package com.worklight.common.security;

import android.util.Log;
import com.worklight.nativeandroid.common.WLUtils;
import com.worklight.utils.Base64;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DERPrintableString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERSet;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.jce.PKCS10CertificationRequest;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class WLUserAuthManager extends WLCertManager {
    private static final String CERTIFICATE_ALIAS = "com.worklight.userenrollment.certificate";
    private static WLUserAuthManager instance;
    private static String KEYSTORE_FILENAME = ".x509Keystore";
    private static char[] keyStorePassword = "worklight".toCharArray();

    private WLUserAuthManager() {
        super(KEYSTORE_FILENAME, keyStorePassword);
    }

    private Map<String, DERObjectIdentifier> getCSRAttributesOIDMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("challengepassword", PKCSObjectIdentifiers.pkcs_9_at_challengePassword);
        hashMap.put("contenttype", PKCSObjectIdentifiers.pkcs_9_at_contentType);
        hashMap.put("countersignature", PKCSObjectIdentifiers.pkcs_9_at_counterSignature);
        hashMap.put("emailaddress", PKCSObjectIdentifiers.pkcs_9_at_emailAddress);
        hashMap.put("extendedcertificateattributes", PKCSObjectIdentifiers.pkcs_9_at_extendedCertificateAttributes);
        hashMap.put("extensionrequest", PKCSObjectIdentifiers.pkcs_9_at_extensionRequest);
        hashMap.put("friendlyname", PKCSObjectIdentifiers.pkcs_9_at_friendlyName);
        hashMap.put("localkeyid", PKCSObjectIdentifiers.pkcs_9_at_localKeyId);
        hashMap.put("messagedigest", PKCSObjectIdentifiers.pkcs_9_at_messageDigest);
        hashMap.put("signingdescription", PKCSObjectIdentifiers.pkcs_9_at_signingDescription);
        hashMap.put("signingdime", PKCSObjectIdentifiers.pkcs_9_at_signingTime);
        hashMap.put("smimecapabilities", PKCSObjectIdentifiers.pkcs_9_at_smimeCapabilities);
        hashMap.put("unstructuredaddress", PKCSObjectIdentifiers.pkcs_9_at_unstructuredAddress);
        hashMap.put("unstructuredname", PKCSObjectIdentifiers.pkcs_9_at_unstructuredName);
        return hashMap;
    }

    public static synchronized WLUserAuthManager getInstance() {
        WLUserAuthManager wLUserAuthManager;
        synchronized (WLUserAuthManager.class) {
            if (instance == null) {
                instance = new WLUserAuthManager();
            }
            wLUserAuthManager = instance;
        }
        return wLUserAuthManager;
    }

    @Override // com.worklight.common.security.WLCertManager
    protected String a(String str) {
        return str.equals("application") ? "com.worklight.userenrollment.certificate:" + this.a.getPackageName() : str;
    }

    public String createSignedCSR(JSONObject jSONObject, String str) {
        String str2;
        JSONObject jSONObject2 = jSONObject.getJSONObject("subject");
        JSONObject optJSONObject = jSONObject.optJSONObject("attributes");
        Iterator keys = jSONObject2.keys();
        String str3 = "";
        while (true) {
            str2 = str3;
            if (!keys.hasNext()) {
                break;
            }
            String str4 = (String) keys.next();
            str3 = str2 + str4 + "=" + jSONObject2.getString(str4);
            if (keys.hasNext()) {
                str3 = str3 + ",";
            }
        }
        DERSet dERSet = null;
        if (optJSONObject != null) {
            Map<String, DERObjectIdentifier> cSRAttributesOIDMap = getCSRAttributesOIDMap();
            Iterator keys2 = optJSONObject.keys();
            ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
            while (keys2.hasNext()) {
                String str5 = (String) keys2.next();
                if (str5 != null) {
                    String string = optJSONObject.getString(str5);
                    try {
                        DERObjectIdentifier dERObjectIdentifier = cSRAttributesOIDMap.get(str5.toLowerCase());
                        DERPrintableString dERPrintableString = new DERPrintableString(string);
                        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
                        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
                        aSN1EncodableVector2.add(dERObjectIdentifier);
                        aSN1EncodableVector3.add(dERPrintableString);
                        aSN1EncodableVector2.add(new DERSet(aSN1EncodableVector3));
                        aSN1EncodableVector.add(new DERSequence(aSN1EncodableVector2));
                    } catch (Throwable th) {
                        Log.e(WLUserAuthManager.class.getName(), "There was a problem adding attribute " + str5 + "to the CSR.", th);
                    }
                }
            }
            dERSet = new DERSet(aSN1EncodableVector);
        }
        KeyPair keyPair = this.c.get(a(str));
        return Base64.encode(new PKCS10CertificationRequest("SHA1withRSA", new X500Principal(str2), keyPair.getPublic(), dERSet, keyPair.getPrivate()).getEncoded(), "UTF-8");
    }

    public boolean doesValidCertificateExist(String str) {
        boolean z;
        try {
            KeyStore.PrivateKeyEntry b = b(str);
            boolean z2 = b != null;
            if (z2) {
                try {
                    ((X509Certificate) b.getCertificate()).checkValidity();
                    z = true;
                } catch (CertificateExpiredException e) {
                    WLUtils.error("Certificate has expired: " + e.getMessage(), null);
                    z = false;
                } catch (CertificateNotYetValidException e2) {
                    WLUtils.error("Certificate is not yet valid: " + e2.getMessage(), null);
                    z = false;
                }
            } else {
                z = true;
            }
            if (z) {
                return z2;
            }
            return false;
        } catch (Exception e3) {
            WLUtils.error("Failed to determine the existence of certificate for device authentication with " + e3.getMessage(), e3);
            return false;
        }
    }
}
