package com.cisco.anyconnect.vpn.android.crypto;

import com.cisco.android.nchs.support.CryptoAlgorithms;
import com.cisco.anyconnect.vpn.android.util.AppLog;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

/* loaded from: classes.dex */
public abstract class KsCertStore extends ClientCertStoreBase {
    private static final String ENTITY_NAME = "KsCertStore";
    protected final char[] mKeyPass;
    protected KeyStore mKeyStore;
    protected final char[] mStorePass;
    protected final String mType;

    public KsCertStore(String str, String str2, char[] cArr, char[] cArr2) throws CertStoreException {
        super(str);
        this.mStorePass = cArr;
        this.mKeyPass = cArr2;
        this.mType = str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCertAliasForImport(Certificate[] certificateArr) throws CertStoreException {
        try {
            return CryptoAlgorithms.hashToHexString(certificateArr[0].getEncoded());
        } catch (CertificateEncodingException e) {
            throw new CertStoreException("Failed to get alias for import", e);
        }
    }

    protected static String getCertAliasForKeyAlias(String str) {
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getKeyAliasForCertAlias(String str) {
        return str;
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public boolean deleteCert(String str) throws CertStoreException {
        if (!loadKeystore()) {
            return false;
        }
        try {
            String keyAliasForCertAlias = getKeyAliasForCertAlias(str);
            if (!this.mKeyStore.containsAlias(keyAliasForCertAlias)) {
                return false;
            }
            this.mKeyStore.deleteEntry(keyAliasForCertAlias);
            saveKeyStore();
            return true;
        } catch (KeyStoreException e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "deleteKeyStoreEntry: exception deleting alias=" + str, e);
            return false;
        }
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public X509Certificate[] getCertChain(String str) throws CertStoreException {
        if (!loadKeystore()) {
            return null;
        }
        try {
            Certificate[] certificateChain = this.mKeyStore.getCertificateChain(getKeyAliasForCertAlias(str));
            if (certificateChain == null) {
                return null;
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
            for (int i = 0; i < certificateChain.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateChain[i];
            }
            return x509CertificateArr;
        } catch (Exception e) {
            throw new CertStoreException(e);
        }
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public List<CertificateInfo> getClientCerts() throws CertStoreException {
        Certificate[] certificateChain;
        ArrayList arrayList = new ArrayList();
        if (!loadKeystore()) {
            return arrayList;
        }
        try {
            for (String str : Collections.list(this.mKeyStore.aliases())) {
                try {
                    if (this.mKeyStore.isKeyEntry(str) && (certificateChain = this.mKeyStore.getCertificateChain(str)) != null && certificateChain.length != 0) {
                        arrayList.add(new CertificateInfo((X509Certificate) certificateChain[0], getCertAliasForKeyAlias(str), getGroup()));
                    }
                } catch (Exception e) {
                    AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Failed to parse key with alias:" + str, e);
                }
            }
        } catch (KeyStoreException e2) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Unexpected KeyStoreException in getClientCerts: " + this, e2);
        }
        return arrayList;
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public PrivateKey getPrivateKey(String str) throws CertStoreException, UnrecoverableKeyException {
        if (!loadKeystore()) {
            return null;
        }
        try {
            String keyAliasForCertAlias = getKeyAliasForCertAlias(str);
            if (keyAliasForCertAlias == null) {
                return null;
            }
            return (PrivateKey) this.mKeyStore.getKey(keyAliasForCertAlias, this.mKeyPass);
        } catch (Exception e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Unexpected exception in getPrivateKey", e);
            return null;
        }
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public boolean hasImport(boolean z) {
        try {
            if (loadKeystore()) {
                return !z;
            }
            return false;
        } catch (CertStoreException e) {
            AppLog.logDebugMessage(AppLog.Severity.DBG_ERROR, ENTITY_NAME, "Exception in hasImport", e);
            return false;
        }
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public void importKeychainAlias(String str) throws CertStoreException {
        throw new CertStoreException("Importing KeyChain alias is not supported");
    }

    @Override // com.cisco.anyconnect.vpn.android.crypto.ClientCertStoreBase
    public String importPrivateKey(Key key, Certificate[] certificateArr, boolean z) throws CertStoreException {
        if (!loadKeystore() || z) {
            return null;
        }
        if (certificateArr != null) {
            try {
                if (certificateArr.length != 0) {
                    String certAliasForImport = getCertAliasForImport(certificateArr);
                    this.mKeyStore.setKeyEntry(getKeyAliasForCertAlias(certAliasForImport), key, this.mKeyPass, certificateArr);
                    saveKeyStore();
                    return getKeyAliasForCertAlias(certAliasForImport);
                }
            } catch (Exception e) {
                throw new CertStoreException("importPrivateKey failed", e);
            }
        }
        throw new CertStoreException("empty certificate chain");
    }

    protected abstract boolean loadKeystore() throws CertStoreException;

    protected abstract void saveKeyStore() throws CertStoreException;
}
