package com.microsoft.workaccount.workplacejoin.core;

import android.app.Activity;
import android.content.ActivityNotFoundException;
import android.content.Intent;
import android.security.KeyChain;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.samsung.android.knox.keystore.CertificateProvisioning;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Set;
import org.spongycastle.asn1.ASN1Primitive;
import org.spongycastle.asn1.DERBMPString;
import org.spongycastle.asn1.DEROctetString;
import org.spongycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.spongycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.spongycastle.crypto.engines.DESedeEngine;
import org.spongycastle.crypto.engines.RC2Engine;
import org.spongycastle.crypto.modes.CBCBlockCipher;
import org.spongycastle.pkcs.PKCS12PfxPduBuilder;
import org.spongycastle.pkcs.PKCS12SafeBag;
import org.spongycastle.pkcs.PKCSException;
import org.spongycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import org.spongycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
import org.spongycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.spongycastle.util.encoders.Hex;

/* loaded from: classes.dex */
public class PKCS12CertGenerator {
    public static final String EXTRA_PRIVATE_KEY = "PKEY";
    public static final String EXTRA_PUBLIC_KEY = "KEY";
    public static final String ISSUER_CN_VALUE = "MS-Organization-Access";
    private static final String TAG = PKCS12CertGenerator.class.getSimpleName() + "#";
    private static final char[] EMPTY_PASSWORD_BYTE_ARRAY = new char[0];

    private static String convertOctetsToGUID(byte[] bArr) {
        new Hex();
        String str = new String(Hex.encode(new byte[]{bArr[3], bArr[2], bArr[1], bArr[0], bArr[5], bArr[4], bArr[7], bArr[6], bArr[8], bArr[9], bArr[10], bArr[11], bArr[12], bArr[13], bArr[14], bArr[15]}));
        return str.substring(0, 8) + '-' + str.substring(8, 12) + '-' + str.substring(12, 16) + '-' + str.substring(16, 20) + '-' + str.substring(20);
    }

    private static byte[] getCertBytesWithEmptyPassword(CertificateData certificateData, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (str == null || str.isEmpty()) {
            return certificateData.getPKCS12Cert();
        }
        KeyStore keyStore = KeyStore.getInstance(CertificateProvisioning.TYPE_PKCS12);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certificateData.getPKCS12Cert());
        try {
            keyStore.load(byteArrayInputStream, str.toCharArray());
            byteArrayInputStream.close();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, EMPTY_PASSWORD_BYTE_ARRAY);
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    public static String getCertName() {
        return "microsoft workaccount";
    }

    public static String getDeviceIdFromCert(X509Certificate x509Certificate) {
        for (String str : x509Certificate.getNonCriticalExtensionOIDs()) {
            Logger.v(TAG + "getDeviceIdFromCert", "Extension value.", "OID: " + str);
            if (str.equals(WorkplaceJoinApplication.OID_CERT_FOR_DEVICE_ID)) {
                try {
                    ASN1Primitive parseExtensionValue = JcaX509ExtensionUtils.parseExtensionValue(x509Certificate.getExtensionValue(str));
                    if (parseExtensionValue instanceof DEROctetString) {
                        String convertOctetsToGUID = convertOctetsToGUID(((DEROctetString) parseExtensionValue).getOctets());
                        Logger.v(TAG + "getDeviceIdFromCert", "Extension value.", "OID: " + str + " deviceid:" + convertOctetsToGUID);
                        return convertOctetsToGUID;
                    }
                    continue;
                } catch (IOException e) {
                    Logger.e(TAG + "getDeviceIdFromCert", "IO Exception in parsing extension value", "OID: " + str, WorkplaceJoinFailure.INTERNAL, e);
                }
            }
        }
        return null;
    }

    public static CertificateData getPKCS12Cert(String str, KeyPair keyPair, String str2) {
        CertificateData certificateData;
        try {
            PublicKey publicKey = keyPair.getPublic();
            PrivateKey privateKey = keyPair.getPrivate();
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(("-----BEGIN CERTIFICATE-----\n" + str + "\n-----END CERTIFICATE-----").getBytes("UTF-8")));
            certificateData = new CertificateData();
            try {
                certificateData.setX509Cert((X509Certificate) generateCertificate);
                certificateData.setCertType(((X509Certificate) generateCertificate).getType());
                certificateData.setCertVersion(((X509Certificate) generateCertificate).getVersion());
                certificateData.setThumbprint(obtainthumbPrintFromCert((X509Certificate) generateCertificate));
                certificateData.setIssuerDName(((X509Certificate) generateCertificate).getIssuerDN().getName());
                certificateData.setSerialNumber(((X509Certificate) generateCertificate).getSerialNumber());
                certificateData.setSignAlgo(((X509Certificate) generateCertificate).getSigAlgName());
                certificateData.setDeviceId(getDeviceIdFromCert((X509Certificate) generateCertificate));
                certificateData.setPrivateKey(privateKey.getEncoded());
                certificateData.setPublicKey(publicKey.getEncoded());
                Logger.i(TAG + "getPKCS12Cert", "Device ID.", certificateData.getDeviceId());
                WorkplaceJoinApplication.setDeviceId(certificateData.getDeviceId());
                JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
                JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder = new JcaPKCS12SafeBagBuilder((X509Certificate) generateCertificate);
                jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(getCertName()));
                jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
                JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder2 = new JcaPKCS12SafeBagBuilder(privateKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, new CBCBlockCipher(new DESedeEngine())).build(str2.toCharArray()));
                jcaPKCS12SafeBagBuilder2.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(getCertName()));
                jcaPKCS12SafeBagBuilder2.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, jcaX509ExtensionUtils.createSubjectKeyIdentifier(publicKey));
                PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
                pKCS12PfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, new CBCBlockCipher(new RC2Engine())).build(str2.toCharArray()), new PKCS12SafeBag[]{jcaPKCS12SafeBagBuilder.build()});
                pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder2.build());
                certificateData.setPKCS12Cert(pKCS12PfxPduBuilder.build(new BcPKCS12MacCalculatorBuilder(), str2.toCharArray()).toASN1Structure().getEncoded());
                return certificateData;
            } catch (IOException e) {
                e = e;
                Logger.e(TAG + "getPKCS12Cert", "exception =" + e, WorkplaceJoinFailure.CERTIFICATE);
                e.printStackTrace();
                return certificateData;
            } catch (NoSuchAlgorithmException e2) {
                e = e2;
                Logger.e(TAG + "getPKCS12Cert", "exception =" + e, WorkplaceJoinFailure.CERTIFICATE);
                e.printStackTrace();
                return certificateData;
            } catch (CertificateException e3) {
                e = e3;
                Logger.e(TAG + "getPKCS12Cert", "exception =" + e, WorkplaceJoinFailure.CERTIFICATE);
                e.printStackTrace();
                return certificateData;
            } catch (PKCSException e4) {
                e = e4;
                Logger.e(TAG + "getPKCS12Cert", "exception =" + e, WorkplaceJoinFailure.CERTIFICATE);
                e.printStackTrace();
                return certificateData;
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException | PKCSException e5) {
            e = e5;
            certificateData = null;
        }
    }

    public static String getTenantIdFromCert(X509Certificate x509Certificate) {
        Set<String> nonCriticalExtensionOIDs = x509Certificate.getNonCriticalExtensionOIDs();
        if (nonCriticalExtensionOIDs == null) {
            Logger.v(TAG + "getTenantIdFromCert", "Certificate's oid list is empty");
            return null;
        }
        for (String str : nonCriticalExtensionOIDs) {
            if (str.equals(WorkplaceJoinApplication.OID_TENANT_FOR_DEVICE_ID)) {
                try {
                    ASN1Primitive parseExtensionValue = JcaX509ExtensionUtils.parseExtensionValue(x509Certificate.getExtensionValue(str));
                    if (parseExtensionValue instanceof DEROctetString) {
                        String convertOctetsToGUID = convertOctetsToGUID(((DEROctetString) parseExtensionValue).getOctets());
                        Logger.i(TAG + "getTenantIdFromCert", "Extension value.", "OID:" + str + " tenantid:" + convertOctetsToGUID);
                        return convertOctetsToGUID;
                    }
                    continue;
                } catch (IOException e) {
                    Logger.e(TAG + "getTenantIdFromCert", "IO Exception in parsing extension value.", "OID: " + str, WorkplaceJoinFailure.INTERNAL, e);
                }
            }
        }
        Logger.v(TAG + "getTenantIdFromCert", "Tenant-id oid was not found in certificate's oid list");
        return null;
    }

    private static String hexify(byte[] bArr) {
        char[] cArr = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(cArr[(bArr[i] & 240) >> 4]);
            stringBuffer.append(cArr[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    public static void installPKCS12CertDefault(Activity activity, CertificateData certificateData) {
        try {
            Intent createInstallIntent = KeyChain.createInstallIntent();
            createInstallIntent.putExtra(EXTRA_PRIVATE_KEY, certificateData.getPrivateKey());
            createInstallIntent.putExtra(EXTRA_PUBLIC_KEY, certificateData.getPublicKey());
            createInstallIntent.putExtra("name", getCertName());
            activity.startActivityForResult(createInstallIntent, 2);
            Intent createInstallIntent2 = KeyChain.createInstallIntent();
            createInstallIntent2.putExtra("name", getCertName());
            createInstallIntent2.putExtra(CertificateProvisioning.TYPE_CERTIFICATE, certificateData.getX509Cert().getEncoded());
            WorkplaceJoinApplication.InstallIntent = createInstallIntent2;
        } catch (ActivityNotFoundException e) {
            Logger.e(TAG + "installPKCS12CertDefault", "KeyChain installer activity is not found", WorkplaceJoinFailure.INTERNAL, e);
        } catch (CertificateEncodingException e2) {
            Logger.e(TAG + "installPKCS12CertDefault", "Certificate encoding exception", WorkplaceJoinFailure.INTERNAL, e2);
        }
    }

    public static void installPKCS12CertUsingPublicIntentExtras(Activity activity, CertificateData certificateData, String str) {
        Intent createInstallIntent = KeyChain.createInstallIntent();
        try {
            createInstallIntent.putExtra(CertificateProvisioning.TYPE_PKCS12, getCertBytesWithEmptyPassword(certificateData, str));
            createInstallIntent.putExtra("name", getCertName());
            activity.startActivityForResult(createInstallIntent, 0);
        } catch (IOException e) {
            Logger.e(TAG + "installPKCS12CertUsingPublicIntentExtras", "IOException, certificate could not be loaded into the keystore.", WorkplaceJoinFailure.INTERNAL, e);
        } catch (KeyStoreException e2) {
            Logger.e(TAG + "installPKCS12CertUsingPublicIntentExtras", "KeyStoreException, key store could not be loaded.", WorkplaceJoinFailure.INTERNAL, e2);
        } catch (NoSuchAlgorithmException e3) {
            Logger.e(TAG + "installPKCS12CertUsingPublicIntentExtras", "NoSuchAlgorithmException, certificate could not be loaded into the keystore.", WorkplaceJoinFailure.INTERNAL, e3);
        } catch (CertificateException e4) {
            Logger.e(TAG + "installPKCS12CertUsingPublicIntentExtras", "CertificateException, certificate could not be loaded into the keystore.", WorkplaceJoinFailure.INTERNAL, e4);
        }
    }

    public static boolean isExpectedCertificateIssuer(byte[] bArr) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (x509Certificate.getIssuerDN() != null && x509Certificate.getIssuerDN().getName() != null) {
                return x509Certificate.getIssuerDN().getName().toLowerCase().contains(ISSUER_CN_VALUE.toLowerCase());
            }
            return false;
        } catch (CertificateException e) {
            Logger.e(TAG + "isExpectedCertificateIssuer", "Certificate Exception, returning null", e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            return false;
        }
    }

    public static String obtainthumbPrintFromCert(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance(com.adjust.sdk.Constants.SHA1);
        messageDigest.update(x509Certificate.getEncoded());
        return hexify(messageDigest.digest());
    }
}
