package com.worklight.common.security;

import android.content.Context;
import android.provider.Settings;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.worklight.common.Logger;
import com.worklight.common.WLConfig;
import com.worklight.nativeandroid.common.WLUtils;
import com.worklight.utils.Base64;
import com.worklight.wlclient.HttpClientManager;
import com.worklight.wlclient.WLRequest;
import com.worklight.wlclient.WLRequestListener;
import com.worklight.wlclient.api.WLClient;
import com.worklight.wlclient.api.WLFailResponse;
import com.worklight.wlclient.api.WLRequestOptions;
import com.worklight.wlclient.api.WLResponse;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.UUID;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class WLUserAuthManager extends WLCertManager {
    private static WLUserAuthManager instance;
    private static Logger logger = Logger.getInstance("wl.userAuthManager");
    private static String KEYSTORE_FILENAME = ".x509Keystore";

    private WLUserAuthManager() {
        super(KEYSTORE_FILENAME, null);
    }

    private KeyStore getCertificateKeyStore() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        File file = new File(this.context.getFilesDir().getAbsolutePath() + "/" + KEYSTORE_FILENAME);
        if (file.exists()) {
            changeKeyStorePIfNeeded(file, keyStore);
            keyStore.load(new FileInputStream(file), this.p);
        } else {
            keyStore = null;
        }
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(keyStore, this.p);
        return keyStore;
    }

    public static synchronized WLUserAuthManager getInstance() {
        WLUserAuthManager wLUserAuthManager;
        synchronized (WLUserAuthManager.class) {
            if (instance == null) {
                instance = new WLUserAuthManager();
            }
            wLUserAuthManager = instance;
        }
        return wLUserAuthManager;
    }

    public JSONObject authenticateToTheServerWithCertificate() throws Throwable {
        logger.debug("Establishing SSL connection with the server using the user certificate from the user certificate realm.", null, null);
        JSONObject jSONObject = new JSONObject();
        try {
            HttpClientManager.setSSLSocketFactory(getCertificateKeyStore(), this.p);
            String readWLPref = WLConfig.getInstance().readWLPref("WL-Instance-Id");
            if (!WLUtils.isStringEmpty(readWLPref)) {
                WLClient.getInstance().addGlobalHeader("WL-Instance-Id", readWLPref);
            }
            new WLRequest(new WLRequestListener(this) { // from class: com.worklight.common.security.WLUserAuthManager.1
                @Override // com.worklight.wlclient.WLRequestListener
                public void onFailure(WLFailResponse wLFailResponse) {
                }

                @Override // com.worklight.wlclient.WLRequestListener
                public void onSuccess(WLResponse wLResponse) {
                }
            }, new WLRequestOptions(), WLConfig.getInstance(), this.context).makeRequest("sslclientauth", false);
        } catch (SSLPeerUnverifiedException e) {
            logger.warn(e.getClass() + " : " + e.getMessage(), null, null);
        } catch (Throwable th) {
            logger.error("Exception while authenticating with user certificate.", null, th);
            throw th;
        }
        return jSONObject;
    }

    public String createSignedCSR(JSONObject jSONObject) throws Exception {
        JSONObject jSONObject2 = jSONObject.getJSONObject("subject");
        JSONObject optJSONObject = jSONObject.optJSONObject("attributes");
        Iterator<String> keys = jSONObject2.keys();
        String str = "";
        while (keys.hasNext()) {
            String next = keys.next();
            StringBuilder outline13 = GeneratedOutlineSupport.outline13(str, next, "=");
            outline13.append(jSONObject2.getString(next));
            str = outline13.toString();
            if (keys.hasNext()) {
                str = GeneratedOutlineSupport.outline5(str, ",");
            }
        }
        DERSet dERSet = null;
        if (optJSONObject != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("challengepassword", PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
            hashMap.put("contenttype", PKCSObjectIdentifiers.pkcs_9_at_contentType);
            hashMap.put("countersignature", PKCSObjectIdentifiers.pkcs_9_at_counterSignature);
            hashMap.put("emailaddress", PKCSObjectIdentifiers.pkcs_9_at_emailAddress);
            hashMap.put("extendedcertificateattributes", PKCSObjectIdentifiers.pkcs_9_at_extendedCertificateAttributes);
            hashMap.put("extensionrequest", PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
            hashMap.put("friendlyname", PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
            hashMap.put("localkeyid", PKCSObjectIdentifiers.pkcs_9_at_localKeyId);
            hashMap.put("messagedigest", PKCSObjectIdentifiers.pkcs_9_at_messageDigest);
            hashMap.put("signingdescription", PKCSObjectIdentifiers.pkcs_9_at_signingDescription);
            hashMap.put("signingdime", PKCSObjectIdentifiers.pkcs_9_at_signingTime);
            hashMap.put("smimecapabilities", PKCSObjectIdentifiers.pkcs_9_at_smimeCapabilities);
            hashMap.put("unstructuredaddress", PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress);
            hashMap.put("unstructuredname", PKCSObjectIdentifiers.pkcs_9_at_unstructuredName);
            Iterator<String> keys2 = optJSONObject.keys();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            while (keys2.hasNext()) {
                String next2 = keys2.next();
                if (next2 != null) {
                    String string = optJSONObject.getString(next2);
                    try {
                        DERObjectIdentifier dERObjectIdentifier = (DERObjectIdentifier) hashMap.get(next2.toLowerCase());
                        DERPrintableString dERPrintableString = new DERPrintableString(string);
                        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                        aSN1EncodableVector2.add(dERObjectIdentifier);
                        aSN1EncodableVector3.add(dERPrintableString);
                        aSN1EncodableVector2.add(new DERSet(aSN1EncodableVector3));
                        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
                    } catch (Throwable th) {
                        logger.error(GeneratedOutlineSupport.outline6("There was a problem adding attribute ", next2, "to the CSR."), null, th);
                    }
                }
            }
            dERSet = new DERSet(aSN1EncodableVector);
        }
        DERSet dERSet2 = dERSet;
        KeyPair keyPair = this.keyPairHash.get(getAlias(""));
        return Base64.encode(new PKCS10CertificationRequest("SHA1withRSA", new X500Principal(str), keyPair.getPublic(), dERSet2, keyPair.getPrivate()).getEncoded(), "UTF-8");
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x005f A[Catch: Exception -> 0x0076, TRY_LEAVE, TryCatch #2 {Exception -> 0x0076, blocks: (B:3:0x0004, B:15:0x0010, B:9:0x0054, B:12:0x005f, B:18:0x001b, B:21:0x0037), top: B:2:0x0004, inners: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0054 A[Catch: Exception -> 0x0076, TryCatch #2 {Exception -> 0x0076, blocks: (B:3:0x0004, B:15:0x0010, B:9:0x0054, B:12:0x005f, B:18:0x001b, B:21:0x0037), top: B:2:0x0004, inners: #3 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean doesValidCertificateExist() {
        /*
            r8 = this;
            java.lang.String r0 = ""
            r1 = 0
            r2 = 0
            java.security.KeyStore$PrivateKeyEntry r3 = r8.getPrivateKeyEntry(r0)     // Catch: java.lang.Exception -> L76
            r4 = 1
            if (r3 == 0) goto Ld
            r5 = r4
            goto Le
        Ld:
            r5 = r1
        Le:
            if (r5 == 0) goto L52
            java.security.cert.Certificate r3 = r3.getCertificate()     // Catch: java.security.cert.CertificateExpiredException -> L1a java.security.cert.CertificateNotYetValidException -> L36 java.lang.Exception -> L76
            java.security.cert.X509Certificate r3 = (java.security.cert.X509Certificate) r3     // Catch: java.security.cert.CertificateExpiredException -> L1a java.security.cert.CertificateNotYetValidException -> L36 java.lang.Exception -> L76
            r3.checkValidity()     // Catch: java.security.cert.CertificateExpiredException -> L1a java.security.cert.CertificateNotYetValidException -> L36 java.lang.Exception -> L76
            goto L52
        L1a:
            r3 = move-exception
            com.worklight.common.Logger r4 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L76
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L76
            r6.<init>()     // Catch: java.lang.Exception -> L76
            java.lang.String r7 = "Certificate has expired: "
            r6.append(r7)     // Catch: java.lang.Exception -> L76
            java.lang.String r3 = r3.getMessage()     // Catch: java.lang.Exception -> L76
            r6.append(r3)     // Catch: java.lang.Exception -> L76
            java.lang.String r3 = r6.toString()     // Catch: java.lang.Exception -> L76
            r4.error(r3, r2, r2)     // Catch: java.lang.Exception -> L76
            goto L51
        L36:
            r3 = move-exception
            com.worklight.common.Logger r4 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L76
            java.lang.StringBuilder r6 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L76
            r6.<init>()     // Catch: java.lang.Exception -> L76
            java.lang.String r7 = "Certificate is not yet valid: "
            r6.append(r7)     // Catch: java.lang.Exception -> L76
            java.lang.String r3 = r3.getMessage()     // Catch: java.lang.Exception -> L76
            r6.append(r3)     // Catch: java.lang.Exception -> L76
            java.lang.String r3 = r6.toString()     // Catch: java.lang.Exception -> L76
            r4.error(r3, r2, r2)     // Catch: java.lang.Exception -> L76
        L51:
            r4 = r1
        L52:
            if (r4 != 0) goto L5f
            r8.removeEntityKeyStoreValues(r0)     // Catch: java.lang.Exception -> L76
            com.worklight.common.Logger r0 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L76
            java.lang.String r3 = "doesValidCertificateExists = false (Certificate not yet valid or expired)"
            r0.trace(r3, r2)     // Catch: java.lang.Exception -> L76
            return r1
        L5f:
            com.worklight.common.Logger r0 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L76
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L76
            r3.<init>()     // Catch: java.lang.Exception -> L76
            java.lang.String r4 = "doesValidCertificateExists = "
            r3.append(r4)     // Catch: java.lang.Exception -> L76
            r3.append(r5)     // Catch: java.lang.Exception -> L76
            java.lang.String r3 = r3.toString()     // Catch: java.lang.Exception -> L76
            r0.trace(r3, r2)     // Catch: java.lang.Exception -> L76
            return r5
        L76:
            r0 = move-exception
            com.worklight.common.Logger r3 = com.worklight.common.security.WLUserAuthManager.logger
            java.lang.String r4 = "Failed to determine the existence of certificate for device authentication with "
            java.lang.StringBuilder r4 = com.android.tools.r8.GeneratedOutlineSupport.outline12(r4)
            com.android.tools.r8.GeneratedOutlineSupport.outline17(r0, r4, r3, r2, r0)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.worklight.common.security.WLUserAuthManager.doesValidCertificateExist():boolean");
    }

    @Override // com.worklight.common.security.WLCertManager
    protected String getAlias(String str) {
        WLConfig.createInstance(this.context);
        if (!WLConfig.getInstance().isShareUserCert()) {
            StringBuilder outline12 = GeneratedOutlineSupport.outline12("com.worklight.userenrollment.certificate:");
            outline12.append(this.context.getPackageName());
            return outline12.toString();
        }
        logger.debug("Using group support alias for user certificate authentication realm.", null, null);
        return "com.worklight.userenrollment.certificate:" + this.context.getApplicationInfo().uid;
    }

    @Override // com.worklight.common.security.WLCertManager
    public void init(Context context) {
        this.context = context;
        char[] cArr = this.p;
        if (cArr == null) {
            String string = Settings.Secure.getString(context.getContentResolver(), "android_id");
            if (string == null) {
                throw new RuntimeException("error getting android id from os");
            }
            cArr = UUID.nameUUIDFromBytes(string.getBytes()).toString().toCharArray();
        }
        this.p = cArr;
    }

    public void saveCertificate(String str, String str2) throws Exception {
        logger.debug("Saving certificate for user certificate authentication realm...", null, null);
        saveCertificate("", str, str2);
        logger.debug("Certificate saved for user certificate authentication realm.", null, null);
    }
}
