package com.microsoft.azure.sdk.iot.provisioning.security;

import com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.UUID;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes86.dex */
public abstract class SecurityProviderX509 extends SecurityProvider {
    private static final String ALIAS_CERT_ALIAS = "ALIAS_CERT";

    private SSLContext generateSSLContext(X509Certificate x509Certificate, Key key, Collection<X509Certificate> collection) throws NoSuchProviderException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, CertificateException, SecurityProviderException {
        if (x509Certificate == null || key == null || collection == null) {
            throw new IllegalArgumentException("cert or private key cannot be null");
        }
        String uuid = UUID.randomUUID().toString();
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        KeyStore keyStoreWithTrustedCerts = getKeyStoreWithTrustedCerts();
        if (keyStoreWithTrustedCerts == null) {
            throw new SecurityProviderException("Key store with trusted certs cannot be null");
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[collection.size() + 1];
        int i = 0 + 1;
        x509CertificateArr[0] = x509Certificate;
        Iterator<X509Certificate> it = collection.iterator();
        while (true) {
            int i2 = i;
            if (!it.hasNext()) {
                keyStoreWithTrustedCerts.setKeyEntry(ALIAS_CERT_ALIAS, key, uuid.toCharArray(), x509CertificateArr);
                sSLContext.init(new KeyManager[]{getDefaultX509KeyManager(keyStoreWithTrustedCerts, uuid)}, new TrustManager[]{getDefaultX509TrustManager(keyStoreWithTrustedCerts)}, new SecureRandom());
                return sSLContext;
            }
            i = i2 + 1;
            x509CertificateArr[i2] = it.next();
        }
    }

    private KeyManager getDefaultX509KeyManager(KeyStore keyStore, String str) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, SecurityProviderException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
            if (keyManager instanceof X509KeyManager) {
                return keyManager;
            }
        }
        throw new SecurityProviderException("Could not retrieve X509 Key Manager");
    }

    private TrustManager getDefaultX509TrustManager(KeyStore keyStore) throws NoSuchAlgorithmException, KeyStoreException, SecurityProviderException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
            if (trustManager instanceof X509TrustManager) {
                return trustManager;
            }
        }
        throw new SecurityProviderException("Could not retrieve X509 trust manager");
    }

    public abstract X509Certificate getClientCertificate();

    public abstract String getClientCertificateCommonName();

    public abstract Key getClientPrivateKey();

    public abstract Collection<X509Certificate> getIntermediateCertificatesChain();

    @Override // com.microsoft.azure.sdk.iot.provisioning.security.SecurityProvider
    public String getRegistrationId() throws SecurityProviderException {
        return getClientCertificateCommonName();
    }

    @Override // com.microsoft.azure.sdk.iot.provisioning.security.SecurityProvider
    public SSLContext getSSLContext() throws SecurityProviderException {
        try {
            return generateSSLContext(getClientCertificate(), getClientPrivateKey(), getIntermediateCertificatesChain());
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e) {
            throw new SecurityProviderException(e);
        }
    }
}
