package com.microsoft.azure.sdk.iot.deps.auth;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.UUID;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: classes28.dex */
public class IotHubSSLContext {
    private static final String CERTIFICATE_ALIAS = "cert-alias";
    private static final String PRIVATE_KEY_ALIAS = "key-alias";
    private static final String SSL_CONTEXT_INSTANCE = "TLSv1.2";
    private static final String TRUSTED_IOT_HUB_CERT_PREFIX = "trustedIotHubCert-";
    private SSLContext sslContext;

    public IotHubSSLContext() throws KeyStoreException, KeyManagementException, IOException, CertificateException, NoSuchAlgorithmException {
        this.sslContext = null;
        generateDefaultSSLContext(new IotHubCertificateManager());
    }

    public IotHubSSLContext(String str, String str2) throws KeyManagementException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        this.sslContext = null;
        generateSSLContextWithKeys(str, str2, new IotHubCertificateManager());
    }

    public IotHubSSLContext(String str, String str2, String str3, boolean z) throws KeyStoreException, KeyManagementException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        this.sslContext = null;
        IotHubCertificateManager iotHubCertificateManager = new IotHubCertificateManager();
        if (z) {
            iotHubCertificateManager.setValidCertPath(str3);
        } else {
            iotHubCertificateManager.setValidCert(str3);
        }
        generateSSLContextWithKeys(str, str2, iotHubCertificateManager);
    }

    public IotHubSSLContext(String str, boolean z) throws KeyStoreException, KeyManagementException, IOException, CertificateException, NoSuchAlgorithmException {
        this.sslContext = null;
        IotHubCertificateManager iotHubCertificateManager = new IotHubCertificateManager();
        if (z) {
            iotHubCertificateManager.setValidCertPath(str);
        } else {
            iotHubCertificateManager.setValidCert(str);
        }
        generateDefaultSSLContext(iotHubCertificateManager);
    }

    public IotHubSSLContext(SSLContext sSLContext) {
        this.sslContext = null;
        if (sSLContext == null) {
            throw new IllegalArgumentException("sslContext cannot be null");
        }
        this.sslContext = sSLContext;
    }

    private void generateDefaultSSLContext(IotHubCertificateManager iotHubCertificateManager) throws KeyStoreException, IOException, CertificateException, KeyManagementException, NoSuchAlgorithmException {
        this.sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE);
        this.sslContext.init(null, generateTrustManagerFactory(iotHubCertificateManager, null).getTrustManagers(), new SecureRandom());
    }

    private void generateSSLContextWithKeys(String str, String str2, IotHubCertificateManager iotHubCertificateManager) throws KeyManagementException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Key parsePrivateKey = parsePrivateKey(str2);
        Collection<X509Certificate> parsePublicKeyCertificate = parsePublicKeyCertificate(str);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) parsePublicKeyCertificate.toArray(new X509Certificate[parsePublicKeyCertificate.size()]);
        char[] generateTemporaryPassword = generateTemporaryPassword();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        keyStore.setCertificateEntry(CERTIFICATE_ALIAS, x509CertificateArr[0]);
        keyStore.setKeyEntry(PRIVATE_KEY_ALIAS, parsePrivateKey, generateTemporaryPassword, x509CertificateArr);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, generateTemporaryPassword);
        TrustManagerFactory generateTrustManagerFactory = generateTrustManagerFactory(iotHubCertificateManager, keyStore);
        this.sslContext = SSLContext.getInstance(SSL_CONTEXT_INSTANCE);
        this.sslContext.init(keyManagerFactory.getKeyManagers(), generateTrustManagerFactory.getTrustManagers(), new SecureRandom());
    }

    private char[] generateTemporaryPassword() {
        return UUID.randomUUID().toString().toCharArray();
    }

    private TrustManagerFactory generateTrustManagerFactory(IotHubCertificateManager iotHubCertificateManager, KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
        if (keyStore == null) {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
        }
        Iterator<? extends Certificate> it = iotHubCertificateManager.getCertificateCollection().iterator();
        while (it.hasNext()) {
            keyStore.setCertificateEntry(TRUSTED_IOT_HUB_CERT_PREFIX + UUID.randomUUID(), it.next());
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static Key getPrivateKey(Object obj) throws IOException {
        if (obj instanceof PEMKeyPair) {
            return new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) obj).getPrivate();
        }
        if (obj instanceof PrivateKeyInfo) {
            return new JcaPEMKeyConverter().getPrivateKey((PrivateKeyInfo) obj);
        }
        throw new IOException("Unable to parse private key, type unknown");
    }

    private static Key parsePrivateKey(String str) throws CertificateException {
        try {
            Security.addProvider(new BouncyCastleProvider());
            return getPrivateKey(new PEMParser(new StringReader(str)).readObject());
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    private static Collection<X509Certificate> parsePublicKeyCertificate(String str) throws CertificateException {
        try {
            ArrayList arrayList = new ArrayList();
            Security.addProvider(new BouncyCastleProvider());
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            PemReader pemReader = new PemReader(new StringReader(str));
            while (true) {
                try {
                    PemObject readPemObject = pemReader.readPemObject();
                    if (readPemObject == null) {
                        break;
                    }
                    byte[] content = readPemObject.getContent();
                    if (content.length <= 0) {
                        break;
                    }
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(content);
                    while (byteArrayInputStream.available() > 0) {
                        Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                        if (generateCertificate instanceof X509Certificate) {
                            arrayList.add((X509Certificate) generateCertificate);
                        }
                    }
                } finally {
                    pemReader.close();
                }
            }
            return arrayList;
        } catch (Exception e) {
            throw new CertificateException(e);
        }
    }

    public SSLContext getSSLContext() {
        return this.sslContext;
    }
}
