package com.cybersafesoft.cybersafe.mobile.certs;

import android.annotation.SuppressLint;
import android.content.Context;
import android.database.Cursor;
import android.database.sqlite.SQLiteDatabase;
import com.cybersafesoft.cybersafe.mobile.certs.tables.TableCertificates;
import com.cybersafesoft.cybersafe.mobile.certs.tables.TableGroups;
import com.cybersafesoft.cybersafe.mobile.contentproviders.DatabaseHelper;
import com.sovworks.eds.Settings;
import com.sovworks.eds.android.EdsApplication;
import com.sovworks.eds.android.helpers.Preferences;
import com.sovworks.eds.android.helpers.Util;
import com.sovworks.eds.android.settings.UserSettings;
import com.sovworks.eds.crypto.SimpleCrypto;
import com.sovworks.eds.fs.Path;
import com.sovworks.eds.fs.std.StdFs;
import com.sovworks.eds.fs.std.StdFsPath;
import com.sovworks.eds.fs.util.PathUtil;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import net.lingala.zip4j.core.ZipFile;
import net.lingala.zip4j.exception.ZipException;
import net.lingala.zip4j.io.ZipInputStream;
import net.lingala.zip4j.model.FileHeader;
import net.lingala.zip4j.model.ZipParameters;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class CertManager {
    private static final String CA_ASSETS_PATH = "ca.pfx";
    private static final String CERT_FOLDER_NAME = "certificates";
    private static final String CER_EXTENSION = "cer";
    private static final String PFX_EXTENSION = "pfx";
    private static CertManager _instance;
    private final Context _context;
    private final DatabaseHelper _dbh;
    private final SecretKey _masterKey;
    private boolean _verifyCert;

    /* loaded from: classes.dex */
    public static class CSIdInfo {
        public String name;
        public String serial;
        public String subjectName;
    }

    /* loaded from: classes.dex */
    public static class CertManagerException extends Exception {
        private static final long serialVersionUID = 1;

        public CertManagerException() {
        }

        public CertManagerException(String str) {
            super(str);
        }

        public CertManagerException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* loaded from: classes.dex */
    public static class DecryptionData {
        public X509Certificate cert;
        public PrivateKey key;
    }

    /* loaded from: classes.dex */
    public static class MasterPasswordIsNotSetException extends CertManagerException {
    }

    public CertManager(Context context, Settings settings) throws MasterPasswordIsNotSetException {
        this._context = context;
        this._dbh = new DatabaseHelper(context);
        try {
            this._masterKey = new SecretKeySpec(settings.getSettingsProtectionKey(), "AES");
        } catch (Settings.InvalidSettingsPassword e) {
            throw new MasterPasswordIsNotSetException();
        }
    }

    private void checkNewName(SQLiteDatabase sQLiteDatabase, String str) throws CertManagerException {
        Cursor findCSId = TableCertificates.findCSId(sQLiteDatabase, str);
        try {
            if (findCSId.moveToFirst()) {
                throw new CertManagerException("User with the same name already exists: " + str);
            }
            findCSId.close();
            Cursor findGroup = TableGroups.findGroup(sQLiteDatabase, str);
            try {
                if (findGroup.moveToFirst()) {
                    throw new CertManagerException("Group with the same name already exists: " + str);
                }
            } finally {
                findGroup.close();
            }
        } catch (Throwable th) {
            findCSId.close();
            throw th;
        }
    }

    private void exportPubKS(KeyStore keyStore, Path path) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement());
        OutputStream outputStream = path.getFile().getOutputStream();
        try {
            outputStream.write(x509Certificate.getEncoded());
        } finally {
            outputStream.close();
        }
    }

    @SuppressLint({"TrulyRandom"})
    private KeyPair genKeyPair() throws NoSuchAlgorithmException {
        SecureRandom secureRandom = new SecureRandom();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    private PrivateKey getCAPrivateKey(KeyStore keyStore) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        Key key = keyStore.getKey(keyStore.aliases().nextElement(), Util.getCAPwd(this._context));
        if (key == null) {
            throw new RuntimeException("Got null key from keystore!");
        }
        return (PrivateKey) key;
    }

    private X509Certificate getCert(String str) throws CertManagerException {
        try {
            Path certFileName = getCertFileName(str);
            if (!certFileName.exists()) {
                return null;
            }
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream inputStream = certFileName.getFile().getInputStream();
            try {
                return (X509Certificate) certificateFactory.generateCertificate(inputStream);
            } finally {
                inputStream.close();
            }
        } catch (Exception e) {
            throw new CertManagerException("Failed loading certificate " + str, e);
        }
    }

    private Path getCertFileName(String str) throws IOException {
        return getCertsPath(this._context).combine(str + "." + CER_EXTENSION);
    }

    private X509Certificate getCertFromCursor(Cursor cursor) throws CertManagerException {
        return getCert(cursor.getString(cursor.getColumnIndex("user_id")));
    }

    private CSIdInfo getCertInfoFromCursor(Cursor cursor) {
        CSIdInfo cSIdInfo = new CSIdInfo();
        cSIdInfo.name = cursor.getString(cursor.getColumnIndex("user_id"));
        cSIdInfo.subjectName = cursor.getString(cursor.getColumnIndex(TableCertificates.COLUMN_SUBJECT_NAME));
        cSIdInfo.serial = cursor.getString(cursor.getColumnIndex(TableCertificates.COLUMN_SERIAL));
        return cSIdInfo;
    }

    public static synchronized CertManager getCertManager() throws MasterPasswordIsNotSetException {
        CertManager certManager;
        synchronized (CertManager.class) {
            if (_instance == null) {
                _instance = new CertManager(EdsApplication.getAppContext(), UserSettings.getSettings());
            }
            certManager = _instance;
        }
        return certManager;
    }

    public static Path getCertsPath(Context context) throws IOException {
        return StdFs.makePath(context.getFilesDir().getPath(), CERT_FOLDER_NAME);
    }

    private File getJavaFile(Path path) throws IOException {
        if (path instanceof StdFsPath) {
            return ((StdFsPath) path).getJavaFile();
        }
        File createTempFile = File.createTempFile("zip", null);
        com.sovworks.eds.fs.util.Util.copyFile(path, StdFs.getStdFs().getPath(createTempFile.getPath()));
        return createTempFile;
    }

    private KeyStore getKeyStore(String str) throws CertManagerException {
        SQLiteDatabase readableDatabase = this._dbh.getReadableDatabase();
        try {
            Cursor findCSId = TableCertificates.findCSId(readableDatabase, str);
            try {
                return !findCSId.moveToFirst() ? null : getKeyStoreFromCursor(findCSId);
            } finally {
                findCSId.close();
            }
        } finally {
            readableDatabase.close();
        }
    }

    private KeyStore getKeyStore(String str, String str2) throws CertManagerException {
        try {
            Path keyStoreFileName = getKeyStoreFileName(str);
            if (!keyStoreFileName.exists()) {
                return null;
            }
            InputStream inputStream = keyStoreFileName.getFile().getInputStream();
            try {
                KeyStore keyStore = KeyStore.getInstance("pkcs12");
                keyStore.load(inputStream, str2 == null ? new char[0] : str2.toCharArray());
                return keyStore;
            } finally {
                inputStream.close();
            }
        } catch (Exception e) {
            throw new CertManagerException("Failed loading keystore " + str, e);
        }
    }

    private Path getKeyStoreFileName(String str) throws IOException {
        return getCertsPath(this._context).combine(str + "." + PFX_EXTENSION);
    }

    private KeyStore getKeyStoreFromCursor(Cursor cursor) throws CertManagerException {
        return getKeyStore(cursor.getString(cursor.getColumnIndex("user_id")), getKeyStorePassword(cursor));
    }

    private String getKeyStorePassword(Cursor cursor) throws CertManagerException {
        try {
            String string = cursor.getString(cursor.getColumnIndex(TableCertificates.COLUMN_PASSWORD));
            if (string == null) {
                return null;
            }
            return SimpleCrypto.decrypt(this._masterKey, string);
        } catch (Exception e) {
            throw new CertManagerException("Failed decrypting cert key", e);
        }
    }

    private String getKeyStorePassword(String str) throws CertManagerException {
        SQLiteDatabase readableDatabase = this._dbh.getReadableDatabase();
        try {
            Cursor findCSId = TableCertificates.findCSId(readableDatabase, str);
            try {
                if (findCSId.moveToFirst()) {
                    return getKeyStorePassword(findCSId);
                }
                throw new CertManagerException("Cert not found: " + str);
            } finally {
                findCSId.close();
            }
        } finally {
            readableDatabase.close();
        }
    }

    private void importCert(InputStream inputStream, String str) throws Exception {
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        if (this._verifyCert) {
            verifyCert((X509Certificate) generateCertificate);
        }
        saveCert(generateCertificate, str);
    }

    private void importPrivateKeyAndCert(InputStream inputStream, String str, String str2) throws Exception {
        if (str2 == null) {
            str2 = "";
        }
        KeyStore keyStore = KeyStore.getInstance("pkcs12");
        keyStore.load(inputStream, str2.toCharArray());
        String nextElement = keyStore.aliases().nextElement();
        Certificate certificate = keyStore.getCertificate(nextElement);
        if (this._verifyCert) {
            verifyCert((X509Certificate) certificate);
        }
        if (keyStore.getKey(nextElement, new char[0]) == null) {
            throw new CertManagerException("Private key is not available");
        }
        saveKeyStore(keyStore, str, str2);
    }

    private static boolean isSelfSigned(X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        try {
            x509Certificate.verify(x509Certificate.getPublicKey());
            return true;
        } catch (InvalidKeyException e) {
            return false;
        } catch (SignatureException e2) {
            return false;
        }
    }

    private X509Certificate loadCACert(KeyStore keyStore) throws KeyStoreException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException {
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement());
        if (x509Certificate == null) {
            throw new RuntimeException("Got null cert from keystore!");
        }
        x509Certificate.verify(x509Certificate.getPublicKey());
        return x509Certificate;
    }

    private KeyStore loadCAKeyStore() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        InputStream open = this._context.getAssets().open(CA_ASSETS_PATH);
        try {
            keyStore.load(open, Util.getCAPwd(this._context));
            return keyStore;
        } finally {
            open.close();
        }
    }

    private void makeIdFile(File file, File file2, String str) throws ZipException {
        ZipParameters zipParameters = new ZipParameters();
        zipParameters.setCompressionMethod(8);
        zipParameters.setCompressionLevel(5);
        if (str != null) {
            zipParameters.setEncryptFiles(true);
            zipParameters.setEncryptionMethod(99);
            zipParameters.setAesKeyStrength(3);
            zipParameters.setPassword(str);
        }
        new ZipFile(file2).addFile(file, zipParameters);
    }

    private void registerCSId(SQLiteDatabase sQLiteDatabase, String str, String str2) throws Exception {
        X509Certificate x509Certificate;
        if (str2 == null) {
            x509Certificate = getCert(str);
        } else {
            KeyStore keyStore = getKeyStore(str, str2);
            if (keyStore == null) {
                throw new IllegalArgumentException("Keystore " + str + " not found");
            }
            x509Certificate = (X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement());
        }
        if (x509Certificate == null) {
            throw new IllegalArgumentException("Certificate " + str + " not found");
        }
        byte[] byteArray = x509Certificate.getSerialNumber().toByteArray();
        TableCertificates.regCSId(sQLiteDatabase, str, str2 == null ? null : SimpleCrypto.encrypt(this._masterKey, str2), SimpleCrypto.toHex(Arrays.copyOfRange(byteArray, 1, byteArray.length)), x509Certificate.getSubjectDN().getName());
    }

    private void saveCert(Certificate certificate, String str) throws Exception {
        getCertsPath(this._context).makeFullPath();
        OutputStream outputStream = getCertFileName(str).getFile().getOutputStream();
        try {
            outputStream.write(certificate.getEncoded());
        } finally {
            outputStream.close();
        }
    }

    private void saveKeyStore(KeyStore keyStore, String str, String str2) throws Exception {
        char[] charArray;
        getCertsPath(this._context).makeFullPath();
        OutputStream outputStream = getKeyStoreFileName(str).getFile().getOutputStream();
        if (str2 == null) {
            charArray = null;
        } else {
            try {
                charArray = str2.toCharArray();
            } finally {
                outputStream.close();
            }
        }
        keyStore.store(outputStream, charArray);
    }

    private void saveToKeyStore(String str, X509Certificate x509Certificate, X509Certificate x509Certificate2, PrivateKey privateKey, String str2) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, str2.toCharArray());
        keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, new X509Certificate[]{x509Certificate2, x509Certificate}), new KeyStore.PasswordProtection(new char[0]));
        saveKeyStore(keyStore, str, str2);
        SQLiteDatabase writableDatabase = this._dbh.getWritableDatabase();
        try {
            registerCSId(writableDatabase, str, str2);
        } finally {
            writableDatabase.close();
        }
    }

    private void verifyCert(X509Certificate x509Certificate) throws Exception {
        verifyCertificate(x509Certificate, Collections.singletonList(loadCACert(loadCAKeyStore())));
    }

    private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate x509Certificate, List<X509Certificate> list) throws CertManagerException {
        try {
            if (isSelfSigned(x509Certificate)) {
                throw new CertManagerException("The certificate is self-signed.");
            }
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            for (X509Certificate x509Certificate2 : list) {
                if (isSelfSigned(x509Certificate2)) {
                    arrayList.add(x509Certificate2);
                } else {
                    arrayList2.add(x509Certificate2);
                }
            }
            return verifyCertificate(x509Certificate, arrayList, arrayList2);
        } catch (CertManagerException e) {
            throw e;
        } catch (CertPathBuilderException e2) {
            throw new CertManagerException("Error building certification path: " + x509Certificate.getSubjectX500Principal(), e2);
        } catch (Exception e3) {
            throw new CertManagerException("Error verifying the certificate: " + x509Certificate.getSubjectX500Principal(), e3);
        }
    }

    private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate x509Certificate, List<X509Certificate> list, List<X509Certificate> list2) throws GeneralSecurityException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setCertificate(x509Certificate);
        HashSet hashSet = new HashSet();
        Iterator<X509Certificate> it2 = list.iterator();
        while (it2.hasNext()) {
            hashSet.add(new TrustAnchor(it2.next(), null));
        }
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(hashSet, x509CertSelector);
        pKIXBuilderParameters.setRevocationEnabled(false);
        pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(list2), BouncyCastleProvider.PROVIDER_NAME));
        return (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME).build(pKIXBuilderParameters);
    }

    public void createNewCSId(String str, String str2) throws Exception {
        KeyStore loadCAKeyStore = loadCAKeyStore();
        KeyPair genKeyPair = genKeyPair();
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, Preferences.CERT_DAYS_VALID);
        X500Name x500Name = new X500Name("CN=" + str);
        saveToKeyStore(str, loadCACert(loadCAKeyStore), new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), new Date(), calendar.getTime(), x500Name, genKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA256WITHRSA").build(getCAPrivateKey(loadCAKeyStore)))), genKeyPair.getPrivate(), str2);
    }

    public void createUserGroup(String str, Collection<String> collection) throws CertManagerException {
        SQLiteDatabase writableDatabase = new DatabaseHelper(this._context).getWritableDatabase();
        try {
            checkNewName(writableDatabase, str);
            for (String str2 : collection) {
                if (getCSIdInfo(str2) == null) {
                    throw new CertManagerException("User id is not registered: " + str2);
                }
            }
            TableGroups.regGroup(writableDatabase, str, collection);
        } finally {
            writableDatabase.close();
        }
    }

    public void deleteCSId(String str) throws IOException {
        SQLiteDatabase writableDatabase = this._dbh.getWritableDatabase();
        writableDatabase.beginTransaction();
        try {
            Cursor findCSId = TableCertificates.findCSId(writableDatabase, str);
            if (findCSId.moveToFirst()) {
                Path certFileName = findCSId.isNull(findCSId.getColumnIndex(TableCertificates.COLUMN_PASSWORD)) ? getCertFileName(str) : getKeyStoreFileName(str);
                if (certFileName.exists()) {
                    certFileName.getFile().delete();
                }
                TableCertificates.unregCSId(writableDatabase, findCSId.getInt(findCSId.getColumnIndex("_id")));
                TableGroups.deleteUser(writableDatabase, str);
                writableDatabase.setTransactionSuccessful();
            }
        } finally {
            writableDatabase.endTransaction();
            writableDatabase.close();
        }
    }

    public void deleteGroups(Collection<String> collection) {
        SQLiteDatabase writableDatabase = new DatabaseHelper(this._context).getWritableDatabase();
        writableDatabase.beginTransaction();
        try {
            Iterator<String> it2 = collection.iterator();
            while (it2.hasNext()) {
                TableGroups.deleteGroup(writableDatabase, it2.next());
            }
            writableDatabase.setTransactionSuccessful();
        } finally {
            writableDatabase.endTransaction();
            writableDatabase.close();
        }
    }

    public void exportCSId(Path path, String str, String str2, boolean z) throws Exception {
        if (path.isDirectory()) {
            path = path.combine(str + (z ? ".id" : ".pid"));
        }
        File file = null;
        try {
            if (z) {
                file = ((StdFsPath) getKeyStoreFileName(str)).getJavaFile();
            } else {
                File file2 = new File(this._context.getCacheDir(), str + "." + CER_EXTENSION);
                try {
                    exportPubKS(getKeyStore(str, str2), StdFs.getStdFs().getPath(file2.getPath()));
                    file = file2;
                } catch (Throwable th) {
                    th = th;
                    file = file2;
                    if (!z && file != null) {
                        file.delete();
                    }
                    throw th;
                }
            }
            File createTempFile = File.createTempFile("zip", null);
            if (!z) {
                str2 = null;
            }
            try {
                makeIdFile(file, createTempFile, str2);
                com.sovworks.eds.fs.util.Util.copyFile(StdFs.getStdFs().getPath(createTempFile.getPath()), path);
                if (z || file == null) {
                    return;
                }
                file.delete();
            } finally {
                createTempFile.delete();
            }
        } catch (Throwable th2) {
            th = th2;
            if (!z) {
                file.delete();
            }
            throw th;
        }
    }

    public void exportCSId(Path path, String str, boolean z) throws Exception {
        exportCSId(path, str, getKeyStorePassword(str), z);
    }

    public CSIdInfo getCSIdInfo(String str) {
        SQLiteDatabase readableDatabase = this._dbh.getReadableDatabase();
        try {
            Cursor findCSId = TableCertificates.findCSId(readableDatabase, str);
            try {
                return findCSId.moveToNext() ? getCertInfoFromCursor(findCSId) : null;
            } finally {
                findCSId.close();
            }
        } finally {
            readableDatabase.close();
        }
    }

    public DecryptionData getDecryptionKeyAndCert(String str) throws CertManagerException {
        KeyStore keyStore = getKeyStore(str);
        if (keyStore == null) {
            throw new CertManagerException("There is no key store file for " + str);
        }
        try {
            String nextElement = keyStore.aliases().nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, new char[0]);
            DecryptionData decryptionData = new DecryptionData();
            decryptionData.cert = x509Certificate;
            decryptionData.key = privateKey;
            return decryptionData;
        } catch (Exception e) {
            throw new CertManagerException("Failed getting cert and private key from key store for " + str, e);
        }
    }

    public ArrayList<X509Certificate> getEncryptionCerts(String str) throws CertManagerException {
        SQLiteDatabase readableDatabase = this._dbh.getReadableDatabase();
        try {
            Cursor findCSId = TableCertificates.findCSId(readableDatabase, str);
            try {
                if (!findCSId.moveToFirst()) {
                    throw new CertManagerException("There is no certificate for " + str);
                }
                ArrayList<X509Certificate> arrayList = new ArrayList<>();
                if (getKeyStorePassword(findCSId) == null) {
                    X509Certificate certFromCursor = getCertFromCursor(findCSId);
                    if (certFromCursor == null) {
                        throw new CertManagerException("There is no certificate file for " + str);
                    }
                    arrayList.add(certFromCursor);
                } else {
                    KeyStore keyStoreFromCursor = getKeyStoreFromCursor(findCSId);
                    if (keyStoreFromCursor == null) {
                        throw new CertManagerException("There is no keystore file for " + str);
                    }
                    try {
                        Enumeration<String> aliases = keyStoreFromCursor.aliases();
                        while (aliases.hasMoreElements()) {
                            arrayList.add((X509Certificate) keyStoreFromCursor.getCertificate(aliases.nextElement()));
                        }
                    } catch (Exception e) {
                        throw new CertManagerException("Failed extracting certificates", e);
                    }
                }
                return arrayList;
            } finally {
                findCSId.close();
            }
        } finally {
            readableDatabase.close();
        }
    }

    public ArrayList<String> importCSId(Path path, String str, boolean z) throws CertManagerException {
        ArrayList<String> importCSKeys = importCSKeys(path, str, false, true, z);
        if (importCSKeys.isEmpty()) {
            throw new CertManagerException("Private key store not found");
        }
        return importCSKeys;
    }

    public ArrayList<String> importCSKeys(Path path, String str, boolean z, boolean z2, boolean z3) throws CertManagerException {
        try {
            getCertsPath(this._context).makeFullPath();
            SQLiteDatabase writableDatabase = this._dbh.getWritableDatabase();
            try {
                ZipFile zipFile = new ZipFile(getJavaFile(path));
                if (zipFile.isEncrypted() && str != null) {
                    zipFile.setPassword(str);
                }
                writableDatabase.beginTransaction();
                try {
                    List fileHeaders = zipFile.getFileHeaders();
                    ArrayList<String> arrayList = new ArrayList<>();
                    for (int i = 0; i < fileHeaders.size(); i++) {
                        FileHeader fileHeader = (FileHeader) fileHeaders.get(i);
                        if (fileHeader != null && !fileHeader.isDirectory()) {
                            PathUtil pathUtil = new PathUtil(fileHeader.getFileName());
                            String fileExtension = pathUtil.getFileExtension();
                            if ((fileExtension.equalsIgnoreCase(CER_EXTENSION) || fileExtension.equalsIgnoreCase(PFX_EXTENSION)) && ((z2 || !fileExtension.equalsIgnoreCase(PFX_EXTENSION)) && (z || !fileExtension.equalsIgnoreCase(CER_EXTENSION)))) {
                                String fileNameWithoutExtension = pathUtil.getFileNameWithoutExtension();
                                if (!z3) {
                                    checkNewName(writableDatabase, fileNameWithoutExtension);
                                }
                                ZipInputStream inputStream = zipFile.getInputStream(fileHeader);
                                try {
                                    if (fileExtension.equalsIgnoreCase(CER_EXTENSION)) {
                                        importCert(inputStream, fileNameWithoutExtension);
                                    } else {
                                        importPrivateKeyAndCert(inputStream, fileNameWithoutExtension, str);
                                    }
                                    inputStream.close();
                                    registerCSId(writableDatabase, fileNameWithoutExtension, str);
                                    arrayList.add(fileNameWithoutExtension);
                                } catch (Throwable th) {
                                    inputStream.close();
                                    throw th;
                                }
                            }
                        }
                    }
                    writableDatabase.setTransactionSuccessful();
                    return arrayList;
                } finally {
                    writableDatabase.endTransaction();
                }
            } finally {
                writableDatabase.close();
            }
        } catch (Exception e) {
            throw new CertManagerException("Failed adding certificate " + path + ": " + e.getMessage(), e);
        }
    }

    public ArrayList<String> importCSPid(Path path, boolean z) throws CertManagerException {
        ArrayList<String> importCSKeys = importCSKeys(path, null, true, false, z);
        if (importCSKeys.isEmpty()) {
            throw new CertManagerException("Failed importing key: cer file not found");
        }
        return importCSKeys;
    }

    public boolean isCSIdRegistered(String str) {
        SQLiteDatabase readableDatabase = this._dbh.getReadableDatabase();
        try {
            Cursor findCSId = TableCertificates.findCSId(readableDatabase, str);
            try {
                return findCSId.moveToFirst();
            } finally {
                findCSId.close();
            }
        } finally {
            readableDatabase.close();
        }
    }

    public Collection<CSIdInfo> listCSIdsInfo() {
        SQLiteDatabase readableDatabase = this._dbh.getReadableDatabase();
        try {
            Cursor listCSIds = TableCertificates.listCSIds(readableDatabase);
            try {
                ArrayList arrayList = new ArrayList();
                while (listCSIds.moveToNext()) {
                    arrayList.add(getCertInfoFromCursor(listCSIds));
                }
                return arrayList;
            } finally {
                listCSIds.close();
            }
        } finally {
            readableDatabase.close();
        }
    }
}
