package ru.softrust.mismobile.cryptopro;

import android.content.Context;
import android.content.res.AssetManager;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TuplesKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import ru.CryptoPro.AdES.Options;
import ru.CryptoPro.CAdES.CAdESSignature;
import ru.CryptoPro.CAdES.CAdESType;
import ru.CryptoPro.JCSP.CSPConfig;
import ru.CryptoPro.JCSP.JCSP;
import ru.CryptoPro.JCSP.support.BKSTrustStore;
import ru.cprocsp.ACSP.tools.common.HexString;
import ru.softrust.mismobile.cryptopro.CAdESSignVerifyOrXMLDSig;
import ru.softrust.mismobile.rutoken.RutokenStoreType;
import timber.log.Timber;

/* compiled from: KeyStoreUtil.kt */
@Metadata(d1 = {"\u0000\\\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010 \n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\bÆ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0016\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\b0\f2\b\b\u0002\u0010\r\u001a\u00020\bJ(\u0010\u000e\u001a\u001a\u0012\u0016\u0012\u0014\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\b0\u000f0\f2\b\b\u0002\u0010\r\u001a\u00020\bJ\u001e\u0010\u0010\u001a\u001a\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00120\f\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00130\f0\u0011J\u0010\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0017H\u0002J\u0018\u0010\u0018\u001a\u00020\u00152\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u0012H\u0002J@\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\u0006\u0010\u001e\u001a\u00020\b2\u001e\u0010\u001f\u001a\u001a\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00120\f\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00130\f0\u00112\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010 \u001a\u00020!R\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006R\u0011\u0010\u0007\u001a\u00020\b¢\u0006\b\n\u0000\u001a\u0004\b\t\u0010\n¨\u0006\""}, d2 = {"Lru/softrust/mismobile/cryptopro/KeyStoreUtil;", "", "()V", "DEFAULT_PROVIDER", "Ljava/security/Provider;", "getDEFAULT_PROVIDER", "()Ljava/security/Provider;", "trustStore", "", "getTrustStore", "()Ljava/lang/String;", "aliasesAll", "", "storeType", "getCertsWithInfo", "Lkotlin/Triple;", "getNfcCert", "Lkotlin/Pair;", "Ljava/security/cert/X509Certificate;", "Ljava/security/PrivateKey;", "installTrust", "", "context", "Landroid/content/Context;", "saveTrustCert", "trustStoreFile", "Ljava/io/File;", "trustCert", "signByNfc", "", "dataToSign", "nfcData", "isDsig", "", "app_prodRelease"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes4.dex */
public final class KeyStoreUtil {
    public static final KeyStoreUtil INSTANCE = new KeyStoreUtil();
    private static final Provider DEFAULT_PROVIDER = new JCSP();
    private static final String trustStore = CSPConfig.getBksTrustStore() + ((Object) File.separator) + "cacerts";

    private KeyStoreUtil() {
    }

    public static /* synthetic */ List aliasesAll$default(KeyStoreUtil keyStoreUtil, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = "HDIMAGE";
        }
        return keyStoreUtil.aliasesAll(str);
    }

    public static /* synthetic */ List getCertsWithInfo$default(KeyStoreUtil keyStoreUtil, String str, int i, Object obj) {
        if ((i & 1) != 0) {
            str = "HDIMAGE";
        }
        return keyStoreUtil.getCertsWithInfo(str);
    }

    private final void installTrust(Context context) {
        File file = new File(trustStore);
        AssetManager assets = context.getAssets();
        Intrinsics.checkNotNullExpressionValue(assets, "context.assets");
        String[] list = assets.list("root_certs_my");
        if (list == null) {
            return;
        }
        for (String str : list) {
            InputStream open = assets.open("root_certs_my" + ((Object) File.separator) + ((Object) str));
            Intrinsics.checkNotNullExpressionValue(open, "assetManager.open(\"root_certs_my\" + File.separator + it)");
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                KeyStoreUtil keyStoreUtil = INSTANCE;
                Certificate generateCertificate = certificateFactory.generateCertificate(open);
                if (generateCertificate == null) {
                    throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
                keyStoreUtil.saveTrustCert(file, (X509Certificate) generateCertificate);
                try {
                    open.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            } catch (Throwable th) {
                try {
                    open.close();
                } catch (IOException e2) {
                    e2.printStackTrace();
                }
                throw th;
            }
        }
    }

    private final void saveTrustCert(File trustStoreFile, X509Certificate trustCert) {
        FileInputStream fileInputStream = new FileInputStream(CSPConfig.getBksTrustStore() + ((Object) File.separator) + "cacerts");
        KeyStore keyStore = KeyStore.getInstance(BKSTrustStore.STORAGE_TYPE);
        keyStore.load(fileInputStream, InstallCAdESTestTrustCert.INSTANCE.getDEFAULT_TRUST_STORE_PASSWORD());
        fileInputStream.close();
        keyStore.setCertificateEntry(HexString.toHex(trustCert.getSerialNumber().toByteArray(), true), trustCert);
        keyStore.store(new FileOutputStream(trustStoreFile), InstallCAdESTestTrustCert.INSTANCE.getDEFAULT_TRUST_STORE_PASSWORD());
    }

    public final List<String> aliasesAll(String storeType) {
        Intrinsics.checkNotNullParameter(storeType, "storeType");
        ArrayList arrayList = new ArrayList();
        try {
            KeyStore keyStore = KeyStore.getInstance(storeType, "JCSP");
            keyStore.load(null, null);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(alias);
                X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
                if (x509Certificate != null) {
                    x509Certificate.getPublicKey().getAlgorithm();
                    Intrinsics.checkNotNullExpressionValue(alias, "alias");
                    arrayList.add(alias);
                }
            }
        } catch (Exception e) {
            Timber.INSTANCE.e(e.getMessage(), e);
        }
        return arrayList;
    }

    /* JADX WARN: Removed duplicated region for block: B:21:0x0082 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:25:0x005e A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List<kotlin.Triple<java.lang.String, java.lang.String, java.lang.String>> getCertsWithInfo(java.lang.String r19) {
        /*
            Method dump skipped, instructions count: 254
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ru.softrust.mismobile.cryptopro.KeyStoreUtil.getCertsWithInfo(java.lang.String):java.util.List");
    }

    public final Provider getDEFAULT_PROVIDER() {
        return DEFAULT_PROVIDER;
    }

    public final Pair<List<X509Certificate>, List<PrivateKey>> getNfcCert() {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        KeyStore keyStore = KeyStore.getInstance(RutokenStoreType.NFC.getValue(), "JCSP");
        keyStore.load(null, null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            X509Certificate x509Certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
            if (x509Certificate != null && x509Certificate.getNotAfter().getTime() > System.currentTimeMillis()) {
                arrayList.add(x509Certificate);
                Key key = keyStore.getKey(nextElement, null);
                PrivateKey privateKey = key instanceof PrivateKey ? (PrivateKey) key : null;
                if (privateKey != null) {
                    arrayList2.add(privateKey);
                }
            }
        }
        return TuplesKt.to(arrayList, arrayList2);
    }

    public final String getTrustStore() {
        return trustStore;
    }

    public final byte[] signByNfc(String dataToSign, Pair<? extends List<? extends X509Certificate>, ? extends List<? extends PrivateKey>> nfcData, Context context, boolean isDsig) {
        Intrinsics.checkNotNullParameter(dataToSign, "dataToSign");
        Intrinsics.checkNotNullParameter(nfcData, "nfcData");
        Intrinsics.checkNotNullParameter(context, "context");
        installTrust(context);
        if (isDsig) {
            return CAdESSignVerifyOrXMLDSig.Companion.XMLDsigSignature$default(CAdESSignVerifyOrXMLDSig.INSTANCE, dataToSign, CollectionsKt.listOf(CollectionsKt.first((List) nfcData.getFirst())), (PrivateKey) CollectionsKt.first((List) nfcData.getSecond()), null, 8, null);
        }
        CAdESSignature cAdESSignature = new CAdESSignature(false);
        cAdESSignature.setOptions(new Options().disableCertificateValidation());
        cAdESSignature.addSigner("JCSP", (String) null, (String) null, (PrivateKey) CollectionsKt.first((List) nfcData.getSecond()), CollectionsKt.listOf(CollectionsKt.first((List) nfcData.getFirst())), CAdESType.CAdES_BES, (String) null, false);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        cAdESSignature.open(byteArrayOutputStream);
        byte[] bytes = dataToSign.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "(this as java.lang.String).getBytes(charset)");
        cAdESSignature.update(bytes);
        cAdESSignature.close();
        byteArrayOutputStream.close();
        return byteArrayOutputStream.toByteArray();
    }
}
