package nl.aeteurope.mpki.enrollment;

import com.leansoft.nano.IWriter;
import com.leansoft.nano.NanoFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import javax.crypto.BadPaddingException;
import nl.aeteurope.mpki.CertificateType;
import nl.aeteurope.mpki.ExtendedCertificate;
import nl.aeteurope.mpki.Logger;
import nl.aeteurope.mpki.identity.CertificateWithPrivateKeyReference;
import nl.aeteurope.mpki.secureelement.IncorrectPasswordException;
import nl.aeteurope.mpki.secureelement.PasswordHashResult;
import nl.aeteurope.mpki.secureelement.PasswordHasher;
import nl.aeteurope.mpki.secureelement.PinCodeRegister;
import nl.aeteurope.mpki.secureelement.SecureElementPassword;
import nl.aeteurope.mpki.util.CertificateHelper;
import nl.aeteurope.mpki.workflow.PinState;

/* loaded from: classes.dex */
public class EnrollmentStorageImpl implements EnrollmentStorage {
    private static final String KEYSTORE_FILENAME = "identities.keystore";
    private static final int MAX_PIN_TRIES = 3;
    private static char[] cachedHashedPin;
    private static Integer cachedIterationCount;
    private static char[] cachedPin;
    private static String cachedSalt;
    private final EnrollmentDataStorage enrollmentDataStorage;
    private final File keyStoreDirectory;
    private final Logger logger;
    private PinCodeRegister pinCodeRegister;
    private SecureElementPassword secureElementPassword;
    private static final String LOG = EnrollmentStorageImpl.class.getSimpleName();
    private static final char[] KEYSTORE_PASSWORD = "UbersecretPasswordThatNo1WillEverGuess".toCharArray();

    public EnrollmentStorageImpl(File file, SecureElementPassword secureElementPassword, File file2, Logger logger) {
        this.logger = logger;
        if (file == null || !file.isDirectory()) {
            throw new IllegalArgumentException("Path to keystore directory does not exist, or is not a directory");
        }
        this.keyStoreDirectory = file;
        this.secureElementPassword = secureElementPassword;
        this.pinCodeRegister = new PinCodeRegister(3, file, logger);
        this.enrollmentDataStorage = new EnrollmentDataStorage(file2);
    }

    private void cache(char[] cArr, char[] cArr2, Integer num, String str) {
        cachedHashedPin = (char[]) cArr.clone();
        cachedIterationCount = new Integer(num.intValue());
        cachedSalt = new String(str);
        cachedPin = (char[]) cArr2.clone();
    }

    private boolean createZip(File file, ExportEnrollment exportEnrollment) {
        byte[] bArr = new byte[2048];
        try {
            ZipOutputStream zipOutputStream = new ZipOutputStream(new FileOutputStream(file));
            ZipEntry zipEntry = new ZipEntry("meta.xml");
            ZipEntry zipEntry2 = new ZipEntry("keystore.p12");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(exportEnrollment.getXmlEnrollmentFields().toByteArray());
            zipOutputStream.putNextEntry(zipEntry);
            while (true) {
                int read = byteArrayInputStream.read(bArr, 0, 2048);
                if (read == -1) {
                    break;
                }
                zipOutputStream.write(bArr, 0, read);
            }
            byteArrayInputStream.close();
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(exportEnrollment.getExportKeyStore().toByteArray());
            zipOutputStream.putNextEntry(zipEntry2);
            while (true) {
                int read2 = byteArrayInputStream2.read(bArr, 0, 2048);
                if (read2 == -1) {
                    byteArrayInputStream2.close();
                    zipOutputStream.close();
                    return true;
                }
                zipOutputStream.write(bArr, 0, read2);
            }
        } catch (FileNotFoundException e) {
            e.printStackTrace();
            return false;
        } catch (IOException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    private ExportReport exportEnrolment(String str, String str2, String str3) {
        EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
        if (retrieveEnrollmentData == null) {
            return new ExportReport(RESULTS.NOT_ENRROLED, "", "");
        }
        ExportData exportData = new ExportData(retrieveEnrollmentData.getUsername(), str2);
        IWriter xMLWriter = NanoFactory.getXMLWriter();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            xMLWriter.write(exportData, byteArrayOutputStream);
        } catch (Exception e) {
            e.printStackTrace();
        }
        try {
            KeyStore keyStore = getKeyStore();
            Enumeration<String> aliases = keyStore.aliases();
            if (aliases != null && aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Key key = keyStore.getKey(nextElement, cachedHashedPin);
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                KeyStore keyStore2 = KeyStore.getInstance("pkcs12");
                keyStore2.load(null, str.toCharArray());
                keyStore2.setKeyEntry(nextElement, key, str.toCharArray(), certificateChain);
                ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                keyStore2.store(byteArrayOutputStream2, str.toCharArray());
                String str4 = str3 + "/ConsentID_Backup_" + new SimpleDateFormat("yyyyMMddHHmm").format(new Date()) + ".zip";
                boolean createZip = createZip(new File(str4), new ExportEnrollment(byteArrayOutputStream, byteArrayOutputStream2));
                byteArrayOutputStream2.close();
                return createZip ? new ExportReport(RESULTS.SUCCESS, str, str4) : new ExportReport(RESULTS.FAIL, "", "");
            }
            return new ExportReport(RESULTS.FAIL, "", "");
        } catch (IOException e2) {
            e2.printStackTrace();
            return new ExportReport(RESULTS.FAIL, "", "");
        } catch (KeyStoreException e3) {
            e3.printStackTrace();
            return new ExportReport(RESULTS.FAIL, "", "");
        } catch (NoSuchAlgorithmException e4) {
            e4.printStackTrace();
            return new ExportReport(RESULTS.FAIL, "", "");
        } catch (UnrecoverableKeyException e5) {
            e5.printStackTrace();
            return new ExportReport(RESULTS.FAIL, "", "");
        } catch (CertificateException e6) {
            e6.printStackTrace();
            return new ExportReport(RESULTS.FAIL, "", "");
        } catch (IncorrectPasswordException e7) {
            e7.printStackTrace();
            return new ExportReport(RESULTS.FAIL, "", "");
        }
    }

    private char[] getHashedPin(char[] cArr) {
        char[] cArr2;
        Integer retrieveIterationCount = this.secureElementPassword.retrieveIterationCount();
        String retrieveSalt = retrieveIterationCount != null ? this.secureElementPassword.retrieveSalt() : null;
        if (retrieveIterationCount == null || retrieveSalt == null) {
            PasswordHashResult encrypt = new PasswordHasher().encrypt(new String(cArr));
            Integer valueOf = Integer.valueOf(encrypt.getIterations());
            String salt = encrypt.getSalt();
            char[] charArray = encrypt.getHashedPassword().toCharArray();
            this.secureElementPassword.storeIterationCount(valueOf.intValue());
            this.secureElementPassword.storeSalt(salt);
            cArr2 = charArray;
            retrieveIterationCount = valueOf;
            retrieveSalt = salt;
        } else {
            if (isCached(cArr, retrieveIterationCount, retrieveSalt)) {
                this.logger.e(LOG, "Re-use hashed");
                return cachedHashedPin;
            }
            cArr2 = new PasswordHasher().encrypt(new String(cArr), retrieveSalt, retrieveIterationCount.intValue()).toCharArray();
        }
        cache(cArr2, cArr, retrieveIterationCount, retrieveSalt);
        return cArr2;
    }

    private File getKeyStoreFile() {
        return new File(this.keyStoreDirectory + File.separator + KEYSTORE_FILENAME);
    }

    private void installCertificatesToSecureKeyStore(List<EnrollmentResult> list, char[] cArr) throws IncorrectPasswordException {
        KeyStore keyStore = getKeyStore();
        try {
            for (EnrollmentResult enrollmentResult : list) {
                if (enrollmentResult.getPrivateKey() == null) {
                    keyStore.setCertificateEntry(enrollmentResult.getAlias(), enrollmentResult.getCertificate());
                } else {
                    keyStore.setKeyEntry(enrollmentResult.getAlias(), enrollmentResult.getPrivateKey(), getHashedPin(cArr), new X509Certificate[]{enrollmentResult.getCertificate()});
                }
            }
            writeKeyStore(keyStore);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean isCached(char[] cArr, Integer num, String str) {
        char[] cArr2;
        return (cachedHashedPin == null || (cArr2 = cachedPin) == null || cachedIterationCount == null || cachedSalt == null || !cArr2.equals(cArr) || !cachedIterationCount.equals(num) || !cachedSalt.equals(str)) ? false : true;
    }

    private boolean keyStoreHasEntries() {
        try {
            return getKeyStore().size() > 0;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    private KeyStore loadKeyStore(File file, char[] cArr) throws IncorrectPasswordException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            if (file.canRead()) {
                keyStore.load(new FileInputStream(file), cArr);
            } else {
                keyStore.load(null, cArr);
            }
            return keyStore;
        } catch (IOException e) {
            if (e.getCause() instanceof UnrecoverableKeyException) {
                throw new IncorrectPasswordException();
            }
            if (e.getCause() instanceof BadPaddingException) {
                throw new IncorrectPasswordException();
            }
            return loadKeyStore(file, cArr);
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private void saveEnrollmentData(EnrollmentData enrollmentData) {
        try {
            this.enrollmentDataStorage.saveEnrollmentData(enrollmentData);
        } catch (IOException e) {
            this.logger.e(LOG, "exception occurred storing the enrollmentData to the EnrollmentDataStorage", e);
            throw new EnrollmentStorageException("exception occurred storing the enrollmentData to the EnrollmentDataStorage");
        }
    }

    private CertificateMetadata toMetaData(CertificateWithPrivateKeyReference certificateWithPrivateKeyReference) {
        CertificateMetadata certificateMetadata = new CertificateMetadata(certificateWithPrivateKeyReference.getAlias(), certificateWithPrivateKeyReference.getCertificateType(), certificateWithPrivateKeyReference.getCertificateSource(), certificateWithPrivateKeyReference.getCertificateSubject(), CertificateHelper.getBase64EncodedCertificate(certificateWithPrivateKeyReference.getCertificate()));
        certificateMetadata.setDontUse(certificateWithPrivateKeyReference.isDontUse());
        certificateMetadata.setDontUseTemporarely(certificateWithPrivateKeyReference.isDontUseTemporarily());
        certificateMetadata.setRevoked(certificateWithPrivateKeyReference.isRevoked());
        return certificateMetadata;
    }

    private void uninstallCertificatesFromSecureKeyStore(CertificateMetadata certificateMetadata) throws IncorrectPasswordException {
        KeyStore keyStore = getKeyStore();
        try {
            keyStore.deleteEntry(certificateMetadata.getAlias());
            writeKeyStore(keyStore);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private void writeKeyStore(KeyStore keyStore) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(getKeyStoreFile());
        keyStore.store(fileOutputStream, KEYSTORE_PASSWORD);
        fileOutputStream.flush();
        fileOutputStream.close();
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void addCertificateMetadata(CertificateWithPrivateKeyReference certificateWithPrivateKeyReference) {
        if (certificateWithPrivateKeyReference.getCertificateType() != CertificateType.SMART_NOT_PRE_ENROLLED_BUT_PICKED_FOR_SIGNING || certificateWithPrivateKeyReference.getCertificateType() != CertificateType.SOFT_PRE_ENROLLED) {
            throw new IllegalArgumentException("Certificate can only be one that is picked for signing from the smartcard, but has not pre enrolled!");
        }
        EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
        if (CertificateHelper.getCertificateIndexByAlias(retrieveEnrollmentData.certificateInfoList, certificateWithPrivateKeyReference.getAlias()) >= 0) {
            throw new IllegalArgumentException("Specified certificate is already present in storage!");
        }
        retrieveEnrollmentData.certificateInfoList.add(toMetaData(certificateWithPrivateKeyReference));
        saveEnrollmentData(retrieveEnrollmentData);
    }

    void deletePinHash() {
        cachedHashedPin = null;
        this.secureElementPassword.deleteIterationCount();
        this.secureElementPassword.deleteSalt();
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public String exportEnrollment(String str, String str2, String str3, String str4) {
        ExportReport exportEnrolment = exportEnrolment(str2, str3, str4);
        if (exportEnrolment != null) {
            return exportEnrolment.getFileName();
        }
        return null;
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public X509Certificate getCertificate(String str) throws KeyStoreException {
        try {
            KeyStore keyStore = getKeyStore();
            Certificate[] certificateChain = keyStore.getCertificateChain(str);
            if (certificateChain != null && certificateChain.length > 0) {
                return (X509Certificate) certificateChain[0];
            }
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null) {
                return (X509Certificate) certificate;
            }
            return null;
        } catch (IncorrectPasswordException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public List<ExtendedCertificate> getExtendedCertificates() {
        ArrayList arrayList = new ArrayList();
        try {
            EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
            if (retrieveEnrollmentData != null) {
                for (CertificateMetadata certificateMetadata : retrieveEnrollmentData.getCertificateInfoList()) {
                    arrayList.add(new ExtendedCertificate(getCertificate(certificateMetadata.getAlias()), certificateMetadata));
                }
            }
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }
        return arrayList;
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public KeyStore getKeyStore() throws IncorrectPasswordException {
        return loadKeyStore(getKeyStoreFile(), KEYSTORE_PASSWORD);
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public PinState getPinState() {
        PinState pinState = this.pinCodeRegister.getPinState();
        this.logger.i(LOG, "retrieving pinstate from EnrollmentStorage, pinstate is: " + pinState.toString());
        return pinState;
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public PrivateKey getPrivateKey(X509Certificate x509Certificate, char[] cArr) throws IncorrectPasswordException {
        try {
            KeyStore keyStore = getKeyStore();
            return (PrivateKey) keyStore.getKey(keyStore.getCertificateAlias(x509Certificate), getHashedPin(cArr));
        } catch (KeyStoreException e) {
            e = e;
            throw new RuntimeException("Cannot retrieve private key for certificate", e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new RuntimeException("Cannot retrieve private key for certificate", e);
        } catch (UnrecoverableKeyException unused) {
            throw new IncorrectPasswordException();
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public String getUsername() {
        try {
            EnrollmentData enrollmentData = this.enrollmentDataStorage.getEnrollmentData();
            if (enrollmentData == null || enrollmentData.getUsername() == null) {
                return null;
            }
            return enrollmentData.getUsername();
        } catch (IOException e) {
            this.logger.e(LOG, "exception occurred retrieving data from the EnrollmentDataStorage", e);
            throw new EnrollmentStorageException("exception occurred retrieving data from the EnrollmentDataStorage");
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public boolean hasEnrolled() {
        return getUsername() != null;
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public boolean hasPin() {
        return keyStoreHasEntries();
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public boolean isValidPin(char[] cArr, X509Certificate x509Certificate) throws IncorrectPasswordException {
        this.logger.e(LOG, "calling isValidPin");
        try {
            this.pinCodeRegister.processAttempt();
            KeyStore keyStore = getKeyStore();
            keyStore.getKey(keyStore.getCertificateAlias(x509Certificate), getHashedPin(cArr));
            this.pinCodeRegister.processCorrectPinCode();
            return true;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | IncorrectPasswordException e) {
            this.logger.e(LOG, "Exception occurred validating the pin", e);
            throw new IncorrectPasswordException();
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void replaceEnrollmentData(EnrollmentResult enrollmentResult, String str) throws IncorrectPasswordException {
        EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
        CertificateMetadata certificateMetadata = retrieveEnrollmentData.getCertificateInfoList().get(0);
        CertificateMetadata certificateInfo = enrollmentResult.getCertificateInfo();
        retrieveEnrollmentData.certificateInfoList.remove(certificateMetadata);
        retrieveEnrollmentData.certificateInfoList.add(certificateInfo);
        ArrayList arrayList = new ArrayList();
        arrayList.add(enrollmentResult);
        uninstallCertificatesFromSecureKeyStore(certificateMetadata);
        installCertificatesToSecureKeyStore(arrayList, str.toCharArray());
        saveEnrollmentData(retrieveEnrollmentData);
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void reset() {
        deletePinHash();
        this.pinCodeRegister.resetPinState();
        getKeyStoreFile().delete();
        this.enrollmentDataStorage.clearData();
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public EnrollmentData retrieveEnrollmentData() {
        try {
            return this.enrollmentDataStorage.getEnrollmentData();
        } catch (IOException e) {
            this.logger.e(LOG, "exception occurred retrieving enrollmentData from the EnrollmentDataStorage", e);
            throw new EnrollmentStorageException("exception occurred retrieving enrollmentData from the EnrollmentDataStorage");
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public String retrievePushToken() {
        try {
            return this.enrollmentDataStorage.getPushToken();
        } catch (IOException e) {
            this.logger.e(LOG, "exception occurred retrieving the pushtoken from the EnrollmentDataStorage", e);
            throw new EnrollmentStorageException("exception occurred retrieving the pushtoken from the EnrollmentDataStorage");
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void safePushToken(String str) {
        try {
            this.enrollmentDataStorage.savePushToken(str);
        } catch (IOException e) {
            this.logger.e(LOG, "exception occurred storing the pushToken from the EnrollmentDataStorage", e);
            throw new EnrollmentStorageException("exception occurred storing the pushToken from the EnrollmentDataStorage");
        }
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void saveEnrollmentData(List<EnrollmentResult> list, String str, String str2) throws IncorrectPasswordException {
        ArrayList<CertificateMetadata> arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (EnrollmentResult enrollmentResult : list) {
            CertificateMetadata certificateInfo = enrollmentResult.getCertificateInfo();
            arrayList.add(certificateInfo);
            if (certificateInfo.getCertificateType() == CertificateType.SOFT || certificateInfo.getCertificateType() == CertificateType.SOFT_PRE_ENROLLED) {
                arrayList2.add(enrollmentResult);
            }
        }
        if (arrayList2.size() > 0) {
            installCertificatesToSecureKeyStore(arrayList2, str.toCharArray());
        }
        EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
        if (retrieveEnrollmentData == null) {
            retrieveEnrollmentData = new EnrollmentData(str2, arrayList);
        } else {
            for (CertificateMetadata certificateMetadata : arrayList) {
                if (CertificateHelper.getCertificateIndexByAlias(retrieveEnrollmentData.certificateInfoList, certificateMetadata.getAlias()) < 0) {
                    retrieveEnrollmentData.certificateInfoList.add(certificateMetadata);
                }
            }
        }
        saveEnrollmentData(retrieveEnrollmentData);
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void updateCertificateMetadata(CertificateWithPrivateKeyReference certificateWithPrivateKeyReference) {
        EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
        int certificateIndexByAlias = CertificateHelper.getCertificateIndexByAlias(retrieveEnrollmentData.certificateInfoList, certificateWithPrivateKeyReference.getAlias());
        if (certificateIndexByAlias < 0) {
            throw new IllegalArgumentException("Specified certificate not found in storage!");
        }
        retrieveEnrollmentData.certificateInfoList.remove(certificateIndexByAlias);
        retrieveEnrollmentData.certificateInfoList.add(toMetaData(certificateWithPrivateKeyReference));
        saveEnrollmentData(retrieveEnrollmentData);
    }

    @Override // nl.aeteurope.mpki.enrollment.EnrollmentStorage
    public void updateEnrollmentData(EnrollmentResult enrollmentResult, String str) throws IncorrectPasswordException {
        EnrollmentData retrieveEnrollmentData = retrieveEnrollmentData();
        retrieveEnrollmentData.certificateInfoList.add(enrollmentResult.getCertificateInfo());
        ArrayList arrayList = new ArrayList();
        arrayList.add(enrollmentResult);
        installCertificatesToSecureKeyStore(arrayList, str.toCharArray());
        saveEnrollmentData(retrieveEnrollmentData);
    }
}
