package com.huawei.anyoffice.sdk.login;

import android.text.TextUtils;
import android.util.Base64;
import com.huawei.anyoffice.sdk.log.Log;
import com.huawei.welink.hotfix.common.PatchRedirect;
import com.huawei.welink.hotfix.common.RedirectProxy;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public class CertificateUtils {
    public static PatchRedirect $PatchRedirect = null;
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
    private static final String BEGIN_DSA_PRIVATE_KEY_PKCS1 = "-----BEGIN DSA PRIVATE KEY-----\n";
    private static final String BEGIN_PRIVATE_KEY_PKCS8 = "-----BEGIN PRIVATE KEY-----\n";
    private static final String BEGIN_RSA_PRIVATE_KEY_PKCS1 = "-----BEGIN RSA PRIVATE KEY-----\n";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    private static final String END_DSA_PRIVATE_KEY_PKCS1 = "-----END DSA PRIVATE KEY-----";
    private static final String END_PRIVATE_KEY_PKCS8 = "-----END PRIVATE KEY-----";
    private static final String END_RSA_PRIVATE_KEY_PKCS1 = "-----END RSA PRIVATE KEY-----";
    private static String TAG = "SDK:CertificateUtils";

    public CertificateUtils() {
        boolean z = RedirectProxy.redirect("CertificateUtils()", new Object[0], this, $PatchRedirect).isSupport;
    }

    public static String encodeCertificate(X509Certificate x509Certificate) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("encodeCertificate(java.security.cert.X509Certificate)", new Object[]{x509Certificate}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (String) redirect.result;
        }
        if (x509Certificate == null) {
            Log.e(TAG, "x509 certificate is null");
            return null;
        }
        String str = TAG;
        StringBuilder sb = new StringBuilder();
        sb.append("certificate information: ");
        sb.append("\n版本：v" + x509Certificate.getVersion() + "\n序列号：" + x509Certificate.getSerialNumber() + "\n签名算法：" + x509Certificate.getSigAlgName() + "\n颁发者：" + x509Certificate.getIssuerDN().getName() + "\n使用者：" + x509Certificate.getSubjectDN().getName() + "\n有效期：从" + x509Certificate.getNotBefore() + "到" + x509Certificate.getNotAfter() + "\n……");
        Log.i(str, sb.toString());
        byte[] encoded = x509Certificate.getEncoded();
        String str2 = TAG;
        StringBuilder sb2 = new StringBuilder();
        sb2.append("certificate data length: ");
        sb2.append(encoded.length);
        Log.i(str2, sb2.toString());
        return BEGIN_CERTIFICATE + Base64.encodeToString(encoded, 0) + END_CERTIFICATE;
    }

    public static String encodePrivateKey(RSAPrivateKey rSAPrivateKey) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("encodePrivateKey(java.security.interfaces.RSAPrivateKey)", new Object[]{rSAPrivateKey}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (String) redirect.result;
        }
        if (rSAPrivateKey == null) {
            Log.e(TAG, "rsa private key is null");
            return null;
        }
        String str = TAG;
        StringBuilder sb = new StringBuilder();
        sb.append("private key information: ");
        sb.append("\n格式：" + rSAPrivateKey.getFormat() + "\n签名算法：" + rSAPrivateKey.getAlgorithm() + "\n……");
        Log.i(str, sb.toString());
        byte[] encoded = rSAPrivateKey.getEncoded();
        String str2 = TAG;
        StringBuilder sb2 = new StringBuilder();
        sb2.append("private key data length: ");
        sb2.append(encoded.length);
        Log.i(str2, sb2.toString());
        return BEGIN_PRIVATE_KEY_PKCS8 + Base64.encodeToString(encoded, 0) + END_PRIVATE_KEY_PKCS8;
    }

    public static X509Certificate generateCertificate(boolean z, byte[] bArr) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("generateCertificate(boolean,byte[])", new Object[]{new Boolean(z), bArr}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (X509Certificate) redirect.result;
        }
        if (bArr == null) {
            Log.e(TAG, "x509 certificate data is null");
            return null;
        }
        Log.i(TAG, "generate certificate, isAsciiMode=" + z);
        if (z) {
            try {
                if (!new String(bArr, "UTF-8").contains(BEGIN_CERTIFICATE)) {
                    byte[] bytes = (BEGIN_CERTIFICATE + Base64.encodeToString(bArr, 0) + END_CERTIFICATE).getBytes("UTF-8");
                    Log.i(TAG, "certData base64 encode to string");
                    bArr = bytes;
                }
            } catch (UnsupportedEncodingException unused) {
                Log.e(TAG, "certData base64 encode to string: UnsupportedEncodingException");
                return null;
            }
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", BouncyCastleProvider.PROVIDER_NAME);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
            try {
                byteArrayInputStream.close();
            } catch (IOException unused2) {
                Log.e(TAG, "generate certificate: bais close failed");
            }
            return x509Certificate;
        } catch (NoSuchProviderException e2) {
            Log.e(TAG, "get certificate factory: NoSuchProviderException");
            throw new CertificateException(e2);
        }
    }

    public static X509Certificate generateCertificate(byte[] bArr) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("generateCertificate(byte[])", new Object[]{bArr}, null, $PatchRedirect);
        return redirect.isSupport ? (X509Certificate) redirect.result : generateCertificate(false, bArr);
    }

    public static RSAPrivateKey generatePrivateKey(boolean z, byte[] bArr) {
        String replace;
        RedirectProxy.Result redirect = RedirectProxy.redirect("generatePrivateKey(boolean,byte[])", new Object[]{new Boolean(z), bArr}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (RSAPrivateKey) redirect.result;
        }
        if (bArr == null) {
            Log.e(TAG, "private key data is null");
            return null;
        }
        Log.i(TAG, "generate private key, isAsciiMode=" + z);
        if (z) {
            try {
                String str = new String(bArr, "UTF-8");
                if (str.contains(BEGIN_DSA_PRIVATE_KEY_PKCS1)) {
                    replace = str.replace(BEGIN_DSA_PRIVATE_KEY_PKCS1, "").replace(END_DSA_PRIVATE_KEY_PKCS1, "");
                } else if (str.contains(BEGIN_RSA_PRIVATE_KEY_PKCS1)) {
                    replace = str.replace(BEGIN_RSA_PRIVATE_KEY_PKCS1, "").replace(END_RSA_PRIVATE_KEY_PKCS1, "");
                } else {
                    if (!str.contains(BEGIN_PRIVATE_KEY_PKCS8)) {
                        Log.e(TAG, "pkeyData not contains -----BEGIN DSA PRIVATE KEY-----\n or -----BEGIN RSA PRIVATE KEY-----\n or -----BEGIN PRIVATE KEY-----\n");
                        throw new InvalidKeySpecException("文本模式只支持BASE64编码的PKCS#1或PKCS#8格式的私钥数据");
                    }
                    replace = str.replace(BEGIN_PRIVATE_KEY_PKCS8, "").replace(END_PRIVATE_KEY_PKCS8, "");
                }
                bArr = Base64.decode(replace.trim().getBytes("UTF-8"), 0);
                Log.i(TAG, "certDataStr base64 decode to bytes");
            } catch (UnsupportedEncodingException unused) {
                Log.e(TAG, "pkeyData to string: UnsupportedEncodingException");
                return null;
            }
        }
        return (RSAPrivateKey) KeyFactory.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static RSAPrivateKey generatePrivateKey(byte[] bArr) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("generatePrivateKey(byte[])", new Object[]{bArr}, null, $PatchRedirect);
        return redirect.isSupport ? (RSAPrivateKey) redirect.result : generatePrivateKey(false, bArr);
    }

    public static KeyStore.PrivateKeyEntry loadPrivateKeyEntry(byte[] bArr, String str) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("loadPrivateKeyEntry(byte[],java.lang.String)", new Object[]{bArr, str}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (KeyStore.PrivateKeyEntry) redirect.result;
        }
        if (bArr == null) {
            Log.e(TAG, "p12 data is null");
            return null;
        }
        if (TextUtils.isEmpty(str)) {
            Log.e(TAG, "pswd is empty");
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        try {
            keyStore.load(new ByteArrayInputStream(bArr), passwordProtection.getPassword());
            Enumeration<String> aliases = keyStore.aliases();
            if (!aliases.hasMoreElements()) {
                Log.e(TAG, "enumerate certificate failed, alias not found in keystore");
                return null;
            }
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Log.i(TAG, "enumerate certificate success, found alias is " + nextElement);
                try {
                    KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
                    if (entry == null) {
                        Log.e(TAG, "entry is null");
                        throw new KeyStoreException(new NullPointerException("keystore entry is null"));
                    }
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        Log.i(TAG, "entry is private key");
                        return (KeyStore.PrivateKeyEntry) entry;
                    }
                    if (entry instanceof KeyStore.SecretKeyEntry) {
                        Log.i(TAG, "entry is secret key");
                    } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
                        Log.i(TAG, "entry is trusted certificate");
                    }
                } catch (NoSuchAlgorithmException e2) {
                    throw new KeyStoreException(e2);
                } catch (UnrecoverableEntryException e3) {
                    throw new KeyStoreException(e3);
                }
            }
            Log.i(TAG, "private key entry not found");
            return null;
        } catch (IOException e4) {
            throw new KeyStoreException(e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new KeyStoreException(e5);
        } catch (CertificateException e6) {
            throw new KeyStoreException(e6);
        }
    }
}
