package com.samsung.multiscreen.msf20.frameTv.frameTVServer.auth;

import android.content.Context;
import android.security.KeyPairGeneratorSpec;
import android.util.Log;
import com.samsung.multiscreen.msf20.SmartViewApplication;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringWriter;
import java.math.BigInteger;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.ExtensionsGenerator;
import org.spongycastle.openssl.jcajce.JcaPEMWriter;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.pkcs.PKCS10CertificationRequest;
import org.spongycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemObjectGenerator;

/* loaded from: classes.dex */
public class CertificateHelper {
    private static final String CN_PATTERN = "O=Samsung Electronics,OU=SmartTV,CN=%s";
    private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA";
    private static final int KEY_SIZE = 2048;
    private static String KSTORE_PROVIDER = "AndroidKeyStore";
    public static final String KSTORE_SIGNED_CERT_ALIAS = "FrameSigned";
    public static final String KSTORE_UNSIGNED_CERT_ALIAS = "FrameUnsigned";
    private static final String TAG = "CertificateHelper";
    private static DeviceInfoHelper devInfoInst;
    private static CertificateHelper instance;
    private String mCsrBody = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class JCESigner implements ContentSigner {
        private static Map<String, AlgorithmIdentifier> ALGOS = new HashMap();
        private String mAlgo;
        private ByteArrayOutputStream outputStream;
        private Signature signature;

        static {
            ALGOS.put(CertificateHelper.DEFAULT_SIGNATURE_ALGORITHM.toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11")));
            ALGOS.put("SHA1withRSA".toLowerCase(), new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.5")));
        }

        public JCESigner(PrivateKey privateKey, String str) {
            this.mAlgo = str.toLowerCase();
            try {
                this.outputStream = new ByteArrayOutputStream();
                this.signature = Signature.getInstance(str);
                this.signature.initSign(privateKey);
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException(e.getMessage());
            }
        }

        @Override // org.spongycastle.operator.ContentSigner
        public AlgorithmIdentifier getAlgorithmIdentifier() {
            AlgorithmIdentifier algorithmIdentifier = ALGOS.get(this.mAlgo);
            if (algorithmIdentifier == null) {
                throw new IllegalArgumentException("Does not support algo: " + this.mAlgo);
            }
            return algorithmIdentifier;
        }

        @Override // org.spongycastle.operator.ContentSigner
        public OutputStream getOutputStream() {
            return this.outputStream;
        }

        @Override // org.spongycastle.operator.ContentSigner
        public byte[] getSignature() {
            try {
                this.signature.update(this.outputStream.toByteArray());
                return this.signature.sign();
            } catch (GeneralSecurityException e) {
                e.printStackTrace();
                return null;
            }
        }
    }

    private CertificateHelper() {
    }

    private static boolean certCleanupRequired() {
        return true;
    }

    public static boolean checkCertificates() {
        if (!certCleanupRequired()) {
            Log.d(TAG, "cleanupCertificates not required");
            return false;
        }
        Log.e(TAG, "cleanupCertificates required.");
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            Log.e(TAG, "cleanupCertificates failed");
            return false;
        }
        try {
            if (keyStore.getEntry(KSTORE_UNSIGNED_CERT_ALIAS, null) != null) {
                Log.d(TAG, "cleanupCertificates: Unsigned cert exists. Removing Unsigned cert");
                keyStore.deleteEntry(KSTORE_UNSIGNED_CERT_ALIAS);
            }
            if (keyStore.getEntry(KSTORE_SIGNED_CERT_ALIAS, null) != null) {
                Log.d(TAG, "cleanupCertificates: Signed cert exists. Removing signed cert");
                keyStore.deleteEntry(KSTORE_SIGNED_CERT_ALIAS);
            }
            Log.e(TAG, "cleanupCertificates removed certs");
            return true;
        } catch (Exception e) {
            Log.e(TAG, "cleanupCertificates: Exception during cert delete : " + e.getMessage());
            e.printStackTrace();
            return false;
        }
    }

    public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String str) throws IOException, OperatorCreationException {
        String format = String.format(CN_PATTERN, str);
        JCESigner jCESigner = new JCESigner(keyPair.getPrivate(), DEFAULT_SIGNATURE_ALGORITHM);
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(format), keyPair.getPublic());
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        return jcaPKCS10CertificationRequestBuilder.build(jCESigner);
    }

    public static CertificateHelper getInstance(Context context) {
        if (instance == null) {
            instance = new CertificateHelper();
            devInfoInst = DeviceInfoHelper.getInstance(context);
        }
        return instance;
    }

    private static KeyStore getKeyStore() {
        try {
            KeyStore keyStore = KeyStore.getInstance(KSTORE_PROVIDER);
            keyStore.load(null);
            return keyStore;
        } catch (Exception e) {
            Log.e(TAG, "getKeyStore:Exception: " + e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    public static SSLContext getSSLContext(KeyManagerFactory keyManagerFactory, String str) {
        SSLContext sSLContext;
        try {
            KeyStore keyStore = getKeyStore();
            if (keyStore == null) {
                Log.e(TAG, "getSSLContext : getKeyStore failed");
                sSLContext = null;
            } else {
                final X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(KSTORE_SIGNED_CERT_ALIAS);
                final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KSTORE_UNSIGNED_CERT_ALIAS, null);
                X509ExtendedKeyManager x509ExtendedKeyManager = new X509ExtendedKeyManager() { // from class: com.samsung.multiscreen.msf20.frameTv.frameTVServer.auth.CertificateHelper.1
                    @Override // javax.net.ssl.X509KeyManager
                    public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
                        Log.i(CertificateHelper.TAG, "chooseClientAlias:Entry");
                        return CertificateHelper.KSTORE_UNSIGNED_CERT_ALIAS;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public String chooseServerAlias(String str2, Principal[] principalArr, Socket socket) {
                        Log.i(CertificateHelper.TAG, "chooseServerAlias:Entry");
                        return null;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public X509Certificate[] getCertificateChain(String str2) {
                        Log.i(CertificateHelper.TAG, "getCertificateChain:Entry");
                        return new X509Certificate[]{x509Certificate};
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public String[] getClientAliases(String str2, Principal[] principalArr) {
                        Log.i(CertificateHelper.TAG, "getClientAliases:Entry");
                        return new String[]{CertificateHelper.KSTORE_UNSIGNED_CERT_ALIAS};
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public PrivateKey getPrivateKey(String str2) {
                        Log.i(CertificateHelper.TAG, "getPrivateKey:Entry");
                        if (str2 != CertificateHelper.KSTORE_UNSIGNED_CERT_ALIAS) {
                            Log.e(CertificateHelper.TAG, String.format("X509ExtendedKeyManager is asking for privateKey with unknown alias %s. Expecting it to ask for %s", str2, CertificateHelper.KSTORE_UNSIGNED_CERT_ALIAS));
                            return null;
                        }
                        if (privateKeyEntry != null) {
                            return privateKeyEntry.getPrivateKey();
                        }
                        Log.e(CertificateHelper.TAG, "privateKeyEntry is null");
                        return null;
                    }

                    @Override // javax.net.ssl.X509KeyManager
                    public String[] getServerAliases(String str2, Principal[] principalArr) {
                        Log.i(CertificateHelper.TAG, "getServerAliases:Entry");
                        return null;
                    }
                };
                sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(new KeyManager[]{x509ExtendedKeyManager}, null, null);
            }
            return sSLContext;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public byte[] getCsrBody() {
        if (this.mCsrBody == null) {
            try {
                String certCommonName = devInfoInst.getCertCommonName();
                Log.i(TAG, "getCsrBody: getCertCommonName : " + certCommonName);
                if (certCommonName == null) {
                    Log.e(TAG, "getCsrBody: getCertCommonName failed");
                    return null;
                }
                KeyPair keyPair = getKeyPair(String.format(CN_PATTERN, certCommonName));
                if (keyPair == null) {
                    Log.e(TAG, "getCsrBody: getKeyPair failed");
                    return null;
                }
                PemObject pemObject = new PemObject("CERTIFICATE REQUEST", generateCSR(keyPair, certCommonName).getEncoded());
                StringWriter stringWriter = new StringWriter();
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                jcaPEMWriter.writeObject((PemObjectGenerator) pemObject);
                jcaPEMWriter.close();
                stringWriter.close();
                this.mCsrBody = stringWriter.toString();
            } catch (Exception e) {
                Log.e(TAG, "getCsrBody:Exception " + e.getMessage());
                e.printStackTrace();
                return null;
            }
        }
        return this.mCsrBody.getBytes();
    }

    public KeyPair getKeyPair(String str) {
        Calendar gregorianCalendar = GregorianCalendar.getInstance();
        gregorianCalendar.roll(1, 3);
        Date date = new Date();
        Date time = gregorianCalendar.getTime();
        Log.i(TAG, "Start time: " + date + ", End time: " + time);
        KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(SmartViewApplication.getInstance().getApplicationContext()).setAlias(KSTORE_UNSIGNED_CERT_ALIAS).setKeySize(2048).setSubject(new X500Principal(str)).setStartDate(date).setEndDate(time).setSerialNumber(BigInteger.TEN).build();
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", KSTORE_PROVIDER);
            keyPairGenerator.initialize(build, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            Log.e(TAG, "getKeyPair  : Exception " + e.getMessage());
            e.printStackTrace();
            return null;
        }
    }

    public boolean isClientAuthCertValid() {
        KeyStore keyStore = getKeyStore();
        if (keyStore == null) {
            Log.e(TAG, "isClientAuthCertValid failed");
            return false;
        }
        boolean z = false;
        try {
            Certificate certificate = keyStore.getCertificate(KSTORE_UNSIGNED_CERT_ALIAS);
            Certificate certificate2 = keyStore.getCertificate(KSTORE_SIGNED_CERT_ALIAS);
            if (certificate != null && certificate2 != null) {
                Log.d(TAG, "Both certs available");
                z = true;
            }
        } catch (KeyStoreException e) {
            Log.e(TAG, "isClientAuthCertValid:Exception " + e.getMessage());
            e.printStackTrace();
        }
        Log.d(TAG, "isClientAuthCertValid: " + z);
        if (z) {
            return z;
        }
        try {
            if (keyStore.getEntry(KSTORE_UNSIGNED_CERT_ALIAS, null) != null) {
                Log.d(TAG, "isClientAuthCertValid: false. Unsigned exists. Remove and start over");
                keyStore.deleteEntry(KSTORE_UNSIGNED_CERT_ALIAS);
            }
            if (keyStore.getEntry(KSTORE_SIGNED_CERT_ALIAS, null) == null) {
                return z;
            }
            Log.d(TAG, "isClientAuthCertValid: false. Signed exists. Remove and start over");
            keyStore.deleteEntry(KSTORE_SIGNED_CERT_ALIAS);
            return z;
        } catch (Exception e2) {
            Log.e(TAG, "isClientAuthCertValid: Exception during unsigned cert delete : " + e2.getMessage());
            e2.printStackTrace();
            return z;
        }
    }

    public FrameAuthError saveCertificate(String str) {
        FrameAuthError frameAuthError;
        FrameAuthError frameAuthError2 = FrameAuthError.AUTH_ERR_INTERNAL_ERROR;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Certificate[] certificateArr = new Certificate[1];
            KeyStore keyStore = getKeyStore();
            if (keyStore == null) {
                Log.e(TAG, "saveCertificate : getKeyStore failed");
                frameAuthError = FrameAuthError.AUTH_ERR_INTERNAL_ERROR.setMsg("getKeyStore failed");
            } else {
                certificateArr[0] = certificateFactory.generateCertificate(new ByteArrayInputStream(str.getBytes()));
                keyStore.setCertificateEntry(KSTORE_SIGNED_CERT_ALIAS, certificateArr[0]);
                frameAuthError = FrameAuthError.AUTH_ERR_NONE;
                this.mCsrBody = null;
            }
            return frameAuthError;
        } catch (KeyStoreException e) {
            Log.e(TAG, "saveCertificated:KeyStoreException: " + e.getMessage());
            e.printStackTrace();
            return frameAuthError2;
        } catch (CertificateException e2) {
            Log.e(TAG, "saveCertificated:CertificateException: " + e2.getMessage());
            e2.printStackTrace();
            frameAuthError2 = FrameAuthError.AUTH_ERR_UNEXPECTED_SERVER_DATA.setMsg(str);
            return frameAuthError2;
        } finally {
            this.mCsrBody = null;
        }
    }
}
