package com.microsoft.omadm.connection;

import android.content.Context;
import com.microsoft.intune.common.enrollment.domain.IEnrollmentSettingsRepository;
import com.microsoft.intune.common.utils.IOUtils;
import com.microsoft.intune.mam.client.fileencryption.FileEncryptionServiceBehavior;
import com.microsoft.omadm.exception.OMADMException;
import java.io.File;
import java.io.FileInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.Date;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes3.dex */
public class CertificateKeyStore {
    public static final String ANDROID_KEYSTORE_NAME = "AndroidKeyStore";
    private static final String DEFAULT_SSP_KEYSTORE_FILENAME = "SSPCertificateStore0.keystore";
    private static final String ENROLLMENT_KEY_ALIAS = "EnrollmentKey";
    private static final int GENERATOR_KEY_SIZE = 2048;
    private static final Logger LOGGER = Logger.getLogger(CertificateKeyStore.class.getName());
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    private final Context context;
    private final IEnrollmentSettingsRepository enrollmentRepository;

    @Inject
    public CertificateKeyStore(Context context, IEnrollmentSettingsRepository iEnrollmentSettingsRepository) {
        this.context = context;
        this.enrollmentRepository = iEnrollmentSettingsRepository;
    }

    public static KeyPair generateKeyPair() throws OMADMException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    public static X509Certificate generateSelfSignedCertificate(KeyPair keyPair) throws OMADMException {
        try {
            return new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(new X500Name("CN=MDM Self-Signed Cert"), BigInteger.valueOf(1L), new Date(System.currentTimeMillis() - FileEncryptionServiceBehavior.TRY_PENDING_OPERATIONS_INTERVAL_MS), new Date(System.currentTimeMillis() + 1094004736), new X500Name("CN=MDM Self-Signed Cert"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(keyPair.getPrivate())));
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    private KeyStore getKeyStore() throws OMADMException {
        return isAndroidStore() ? getKeyStoreFromAndroid() : getKeyStoreFromFile();
    }

    private KeyStore getKeyStoreFromAndroid() throws OMADMException {
        try {
            KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_NAME);
            keyStore.load(null);
            return keyStore;
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    private KeyStore getKeyStoreFromFile() throws OMADMException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            LOGGER.fine("Using keystore to get the enrollment certificate; using the provider: " + keyStore.getProvider().toString());
            FileInputStream openFileInput = this.context.openFileInput(getStoreFile().getName());
            try {
                keyStore.load(openFileInput, getStorePassword());
                return keyStore;
            } finally {
                IOUtils.safeClose(openFileInput);
            }
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    private File getStoreFile() {
        String keystoreFileName = this.enrollmentRepository.getKeystoreFileName();
        if (keystoreFileName.isEmpty()) {
            keystoreFileName = DEFAULT_SSP_KEYSTORE_FILENAME;
        }
        return new File(keystoreFileName);
    }

    private char[] getStorePassword() {
        if (isAndroidStore()) {
            return null;
        }
        String keystorePassword = this.enrollmentRepository.getKeystorePassword();
        if (keystorePassword.isEmpty()) {
            return null;
        }
        return keystorePassword.toCharArray();
    }

    public X509Certificate getEnrollmentCertificate() throws OMADMException {
        try {
            return (X509Certificate) getKeyStore().getCertificate(ENROLLMENT_KEY_ALIAS);
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    public RSAPrivateKey getEnrollmentPrivateKey() throws OMADMException {
        try {
            return (RSAPrivateKey) getKeyStore().getKey(ENROLLMENT_KEY_ALIAS, getStorePassword());
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    public KeyManager[] getKeyManagers() throws OMADMException {
        try {
            KeyStore keyStore = getKeyStore();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
            keyManagerFactory.init(keyStore, getStorePassword());
            return keyManagerFactory.getKeyManagers();
        } catch (OMADMException e) {
            throw e;
        } catch (Throwable th) {
            throw new OMADMException(th);
        }
    }

    public boolean hasEnrollmentCertificate() {
        try {
            return getEnrollmentCertificate() != null;
        } catch (OMADMException e) {
            LOGGER.log(Level.WARNING, "Exception while determining location of enrollment cert.", e.getCause());
            return false;
        }
    }

    public void initMAMBackupEncryptionKey() {
        if (this.enrollmentRepository.getKeystorePassword().isEmpty()) {
            LOGGER.log(Level.FINE, "Generating new certificate store password.");
            this.enrollmentRepository.setKeystorePassword(UUID.randomUUID().toString());
            this.enrollmentRepository.setKeystorePasswordEncrypted(false);
        }
    }

    public boolean isAndroidStore() {
        return ANDROID_KEYSTORE_NAME.equals(this.enrollmentRepository.getKeystoreFileName());
    }

    public boolean isUseOfAndroidKeyStoreEnabled() {
        return false;
    }
}
