package de.idnow.sdk.network;

import de.idnow.sdk.CertificateProvider;
import de.idnow.sdk.Config;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;

/* loaded from: classes.dex */
public class IDNowDefaultSSLCredentialProvider {
    private KeyStore createEmptyKeyStore(char[] cArr) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        return keyStore;
    }

    public X509Certificate[] provideClientAuthCertificateChain() {
        CertificateProvider certificateProvider = Config.CERTIFICATE_PROVIDER;
        if (certificateProvider == null || !certificateProvider.featureCertificate()) {
            return null;
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certificateProvider.provideCertificateBytestream());
        try {
            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return new X509Certificate[]{(X509Certificate) generateCertificate};
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public KeyStore provideClientAuthIdentityStore() {
        CertificateProvider certificateProvider = Config.CERTIFICATE_PROVIDER;
        if (certificateProvider == null || !certificateProvider.featureCertificate()) {
            return null;
        }
        KeyStore createEmptyKeyStore = createEmptyKeyStore("".toCharArray());
        createEmptyKeyStore.setKeyEntry("client", provideClientAuthPrivateKey(), "".toCharArray(), provideClientAuthCertificateChain());
        return createEmptyKeyStore;
    }

    public PrivateKey provideClientAuthPrivateKey() {
        CertificateProvider certificateProvider = Config.CERTIFICATE_PROVIDER;
        if (certificateProvider == null || !certificateProvider.featureCertificate()) {
            return null;
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(certificateProvider.providePrivateKeyBytestream()));
    }
}
