package ru.cprocsp.ACSP.tools.store.util;

import android.content.Context;
import androidx.documentfile.provider.DocumentFile;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertSelector;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import ru.CryptoPro.JCP.JCP;
import ru.CryptoPro.JCPRequest.CertChainLoader;
import ru.CryptoPro.JCSP.CSPConfig;
import ru.CryptoPro.JCSP.JCSP;
import ru.CryptoPro.JCSP.support.BKSTrustStore;
import ru.CryptoPro.JInitCSP.R;
import ru.CryptoPro.reprov.RevCheck;
import ru.CryptoPro.reprov.x509.X500Name;
import ru.CryptoPro.reprov.x509.X509CertImpl;
import ru.cprocsp.ACSP.tools.common.ACSPConstants;
import ru.cprocsp.ACSP.tools.common.CSPTool;
import ru.cprocsp.ACSP.tools.config.Config;
import ru.cprocsp.ACSP.tools.store.items.InnerItem;
import ru.cprocsp.ACSP.tools.store.model.CertificateFields;
import ru.cprocsp.ACSP.tools.store.model.ObjectDescriptor;
import ru.cprocsp.ACSP.tools.store.model.ObjectDescriptorAliasComparator;
import ru.cprocsp.ACSP.tools.store.model.ObjectDescriptorNotBeforeComparator;
import ru.cprocsp.ACSP.tools.store.model.ResultOf;
import ru.cprocsp.ACSP.tools.store.util.IUtilHelper;
import ru.cprocsp.ACSP.util.UtilFile;
import ru.cprocsp.NGate.tools.log.Logger;

/* loaded from: classes5.dex */
public class UtilKeyStore implements IUtilHelper {
    public static final CertificateFactory CERT_FACTORY;
    private static String FILE_PATH_STORAGE_DIRECTORY;
    public static final List<String> TYPE_LIST_CERTIFICATE = Collections.singletonList(BKSTrustStore.STORAGE_TYPE);
    private static boolean initiated = false;

    static {
        try {
            CERT_FACTORY = CertificateFactory.getInstance(JCP.CERTIFICATE_FACTORY_NAME);
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public static void buildCertificateChain(ObjectDescriptor objectDescriptor, List<X509Certificate> list, boolean z) throws Exception {
        X509Certificate x509Certificate = objectDescriptor.getCertificates()[0];
        HashSet hashSet = new HashSet(0);
        Logger.p("Collect trust certificates from file...");
        List<InnerItem> certificateStorageList = getCertificateStorageList(IUtilHelper.StorageType.stTrust);
        Iterator<InnerItem> it = certificateStorageList.iterator();
        while (it.hasNext()) {
            hashSet.add(new TrustAnchor(it.next().getObjectDescriptor().getCertificates()[0], null));
        }
        Logger.p("Collect intermediate certificates...");
        List<InnerItem> certificateStorageList2 = getCertificateStorageList(IUtilHelper.StorageType.stIntermediate);
        LinkedList linkedList = new LinkedList();
        Logger.p("Target certificate: " + x509Certificate.getSubjectDN());
        Collections.addAll(linkedList, objectDescriptor.getCertificates());
        Iterator<InnerItem> it2 = certificateStorageList2.iterator();
        while (it2.hasNext()) {
            linkedList.add(it2.next().getObjectDescriptor().getCertificates()[0]);
        }
        Iterator<InnerItem> it3 = certificateStorageList.iterator();
        while (it3.hasNext()) {
            linkedList.add(it3.next().getObjectDescriptor().getCertificates()[0]);
        }
        Logger.p("Prepare parameters...");
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, (CertSelector) null);
        pKIXBuilderParameters.setSigProvider("JCSP");
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(linkedList)));
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        pKIXBuilderParameters.setTargetCertConstraints(x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        Logger.p("Building of certificate chain...");
        PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance(RevCheck.CP_REV_CHECK_ALG, RevCheck.PROVIDER_NAME).build(pKIXBuilderParameters);
        CertPath certPath = pKIXCertPathBuilderResult.getCertPath();
        TrustAnchor trustAnchor = pKIXCertPathBuilderResult.getTrustAnchor();
        Logger.p("Building completed.");
        List<? extends Certificate> certificates = certPath.getCertificates();
        Iterator<? extends Certificate> it4 = certificates.iterator();
        while (it4.hasNext()) {
            list.add((X509Certificate) it4.next());
        }
        X509Certificate trustedCert = trustAnchor.getTrustedCert();
        if (!list.contains(trustedCert)) {
            list.add(trustedCert);
        }
        if (z) {
            Logger.p("Validating of certificate chain...");
            if (certificates.isEmpty()) {
                certPath = CERT_FACTORY.generateCertPath(Collections.singletonList(trustedCert));
            } else {
                pKIXBuilderParameters.setRevocationEnabled(true);
            }
            Logger.p("Validating completed.");
        }
    }

    public static X509Certificate[] convertCertificates(Certificate[] certificateArr) {
        if (certificateArr == null) {
            return null;
        }
        int length = certificateArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i = 0; i < length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateArr[i];
        }
        return x509CertificateArr;
    }

    public static ObjectDescriptor findObjectDescriptorByAlias(List<InnerItem> list, String str) {
        if (list == null || list.isEmpty() || str == null) {
            return null;
        }
        for (InnerItem innerItem : list) {
            if (innerItem.getObjectDescriptor().getObjectAlias().equalsIgnoreCase(str)) {
                return innerItem.getObjectDescriptor();
            }
        }
        return null;
    }

    public static String getCertStorePath(IUtilHelper.StorageType storageType) {
        return FILE_PATH_STORAGE_DIRECTORY + File.separator + certStorageFileList.get(storageType);
    }

    public static CertificateFields getCertificateFields(X509Certificate x509Certificate) throws Exception {
        X500Name x500Name = new X500Name(x509Certificate.getSubjectX500Principal().getEncoded());
        String commonName = x500Name.getCommonName();
        if (commonName == null) {
            commonName = x500Name.getName();
        }
        X500Name x500Name2 = new X500Name(x509Certificate.getIssuerX500Principal().getEncoded());
        String commonName2 = x500Name2.getCommonName();
        if (commonName2 == null) {
            commonName2 = x500Name2.getName();
        }
        Date notBefore = x509Certificate.getNotBefore();
        Date notAfter = x509Certificate.getNotAfter();
        boolean z = false;
        try {
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException | CertificateNotYetValidException unused) {
            z = true;
        }
        return new CertificateFields(commonName, commonName2, ACSPConstants.DATE_FORMAT_CERT_ITEM.format(notBefore) + " - " + ACSPConstants.DATE_FORMAT_CERT_ITEM.format(notAfter), z);
    }

    public static List<InnerItem> getCertificateStorageList(IUtilHelper.StorageType storageType) {
        if (isInitiated()) {
            return getCertificateStorageList(storageType, getCertStorePath(storageType), STORAGE_PASSWORD);
        }
        Logger.e("Store has not been loaded.");
        return Collections.emptyList();
    }

    private static List<InnerItem> getCertificateStorageList(IUtilHelper.StorageType storageType, String str, char[] cArr) {
        return getStoreObjectList(storageType, TYPE_LIST_CERTIFICATE, str, cArr, null);
    }

    public static List<InnerItem> getContainerStorageList(String str, Context context) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            arrayList.add(str);
        } else {
            arrayList.addAll(getKeyStoreTypes(context));
        }
        List<InnerItem> storeObjectList = getStoreObjectList(IUtilHelper.StorageType.stPersonal, arrayList, null, null, "JCSP");
        storeObjectList.sort(new ObjectDescriptorAliasComparator());
        return storeObjectList;
    }

    public static List<String> getKeyAliases(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str, "JCSP");
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
            return Collections.unmodifiableList(arrayList);
        } catch (Exception e) {
            Logger.e(e.getMessage(), e);
            return Collections.emptyList();
        }
    }

    public static synchronized List<String> getKeyStoreTypes(Context context) {
        List<String> unmodifiableList;
        String currentReaderName;
        synchronized (UtilKeyStore.class) {
            Config loadConfig = loadConfig(context);
            boolean z = true;
            if (loadConfig != null && (currentReaderName = loadConfig.getCurrentReaderName()) != null && !"rutoken".equalsIgnoreCase(currentReaderName)) {
                z = false;
            }
            LinkedList linkedList = new LinkedList();
            for (Provider.Service service : new JCSP().getServices()) {
                if (service.getType().equalsIgnoreCase("KeyStore")) {
                    String algorithm = service.getAlgorithm();
                    if (z) {
                        if (algorithm.toLowerCase().contains("rutoken")) {
                            linkedList.add(algorithm);
                        }
                    } else if (!algorithm.toLowerCase().contains("rutoken")) {
                        linkedList.add(algorithm);
                    }
                }
            }
            linkedList.remove("CertStore");
            linkedList.remove(JCSP.PFX_STORE_NAME);
            linkedList.remove(JCSP.MY_STORE_NAME);
            linkedList.remove("ROOT");
            linkedList.remove(JCSP.CA_STORE_NAME);
            linkedList.remove(JCSP.ADDRESS_BOOK_STORE_NAME);
            linkedList.remove(JCSP.FILE_STORE_NAME);
            linkedList.remove(JCSP.SST_STORE_NAME);
            linkedList.remove("HDImageFileInternal");
            linkedList.remove("HDIMAGE");
            linkedList.sort(new Comparator() { // from class: ru.cprocsp.ACSP.tools.store.util.UtilKeyStore$$ExternalSyntheticLambda0
                @Override // java.util.Comparator
                public final int compare(Object obj, Object obj2) {
                    int compareToIgnoreCase;
                    compareToIgnoreCase = ((String) obj).compareToIgnoreCase((String) obj2);
                    return compareToIgnoreCase;
                }
            });
            linkedList.add(0, "HDIMAGE");
            unmodifiableList = Collections.unmodifiableList(linkedList);
        }
        return unmodifiableList;
    }

    public static List<InnerItem> getStoreObjectList(IUtilHelper.StorageType storageType, List<String> list, String str, char[] cArr, String str2) {
        KeyStore keyStore;
        Logger.p("getStoreObjectList() LOADING " + storageType + "...");
        if (!isInitiated() && storageType != IUtilHelper.StorageType.stPersonal) {
            Logger.e("Store has not been loaded.");
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        for (String str3 : list) {
            Logger.p("getStoreObjectList() CURRENT TYPE: " + storageType + ", BEGINNING...");
            if (str2 == null) {
                try {
                    keyStore = KeyStore.getInstance(str3);
                } catch (Exception e) {
                    e = e;
                    Logger.e(e.getMessage(), e);
                    Logger.p("getStoreObjectList() CURRENT TYPE: " + storageType + ", ENUMERATING COMPLETED.");
                }
            } else {
                keyStore = KeyStore.getInstance(str3, str2);
            }
            if (str != null) {
                try {
                    keyStore.load(new FileInputStream(str), cArr);
                } catch (Exception e2) {
                    e = e2;
                    Logger.e(e.getMessage(), e);
                    Logger.p("getStoreObjectList() CURRENT TYPE: " + storageType + ", ENUMERATING COMPLETED.");
                }
            } else {
                keyStore.load(null, null);
            }
            Logger.p("getStoreObjectList() ENUMERATING TYPE: " + storageType + "...");
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add(new InnerItem(loadObjectFromStore(keyStore, storageType, aliases.nextElement(), str2, str, cArr)));
            }
            Logger.p("getStoreObjectList() CURRENT TYPE: " + storageType + ", ENUMERATING COMPLETED.");
        }
        Logger.p("getStoreObjectList() LOADING " + storageType + " COMPLETED.");
        arrayList.sort(new ObjectDescriptorNotBeforeComparator());
        return arrayList;
    }

    public static synchronized void initAndCheck(Context context) {
        synchronized (UtilKeyStore.class) {
            if (!initiated) {
                String bksTrustStore = CSPConfig.getBksTrustStore();
                FILE_PATH_STORAGE_DIRECTORY = bksTrustStore;
                if (!BKSTrustStore.createOrUpdateTrustStore(context, bksTrustStore, "intermediate", STORAGE_PASSWORD)) {
                    throw new RuntimeException("Error occurred during check of the Intermediate storage!");
                }
                if (!BKSTrustStore.createOrUpdateTrustStore(context, FILE_PATH_STORAGE_DIRECTORY, IUtilHelper.STORAGE_FILE_ADDRESS_BOOK, STORAGE_PASSWORD)) {
                    throw new RuntimeException("Error occurred during check of the AddressBook storage!");
                }
                initiated = true;
            }
        }
    }

    public static ResultOf<List<ObjectDescriptor>> installCertificateToStore(Context context, ObjectDescriptor objectDescriptor, byte[] bArr, boolean z) {
        try {
            return installCertificateToStore(context, objectDescriptor, z ? convertCertificates(CertChainLoader.loadChain(bArr)) : new X509Certificate[]{(X509Certificate) CERT_FACTORY.generateCertificate(new ByteArrayInputStream(bArr))}, z);
        } catch (Exception e) {
            Logger.e(e.getMessage(), e);
            return new ResultOf<>(ResultOf.Status.ERROR, null, null, z ? R.string.ICInstallationCertChainFailed : R.string.ICInstallationFailed);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:33:0x0104 A[Catch: Exception -> 0x0225, TryCatch #5 {Exception -> 0x0225, blocks: (B:22:0x00e3, B:24:0x00e9, B:26:0x00f0, B:28:0x00f5, B:31:0x00fe, B:33:0x0104, B:36:0x0123, B:53:0x0185, B:49:0x018c, B:64:0x012e, B:67:0x010c, B:68:0x0111, B:71:0x0118, B:91:0x01a1, B:93:0x01a8, B:95:0x01bb, B:97:0x01c4, B:98:0x01d5, B:99:0x01de, B:102:0x01e3, B:103:0x021d, B:107:0x01ea, B:110:0x01fe, B:111:0x0203, B:112:0x0201), top: B:21:0x00e3, inners: #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:66:0x010a  */
    /* JADX WARN: Removed duplicated region for block: B:77:0x0235  */
    /* JADX WARN: Removed duplicated region for block: B:80:0x024a  */
    /* JADX WARN: Removed duplicated region for block: B:83:0x024c  */
    /* JADX WARN: Removed duplicated region for block: B:84:0x023c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static ru.cprocsp.ACSP.tools.store.model.ResultOf<java.util.List<ru.cprocsp.ACSP.tools.store.model.ObjectDescriptor>> installCertificateToStore(android.content.Context r29, ru.cprocsp.ACSP.tools.store.model.ObjectDescriptor r30, java.security.cert.X509Certificate[] r31, boolean r32) {
        /*
            Method dump skipped, instructions count: 597
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.cprocsp.ACSP.tools.store.util.UtilKeyStore.installCertificateToStore(android.content.Context, ru.cprocsp.ACSP.tools.store.model.ObjectDescriptor, java.security.cert.X509Certificate[], boolean):ru.cprocsp.ACSP.tools.store.model.ResultOf");
    }

    public static ResultOf<List<ObjectDescriptor>> installCertificateToStore(Context context, IUtilHelper.StorageType storageType, DocumentFile documentFile) {
        if (!isInitiated() && storageType != IUtilHelper.StorageType.stPersonal) {
            Logger.e("Store has not been loaded.");
            return new ResultOf<>(ResultOf.Status.ERROR, null, null, -1);
        }
        if (documentFile == null) {
            Logger.e("Certificate object not selected!");
            return new ResultOf<>(ResultOf.Status.ERROR, null, null, R.string.ICInstallationCertificateNotSelected);
        }
        if (!documentFile.exists()) {
            Logger.e("Certificate object not exist!");
            return new ResultOf<>(ResultOf.Status.ERROR, null, null, R.string.ICInstallationFileNotExists);
        }
        String name = documentFile.getName();
        String extractFileExtension = UtilFile.extractFileExtension(name);
        if (extractFileExtension == null || !(extractFileExtension.equalsIgnoreCase("cer") || extractFileExtension.equalsIgnoreCase("crt") || extractFileExtension.equalsIgnoreCase("p7b"))) {
            Logger.e("Unknown file extension!");
            return new ResultOf<>(ResultOf.Status.ERROR, null, null, R.string.ICInstallationUnknownFileExtension);
        }
        try {
            InputStream openInputStream = context.getContentResolver().openInputStream(documentFile.getUri());
            byte[] bArr = new byte[openInputStream.available()];
            do {
            } while (openInputStream.read(bArr) > 0);
            openInputStream.close();
            return installCertificateToStore(context, ObjectDescriptor.createCertificateDescriptor(storageType, name), bArr, extractFileExtension.equalsIgnoreCase("p7b"));
        } catch (IOException e) {
            Logger.e(e.getMessage(), e);
            return new ResultOf<>(ResultOf.Status.ERROR, null, null, R.string.ICInstallationFailed);
        }
    }

    public static synchronized boolean isInitiated() {
        boolean z;
        synchronized (UtilKeyStore.class) {
            z = initiated;
        }
        return z;
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) {
        return X509CertImpl.isSelfSigned(x509Certificate, "JCSP");
    }

    public static Config loadConfig(Context context) {
        try {
            return new Config(context, new CSPTool(context).getAppInfrastructure().getConfigFile(), false);
        } catch (Exception unused) {
            Logger.e("Failed to load config.");
            return null;
        }
    }

    private static ObjectDescriptor loadObjectFromStore(KeyStore keyStore, IUtilHelper.StorageType storageType, String str, String str2, String str3, char[] cArr) throws Exception {
        X509Certificate[] convertCertificates;
        if (storageType != IUtilHelper.StorageType.stPersonal) {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            convertCertificates = x509Certificate != null ? new X509Certificate[]{(X509Certificate) CERT_FACTORY.generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()))} : null;
        } else {
            convertCertificates = convertCertificates(keyStore.getCertificateChain(str));
        }
        X509Certificate[] x509CertificateArr = convertCertificates;
        ObjectDescriptor objectDescriptor = new ObjectDescriptor(storageType, keyStore.getType(), x509CertificateArr, str, str2, str3, cArr);
        if (x509CertificateArr != null) {
            objectDescriptor.setCertificateFields(getCertificateFields(x509CertificateArr[0]));
        }
        return objectDescriptor;
    }

    public static boolean removeObjectByDescription(ObjectDescriptor objectDescriptor) throws Exception {
        if (!isInitiated() && objectDescriptor.getStorageType() != IUtilHelper.StorageType.stPersonal) {
            Logger.e("Store has not been loaded.");
            return false;
        }
        KeyStore keyStore = objectDescriptor.getStoreProvider() == null ? KeyStore.getInstance(objectDescriptor.getStoreType()) : KeyStore.getInstance(objectDescriptor.getStoreType(), objectDescriptor.getStoreProvider());
        keyStore.load(new FileInputStream(objectDescriptor.getStorePath()), objectDescriptor.getStorePassword());
        if (!keyStore.isCertificateEntry(objectDescriptor.getObjectAlias())) {
            return false;
        }
        keyStore.deleteEntry(objectDescriptor.getObjectAlias());
        keyStore.store(new FileOutputStream(objectDescriptor.getStorePath()), objectDescriptor.getStorePassword());
        return true;
    }
}
