KEYSTORE_NAME);
        FileOutputStream fileOutputStream = null;
        try {
            FileOutputStream fileOutputStream2 = new FileOutputStream(file);
            try {
                keyStore.store(fileOutputStream2, charArray);
                if (fileOutputStream2 != null) {
                    fileOutputStream2.close();
                }
            } catch (Throwable th) {
                th = th;
                fileOutputStream = fileOutputStream2;
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        return file;
    }

    protected synchronized File generateTrustStore(Context context, String str, Certificate[] certificateArr) throws GeneralSecurityException, IOException {
        File file;
        FileOutputStream fileOutputStream;
        Security.addProvider(new BouncyCastleProvider());
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(null);
        if (certificateArr != null) {
            for (Certificate certificate : certificateArr) {
                keyStore.setCertificateEntry(certificate.toString(), certificate);
            }
        }
        file = new File(getKeyStoreRoot(context), TRUSTSTORE_NAME);
        FileOutputStream fileOutputStream2 = null;
        try {
            fileOutputStream = new FileOutputStream(file);
        } catch (Throwable th) {
            th = th;
        }
        try {
            keyStore.store(fileOutputStream, str.toCharArray());
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream2 = fileOutputStream;
            if (fileOutputStream2 != null) {
                fileOutputStream2.close();
            }
            throw th;
        }
        return file;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized Certificate getCertificate() {
        return this.mCachedCert;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized KeyStore getKeyStore(Context context) throws Exception {
        KeyStore loadKeyStore;
        boolean z = false;
        File file = new File(getKeyStoreRoot(context), KEYSTORE_NAME);
        if (this.keystoreFile == null) {
            if (file.exists()) {
                this.keystoreFile = file;
                Log.debug(TAG, "Loaded Cert");
            } else {
                this.keystoreFile = generateKeyStore(context, file.getAbsolutePath(), getPassword(context), getName(COMMON_NAME, ORG));
                z = true;
                Log.debug(TAG, "Generated Cert");
            }
        }
        loadKeyStore = loadKeyStore(context, "BKS", this.keystoreFile);
        if (loadKeyStore == null) {
            Log.warning(TAG, "Recreating keystore");
            clearKeyStore(context);
            this.keystoreFile = generateKeyStore(context, file.getAbsolutePath(), getPassword(context), getName(COMMON_NAME, ORG));
            z = true;
            loadKeyStore = loadKeyStore(context, "BKS", this.keystoreFile);
        }
        if (!z) {
            getCertificateFromKeyStore(loadKeyStore);
            if (!verifyLoadedCertificate()) {
                Log.warning(TAG, "Certificate verification failed for loaded certificate");
                clearKeyStore(context);
                this.keystoreFile = generateKeyStore(context, file.getAbsolutePath(), getPassword(context), getName(COMMON_NAME, ORG));
                z = true;
                loadKeyStore = loadKeyStore(context, "BKS", this.keystoreFile);
            }
        }
        if (z) {
            fireCertChanged();
        }
        return loadKeyStore;
    }

    protected File getKeyStoreRoot(Context context) throws FileNotFoundException {
        File file = new File(context.getFilesDir(), KEYSTORE_ROOT);
        if (!file.exists()) {
            file.mkdirs();
        }
        if (!file.exists() || file.isFile()) {
            throw new FileNotFoundException(file.getAbsolutePath() + "directory not found");
        }
        return file;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getName(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append("CN=").append(str).append(", ");
        sb.append("O=").append(str2);
        return sb.toString();
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public String getPassword(Context context) {
        String str = context.getApplicationInfo().packageName;
        String str2 = this.pwdMap.get(str);
        if (str2 != null) {
            return str2;
        }
        StringBuilder sb = new StringBuilder();
        String str3 = DEFAULT_DEVICE_NAME;
        if (DEFAULT_DEVICE_NAME != 0 && DEFAULT_DEVICE_NAME.equalsIgnoreCase(DEFAULT_DEVICE_NAME)) {
            str3 = Build.SERIAL;
        }
        sb.append(str3);
        sb.append(str);
        String base64Encode = EncryptionUtil.base64Encode(ByteBuffer.allocate(4).putInt(sb.toString().hashCode()).array());
        this.pwdMap.put(str, base64Encode);
        return base64Encode;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public PrivateKey getPrivateKeyFromString(String str) {
        if (StringUtil.isEmpty(str)) {
            return null;
        }
        try {
            byte[] base64Decode = EncryptionUtil.base64Decode(str);
            byte[] bArr = new byte[(base64Decode.length - base64Decode[0]) - 1];
            System.arraycopy(base64Decode, base64Decode[0] + 1, bArr, 0, (base64Decode.length - 1) - base64Decode[0]);
            return KeyFactory.getInstance(new String(base64Decode, 1, (int) base64Decode[0])).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (EncryptionException e) {
            Log.error(TAG, "Cannot decrypt private key", e);
            return null;
        } catch (GeneralSecurityException e2) {
            Log.error(TAG, "Cannot decrypt private key", e2);
            return null;
        }
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public PublicKey getPublicKeyFromString(String str) {
        if (StringUtil.isEmpty(str)) {
            return null;
        }
        try {
            byte[] base64Decode = EncryptionUtil.base64Decode(str);
            byte[] bArr = new byte[(base64Decode.length - base64Decode[0]) - 1];
            System.arraycopy(base64Decode, base64Decode[0] + 1, bArr, 0, (base64Decode.length - 1) - base64Decode[0]);
            return KeyFactory.getInstance(new String(base64Decode, 1, (int) base64Decode[0])).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (EncryptionException e) {
            Log.error(TAG, "Cannot decrypt public key", e);
            return null;
        } catch (GeneralSecurityException e2) {
            Log.error(TAG, "Cannot decrypt public key", e2);
            return null;
        }
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized String getPublicKeyString() {
        String str = null;
        synchronized (this) {
            if (this.mCachedCert == null) {
                Log.debug(TAG, "Cached cert not available");
                AndroidApplicationContext androidApplicationContext = (AndroidApplicationContext) PlatformManager.getPlatformManager().getFeature(AndroidApplicationContext.class);
                if (androidApplicationContext == null) {
                    Log.warning(TAG, "Cannot generate cert - AndroidApplicationContext not available");
                } else {
                    try {
                        getKeyStore(androidApplicationContext.getAndroidContext());
                    } catch (Exception e) {
                        Log.warning(TAG, "Could not get KeyStore: " + e.getMessage(), e);
                    }
                }
            }
            str = getPublicKeyString(this.mCachedCert.getPublicKey());
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPublicKeyString(PublicKey publicKey) {
        String algorithm = publicKey.getAlgorithm();
        byte[] encoded = publicKey.getEncoded();
        byte[] bytes = algorithm.getBytes(Charset.forName("UTF-8"));
        byte[] bArr = new byte[encoded.length + bytes.length + 1];
        bArr[0] = (byte) bytes.length;
        System.arraycopy(bytes, 0, bArr, 1, bytes.length);
        System.arraycopy(encoded, 0, bArr, bytes.length + 1, encoded.length);
        return EncryptionUtil.base64Encode(bArr);
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized KeyStore getTrustStore(Context context) throws Exception {
        KeyStore loadKeyStore;
        File file = new File(getKeyStoreRoot(context), TRUSTSTORE_NAME);
        if (this.truststoreFile == null) {
            if (file.exists()) {
                this.truststoreFile = file;
            } else {
                this.truststoreFile = generateTrustStore(context, getPassword(context), null);
            }
        }
        loadKeyStore = loadKeyStore(context, "BKS", this.truststoreFile);
        if (loadKeyStore == null) {
            Log.warning(TAG, "Recreating truststore");
            clearTrustStore(context);
            this.keystoreFile = generateTrustStore(context, getPassword(context), null);
            loadKeyStore = loadKeyStore(context, "BKS", this.truststoreFile);
        }
        return loadKeyStore;
    }

    protected synchronized KeyStore loadKeyStore(Context context, String str, File file) throws Exception {
        KeyStore keyStore;
        FileInputStream fileInputStream;
        FileInputStream fileInputStream2 = null;
        try {
            try {
                try {
                    fileInputStream = new FileInputStream(file);
                } catch (Throwable th) {
                    th = th;
                    throw th;
                }
            } catch (Exception e) {
                e = e;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        try {
            keyStore = KeyStore.getInstance(str);
            keyStore.load(fileInputStream, getPassword(context).toCharArray());
            try {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        Log.error(TAG, "Failed to close keystore file while initializing TrustManagerFactory ", e2);
                    }
                }
                fileInputStream2 = fileInputStream;
            } catch (Throwable th3) {
                th = th3;
                throw th;
            }
        } catch (Exception e3) {
            e = e3;
            fileInputStream2 = fileInputStream;
            Log.error(TAG, "Failed to load keystore", e);
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e4) {
                    Log.error(TAG, "Failed to close keystore file while initializing TrustManagerFactory ", e4);
                }
            }
            keyStore = null;
            return keyStore;
        } catch (Throwable th4) {
            th = th4;
            fileInputStream2 = fileInputStream;
            if (fileInputStream2 != null) {
                try {
                    fileInputStream2.close();
                } catch (IOException e5) {
                    Log.error(TAG, "Failed to close keystore file while initializing TrustManagerFactory ", e5);
                }
            }
            throw th;
        }
        return keyStore;
    }
}
