package com.worklight.common.security;

import co.acoustic.mobile.push.sdk.api.Constants;
import com.worklight.common.Logger;
import com.worklight.common.WLConfig;
import com.worklight.nativeandroid.common.WLUtils;
import com.worklight.utils.Base64;
import com.worklight.wlclient.HttpClientManager;
import com.worklight.wlclient.WLRequest;
import com.worklight.wlclient.WLRequestListener;
import com.worklight.wlclient.api.WLClient;
import com.worklight.wlclient.api.WLFailResponse;
import com.worklight.wlclient.api.WLRequestOptions;
import com.worklight.wlclient.api.WLResponse;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class WLUserAuthManager extends WLCertManager {
    private static final String CERTIFICATE_ALIAS = "com.worklight.userenrollment.certificate";
    public static final int DEFAULT_RSA_KEY_SIZE = 2048;
    private static final String PROVISIONING_ENTITY = "";
    private static WLUserAuthManager instance;
    private static Logger logger = Logger.getInstance("wl.userAuthManager");
    private static String KEYSTORE_FILENAME = ".x509Keystore";
    private static char[] keyStorePassword = "worklight".toCharArray();

    private WLUserAuthManager() {
        super(KEYSTORE_FILENAME, keyStorePassword);
    }

    private Map<String, DERObjectIdentifier> getCSRAttributesOIDMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("challengepassword", PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
        hashMap.put("contenttype", PKCSObjectIdentifiers.pkcs_9_at_contentType);
        hashMap.put("countersignature", PKCSObjectIdentifiers.pkcs_9_at_counterSignature);
        hashMap.put("emailaddress", PKCSObjectIdentifiers.pkcs_9_at_emailAddress);
        hashMap.put("extendedcertificateattributes", PKCSObjectIdentifiers.pkcs_9_at_extendedCertificateAttributes);
        hashMap.put("extensionrequest", PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        hashMap.put(WLRequest.RequestPaths.FRIENDLY_NAME, PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
        hashMap.put("localkeyid", PKCSObjectIdentifiers.pkcs_9_at_localKeyId);
        hashMap.put("messagedigest", PKCSObjectIdentifiers.pkcs_9_at_messageDigest);
        hashMap.put("signingdescription", PKCSObjectIdentifiers.pkcs_9_at_signingDescription);
        hashMap.put("signingdime", PKCSObjectIdentifiers.pkcs_9_at_signingTime);
        hashMap.put("smimecapabilities", PKCSObjectIdentifiers.pkcs_9_at_smimeCapabilities);
        hashMap.put("unstructuredaddress", PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress);
        hashMap.put("unstructuredname", PKCSObjectIdentifiers.pkcs_9_at_unstructuredName);
        return hashMap;
    }

    private KeyStore getCertificateKeyStore() throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException {
        KeyStore loadKeyStore = loadKeyStore();
        KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(loadKeyStore, keyStorePassword);
        return loadKeyStore;
    }

    public static synchronized WLUserAuthManager getInstance() {
        WLUserAuthManager wLUserAuthManager;
        synchronized (WLUserAuthManager.class) {
            if (instance == null) {
                instance = new WLUserAuthManager();
            }
            wLUserAuthManager = instance;
        }
        return wLUserAuthManager;
    }

    private KeyStore loadKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        File file = new File(this.context.getFilesDir().getAbsolutePath() + "/" + KEYSTORE_FILENAME);
        if (!file.exists()) {
            return null;
        }
        keyStore.load(new FileInputStream(file), keyStorePassword);
        return keyStore;
    }

    public JSONObject authenticateToTheServerWithCertificate() throws Throwable {
        return authenticateToTheServerWithCertificate(null, null);
    }

    public JSONObject authenticateToTheServerWithCertificate(WLRequestListener wLRequestListener, WLRequestOptions wLRequestOptions) throws Throwable {
        logger.debug("Establishing SSL connection with the server using the user certificate from the user certificate realm.");
        JSONObject jSONObject = new JSONObject();
        try {
            HttpClientManager.setSSLSocketFactory(getCertificateKeyStore(), keyStorePassword);
            String readWLPref = WLConfig.getInstance().readWLPref("WL-Instance-Id");
            if (!WLUtils.isStringEmpty(readWLPref)) {
                WLClient.getInstance().addGlobalHeader("WL-Instance-Id", readWLPref);
            }
            WLRequestOptions wLRequestOptions2 = new WLRequestOptions();
            if (wLRequestOptions == null) {
                wLRequestOptions = wLRequestOptions2;
            }
            if (wLRequestListener == null) {
                wLRequestListener = new WLRequestListener() { // from class: com.worklight.common.security.WLUserAuthManager.1
                    @Override // com.worklight.wlclient.WLRequestListener
                    public void onFailure(WLFailResponse wLFailResponse) {
                    }

                    @Override // com.worklight.wlclient.WLRequestListener
                    public void onSuccess(WLResponse wLResponse) {
                    }
                };
            }
            new WLRequest(wLRequestListener, wLRequestOptions, WLConfig.getInstance(), this.context).makeRequest(WLRequest.RequestPaths.SSL_CLIENT_AUTH);
        } catch (SSLPeerUnverifiedException e) {
            logger.warn(e.getClass() + " : " + e.getMessage());
        } catch (Throwable th) {
            logger.error("Exception while authenticating with user certificate.", th);
            throw th;
        }
        return jSONObject;
    }

    public void clearKeystore() throws KeyStoreException {
        clearKeystore("");
    }

    public String createSignedCSR(JSONObject jSONObject) throws Exception {
        return createSignedCSR(jSONObject, "");
    }

    public String createSignedCSR(JSONObject jSONObject, String str) throws Exception {
        JSONObject jSONObject2 = jSONObject.getJSONObject(Constants.Notifications.SUBJECT_KEY);
        JSONObject optJSONObject = jSONObject.optJSONObject("attributes");
        Iterator<String> keys = jSONObject2.keys();
        String str2 = "";
        while (keys.hasNext()) {
            String next = keys.next();
            str2 = str2 + next + "=" + jSONObject2.getString(next);
            if (keys.hasNext()) {
                str2 = str2 + ",";
            }
        }
        DERSet dERSet = null;
        if (optJSONObject != null) {
            Map<String, DERObjectIdentifier> cSRAttributesOIDMap = getCSRAttributesOIDMap();
            Iterator<String> keys2 = optJSONObject.keys();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            while (keys2.hasNext()) {
                String next2 = keys2.next();
                if (next2 != null) {
                    String string = optJSONObject.getString(next2);
                    try {
                        DERObjectIdentifier dERObjectIdentifier = cSRAttributesOIDMap.get(next2.toLowerCase());
                        DERPrintableString dERPrintableString = new DERPrintableString(string);
                        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                        aSN1EncodableVector2.add(dERObjectIdentifier);
                        aSN1EncodableVector3.add(dERPrintableString);
                        aSN1EncodableVector2.add(new DERSet(aSN1EncodableVector3));
                        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
                    } catch (Throwable th) {
                        logger.error("There was a problem adding attribute " + next2 + "to the CSR.", th);
                    }
                }
            }
            dERSet = new DERSet(aSN1EncodableVector);
        }
        KeyPair keyPair = this.keyPairHash.get(getAlias(str));
        return Base64.encode(new PKCS10CertificationRequest("SHA1withRSA", new X500Principal(str2), keyPair.getPublic(), dERSet, keyPair.getPrivate()).getEncoded(), "UTF-8");
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x005e A[Catch: Exception -> 0x0075, TRY_LEAVE, TryCatch #2 {Exception -> 0x0075, blocks: (B:3:0x0003, B:15:0x000f, B:9:0x0053, B:12:0x005e, B:18:0x001a, B:21:0x0036), top: B:2:0x0003, inners: #3 }] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0053 A[Catch: Exception -> 0x0075, TryCatch #2 {Exception -> 0x0075, blocks: (B:3:0x0003, B:15:0x000f, B:9:0x0053, B:12:0x005e, B:18:0x001a, B:21:0x0036), top: B:2:0x0003, inners: #3 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean doesValidCertificateExist() {
        /*
            r7 = this;
            java.lang.String r0 = ""
            r1 = 0
            java.security.KeyStore$PrivateKeyEntry r2 = r7.getPrivateKeyEntry(r0)     // Catch: java.lang.Exception -> L75
            r3 = 1
            if (r2 == 0) goto Lc
            r4 = r3
            goto Ld
        Lc:
            r4 = r1
        Ld:
            if (r4 == 0) goto L51
            java.security.cert.Certificate r2 = r2.getCertificate()     // Catch: java.security.cert.CertificateExpiredException -> L19 java.security.cert.CertificateNotYetValidException -> L35 java.lang.Exception -> L75
            java.security.cert.X509Certificate r2 = (java.security.cert.X509Certificate) r2     // Catch: java.security.cert.CertificateExpiredException -> L19 java.security.cert.CertificateNotYetValidException -> L35 java.lang.Exception -> L75
            r2.checkValidity()     // Catch: java.security.cert.CertificateExpiredException -> L19 java.security.cert.CertificateNotYetValidException -> L35 java.lang.Exception -> L75
            goto L51
        L19:
            r2 = move-exception
            com.worklight.common.Logger r3 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L75
            java.lang.StringBuilder r5 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L75
            r5.<init>()     // Catch: java.lang.Exception -> L75
            java.lang.String r6 = "Certificate has expired: "
            r5.append(r6)     // Catch: java.lang.Exception -> L75
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Exception -> L75
            r5.append(r2)     // Catch: java.lang.Exception -> L75
            java.lang.String r2 = r5.toString()     // Catch: java.lang.Exception -> L75
            r3.error(r2)     // Catch: java.lang.Exception -> L75
            goto L50
        L35:
            r2 = move-exception
            com.worklight.common.Logger r3 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L75
            java.lang.StringBuilder r5 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L75
            r5.<init>()     // Catch: java.lang.Exception -> L75
            java.lang.String r6 = "Certificate is not yet valid: "
            r5.append(r6)     // Catch: java.lang.Exception -> L75
            java.lang.String r2 = r2.getMessage()     // Catch: java.lang.Exception -> L75
            r5.append(r2)     // Catch: java.lang.Exception -> L75
            java.lang.String r2 = r5.toString()     // Catch: java.lang.Exception -> L75
            r3.error(r2)     // Catch: java.lang.Exception -> L75
        L50:
            r3 = r1
        L51:
            if (r3 != 0) goto L5e
            r7.removeEntityKeyStoreValues(r0)     // Catch: java.lang.Exception -> L75
            com.worklight.common.Logger r0 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L75
            java.lang.String r2 = "doesValidCertificateExists = false (Certificate not yet valid or expired)"
            r0.trace(r2)     // Catch: java.lang.Exception -> L75
            return r1
        L5e:
            com.worklight.common.Logger r0 = com.worklight.common.security.WLUserAuthManager.logger     // Catch: java.lang.Exception -> L75
            java.lang.StringBuilder r2 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> L75
            r2.<init>()     // Catch: java.lang.Exception -> L75
            java.lang.String r3 = "doesValidCertificateExists = "
            r2.append(r3)     // Catch: java.lang.Exception -> L75
            r2.append(r4)     // Catch: java.lang.Exception -> L75
            java.lang.String r2 = r2.toString()     // Catch: java.lang.Exception -> L75
            r0.trace(r2)     // Catch: java.lang.Exception -> L75
            return r4
        L75:
            r0 = move-exception
            com.worklight.common.Logger r2 = com.worklight.common.security.WLUserAuthManager.logger
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Failed to determine the existence of certificate for device authentication with "
            r3.append(r4)
            java.lang.String r4 = r0.getMessage()
            r3.append(r4)
            java.lang.String r3 = r3.toString()
            r2.error(r3, r0)
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.worklight.common.security.WLUserAuthManager.doesValidCertificateExist():boolean");
    }

    public KeyPair generateKeyPair(int i) throws NoSuchAlgorithmException {
        return generateKeyPair("", i);
    }

    @Override // com.worklight.common.security.WLCertManager
    protected String getAlias(String str) {
        WLConfig.createInstance(this.context);
        if (!WLConfig.getInstance().isShareUserCert()) {
            return "com.worklight.userenrollment.certificate:" + this.context.getPackageName();
        }
        logger.debug("Using group support alias for user certificate authentication realm.");
        return "com.worklight.userenrollment.certificate:" + this.context.getApplicationInfo().uid;
    }

    @Override // com.worklight.common.security.WLCertManager
    public void saveCertificate(String str, String str2) throws Exception {
        logger.debug("Saving certificate for user certificate authentication realm...");
        saveCertificate("", str, str2);
        logger.debug("Certificate saved for user certificate authentication realm.");
    }
}
