package com.amazon.whisperlink.feature.security.core;

import android.content.Context;
import com.amazon.whisperlink.core.platform.PlatformCoreManager;
import com.amazon.whisperlink.feature.security.android.AbstractCertificateSource;
import com.amazon.whisperlink.port.android.feature.AndroidApplicationContext;
import com.amazon.whisperlink.util.EncryptionUtil;
import com.amazon.whisperlink.util.Log;
import com.amazon.whisperlink.util.ThreadUtils;
import com.amazon.whisperplay.feature.security.CertificateSourceFeature;
import com.amazon.whisperplay.thrift.TApplicationException;
import com.android.org.bouncycastle.asn1.x509.X509Name;
import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;

/* loaded from: classes2.dex */
public final class CertificateSourceCoreImplementation extends AbstractCertificateSource {
    private static final int CERT_EXPIRY = 365;
    private static final String TAG = "CertificateSourceCoreImplementation";

    private X509Certificate makeCertificate(PrivateKey privateKey, PublicKey publicKey, X509Name x509Name, X509Name x509Name2) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException {
        Log.info(TAG, "Creating Cert");
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, CERT_EXPIRY);
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(EncryptionUtil.randomGenerator.nextInt(Integer.MAX_VALUE)));
        x509V3CertificateGenerator.setIssuerDN(x509Name);
        x509V3CertificateGenerator.setSubjectDN(x509Name2);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setNotBefore(new Date());
        x509V3CertificateGenerator.setNotAfter(calendar.getTime());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSA");
        return x509V3CertificateGenerator.generate(privateKey);
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public void clearCertificate(Context context) {
        try {
            Log.debug(TAG, "Clearing Cert", new Exception());
            clearKeyStore(context);
            fireCertChanged();
            ThreadUtils.postToWPThread("CertificateSourceCoreImplementation_restartRouters", new Runnable() { // from class: com.amazon.whisperlink.feature.security.core.CertificateSourceCoreImplementation.1
                @Override // java.lang.Runnable
                public void run() {
                    PlatformCoreManager.getPlatformManager().reStartSecureRouters();
                }
            });
        } catch (IOException unused) {
            Log.warning(TAG, "Error clearing certs");
        }
    }

    @Override // com.amazon.whisperlink.feature.security.android.AbstractCertificateSource
    public Certificate createCertificate(Context context, PrivateKey privateKey, PublicKey publicKey, String str, String str2) throws CertificateEncodingException, InvalidKeyException, IllegalStateException, NoSuchAlgorithmException, SignatureException {
        return makeCertificate(privateKey, publicKey, new X509Name(str), new X509Name(str2));
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public Certificate generateCertificate(String str, String str2) throws Exception {
        AndroidApplicationContext androidApplicationContext = (AndroidApplicationContext) PlatformCoreManager.getPlatformManager().getFeature(AndroidApplicationContext.class);
        Log.info(TAG, "Creating App Cert");
        try {
            return makeCertificate((PrivateKey) getKeyStore(androidApplicationContext.getAndroidContext()).getKey(CertificateSourceFeature.WP_KEY_ENTRY_ALIAS, getPassword(androidApplicationContext.getAndroidContext()).toCharArray()), getPublicKeyFromString(str), new X509Name(getName("WhisperPlay", "Amazon")), new X509Name(str2));
        } catch (Exception e) {
            Log.error(TAG, "Error creating app cert", e);
            throw new TApplicationException(6);
        }
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public String getPrivateKeyString() {
        AndroidApplicationContext androidApplicationContext = (AndroidApplicationContext) PlatformCoreManager.getPlatformManager().getFeature(AndroidApplicationContext.class);
        try {
            return getPrivateKeyString((PrivateKey) getKeyStore(androidApplicationContext.getAndroidContext()).getKey(CertificateSourceFeature.WP_KEY_ENTRY_ALIAS, getPassword(androidApplicationContext.getAndroidContext()).toCharArray()));
        } catch (Exception unused) {
            Log.error(TAG, "Error getting the private key");
            return null;
        }
    }

    protected String getPrivateKeyString(PrivateKey privateKey) {
        String algorithm = privateKey.getAlgorithm();
        byte[] encoded = privateKey.getEncoded();
        byte[] bytes = algorithm.getBytes(Charset.forName("UTF-8"));
        byte[] bArr = new byte[encoded.length + bytes.length + 1];
        bArr[0] = (byte) bytes.length;
        System.arraycopy(bytes, 0, bArr, 1, bytes.length);
        System.arraycopy(encoded, 0, bArr, bytes.length + 1, encoded.length);
        return EncryptionUtil.base64Encode(bArr);
    }

    @Override // com.amazon.whisperplay.feature.security.CertificateSourceFeature
    public boolean verifyLoadedCertificate() {
        return getCertificate() != null;
    }
}
