package bo.gob.adsib.fido_android.Util;

import android.net.Uri;
import android.os.Environment;
import android.util.Base64;
import bo.gob.adsib.fido_android.MyApplication;
import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;

/* loaded from: classes.dex */
public class Token {
    private static String dir = MyApplication.getContext().getFilesDir().toString();

    /* loaded from: classes.dex */
    public static class KeyException extends Exception {
        public KeyException(String str) {
            super(str);
        }
    }

    public static void changePin(String str, String str2) throws KeyException {
        try {
            FileInputStream fileInputStream = new FileInputStream(dir + "/keyStore.pfx");
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(fileInputStream, str.toCharArray());
            fileInputStream.close();
            FileOutputStream fileOutputStream = new FileOutputStream(dir + "/keyStore.pfx");
            keyStore.store(fileOutputStream, str2.toCharArray());
            fileOutputStream.close();
        } catch (FileNotFoundException e) {
            throw new KeyException(e.getMessage());
        } catch (IOException e2) {
            throw new KeyException(e2.getMessage());
        } catch (KeyStoreException e3) {
            throw new KeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyException(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new KeyException(e5.getMessage());
        } catch (CertificateException e6) {
            throw new KeyException(e6.getMessage());
        }
    }

    public static String csr(String str) throws KeyException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(new FileInputStream(dir + "/keyStore.pfx"), str.toCharArray());
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("ADSIB");
            if (x509Certificate == null) {
                throw new KeyException("Primero debe guardar los cambios.");
            }
            PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(new JcaX509CertificateHolder(x509Certificate).getSubject(), x509Certificate.getPublicKey()).build(new JcaContentSignerBuilder("SHA256withRSA").build(((KeyStore.PrivateKeyEntry) keyStore.getEntry("ADSIB", null)).getPrivateKey()));
            File file = new File(Environment.getExternalStorageDirectory(), "/adsib");
            if (!file.exists() && !file.mkdirs()) {
                throw new KeyException("No se pudo crear la carpeta adsib.");
            }
            String str2 = "-----BEGIN CERTIFICATE REQUEST-----\n" + Base64.encodeToString(build.getEncoded(), 0) + "-----END CERTIFICATE REQUEST-----";
            File file2 = new File(file, "solicitud.csr");
            BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(file2));
            bufferedWriter.write(str2);
            bufferedWriter.close();
            return "Se guardo la solicitud de certificado en: " + file2;
        } catch (FileNotFoundException e) {
            throw new KeyException(e.getMessage());
        } catch (IOException e2) {
            throw new KeyException(e2.getMessage());
        } catch (KeyStoreException e3) {
            throw new KeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyException(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new KeyException(e5.getMessage());
        } catch (UnrecoverableEntryException e6) {
            throw new KeyException(e6.getMessage());
        } catch (CertificateException e7) {
            throw new KeyException(e7.getMessage());
        } catch (OperatorCreationException e8) {
            throw new KeyException(e8.getMessage());
        }
    }

    public static boolean exists() {
        return new File(dir + "/keyStore.pfx").exists();
    }

    public static Certificate[] getCertificate(String str) throws KeyException {
        try {
            File file = new File(dir + "/keyStore.pfx");
            if (!file.exists()) {
                throw new KeyException("Primero debe registrar un certificado.");
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(new FileInputStream(file), str.toCharArray());
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("ADSIB");
            if (x509Certificate == null) {
                throw new KeyException("No se pudo obtener el certificado.");
            }
            if (IETFUtils.valueToString(new JcaX509CertificateHolder(x509Certificate).getIssuer().getRDNs(new ASN1ObjectIdentifier("2.5.4.3"))[0].getFirst().getValue()).equals("Entidad Certificadora Publica ADSIB")) {
                return new Certificate[]{x509Certificate};
            }
            throw new KeyException("El certificado no fue emitido por ADSIB.");
        } catch (FileNotFoundException e) {
            throw new KeyException(e.getMessage());
        } catch (IOException e2) {
            throw new KeyException(e2.getMessage());
        } catch (KeyStoreException e3) {
            throw new KeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyException(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new KeyException(e5.getMessage());
        } catch (CertificateException e6) {
            throw new KeyException(e6.getMessage());
        }
    }

    public static PrivateKey getPrivateKey(String str) throws KeyException {
        try {
            File file = new File(dir + "/keyStore.pfx");
            if (!file.exists()) {
                throw new KeyException("Primero debe registrar un certificado.");
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(new FileInputStream(file), str.toCharArray());
            KeyStore.Entry entry = keyStore.getEntry("ADSIB", null);
            if (entry != null) {
                return ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            }
            throw new KeyException("No se pudo obtener la clave privada.");
        } catch (FileNotFoundException e) {
            throw new KeyException(e.getMessage());
        } catch (IOException e2) {
            throw new KeyException(e2.getMessage());
        } catch (KeyStoreException e3) {
            throw new KeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyException(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new KeyException(e5.getMessage());
        } catch (UnrecoverableEntryException e6) {
            throw new KeyException(e6.getMessage());
        } catch (CertificateException e7) {
            throw new KeyException(e7.getMessage());
        }
    }

    public static void replace(String str, String str2) throws KeyException {
        try {
            FileInputStream fileInputStream = new FileInputStream(MyApplication.getContext().getContentResolver().openFileDescriptor(Uri.parse(str2), "r").getFileDescriptor());
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(fileInputStream, str.toCharArray());
            KeyPair keyPair = new KeyPair(keyStore.getCertificate("ADSIB").getPublicKey(), ((KeyStore.PrivateKeyEntry) keyStore.getEntry("ADSIB", null)).getPrivateKey());
            Certificate certificate = keyStore.getCertificate("ADSIB");
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore2.load(null, str.toCharArray());
            keyStore2.setKeyEntry("ADSIB", keyPair.getPrivate(), str.toCharArray(), new Certificate[]{certificate});
            FileOutputStream fileOutputStream = new FileOutputStream(dir + "/keyStore.pfx");
            keyStore2.store(fileOutputStream, str.toCharArray());
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (FileNotFoundException e) {
            throw new KeyException(e.getMessage());
        } catch (IOException e2) {
            throw new KeyException(e2.getMessage());
        } catch (KeyStoreException e3) {
            throw new KeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyException(e4.getMessage());
        } catch (NoSuchProviderException e5) {
            throw new KeyException(e5.getMessage());
        } catch (UnrecoverableEntryException e6) {
            throw new KeyException(e6.getMessage());
        } catch (CertificateException e7) {
            throw new KeyException(e7.getMessage());
        }
    }

    public static void upload(String str, String str2) throws KeyException {
        try {
            File file = new File(dir + "/keyStore.pfx");
            if (!file.exists()) {
                throw new KeyException("Primero debe registrar un certificado.");
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore.load(new FileInputStream(file), str.toCharArray());
            KeyStore.Entry entry = keyStore.getEntry("ADSIB", null);
            if (entry == null) {
                throw new KeyException("No se pudo obtener la clave privada.");
            }
            PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new FileInputStream(MyApplication.getContext().getContentResolver().openFileDescriptor(Uri.parse(str2), "r").getFileDescriptor()));
            KeyFactory keyFactory = KeyFactory.getInstance(SecurityConstants.RSA);
            RSAPrivateKeySpec rSAPrivateKeySpec = (RSAPrivateKeySpec) keyFactory.getKeySpec(privateKey, RSAPrivateKeySpec.class);
            RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) keyFactory.getKeySpec(generateCertificate.getPublicKey(), RSAPublicKeySpec.class);
            if (!rSAPublicKeySpec.getModulus().equals(rSAPrivateKeySpec.getModulus()) || !BigInteger.valueOf(2L).modPow(rSAPublicKeySpec.getPublicExponent().multiply(rSAPrivateKeySpec.getPrivateExponent()).subtract(BigInteger.ONE), rSAPublicKeySpec.getModulus()).equals(BigInteger.ONE)) {
                throw new KeyException("El certificado no es compatible con la clave privada.");
            }
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
            keyStore2.load(null, str.toCharArray());
            keyStore2.setKeyEntry("ADSIB", privateKey, str.toCharArray(), new Certificate[]{generateCertificate});
            FileOutputStream fileOutputStream = new FileOutputStream(dir + "/keyStore.pfx");
            keyStore2.store(fileOutputStream, str.toCharArray());
            fileOutputStream.flush();
            fileOutputStream.close();
        } catch (FileNotFoundException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableEntryException | CertificateException | InvalidKeySpecException unused) {
        } catch (IOException e) {
            throw new KeyException(e.getMessage());
        } catch (KeyStoreException e2) {
            throw new KeyException(e2.getMessage());
        }
    }

    public static boolean vigente(String str) throws KeyException {
        try {
            File file = new File(dir + "/keyStore.pfx");
            if (file.exists()) {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME);
                keyStore.load(new FileInputStream(file), str.toCharArray());
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate("ADSIB");
                if (x509Certificate == null || x509Certificate.getNotAfter().compareTo(new Date()) <= 0) {
                    return false;
                }
                X500Name issuer = new JcaX509CertificateHolder(x509Certificate).getIssuer();
                if (issuer.getRDNs(new ASN1ObjectIdentifier("2.5.4.3")).length == 0) {
                    return false;
                }
                return IETFUtils.valueToString(issuer.getRDNs(new ASN1ObjectIdentifier("2.5.4.3"))[0].getFirst().getValue()).equals("Entidad Certificadora Publica ADSIB");
            }
        } catch (FileNotFoundException e) {
            throw new KeyException(e.getMessage());
        } catch (IOException e2) {
            throw new KeyException(e2.getMessage());
        } catch (KeyStoreException e3) {
            throw new KeyException(e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw new KeyException(e4.getMessage());
        } catch (NoSuchProviderException unused) {
        } catch (CertificateException e5) {
            throw new KeyException(e5.getMessage());
        }
        return false;
    }
}
