package com.samsung.android.knox.ucm.core.jcajce;

import android.os.Bundle;
import android.os.Process;
import android.security.keystore.KeyProtection;
import android.util.Log;
import com.samsung.android.knox.ucm.core.UniversalCredentialUtil;
import com.samsung.android.knox.ucm.plugin.agent.UcmAgentProviderImpl;
import com.samsung.android.knox.ucm.plugin.agent.UcmAgentService;
import com.samsung.android.security.mdf.MdfUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.Vector;
import javax.crypto.SecretKey;

/* loaded from: classes4.dex */
public final class UcmKeystore extends KeyStoreSpi {
    public static final String NAME = "KNOX";
    public static final String TAG = "UcmKeystore";
    public String mSource;

    public UcmKeystore(String str) {
        this.mSource = str;
    }

    @Override // java.security.KeyStoreSpi
    public final Enumeration<String> engineAliases() {
        Log.d("UcmKeystore", "engineAliases ");
        Bundle saw = UniversalCredentialUtil.getInstance().saw(new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).build(), 1);
        String[] stringArray = saw != null ? saw.getStringArray(UcmAgentService.PLUGIN_STRINGARRAY_RESPONSE) : null;
        if (stringArray == null || stringArray.length == 0) {
            return null;
        }
        Vector vector = new Vector();
        for (String str : stringArray) {
            vector.add(str);
        }
        return vector.elements();
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineContainsAlias(String str) {
        Log.d("UcmKeystore", "engineContainsAlias " + str);
        Bundle saw = UniversalCredentialUtil.getInstance().saw(new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).setAlias(str).build(), 1);
        String[] stringArray = saw != null ? saw.getStringArray(UcmAgentService.PLUGIN_STRINGARRAY_RESPONSE) : null;
        if (stringArray == null) {
            return false;
        }
        for (String str2 : stringArray) {
            if (str2 != null && str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public final void engineDeleteEntry(String str) throws KeyStoreException {
        Log.d("UcmKeystore", "engineDeleteEntry " + str);
        Bundle delete = UniversalCredentialUtil.getInstance().delete(new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).setAlias(str).build());
        if (delete != null ? delete.getBoolean(UcmAgentService.PLUGIN_BOOLEAN_RESPONSE) : false) {
            return;
        }
        throw new KeyStoreException("failed to delete entry " + str);
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate engineGetCertificate(String str) {
        Log.d("UcmKeystore", "engineGetCertificate " + str);
        Certificate[] engineGetCertificateChain = engineGetCertificateChain(str);
        if (engineGetCertificateChain != null) {
            return engineGetCertificateChain[0];
        }
        Log.d("UcmKeystore", "engineGetCertificate empty");
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final String engineGetCertificateAlias(Certificate certificate) {
        Log.d("UcmKeystore", "engineGetCertificateAlias ");
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate[] engineGetCertificateChain(String str) {
        Log.d("UcmKeystore", "engineGetCertificateChain " + str);
        Bundle certificateChain = UniversalCredentialUtil.getInstance().getCertificateChain(new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).setAlias(str).build());
        byte[] byteArray = certificateChain != null ? certificateChain.getByteArray(UcmAgentService.PLUGIN_BYTEARRAY_RESPONSE) : null;
        if (byteArray == null || byteArray.length == 0) {
            Log.d("UcmKeystore", "getCertificateChain null");
            return null;
        }
        try {
            List list = (List) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(byteArray));
            return (Certificate[]) list.toArray(new Certificate[list.size()]);
        } catch (CertificateException e10) {
            e10.printStackTrace();
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Date engineGetCreationDate(String str) {
        Log.d("UcmKeystore", "engineGetCreationDate " + str);
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public final Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        Log.d("UcmKeystore", "engineGetKey " + str);
        String build = new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).setAlias(str).build();
        UniversalCredentialUtil universalCredentialUtil = UniversalCredentialUtil.getInstance();
        Bundle keyType = universalCredentialUtil.getKeyType(build);
        if (keyType == null) {
            Log.d("UcmKeystore", "engineGetKey response is null");
            return null;
        }
        boolean z7 = keyType.getBoolean(UcmAgentService.PLUGIN_BOOLEAN_RESPONSE);
        Log.d("UcmKeystore", "getKeyType: boolean result = " + z7 + " error code = " + keyType.getInt(UcmAgentService.PLUGIN_ERROR_CODE));
        if (!z7) {
            throw new UnrecoverableKeyException("Key not found");
        }
        int i10 = keyType.getInt(UcmAgentService.PLUGIN_KEY_TYPE_RESPONSE);
        String string = keyType.getString(UcmAgentService.PLUGIN_STRING_RESPONSE);
        Log.d("UcmKeystore", "getKeyType = " + i10 + "; algorithm = " + string);
        if (i10 == 1) {
            return universalCredentialUtil.getSecretKey(build, string);
        }
        if (i10 == 2) {
            return universalCredentialUtil.getPrivateKey(build);
        }
        throw new UnrecoverableKeyException("Key type not supported");
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsCertificateEntry(String str) {
        Log.d("UcmKeystore", "engineIsCertificateEntry " + str);
        return false;
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsKeyEntry(String str) {
        Log.d("UcmKeystore", "engineIsKeyEntry " + str);
        return engineContainsAlias(str);
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        Log.d("UcmKeystore", "engineLoad");
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        Log.d("UcmKeystore", "engineSetCertificateEntry " + str);
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        Log.d("UcmKeystore", "engineSetEntry(): alias=" + str + "; entry=" + entry + "; param=" + protectionParameter);
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            super.engineSetEntry(str, entry, protectionParameter);
            return;
        }
        if (protectionParameter != null && !(protectionParameter instanceof KeyProtection)) {
            throw new KeyStoreException("Usupported protection parameter class, only KeyProtection parameter is supported for SecretKeyEntry");
        }
        SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        if (secretKey == null) {
            throw new KeyStoreException("Key is null");
        }
        importKey(str, secretKey, (KeyProtection) protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        byte[] bArr;
        String str2;
        Log.d("UcmKeystore", "engineSetKeyEntry " + str);
        if (cArr != null && cArr.length > 0) {
            throw new KeyStoreException("entries cannot be protected with passwords");
        }
        if (key == null || key.getEncoded() == null) {
            Log.d("UcmKeystore", "key.getEncoded() == null " + str);
            bArr = null;
            str2 = null;
        } else {
            Log.d("UcmKeystore", "key.getEncoded() is not null " + str);
            String format = key.getFormat();
            str2 = key.getAlgorithm();
            if (format == null || !("PKCS#8".equals(format) || MdfUtils.KEYPROP_KEY_ALGORITHM_AES.equals(str2))) {
                throw new KeyStoreException("Key format not supported");
            }
            bArr = key.getEncoded();
            if (bArr == null) {
                throw new KeyStoreException("PrivateKey has no encoding");
            }
        }
        if (key instanceof PrivateKey) {
            importKeyPair(str, bArr, certificateArr, str2);
        } else {
            if (!(key instanceof SecretKey)) {
                throw new KeyStoreException("Key not supported");
            }
            importKey(str, (SecretKey) key, null);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException("Can not determine the encoding");
    }

    @Override // java.security.KeyStoreSpi
    public final int engineSize() {
        Log.d("UcmKeystore", "engineSize ");
        Bundle saw = UniversalCredentialUtil.getInstance().saw(new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).build(), 1);
        String[] stringArray = saw != null ? saw.getStringArray(UcmAgentService.PLUGIN_STRINGARRAY_RESPONSE) : null;
        if (stringArray != null) {
            return stringArray.length;
        }
        return 0;
    }

    @Override // java.security.KeyStoreSpi
    public final void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new UnsupportedOperationException("Can not serialize to OutputStream");
    }

    public final void importKey(String str, SecretKey secretKey, KeyProtection keyProtection) throws KeyStoreException {
        String build = new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).setAlias(str).build();
        UniversalCredentialUtil universalCredentialUtil = UniversalCredentialUtil.getInstance();
        if (engineContainsAlias(str)) {
            Bundle delete = universalCredentialUtil.delete(build);
            if (!(delete != null ? delete.getBoolean(UcmAgentService.PLUGIN_BOOLEAN_RESPONSE) : false)) {
                throw new KeyStoreException("failed to replace key " + str);
            }
        }
        Bundle bundle = new Bundle();
        bundle.putSerializable(UcmAgentProviderImpl.UcmAgentSpiProperty.KEY_SECRET_KEY, secretKey);
        if (keyProtection != null) {
            bundle.putBoolean(UcmAgentProviderImpl.KEY_EXTRA_RANDOMIZED_ENCRYPTION, keyProtection.isRandomizedEncryptionRequired());
            bundle.putString(UcmAgentProviderImpl.KEY_EXTRA_BLOCK_MODES, keyProtection.getBlockModes()[0]);
            bundle.putString(UcmAgentProviderImpl.KEY_EXTRA_SIGNATURE_PADDINGS, keyProtection.getEncryptionPaddings()[0]);
            bundle.putInt(UcmAgentProviderImpl.KEY_EXTRA_PURPOSE, keyProtection.getPurposes());
        }
        Bundle importKey = universalCredentialUtil.importKey(build, bundle);
        if (importKey != null ? importKey.getBoolean(UcmAgentService.PLUGIN_BOOLEAN_RESPONSE) : false) {
            return;
        }
        throw new KeyStoreException("failed to import keypair " + str);
    }

    public final void importKeyPair(String str, byte[] bArr, Certificate[] certificateArr, String str2) throws KeyStoreException {
        if (certificateArr == null || certificateArr.length == 0) {
            throw new KeyStoreException("failed to import keypair");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (Certificate certificate : certificateArr) {
            try {
                byteArrayOutputStream.write(certificate.getEncoded());
            } catch (IOException e10) {
                e10.printStackTrace();
            } catch (CertificateEncodingException e11) {
                e11.printStackTrace();
            }
        }
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        UniversalCredentialUtil universalCredentialUtil = UniversalCredentialUtil.getInstance();
        String build = new UniversalCredentialUtil.UcmUriBuilder(this.mSource).setResourceId(2).setUid(Process.myUid()).setAlias(str).build();
        if (engineContainsAlias(str) && bArr != null) {
            Bundle delete = universalCredentialUtil.delete(build);
            if (!(delete != null ? delete.getBoolean(UcmAgentService.PLUGIN_BOOLEAN_RESPONSE) : false)) {
                throw new KeyStoreException("failed to replace keypair " + str);
            }
        }
        Bundle bundle = new Bundle();
        bundle.putString(UcmAgentProviderImpl.UcmAgentSpiProperty.KEY_ALGORITHM, str2);
        Bundle importKeyPair = universalCredentialUtil.importKeyPair(build, bArr, byteArray, bundle);
        if (importKeyPair != null ? importKeyPair.getBoolean(UcmAgentService.PLUGIN_BOOLEAN_RESPONSE) : false) {
            return;
        }
        throw new KeyStoreException("failed to import keypair " + str);
    }
}
