package com.mobileiron.polaris.common;

import com.mobileiron.polaris.common.DataEncryption;
import com.mobileiron.polaris.model.properties.InvalidServerConfigurationException;
import com.mobileiron.polaris.model.properties.ag;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import io.fabric.sdk.android.services.events.EventsFilesManager;
import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.cms.ContentInfo;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cms.CMSSignedData;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemReader;

/* loaded from: classes.dex */
public final class CloudCertificateUtils {

    /* renamed from: a, reason: collision with root package name */
    private static final Logger f2915a = LoggerFactory.getLogger("CloudCertificateUtils");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public enum PemParsingType {
        X509,
        PKCS7
    }

    /* loaded from: classes.dex */
    public static class a {

        /* renamed from: a, reason: collision with root package name */
        private X509Certificate f2917a;
        private PrivateKey b;

        public final X509Certificate a() {
            return this.f2917a;
        }

        final void a(PrivateKey privateKey) {
            this.b = privateKey;
        }

        final void a(X509Certificate x509Certificate) {
            this.f2917a = x509Certificate;
        }

        public final PrivateKey b() {
            return this.b;
        }
    }

    public static a a(ag agVar) {
        try {
            a aVar = new a();
            f2915a.debug("Trying PEM...");
            ArrayList<ag> a2 = a(agVar.a(), aVar, false);
            if (a2 != null && !a2.isEmpty()) {
                f2915a.debug("Trying PEM... match found.");
                return aVar;
            }
            f2915a.debug("Trying DER...");
            ArrayList<ag> b = b(agVar.a(), aVar, false);
            if (b != null && !b.isEmpty()) {
                f2915a.debug("Trying DER... match found.");
                return aVar;
            }
            f2915a.debug("Trying PKCS12...");
            ArrayList<ag> a3 = a(agVar.a(), agVar.b(), new ArrayList(), aVar);
            if (a3 != null && !a3.isEmpty()) {
                f2915a.debug("Trying PKCS12... match found.");
                return aVar;
            }
            f2915a.debug("Trying PKCS7...");
            ArrayList<ag> c = c(agVar.a(), aVar, false);
            if (c == null || c.isEmpty()) {
                return null;
            }
            f2915a.debug("Trying PKCS7... match found.");
            return aVar;
        } catch (InvalidServerConfigurationException e) {
            f2915a.error("Invalid Server Config exception processing: {}", (Throwable) e);
            return null;
        }
    }

    public static String a(String str) {
        if (StringUtils.isEmpty(str)) {
            return "";
        }
        char[] charArray = str.toCharArray();
        for (int i = 0; i < charArray.length; i++) {
            char c = charArray[i];
            if (c < '0' || c > '~') {
                charArray[i] = '_';
            }
        }
        return new String(charArray);
    }

    private static KeyStore a(byte[] bArr, String str) {
        ByteArrayInputStream byteArrayInputStream;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                try {
                    KeyStore keyStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12);
                    keyStore.load(byteArrayInputStream, str != null ? str.toCharArray() : null);
                    o.a(keyStore);
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "createKeyStore");
                    return keyStore;
                } catch (IOException e) {
                    e = e;
                    f2915a.debug("createKeyStore: {}", e.toString());
                    if (e.getMessage().matches(".*failed to decrypt safe contents entry.*")) {
                        f2915a.debug("Password error");
                    }
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "createKeyStore");
                    return null;
                } catch (Exception e2) {
                    e = e2;
                    f2915a.debug("createKeyStore: {}", e.toString());
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "createKeyStore");
                    return null;
                }
            } catch (Throwable th) {
                th = th;
                com.mobileiron.acom.core.utils.p.a((Closeable) null, "createKeyStore");
                throw th;
            }
        } catch (IOException e3) {
            e = e3;
            byteArrayInputStream = null;
        } catch (Exception e4) {
            e = e4;
            byteArrayInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            com.mobileiron.acom.core.utils.p.a((Closeable) null, "createKeyStore");
            throw th;
        }
    }

    private static Certificate a(PemObject pemObject) {
        ByteArrayInputStream byteArrayInputStream;
        try {
            byteArrayInputStream = new ByteArrayInputStream(pemObject.getContent());
            try {
                try {
                    Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "parseObjectAsX509");
                    return generateCertificate;
                } catch (Exception unused) {
                    f2915a.debug("CloudCertificateUtils", "parseObjectAsX509: DER format not detected.");
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "parseObjectAsX509");
                    return null;
                }
            } catch (Throwable th) {
                th = th;
                com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "parseObjectAsX509");
                throw th;
            }
        } catch (Exception unused2) {
            byteArrayInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            byteArrayInputStream = null;
            com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "parseObjectAsX509");
            throw th;
        }
    }

    private static ArrayList<X509Certificate> a(KeyStore keyStore, String str, List<PrivateKey> list, StringBuffer stringBuffer, a aVar) {
        ArrayList<X509Certificate> arrayList = new ArrayList<>();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                f2915a.debug("alias: {} (isKey {}, isCert {})", nextElement, Boolean.valueOf(keyStore.isKeyEntry(nextElement)), Boolean.valueOf(keyStore.isCertificateEntry(nextElement)));
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain != null) {
                    if (stringBuffer.length() == 0) {
                        f2915a.debug("Picked alias: {}", nextElement);
                        stringBuffer.append(nextElement);
                        if (aVar != null && certificateChain.length > 0) {
                            aVar.a((X509Certificate) certificateChain[0]);
                        }
                    }
                    for (Certificate certificate : certificateChain) {
                        arrayList.add((X509Certificate) certificate);
                    }
                } else {
                    f2915a.debug("alias: {} -- cert chain is null.", nextElement);
                    Certificate certificate2 = keyStore.getCertificate(nextElement);
                    if (certificate2 != null) {
                        arrayList.add((X509Certificate) certificate2);
                    } else {
                        f2915a.debug("alias: {} -- cert is null.", nextElement);
                    }
                }
                PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, str != null ? str.toCharArray() : null);
                if (privateKey != null) {
                    if (list != null) {
                        list.add(privateKey);
                        if (aVar != null && nextElement.equals(stringBuffer.toString())) {
                            aVar.a(privateKey);
                        }
                    }
                    f2915a.debug("key: {}", privateKey.getFormat());
                } else {
                    f2915a.debug("alias: {} -- key is null.", nextElement);
                }
            }
        } catch (KeyStoreException e) {
            f2915a.debug("openKeyStore: {}", e.toString());
        } catch (NoSuchAlgorithmException e2) {
            f2915a.debug("openKeyStore: {}", e2.toString());
        } catch (UnrecoverableKeyException e3) {
            f2915a.debug("openKeyStore: {}", e3.toString());
        }
        return arrayList;
    }

    private static ArrayList<Object> a(byte[] bArr, PemParsingType pemParsingType) {
        InputStreamReader inputStreamReader;
        ByteArrayInputStream byteArrayInputStream;
        PemReader pemReader;
        try {
            byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                inputStreamReader = new InputStreamReader(byteArrayInputStream, Charset.defaultCharset());
                try {
                    ArrayList<Object> arrayList = new ArrayList<>();
                    pemReader = new PemReader(inputStreamReader);
                    while (true) {
                        try {
                            try {
                                PemObject readPemObject = pemReader.readPemObject();
                                if (readPemObject == null) {
                                    f2915a.debug("processDataAsPem: PemReader returned no object");
                                    com.mobileiron.acom.core.utils.p.a(inputStreamReader, "PEMStream");
                                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "PEMStream2");
                                    com.mobileiron.acom.core.utils.p.a(pemReader, "PEMStream3");
                                    return arrayList;
                                }
                                Object a2 = pemParsingType == PemParsingType.X509 ? a(readPemObject) : pemParsingType == PemParsingType.PKCS7 ? b(readPemObject) : null;
                                if (a2 != null) {
                                    arrayList.add(a2);
                                }
                            } catch (Exception e) {
                                e = e;
                                f2915a.debug("processDataAsPem: {}", e.toString());
                                com.mobileiron.acom.core.utils.p.a(inputStreamReader, "PEMStream");
                                com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "PEMStream2");
                                com.mobileiron.acom.core.utils.p.a(pemReader, "PEMStream3");
                                return null;
                            }
                        } catch (Throwable th) {
                            th = th;
                            com.mobileiron.acom.core.utils.p.a(inputStreamReader, "PEMStream");
                            com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "PEMStream2");
                            com.mobileiron.acom.core.utils.p.a(pemReader, "PEMStream3");
                            throw th;
                        }
                    }
                } catch (Exception e2) {
                    e = e2;
                    pemReader = null;
                } catch (Throwable th2) {
                    th = th2;
                    pemReader = null;
                    com.mobileiron.acom.core.utils.p.a(inputStreamReader, "PEMStream");
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "PEMStream2");
                    com.mobileiron.acom.core.utils.p.a(pemReader, "PEMStream3");
                    throw th;
                }
            } catch (Exception e3) {
                e = e3;
                inputStreamReader = null;
                pemReader = null;
            } catch (Throwable th3) {
                th = th3;
                inputStreamReader = null;
                pemReader = null;
            }
        } catch (Exception e4) {
            e = e4;
            inputStreamReader = null;
            byteArrayInputStream = null;
            pemReader = null;
        } catch (Throwable th4) {
            th = th4;
            inputStreamReader = null;
            byteArrayInputStream = null;
            pemReader = null;
        }
    }

    private static ArrayList<ag> a(byte[] bArr, a aVar, boolean z) throws InvalidServerConfigurationException {
        ArrayList<Object> a2 = a(bArr, PemParsingType.X509);
        String str = null;
        if (a2 == null) {
            return null;
        }
        ArrayList<ag> arrayList = new ArrayList<>();
        Iterator<Object> it = a2.iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if (next instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) next;
                f2915a.debug("PemReader returned object class: {}", next.getClass());
                if (str == null) {
                    str = b(x509Certificate.getSubjectX500Principal().getName());
                    if (aVar != null) {
                        aVar.a(x509Certificate);
                    }
                }
                try {
                    ag.a aVar2 = new ag.a();
                    aVar2.a(x509Certificate.getEncoded());
                    if (z) {
                        aVar2.b("AW_" + str + EventsFilesManager.ROLL_OVER_FILE_NAME_SEPARATOR + x509Certificate.getSerialNumber());
                    } else {
                        aVar2.b("AW_" + str);
                    }
                    arrayList.add(aVar2.a());
                } catch (CertificateEncodingException unused) {
                    f2915a.error("Certificate encoding exception processing [{}]", str);
                }
            } else {
                f2915a.debug("PemReader returned invalid object class: {}", next.getClass());
            }
        }
        return arrayList;
    }

    private static ArrayList<ag> a(byte[] bArr, String str, List<PrivateKey> list, a aVar) throws InvalidServerConfigurationException {
        if (StringUtils.isEmpty(str)) {
            f2915a.debug("Password empty -- cannot process data as PKCS12/PFX.");
            return null;
        }
        KeyStore a2 = a(bArr, str);
        if (a2 == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        ArrayList<X509Certificate> a3 = a(a2, str, list, stringBuffer, aVar);
        if (a3.isEmpty()) {
            return null;
        }
        ArrayList<ag> arrayList = new ArrayList<>();
        int i = 0;
        int i2 = 0;
        while (true) {
            if (i2 >= a3.size()) {
                break;
            }
            if (!a(a3.get(i2))) {
                f2915a.debug("ID cert found at: {}", (Object) 0);
                i = i2;
                break;
            }
            i2++;
        }
        f2915a.debug("Using indexOfIdCert: {}", Integer.valueOf(i));
        try {
            ag.a aVar2 = new ag.a();
            aVar2.a(bArr).b(true).b(stringBuffer.toString()).b(DataEncryption.a(a3.get(i).getEncoded(), DataEncryption.Algorithm.SHA)).a(str);
            arrayList.add(aVar2.a());
        } catch (CertificateEncodingException unused) {
            f2915a.error("CertificateEncodingException processing [{}]", stringBuffer);
        }
        return arrayList;
    }

    public static ArrayList<ag> a(byte[] bArr, String str, boolean z) throws InvalidServerConfigurationException {
        if (bArr == null) {
            return null;
        }
        f2915a.debug("Trying PEM...");
        ArrayList<ag> a2 = a(bArr, (a) null, true);
        if (a2 != null && !a2.isEmpty()) {
            f2915a.debug("Trying PEM... match found.");
            return a2;
        }
        f2915a.debug("Trying DER...");
        ArrayList<ag> b = b(bArr, null, true);
        if (b != null && !b.isEmpty()) {
            f2915a.debug("Trying DER... match found.");
            return b;
        }
        f2915a.debug("Trying PKCS12...");
        ArrayList<ag> a3 = a(bArr, str, new ArrayList(), null);
        if (a3 != null && !a3.isEmpty()) {
            f2915a.debug("Trying PKCS12... match found.");
            return a3;
        }
        f2915a.debug("Trying PKCS7...");
        ArrayList<ag> c = c(bArr, null, true);
        if (c == null || c.isEmpty()) {
            f2915a.error("Unable to successfully parse certificate file.");
            return null;
        }
        f2915a.debug("Trying PKCS7... match found.");
        return c;
    }

    private static boolean a(X509Certificate x509Certificate) {
        ASN1InputStream aSN1InputStream;
        ASN1InputStream aSN1InputStream2;
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.19");
        if (extensionValue == null) {
            return false;
        }
        ASN1InputStream aSN1InputStream3 = null;
        try {
            aSN1InputStream = new ASN1InputStream(extensionValue);
        } catch (IOException e) {
            e = e;
            aSN1InputStream2 = null;
        } catch (Throwable th) {
            th = th;
            aSN1InputStream = null;
        }
        try {
            aSN1InputStream2 = new ASN1InputStream(((DEROctetString) aSN1InputStream.readObject()).getOctets());
            try {
                boolean isCA = BasicConstraints.getInstance(aSN1InputStream2.readObject()).isCA();
                com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "isCA1");
                com.mobileiron.acom.core.utils.p.a(aSN1InputStream2, "isCA2");
                return isCA;
            } catch (IOException e2) {
                e = e2;
                aSN1InputStream3 = aSN1InputStream;
                try {
                    f2915a.error("isCaCert error: ", (Throwable) e);
                    com.mobileiron.acom.core.utils.p.a(aSN1InputStream3, "isCA1");
                    com.mobileiron.acom.core.utils.p.a(aSN1InputStream2, "isCA2");
                    return false;
                } catch (Throwable th2) {
                    th = th2;
                    aSN1InputStream = aSN1InputStream3;
                    aSN1InputStream3 = aSN1InputStream2;
                    com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "isCA1");
                    com.mobileiron.acom.core.utils.p.a(aSN1InputStream3, "isCA2");
                    throw th;
                }
            } catch (Throwable th3) {
                th = th3;
                aSN1InputStream3 = aSN1InputStream2;
                com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "isCA1");
                com.mobileiron.acom.core.utils.p.a(aSN1InputStream3, "isCA2");
                throw th;
            }
        } catch (IOException e3) {
            e = e3;
            aSN1InputStream2 = null;
        } catch (Throwable th4) {
            th = th4;
            com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "isCA1");
            com.mobileiron.acom.core.utils.p.a(aSN1InputStream3, "isCA2");
            throw th;
        }
    }

    private static String b(String str) {
        String[] split = str.split(",");
        for (String str2 : split) {
            if (str2.contains("CN")) {
                String[] split2 = str2.split("=");
                if (split2.length > 1) {
                    return split2[1];
                }
            }
        }
        return split.length == 0 ? str : split[0];
    }

    private static ArrayList<ag> b(byte[] bArr, a aVar, boolean z) {
        ByteArrayInputStream byteArrayInputStream;
        f2915a.debug("Got {} bytes to process...", Integer.valueOf(bArr.length));
        try {
            byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                try {
                    ArrayList<ag> arrayList = new ArrayList<>();
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    while (byteArrayInputStream.available() > 0) {
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                        String b = b(x509Certificate.getSubjectX500Principal().getName());
                        if (aVar != null && aVar.a() == null) {
                            aVar.a(x509Certificate);
                        }
                        try {
                            ag.a aVar2 = new ag.a();
                            aVar2.a(x509Certificate.getEncoded());
                            if (z) {
                                aVar2.b("AW_" + b + EventsFilesManager.ROLL_OVER_FILE_NAME_SEPARATOR + x509Certificate.getSerialNumber());
                            } else {
                                aVar2.b("AW_" + b);
                            }
                            arrayList.add(aVar2.a());
                        } catch (CertificateEncodingException unused) {
                            f2915a.error("Certificate encoding exception processing [{}]", b);
                        }
                    }
                    if (arrayList.isEmpty()) {
                        com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "openDER");
                        return null;
                    }
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "openDER");
                    return arrayList;
                } catch (Exception e) {
                    e = e;
                    f2915a.debug("openCertificateAsDer: {}", e.toString());
                    com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "openDER");
                    return null;
                }
            } catch (Throwable th) {
                th = th;
                com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "openDER");
                throw th;
            }
        } catch (Exception e2) {
            e = e2;
            byteArrayInputStream = null;
        } catch (Throwable th2) {
            th = th2;
            byteArrayInputStream = null;
            com.mobileiron.acom.core.utils.p.a(byteArrayInputStream, "openDER");
            throw th;
        }
    }

    private static ContentInfo b(PemObject pemObject) {
        ASN1InputStream aSN1InputStream;
        try {
            aSN1InputStream = new ASN1InputStream(pemObject.getContent());
            try {
                try {
                    ContentInfo contentInfo = ContentInfo.getInstance(aSN1InputStream.readObject());
                    com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "parseObjectAsPkcs7");
                    return contentInfo;
                } catch (Exception unused) {
                    f2915a.debug("CloudCertificateUtils", "parseObjectAsPkcs7: Problem parsing PKCS7 object.");
                    com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "parseObjectAsPkcs7");
                    return null;
                }
            } catch (Throwable th) {
                th = th;
                com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "parseObjectAsPkcs7");
                throw th;
            }
        } catch (Exception unused2) {
            aSN1InputStream = null;
        } catch (Throwable th2) {
            th = th2;
            aSN1InputStream = null;
            com.mobileiron.acom.core.utils.p.a(aSN1InputStream, "parseObjectAsPkcs7");
            throw th;
        }
    }

    private static ArrayList<ag> c(byte[] bArr, a aVar, boolean z) {
        ArrayList<ag> d = d(bArr, aVar, z);
        if (d != null && !d.isEmpty()) {
            return d;
        }
        try {
            ArrayList<Object> a2 = a(bArr, PemParsingType.PKCS7);
            if (a2 == null) {
                return null;
            }
            ArrayList<ag> arrayList = new ArrayList<>(a2.size());
            Iterator<Object> it = a2.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (next instanceof ContentInfo) {
                    f2915a.debug("PemReader returned object class: {}", next.getClass());
                    ArrayList<ag> d2 = d(((ContentInfo) next).getEncoded(), aVar, z);
                    if (d2 != null) {
                        arrayList.addAll(d2);
                    }
                } else {
                    f2915a.debug("PemReader returned invalid object class: {}", next.getClass());
                }
            }
            return arrayList;
        } catch (IOException e) {
            f2915a.debug("openPkcs7: {}", e.toString());
            return null;
        }
    }

    private static ArrayList<ag> d(byte[] bArr, a aVar, boolean z) {
        f2915a.debug("Attempting to process {} bytes as PKCS7 DER.", Integer.valueOf(bArr.length));
        ArrayList<ag> arrayList = new ArrayList<>();
        try {
            for (X509CertificateHolder x509CertificateHolder : new CMSSignedData(bArr).getCertificates().getMatches(null)) {
                if (x509CertificateHolder instanceof X509CertificateHolder) {
                    ArrayList<ag> b = b(x509CertificateHolder.toASN1Structure().getEncoded(), aVar, z);
                    if (!com.mobileiron.acom.core.utils.l.a(b)) {
                        Iterator<ag> it = b.iterator();
                        while (it.hasNext()) {
                            arrayList.add(it.next());
                        }
                    }
                } else {
                    f2915a.error("openPkcs7AsDer: certCollection contains item that is not an X509CertificateHolder");
                }
            }
            return arrayList;
        } catch (Exception e) {
            f2915a.debug("openPkcs7AsDer: {}", e.toString());
            return null;
        }
    }
}
