package com.amazon.whisperlink.feature.security.android;

import android.content.Context;
import android.os.Build;
import com.amazon.whisperlink.platform.PlatformManager;
import com.amazon.whisperlink.port.android.feature.AndroidApplicationContext;
import com.amazon.whisperlink.transport.EncryptionException;
import com.amazon.whisperlink.util.EncryptionUtil;
import com.amazon.whisperlink.util.Log;
import com.amazon.whisperlink.util.StringUtil;
import com.amazon.whisperplay.feature.security.CertificateSourceFeature;
import com.android.org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: classes2.dex */
public abstract class AbstractCertificateSource implements CertificateSourceFeature {
    private static final String BKS_KEYSTORE = "BKS";
    private static final int CERT_SIZE = 2048;
    protected static final String COMMON_NAME = "WhisperPlay";
    private static final String DEFAULT_DEVICE_NAME = "android_id";
    protected static final String KEYSTORE_NAME = "KeyStore.ks";
    protected static final String KEYSTORE_ROOT = "keystores";
    protected static final String KEY_GEN_ALG = "RSA";
    private static final String KEY_STORE_TYPE = "BKS";
    protected static final String ORG = "Amazon";
    protected static final String SIGNATURE_ALG = "SHA256WithRSA";
    private static final String TAG = "AbstractCertificateSource";
    protected static final String TRUSTSTORE_NAME = "TrustStore.ks";
    private static final String TRUST_STORE_TYPE = "BKS";
    private File keystoreFile;
    private Certificate mCachedCert;
    private Map<String, String> pwdMap = new ConcurrentHashMap();
    private File truststoreFile;

    /* JADX WARN: Removed duplicated region for block: B:10:0x005a A[Catch: all -> 0x000c, TryCatch #2 {, blocks: (B:4:0x0002, B:5:0x0021, B:7:0x0045, B:8:0x004c, B:10:0x005a, B:12:0x0068, B:16:0x0072, B:17:0x0094, B:26:0x0010, B:23:0x0019), top: B:3:0x0002, inners: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:17:0x0094 A[Catch: all -> 0x000c, TRY_LEAVE, TryCatch #2 {, blocks: (B:4:0x0002, B:5:0x0021, B:7:0x0045, B:8:0x004c, B:10:0x005a, B:12:0x0068, B:16:0x0072, B:17:0x0094, B:26:0x0010, B:23:0x0019), top: B:3:0x0002, inners: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:18:0x004a  */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0045 A[Catch: all -> 0x000c, TryCatch #2 {, blocks: (B:4:0x0002, B:5:0x0021, B:7:0x0045, B:8:0x004c, B:10:0x005a, B:12:0x0068, B:16:0x0072, B:17:0x0094, B:26:0x0010, B:23:0x0019), top: B:3:0x0002, inners: #3 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private synchronized void getCertificateFromKeyStore(java.security.KeyStore r5) {
        /*
            r4 = this;
            monitor-enter(r4)
            r0 = 0
            java.lang.String r1 = "wpmain"
            java.security.cert.Certificate[] r5 = r5.getCertificateChain(r1)     // Catch: java.lang.Throwable -> Lc java.lang.Exception -> Lf java.security.KeyStoreException -> L18
            r1 = 0
            r5 = r5[r1]     // Catch: java.lang.Throwable -> Lc java.lang.Exception -> Lf java.security.KeyStoreException -> L18
            goto L21
        Lc:
            r5 = move-exception
            goto Lac
        Lf:
            r5 = move-exception
            java.lang.String r1 = "AbstractCertificateSource"
            java.lang.String r2 = "Unknown error loading certificate"
            com.amazon.whisperlink.util.Log.error(r1, r2, r5)     // Catch: java.lang.Throwable -> Lc
            goto L20
        L18:
            r5 = move-exception
            java.lang.String r1 = "AbstractCertificateSource"
            java.lang.String r2 = "Cannot find certificate"
            com.amazon.whisperlink.util.Log.error(r1, r2, r5)     // Catch: java.lang.Throwable -> Lc
        L20:
            r5 = r0
        L21:
            java.lang.String r1 = "AbstractCertificateSource"
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lc
            r2.<init>()     // Catch: java.lang.Throwable -> Lc
            java.lang.String r3 = "Cert="
            r2.append(r3)     // Catch: java.lang.Throwable -> Lc
            r2.append(r5)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> Lc
            com.amazon.whisperlink.util.Log.debug(r1, r2)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r1 = "AbstractCertificateSource"
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lc
            r2.<init>()     // Catch: java.lang.Throwable -> Lc
            java.lang.String r3 = "Cert type :"
            r2.append(r3)     // Catch: java.lang.Throwable -> Lc
            if (r5 == 0) goto L4a
            java.lang.String r3 = r5.getType()     // Catch: java.lang.Throwable -> Lc
            goto L4c
        L4a:
            java.lang.String r3 = "NULL CERT TYPE"
        L4c:
            r2.append(r3)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Throwable -> Lc
            com.amazon.whisperlink.util.Log.info(r1, r2)     // Catch: java.lang.Throwable -> Lc
            boolean r1 = r5 instanceof java.security.cert.X509Certificate     // Catch: java.lang.Throwable -> Lc
            if (r1 == 0) goto L94
            java.security.cert.X509Certificate r5 = (java.security.cert.X509Certificate) r5     // Catch: java.lang.Throwable -> Lc
            java.lang.String r1 = "SHA256WithRSA"
            java.lang.String r2 = r5.getSigAlgName()     // Catch: java.lang.Throwable -> Lc
            boolean r1 = r1.equalsIgnoreCase(r2)     // Catch: java.lang.Throwable -> Lc
            if (r1 == 0) goto L72
            r4.mCachedCert = r5     // Catch: java.lang.Throwable -> Lc
            java.lang.String r5 = "AbstractCertificateSource"
            java.lang.String r0 = "Loaded the X509 Cert"
            com.amazon.whisperlink.util.Log.info(r5, r0)     // Catch: java.lang.Throwable -> Lc
            goto Laa
        L72:
            java.lang.String r1 = "AbstractCertificateSource"
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lc
            r2.<init>()     // Catch: java.lang.Throwable -> Lc
            java.lang.String r3 = "Key store was generate using a different algorithm. Expected :SHA256WithRSA. Actual :"
            r2.append(r3)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r5 = r5.getSigAlgName()     // Catch: java.lang.Throwable -> Lc
            r2.append(r5)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r5 = ""
            r2.append(r5)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r5 = r2.toString()     // Catch: java.lang.Throwable -> Lc
            com.amazon.whisperlink.util.Log.info(r1, r5)     // Catch: java.lang.Throwable -> Lc
            r4.mCachedCert = r0     // Catch: java.lang.Throwable -> Lc
            goto Laa
        L94:
            java.lang.String r0 = "AbstractCertificateSource"
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lc
            r1.<init>()     // Catch: java.lang.Throwable -> Lc
            java.lang.String r2 = "Cached cert not an instance of X509 Cert :"
            r1.append(r2)     // Catch: java.lang.Throwable -> Lc
            r1.append(r5)     // Catch: java.lang.Throwable -> Lc
            java.lang.String r5 = r1.toString()     // Catch: java.lang.Throwable -> Lc
            com.amazon.whisperlink.util.Log.info(r0, r5)     // Catch: java.lang.Throwable -> Lc
        Laa:
            monitor-exit(r4)
            return
        Lac:
            monitor-exit(r4)
            throw r5
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.whisperlink.feature.security.android.AbstractCertificateSource.getCertificateFromKeyStore(java.security.KeyStore):void");
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized void clearKeyStore(Context context) throws IOException {
        Log.debug(TAG, "clearKeyStore");
        File file = new File(getKeyStoreRoot(context), KEYSTORE_NAME);
        if (file.exists()) {
            file.delete();
            Log.debug(TAG, "clearKeyStore - deleted key store file");
            this.mCachedCert = null;
        }
        this.keystoreFile = null;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized void clearTrustStore(Context context) throws IOException {
        File file = new File(getKeyStoreRoot(context), TRUSTSTORE_NAME);
        if (file.exists()) {
            file.delete();
        }
        this.truststoreFile = null;
    }

    public abstract Certificate createCertificate(Context context, PrivateKey privateKey, PublicKey publicKey, String str, String str2) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void fireCertChanged() {
        PlatformManager.getPlatformManager().certificateChanged();
    }

    protected synchronized File generateKeyStore(Context context, String str, String str2, String str3) throws Exception {
        File file;
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        char[] charArray = str2.toCharArray();
        KeyStore keyStore = KeyStore.getInstance("BKS");
        FileOutputStream fileOutputStream = null;
        keyStore.load(null);
        this.mCachedCert = createCertificate(context, generateKeyPair.getPrivate(), generateKeyPair.getPublic(), str3, str3);
        keyStore.setKeyEntry(CertificateSourceFeature.WP_KEY_ENTRY_ALIAS, generateKeyPair.getPrivate(), charArray, new Certificate[]{this.mCachedCert});
        file = new File(getKeyStoreRoot(context), KEYSTORE_NAME);
        try {
            FileOutputStream fileOutputStream2 = new FileOutputStream(file);
            try {
                keyStore.store(fileOutputStream2, charArray);
                fileOutputStream2.close();
            } catch (Throwable th) {
                th = th;
                fileOutputStream = fileOutputStream2;
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        return file;
    }

    protected synchronized File generateTrustStore(Context context, String str, Certificate[] certificateArr) throws GeneralSecurityException, IOException {
        File file;
        FileOutputStream fileOutputStream;
        Security.addProvider(new BouncyCastleProvider());
        KeyStore keyStore = KeyStore.getInstance("BKS");
        keyStore.load(null);
        if (certificateArr != null) {
            for (Certificate certificate : certificateArr) {
                keyStore.setCertificateEntry(certificate.toString(), certificate);
            }
        }
        file = new File(getKeyStoreRoot(context), TRUSTSTORE_NAME);
        try {
            fileOutputStream = new FileOutputStream(file);
            try {
                keyStore.store(fileOutputStream, str.toCharArray());
                fileOutputStream.close();
            } catch (Throwable th) {
                th = th;
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
            fileOutputStream = null;
        }
        return file;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized Certificate getCertificate() {
        return this.mCachedCert;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized KeyStore getKeyStore(Context context) throws Exception {
        KeyStore loadKeyStore;
        boolean z = false;
        File file = new File(getKeyStoreRoot(context), KEYSTORE_NAME);
        if (this.keystoreFile == null) {
            if (file.exists()) {
                this.keystoreFile = file;
                Log.debug(TAG, "Loaded Cert");
            } else {
                this.keystoreFile = generateKeyStore(context, file.getAbsolutePath(), getPassword(context), getName(COMMON_NAME, ORG));
                Log.debug(TAG, "Generated Cert");
                z = true;
            }
        }
        loadKeyStore = loadKeyStore(context, "BKS", this.keystoreFile);
        if (loadKeyStore == null) {
            Log.warning(TAG, "Recreating keystore");
            clearKeyStore(context);
            this.keystoreFile = generateKeyStore(context, file.getAbsolutePath(), getPassword(context), getName(COMMON_NAME, ORG));
            loadKeyStore = loadKeyStore(context, "BKS", this.keystoreFile);
            z = true;
        }
        if (!z) {
            getCertificateFromKeyStore(loadKeyStore);
            if (!verifyLoadedCertificate()) {
                Log.warning(TAG, "Certificate verification failed for loaded certificate");
                clearKeyStore(context);
                this.keystoreFile = generateKeyStore(context, file.getAbsolutePath(), getPassword(context), getName(COMMON_NAME, ORG));
                loadKeyStore = loadKeyStore(context, "BKS", this.keystoreFile);
                z = true;
            }
        }
        if (z) {
            fireCertChanged();
        }
        return loadKeyStore;
    }

    protected File getKeyStoreRoot(Context context) throws FileNotFoundException {
        File file = new File(context.getFilesDir(), KEYSTORE_ROOT);
        if (!file.exists()) {
            file.mkdirs();
        }
        if (file.exists() && !file.isFile()) {
            return file;
        }
        throw new FileNotFoundException(file.getAbsolutePath() + "directory not found");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getName(String str, String str2) {
        return "CN=" + str + ", O=" + str2;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public String getPassword(Context context) {
        String str = context.getApplicationInfo().packageName;
        String str2 = this.pwdMap.get(str);
        if (str2 != null) {
            return str2;
        }
        String base64Encode = EncryptionUtil.base64Encode(ByteBuffer.allocate(4).putInt((Build.SERIAL + str).hashCode()).array());
        this.pwdMap.put(str, base64Encode);
        return base64Encode;
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public PrivateKey getPrivateKeyFromString(String str) {
        if (StringUtil.isEmpty(str)) {
            return null;
        }
        try {
            byte[] base64Decode = EncryptionUtil.base64Decode(str);
            byte[] bArr = new byte[(base64Decode.length - base64Decode[0]) - 1];
            System.arraycopy(base64Decode, base64Decode[0] + 1, bArr, 0, (base64Decode.length - 1) - base64Decode[0]);
            String str2 = new String(base64Decode, 1, (int) base64Decode[0]);
            return KeyFactory.getInstance(str2).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (EncryptionException e) {
            Log.error(TAG, "Cannot decrypt private key", e);
            return null;
        } catch (GeneralSecurityException e2) {
            Log.error(TAG, "Cannot decrypt private key", e2);
            return null;
        }
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public PublicKey getPublicKeyFromString(String str) {
        if (StringUtil.isEmpty(str)) {
            return null;
        }
        try {
            byte[] base64Decode = EncryptionUtil.base64Decode(str);
            byte[] bArr = new byte[(base64Decode.length - base64Decode[0]) - 1];
            System.arraycopy(base64Decode, base64Decode[0] + 1, bArr, 0, (base64Decode.length - 1) - base64Decode[0]);
            String str2 = new String(base64Decode, 1, (int) base64Decode[0]);
            return KeyFactory.getInstance(str2).generatePublic(new X509EncodedKeySpec(bArr));
        } catch (EncryptionException e) {
            Log.error(TAG, "Cannot decrypt public key", e);
            return null;
        } catch (GeneralSecurityException e2) {
            Log.error(TAG, "Cannot decrypt public key", e2);
            return null;
        }
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized String getPublicKeyString() {
        if (this.mCachedCert == null) {
            Log.debug(TAG, "Cached cert not available");
            AndroidApplicationContext androidApplicationContext = (AndroidApplicationContext) PlatformManager.getPlatformManager().getFeature(AndroidApplicationContext.class);
            if (androidApplicationContext == null) {
                Log.warning(TAG, "Cannot generate cert - AndroidApplicationContext not available");
                return null;
            }
            try {
                getKeyStore(androidApplicationContext.getAndroidContext());
            } catch (Exception e) {
                Log.warning(TAG, "Could not get KeyStore: " + e.getMessage(), e);
                return null;
            }
        }
        return getPublicKeyString(this.mCachedCert.getPublicKey());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPublicKeyString(PublicKey publicKey) {
        String algorithm = publicKey.getAlgorithm();
        byte[] encoded = publicKey.getEncoded();
        byte[] bytes = algorithm.getBytes(Charset.forName("UTF-8"));
        byte[] bArr = new byte[encoded.length + bytes.length + 1];
        bArr[0] = (byte) bytes.length;
        System.arraycopy(bytes, 0, bArr, 1, bytes.length);
        System.arraycopy(encoded, 0, bArr, bytes.length + 1, encoded.length);
        return EncryptionUtil.base64Encode(bArr);
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public synchronized KeyStore getTrustStore(Context context) throws Exception {
        KeyStore loadKeyStore;
        File file = new File(getKeyStoreRoot(context), TRUSTSTORE_NAME);
        if (this.truststoreFile == null) {
            if (file.exists()) {
                this.truststoreFile = file;
            } else {
                this.truststoreFile = generateTrustStore(context, getPassword(context), null);
            }
        }
        loadKeyStore = loadKeyStore(context, "BKS", this.truststoreFile);
        if (loadKeyStore == null) {
            Log.warning(TAG, "Recreating truststore");
            clearTrustStore(context);
            this.keystoreFile = generateTrustStore(context, getPassword(context), null);
            loadKeyStore = loadKeyStore(context, "BKS", this.truststoreFile);
        }
        return loadKeyStore;
    }

    /* JADX WARN: Removed duplicated region for block: B:31:0x0045 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected synchronized java.security.KeyStore loadKeyStore(android.content.Context r3, java.lang.String r4, java.io.File r5) throws java.lang.Exception {
        /*
            r2 = this;
            monitor-enter(r2)
            r0 = 0
            java.io.FileInputStream r1 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L26 java.lang.Exception -> L29
            r1.<init>(r5)     // Catch: java.lang.Throwable -> L26 java.lang.Exception -> L29
            java.security.KeyStore r4 = java.security.KeyStore.getInstance(r4)     // Catch: java.lang.Exception -> L24 java.lang.Throwable -> L42
            java.lang.String r3 = r2.getPassword(r3)     // Catch: java.lang.Exception -> L24 java.lang.Throwable -> L42
            char[] r3 = r3.toCharArray()     // Catch: java.lang.Exception -> L24 java.lang.Throwable -> L42
            r4.load(r1, r3)     // Catch: java.lang.Exception -> L24 java.lang.Throwable -> L42
            r1.close()     // Catch: java.io.IOException -> L1a java.lang.Throwable -> L49
            goto L22
        L1a:
            r3 = move-exception
            java.lang.String r5 = "AbstractCertificateSource"
            java.lang.String r0 = "Failed to close keystore file while initializing TrustManagerFactory "
            com.amazon.whisperlink.util.Log.error(r5, r0, r3)     // Catch: java.lang.Throwable -> L49
        L22:
            monitor-exit(r2)
            return r4
        L24:
            r3 = move-exception
            goto L2b
        L26:
            r3 = move-exception
            r1 = r0
            goto L43
        L29:
            r3 = move-exception
            r1 = r0
        L2b:
            java.lang.String r4 = "AbstractCertificateSource"
            java.lang.String r5 = "Failed to load keystore"
            com.amazon.whisperlink.util.Log.error(r4, r5, r3)     // Catch: java.lang.Throwable -> L42
            if (r1 == 0) goto L40
            r1.close()     // Catch: java.io.IOException -> L38 java.lang.Throwable -> L49
            goto L40
        L38:
            r3 = move-exception
            java.lang.String r4 = "AbstractCertificateSource"
            java.lang.String r5 = "Failed to close keystore file while initializing TrustManagerFactory "
            com.amazon.whisperlink.util.Log.error(r4, r5, r3)     // Catch: java.lang.Throwable -> L49
        L40:
            monitor-exit(r2)
            return r0
        L42:
            r3 = move-exception
        L43:
            if (r1 == 0) goto L53
            r1.close()     // Catch: java.lang.Throwable -> L49 java.io.IOException -> L4b
            goto L53
        L49:
            r3 = move-exception
            goto L54
        L4b:
            r4 = move-exception
            java.lang.String r5 = "AbstractCertificateSource"
            java.lang.String r0 = "Failed to close keystore file while initializing TrustManagerFactory "
            com.amazon.whisperlink.util.Log.error(r5, r0, r4)     // Catch: java.lang.Throwable -> L49
        L53:
            throw r3     // Catch: java.lang.Throwable -> L49
        L54:
            monitor-exit(r2)
            throw r3
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.whisperlink.feature.security.android.AbstractCertificateSource.loadKeyStore(android.content.Context, java.lang.String, java.io.File):java.security.KeyStore");
    }
}
