package com.huawei.anyoffice.sdk.login;

import android.text.TextUtils;
import android.util.Base64;
import com.huawei.anyoffice.sdk.log.Log;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Enumeration;

/* loaded from: classes.dex */
public class CertificateUtils {
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
    private static final String BEGIN_DSA_PRIVATE_KEY_PKCS1 = "-----BEGIN DSA PRIVATE KEY-----\n";
    private static final String BEGIN_PRIVATE_KEY_PKCS8 = "-----BEGIN PRIVATE KEY-----\n";
    private static final String BEGIN_RSA_PRIVATE_KEY_PKCS1 = "-----BEGIN RSA PRIVATE KEY-----\n";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    private static final String END_DSA_PRIVATE_KEY_PKCS1 = "-----END DSA PRIVATE KEY-----";
    private static final String END_PRIVATE_KEY_PKCS8 = "-----END PRIVATE KEY-----";
    private static final String END_RSA_PRIVATE_KEY_PKCS1 = "-----END RSA PRIVATE KEY-----";
    private static String TAG = "SDK:CertificateUtils";

    public static String encodeCertificate(X509Certificate x509Certificate) throws CertificateEncodingException {
        if (x509Certificate == null) {
            Log.e(TAG, "x509 certificate is null");
            return null;
        }
        StringBuilder sb = new StringBuilder("\n");
        sb.append("版本：v").append(x509Certificate.getVersion()).append("\n");
        sb.append("序列号：").append(x509Certificate.getSerialNumber()).append("\n");
        sb.append("签名算法：").append(x509Certificate.getSigAlgName()).append("\n");
        sb.append("颁发者：").append(x509Certificate.getIssuerDN().getName()).append("\n");
        sb.append("使用者：").append(x509Certificate.getSubjectDN().getName()).append("\n");
        sb.append("有效期：").append("从").append(x509Certificate.getNotBefore()).append("到").append(x509Certificate.getNotAfter()).append("\n");
        sb.append("……");
        Log.i(TAG, "certificate information: " + sb.toString());
        byte[] encoded = x509Certificate.getEncoded();
        Log.i(TAG, "certificate data length: " + encoded.length);
        return "-----BEGIN CERTIFICATE-----\n" + Base64.encodeToString(encoded, 0) + END_CERTIFICATE;
    }

    public static String encodePrivateKey(RSAPrivateKey rSAPrivateKey) {
        if (rSAPrivateKey == null) {
            Log.e(TAG, "rsa private key is null");
            return null;
        }
        StringBuilder sb = new StringBuilder("\n");
        sb.append("格式：").append(rSAPrivateKey.getFormat()).append("\n");
        sb.append("签名算法：").append(rSAPrivateKey.getAlgorithm()).append("\n");
        sb.append("……");
        Log.i(TAG, "private key information: " + sb.toString());
        byte[] encoded = rSAPrivateKey.getEncoded();
        Log.i(TAG, "private key data length: " + encoded.length);
        return BEGIN_PRIVATE_KEY_PKCS8 + Base64.encodeToString(encoded, 0) + END_PRIVATE_KEY_PKCS8;
    }

    public static X509Certificate generateCertificate(boolean z, byte[] bArr) throws CertificateException {
        X509Certificate x509Certificate = null;
        if (bArr == null) {
            Log.e(TAG, "x509 certificate data is null");
        } else {
            Log.i(TAG, "generate certificate, isAsciiMode=" + z);
            if (z) {
                try {
                    if (!new String(bArr, "UTF-8").contains("-----BEGIN CERTIFICATE-----\n")) {
                        bArr = ("-----BEGIN CERTIFICATE-----\n" + Base64.encodeToString(bArr, 0) + END_CERTIFICATE).getBytes("UTF-8");
                        Log.i(TAG, "certData base64 encode to string");
                    }
                } catch (UnsupportedEncodingException e) {
                    Log.e(TAG, "certData base64 encode to string: UnsupportedEncodingException");
                }
            }
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance(com.huawei.byod.util.CertificateUtils.X509, "BC");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                try {
                    byteArrayInputStream.close();
                } catch (IOException e2) {
                    Log.e(TAG, "generate certificate: bais close failed");
                }
            } catch (NoSuchProviderException e3) {
                Log.e(TAG, "get certificate factory: NoSuchProviderException");
                throw new CertificateException(e3);
            }
        }
        return x509Certificate;
    }

    public static X509Certificate generateCertificate(byte[] bArr) throws CertificateException {
        return generateCertificate(false, bArr);
    }

    public static RSAPrivateKey generatePrivateKey(boolean z, byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        String replace;
        if (bArr == null) {
            Log.e(TAG, "private key data is null");
            return null;
        }
        Log.i(TAG, "generate private key, isAsciiMode=" + z);
        if (z) {
            try {
                String str = new String(bArr, "UTF-8");
                if (str.contains(BEGIN_DSA_PRIVATE_KEY_PKCS1)) {
                    replace = str.replace(BEGIN_DSA_PRIVATE_KEY_PKCS1, "").replace(END_DSA_PRIVATE_KEY_PKCS1, "");
                } else if (str.contains(BEGIN_RSA_PRIVATE_KEY_PKCS1)) {
                    replace = str.replace(BEGIN_RSA_PRIVATE_KEY_PKCS1, "").replace(END_RSA_PRIVATE_KEY_PKCS1, "");
                } else {
                    if (!str.contains(BEGIN_PRIVATE_KEY_PKCS8)) {
                        Log.e(TAG, "pkeyData not contains -----BEGIN DSA PRIVATE KEY-----\n or -----BEGIN RSA PRIVATE KEY-----\n or -----BEGIN PRIVATE KEY-----\n");
                        throw new InvalidKeySpecException("文本模式只支持BASE64编码的PKCS#1或PKCS#8格式的私钥数据");
                    }
                    replace = str.replace(BEGIN_PRIVATE_KEY_PKCS8, "").replace(END_PRIVATE_KEY_PKCS8, "");
                }
                bArr = Base64.decode(replace.trim().getBytes("UTF-8"), 0);
                Log.i(TAG, "certDataStr base64 decode to bytes");
            } catch (UnsupportedEncodingException e) {
                Log.e(TAG, "pkeyData to string: UnsupportedEncodingException");
                return null;
            }
        }
        return (RSAPrivateKey) KeyFactory.getInstance("RSA", "BC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static RSAPrivateKey generatePrivateKey(byte[] bArr) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException {
        return generatePrivateKey(false, bArr);
    }

    public static KeyStore.PrivateKeyEntry loadPrivateKeyEntry(byte[] bArr, String str) throws KeyStoreException {
        if (bArr == null) {
            Log.e(TAG, "p12 data is null");
            return null;
        }
        if (TextUtils.isEmpty(str)) {
            Log.e(TAG, "pswd is empty");
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        try {
            keyStore.load(new ByteArrayInputStream(bArr), passwordProtection.getPassword());
            Enumeration<String> aliases = keyStore.aliases();
            if (!aliases.hasMoreElements()) {
                Log.e(TAG, "enumerate certificate failed, alias not found in keystore");
                return null;
            }
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Log.i(TAG, "enumerate certificate success, found alias is " + nextElement);
                try {
                    KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
                    if (entry == null) {
                        Log.e(TAG, "entry is null");
                        throw new KeyStoreException(new NullPointerException("keystore entry is null"));
                    }
                    if (entry instanceof KeyStore.PrivateKeyEntry) {
                        Log.i(TAG, "entry is private key");
                        return (KeyStore.PrivateKeyEntry) entry;
                    }
                    if (entry instanceof KeyStore.SecretKeyEntry) {
                        Log.i(TAG, "entry is secret key");
                    } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
                        Log.i(TAG, "entry is trusted certificate");
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new KeyStoreException(e);
                } catch (UnrecoverableEntryException e2) {
                    throw new KeyStoreException(e2);
                }
            }
            Log.i(TAG, "private key entry not found");
            return null;
        } catch (IOException e3) {
            throw new KeyStoreException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyStoreException(e4);
        } catch (CertificateException e5) {
            throw new KeyStoreException(e5);
        }
    }
}
