package com.bmwgroup.connected.sdk.internal.remoting.pairing;

import com.bmwgroup.connected.sdk.internal.remoting.security.model.PairingConfiguration;
import com.bmwgroup.connected.sdk.internal.remoting.security.model.certificates.CertificateStore;
import com.bmwgroup.connected.sdk.internal.remoting.security.model.certificates.exceptions.CannotGetCertificateException;
import com.bmwgroup.connected.sdk.internal.remoting.security.model.certificates.exceptions.CannotStoreCertificateException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;

/* loaded from: classes2.dex */
public class CertificateStoreUtil {
    private static Certificate generateCertificate(byte[] bArr) throws CertificateException {
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr));
            if (generateCertificates.isEmpty()) {
                throw new CannotGetCertificateException(String.format("No certificate present in provided bytestream sha256: [%s]", HashUtil.getSha256(bArr)));
            }
            return (Certificate) new ArrayList(generateCertificates).get(0);
        } catch (Exception e10) {
            timber.log.a.p("Unable to generate certificate object from bytestream with sha256 [%s]", HashUtil.getSha256(bArr));
            throw new CertificateException(e10.getMessage(), e10.getCause());
        }
    }

    private static String getAliasFromHeadUnitKeystore(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases;
        if (keyStore == null || (aliases = keyStore.aliases()) == null) {
            return null;
        }
        String nextElement = aliases.nextElement();
        if (aliases.hasMoreElements()) {
            throw new KeyStoreException("The given keystore contains more than one alias");
        }
        return nextElement;
    }

    private static Certificate getCertificateFromKeystore(KeyStore keyStore) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (keyStore == null) {
            return null;
        }
        String aliasFromHeadUnitKeystore = getAliasFromHeadUnitKeystore(keyStore);
        if (keyStore.containsAlias(aliasFromHeadUnitKeystore)) {
            return keyStore.getCertificate(aliasFromHeadUnitKeystore);
        }
        throw new KeyStoreException("Could not retrieve the certificate from the HU keystore");
    }

    private static PrivateKey getPrivateKeyFromKeystore(KeyStore keyStore, char[] cArr) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        if (keyStore == null || cArr == null) {
            return null;
        }
        String aliasFromHeadUnitKeystore = getAliasFromHeadUnitKeystore(keyStore);
        if (!keyStore.containsAlias(aliasFromHeadUnitKeystore)) {
            throw new KeyStoreException("Could not retrieve the PrivateKey from the HU keystore");
        }
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(aliasFromHeadUnitKeystore, cArr);
        try {
            keyStore.getEntry(aliasFromHeadUnitKeystore, null);
        } catch (UnrecoverableEntryException e10) {
            e10.printStackTrace();
        }
        return privateKey;
    }

    private static KeyStore loadKeystore(byte[] bArr, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new ByteArrayInputStream(bArr), cArr);
        return keyStore;
    }

    public byte[] getLastConnectedAcl(CertificateStore certificateStore, String str) throws CannotStoreCertificateException {
        try {
            if (certificateStore.hasCertificate(str)) {
                return certificateStore.getCertificate(str).getEncoded();
            }
            return null;
        } catch (CannotGetCertificateException | KeyStoreException | CertificateEncodingException e10) {
            throw new CannotStoreCertificateException("could not retrieve acl from Keystore", e10);
        }
    }

    public Boolean isAclTheSame(PairingConfiguration pairingConfiguration, String str) throws CannotStoreCertificateException, CertificateException {
        return Boolean.valueOf(Arrays.equals(getLastConnectedAcl(pairingConfiguration.getAclCertificateStore(), str), generateCertificate(pairingConfiguration.getACL()).getEncoded()));
    }

    public void saveHUKeystoreInCertificateStore(CertificateStore certificateStore, String str, byte[] bArr, char[] cArr) throws CannotStoreCertificateException {
        try {
            KeyStore loadKeystore = loadKeystore(bArr, cArr);
            try {
                certificateStore.storeCertificate(str, getCertificateFromKeystore(loadKeystore), getPrivateKeyFromKeystore(loadKeystore, cArr));
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e10) {
                throw new CannotStoreCertificateException("could not store the Keystore received from the HU", e10);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e11) {
            throw new CannotStoreCertificateException("could not load the KeyStore received from the HeadUnit", e11);
        }
    }

    public void saveLastUsedAclInKeystore(CertificateStore certificateStore, String str, byte[] bArr) throws CannotStoreCertificateException {
        if (bArr == null || bArr.length == 0) {
            timber.log.a.n("Trying to save an empty or null ACL. Ignoring", new Object[0]);
            return;
        }
        try {
            certificateStore.storeCertificate(str, generateCertificate(bArr), null);
        } catch (CertificateException e10) {
            throw new CannotStoreCertificateException("Could not save certificate inside keystore", e10);
        }
    }
}
