package mobile.banking.crypto;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import mobile.banking.common.Keys;
import mobile.banking.finger.FingerprintHelper;
import mobile.banking.rest.entity.DigitalCertificateUserCustomerInfo;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* compiled from: DigitalCertificateManager.kt */
@Metadata(d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\bÇ\u0002\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\b\u001a\u00020\u00042\u0006\u0010\t\u001a\u00020\nJ\u001a\u0010\u000b\u001a\u00020\u00042\u0006\u0010\f\u001a\u00020\r2\b\u0010\u000e\u001a\u0004\u0018\u00010\u0004H\u0002J\u000e\u0010\u000f\u001a\u00020\u00042\u0006\u0010\u0010\u001a\u00020\u0011J\u000e\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0004J\b\u0010\u0015\u001a\u0004\u0018\u00010\nJ\b\u0010\u0016\u001a\u0004\u0018\u00010\u0017J\b\u0010\u0018\u001a\u0004\u0018\u00010\u0004J\u000e\u0010\u0019\u001a\u00020\u00132\u0006\u0010\u001a\u001a\u00020\nR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0005\u001a\n \u0007*\u0004\u0018\u00010\u00060\u0006X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001b"}, d2 = {"Lmobile/banking/crypto/DigitalCertificateManager;", "", "()V", "X509_PRINCIPAL_TEMPLATE", "", "keyStore", "Ljava/security/KeyStore;", "kotlin.jvm.PlatformType", "convertCertificateToPEMBase64", "cert", "Ljava/security/cert/Certificate;", "createCSR", "keyPair", "Ljava/security/KeyPair;", "certificatePrincipal", "createCertificateKeyPair", "customerInfo", "Lmobile/banking/rest/entity/DigitalCertificateUserCustomerInfo;", "deleteEntry", "", "aliasType", "loadCertificate", "loadPrivateKey", "Ljava/security/PrivateKey;", "loadPublicKey", "saveCertificate", "certificate", "mobileBankingClient_sepahBaseRelease"}, k = 1, mv = {1, 9, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class DigitalCertificateManager {
    public static final int $stable;
    public static final DigitalCertificateManager INSTANCE = new DigitalCertificateManager();
    private static final String X509_PRINCIPAL_TEMPLATE = "CN=" + X509PrincipalParams.INSTANCE.getCN() + " [Mobile Sign], SURNAME=" + X509PrincipalParams.INSTANCE.getSURNAME() + ", GIVENNAME=" + X509PrincipalParams.INSTANCE.getGIVEN_NAME() + ", L=" + X509PrincipalParams.INSTANCE.getL() + ", S=" + X509PrincipalParams.INSTANCE.getS() + ", C=IR, SERIALNUMBER=" + X509PrincipalParams.INSTANCE.getSERIAL_NUMBER() + ", O=Unaffiliated";
    private static final KeyStore keyStore;

    static {
        KeyStore keyStore2 = KeyStore.getInstance(FingerprintHelper.PROVIDER_NAME_ANDROID_KEY_STORE);
        keyStore2.load(null);
        keyStore = keyStore2;
        $stable = 8;
    }

    private DigitalCertificateManager() {
    }

    private final String createCSR(KeyPair keyPair, String certificatePrincipal) throws IOException, OperatorCreationException {
        PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(new X500Principal(certificatePrincipal), keyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate()));
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(build);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        String stringWriter2 = stringWriter.toString();
        Intrinsics.checkNotNullExpressionValue(stringWriter2, "toString(...)");
        return stringWriter2;
    }

    public final String convertCertificateToPEMBase64(Certificate cert) throws CertificateEncodingException {
        Intrinsics.checkNotNullParameter(cert, "cert");
        StringBuffer stringBuffer = new StringBuffer("-----BEGIN CERTIFICATE-----\n");
        byte[] encode = Base64.encode(cert.getEncoded(), 2);
        Intrinsics.checkNotNullExpressionValue(encode, "encode(...)");
        stringBuffer.append(new String(encode, Charsets.UTF_8));
        stringBuffer.append("\n-----END CERTIFICATE-----");
        String stringBuffer2 = stringBuffer.toString();
        Intrinsics.checkNotNullExpressionValue(stringBuffer2, "toString(...)");
        return stringBuffer2;
    }

    public final String createCertificateKeyPair(DigitalCertificateUserCustomerInfo customerInfo) throws KeyStoreException, NoSuchAlgorithmException, OperatorCreationException, IOException {
        Intrinsics.checkNotNullParameter(customerInfo, "customerInfo");
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", FingerprintHelper.PROVIDER_NAME_ANDROID_KEY_STORE);
        keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(Keys.KEY_DIGITAL_CERTIFICATE_PK_ALIAS, 4).setDigests("SHA-256").setSignaturePaddings("PKCS1").setKeySize(1024).build());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        String replace$default = StringsKt.replace$default(StringsKt.replace$default(StringsKt.replace$default(StringsKt.replace$default(StringsKt.replace$default(StringsKt.replace$default(X509_PRINCIPAL_TEMPLATE, X509PrincipalParams.INSTANCE.getCN(), customerInfo.getEnglishName() + ' ' + customerInfo.getEnglishFamily(), false, 4, (Object) null), X509PrincipalParams.INSTANCE.getSURNAME(), String.valueOf(customerInfo.getFarsiFamily()), false, 4, (Object) null), X509PrincipalParams.INSTANCE.getGIVEN_NAME(), String.valueOf(customerInfo.getFarsiName()), false, 4, (Object) null), X509PrincipalParams.INSTANCE.getL(), String.valueOf(customerInfo.getCity()), false, 4, (Object) null), X509PrincipalParams.INSTANCE.getS(), String.valueOf(customerInfo.getProvince()), false, 4, (Object) null), X509PrincipalParams.INSTANCE.getSERIAL_NUMBER(), String.valueOf(customerInfo.getNationalCode()), false, 4, (Object) null);
        Intrinsics.checkNotNull(generateKeyPair);
        return createCSR(generateKeyPair, replace$default);
    }

    public final void deleteEntry(String aliasType) throws KeyStoreException {
        Intrinsics.checkNotNullParameter(aliasType, "aliasType");
        KeyStore keyStore2 = keyStore;
        if (keyStore2.containsAlias(aliasType)) {
            keyStore2.deleteEntry(aliasType);
        }
    }

    public final Certificate loadCertificate() throws KeyStoreException {
        KeyStore keyStore2 = keyStore;
        if (keyStore2.containsAlias(Keys.KEY_DIGITAL_CERTIFICATE_CER_ALIAS)) {
            return keyStore2.getCertificate(Keys.KEY_DIGITAL_CERTIFICATE_CER_ALIAS);
        }
        return null;
    }

    public final PrivateKey loadPrivateKey() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        KeyStore keyStore2 = keyStore;
        if (!keyStore2.containsAlias(Keys.KEY_DIGITAL_CERTIFICATE_PK_ALIAS)) {
            return null;
        }
        KeyStore.Entry entry = keyStore2.getEntry(Keys.KEY_DIGITAL_CERTIFICATE_PK_ALIAS, null);
        Intrinsics.checkNotNull(entry, "null cannot be cast to non-null type java.security.KeyStore.PrivateKeyEntry");
        return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
    }

    public final String loadPublicKey() throws KeyStoreException {
        KeyStore keyStore2 = keyStore;
        if (!keyStore2.containsAlias(Keys.KEY_DIGITAL_CERTIFICATE_PK_ALIAS)) {
            return null;
        }
        PublicKey publicKey = keyStore2.getCertificate(Keys.KEY_DIGITAL_CERTIFICATE_PK_ALIAS).getPublicKey();
        Intrinsics.checkNotNullExpressionValue(publicKey, "getPublicKey(...)");
        return Base64.encodeToString(publicKey.getEncoded(), 0);
    }

    public final void saveCertificate(Certificate certificate) throws KeyStoreException {
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        keyStore.setCertificateEntry(Keys.KEY_DIGITAL_CERTIFICATE_CER_ALIAS, certificate);
    }
}
