package nl.aeteurope.mpki.identity;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import nl.aeteurope.mpki.AlgorithmType;
import nl.aeteurope.mpki.CertificateSource;
import nl.aeteurope.mpki.CertificateType;
import nl.aeteurope.mpki.DomainConfiguration;
import nl.aeteurope.mpki.Logger;
import nl.aeteurope.mpki.ServerConfiguration;
import nl.aeteurope.mpki.backendclient.BackendClientExecutor;
import nl.aeteurope.mpki.secureelement.IncorrectPasswordException;
import nl.aeteurope.mpki.secureelement.SecureElement;
import nl.aeteurope.mpki.service.adss.SignatureRequest;
import nl.aeteurope.mpki.workflow.MissingIdentityException;
import nl.aeteurope.mpki.workflow.PinState;
import org.spongycastle.cms.CMSException;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public class CertificateWithPrivateKeyReference {
    private final String alias;
    private final X509Certificate certificate;
    private final CertificateSource certificateSource;
    private final String certificateSubject;
    private CertificateType certificateType;
    private final DomainConfiguration domainConfiguration;
    private boolean dontUse;
    private boolean dontUseTemporarily;
    private final Logger logger;
    private boolean revoked;
    private final SecureElement secureElement;
    private String username;

    public CertificateWithPrivateKeyReference(Logger logger, DomainConfiguration domainConfiguration, X509Certificate x509Certificate, SecureElement secureElement, CertificateType certificateType, CertificateSource certificateSource, String str, String str2) {
        this.username = null;
        this.secureElement = secureElement;
        this.logger = logger;
        this.domainConfiguration = domainConfiguration;
        this.certificate = x509Certificate;
        this.certificateType = certificateType;
        this.alias = str;
        this.certificateSubject = str2;
        this.certificateSource = certificateSource;
        if (x509Certificate != null) {
            this.username = getCertificate().getSubjectDN().getName().split("CN=")[r2.length - 1];
        }
    }

    public String getAlias() {
        return this.alias;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public CertificateSource getCertificateSource() {
        return this.certificateSource;
    }

    public String getCertificateSubject() {
        return this.certificateSubject;
    }

    public CertificateType getCertificateType() {
        return this.certificateType;
    }

    public PinState getPinState() throws MissingIdentityException {
        return this.secureElement.getPinState();
    }

    public KeyStore getSSLKeyStore(char[] cArr) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, MissingIdentityException, IncorrectPasswordException {
        return this.secureElement.getSSLKeyStore(this, cArr);
    }

    public String getUsername() {
        return this.username;
    }

    public boolean hasPrivateKey() {
        return this.secureElement.hasPrivateKey(getAlias());
    }

    public boolean isDontUse() {
        return this.dontUse;
    }

    public boolean isDontUseTemporarily() {
        return this.dontUseTemporarily;
    }

    public boolean isRevoked() {
        return this.revoked;
    }

    public boolean isValidPin(char[] cArr) throws IncorrectPasswordException, MissingIdentityException {
        return this.secureElement.isValidPin(cArr, this);
    }

    public <T> T performWithPushServerBackendClient(char[] cArr, BackendClientExecutor<T> backendClientExecutor) throws Throwable {
        try {
            this.secureElement.setSSLProvider();
            return backendClientExecutor.doWithBackendClient(this.secureElement.getBackendClientFactory().create(this.domainConfiguration.getPushServerConfiguration(), this, this.logger, cArr));
        } finally {
            this.secureElement.restoreSSLProvider();
        }
    }

    public <T> T performWithSigningServerBackendClient(char[] cArr, BackendClientExecutor<T> backendClientExecutor, ServerConfiguration serverConfiguration) throws Throwable {
        try {
            this.secureElement.setSSLProvider();
            return backendClientExecutor.doWithBackendClient(this.secureElement.getBackendClientFactory().create(serverConfiguration, this, this.logger, cArr));
        } finally {
            this.secureElement.restoreSSLProvider();
        }
    }

    public void setCertificateType(CertificateType certificateType) {
        this.certificateType = certificateType;
    }

    public void setDontUse(boolean z) {
        this.dontUse = z;
    }

    public void setDontUseTemporarily(boolean z) {
        this.dontUseTemporarily = z;
    }

    public void setRevoked(boolean z) {
        this.revoked = z;
    }

    public byte[] signHash(SignatureRequest signatureRequest, char[] cArr) throws SigningException, MissingIdentityException, IncorrectPasswordException {
        try {
            try {
                this.secureElement.isValidPin(cArr, this);
                this.secureElement.setSSLProvider();
                return this.secureElement.signHash(Base64.decode(signatureRequest.getSignData()), this, cArr);
            } catch (GeneralSecurityException e) {
                throw new SigningException(e);
            }
        } finally {
            this.secureElement.restoreSSLProvider();
        }
    }

    public byte[] signPKCS1(SignatureRequest signatureRequest, AlgorithmType algorithmType, char[] cArr, boolean z) throws SigningException, MissingIdentityException, IncorrectPasswordException {
        try {
            try {
                this.secureElement.isValidPin(cArr, this);
                this.secureElement.setSSLProvider();
                return this.secureElement.signPKCS1(Base64.decode(signatureRequest.getSignData()), this, algorithmType, cArr, z);
            } catch (GeneralSecurityException e) {
                throw new SigningException(e);
            }
        } finally {
            this.secureElement.restoreSSLProvider();
        }
    }

    public byte[] signPKCS7(String str, char[] cArr) throws SigningException, MissingIdentityException, IncorrectPasswordException {
        try {
            try {
                this.secureElement.isValidPin(cArr, this);
                this.secureElement.setSSLProvider();
                return this.secureElement.signPKCS7(Base64.decode(str), this, cArr);
            } finally {
                this.secureElement.restoreSSLProvider();
            }
        } catch (IOException | GeneralSecurityException | CMSException | OperatorCreationException e) {
            throw new SigningException(e);
        }
    }

    public byte[] signPKCS7(SignatureRequest signatureRequest, char[] cArr) throws SigningException, MissingIdentityException, IncorrectPasswordException {
        try {
            try {
                this.secureElement.isValidPin(cArr, this);
                this.secureElement.setSSLProvider();
                return this.secureElement.signPKCS7(Base64.decode(signatureRequest.getSignData()), this, cArr);
            } finally {
                this.secureElement.restoreSSLProvider();
            }
        } catch (IOException | GeneralSecurityException | CMSException | OperatorCreationException e) {
            throw new SigningException(e);
        }
    }
}
