package com.cybersafesoft.cybersafe.mobile.sync;

import android.annotation.SuppressLint;
import android.util.Base64;
import com.cybersafesoft.cybersafe.mobile.R;
import com.cybersafesoft.cybersafe.mobile.certs.CertManager;
import com.cybersafesoft.cybersafe.mobile.sync.CSEncryptedFileInfo;
import com.sovworks.eds.android.EdsApplication;
import com.sovworks.eds.android.helpers.Logger;
import com.sovworks.eds.crypto.SimpleCrypto;
import com.sovworks.eds.fs.Path;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.io.Writer;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.mail.internet.MimeBodyPart;
import org.bouncycastle.cms.CMSAlgorithm;
import org.bouncycastle.cms.CMSEnvelopedDataStreamGenerator;
import org.bouncycastle.cms.RecipientInformation;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEEnveloped;

/* loaded from: classes.dex */
public class CSCloudConf {
    public static final String DEFAULT_FILE_NAME = "cybersafe.cloud.conf";
    private static final String OPENSSL_PROVIDER_NAME = "OpenSSL";
    private static final String PARAM_CS_ADMIN_CERT_NAME = "CSAdminCert";
    private static final String PARAM_CS_CERTS_LIST = "CSCertList";
    private static final String PARAM_CS_KEY = "CSKey";
    private static final String PARAM_CS_KEY_ID = "CSKeyID";
    private static final String PARAM_CS_PROVIDER = "CSProvider";
    private String _adminCert;
    private Collection<CertManager.CSIdInfo> _certsList;
    private String _keyId;
    private String _password;
    private final Path _path;
    private String _provider;
    private final String _userCertName;

    /* loaded from: classes.dex */
    public static class ConfigException extends Exception {
        private static final long serialVersionUID = 1;

        public ConfigException(String str) {
            super(str);
        }

        public ConfigException(String str, Throwable th) {
            super(str, th);
        }

        public ConfigException(Throwable th) {
            super(th);
        }
    }

    /* loaded from: classes.dex */
    public static class NoCertsAvailableException extends ConfigException {
        public NoCertsAvailableException() {
            super(EdsApplication.getAppContext().getString(R.string.certs_not_available));
        }
    }

    public CSCloudConf(Path path, String str) {
        this._path = path;
        this._userCertName = str;
    }

    private String decryptPassword(X509Certificate x509Certificate, PrivateKey privateKey, String str) throws ConfigException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(("MIME-Version: 1.0\nContent-Disposition: attachment; filename=\"smime.p7m\"\nContent-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name=\"smime.p7m\"\nContent-Transfer-Encoding: base64\n\n" + Base64.encodeToString(str.getBytes("Cp1251"), 0)).getBytes());
            try {
                MimeBodyPart mimeBodyPart = new MimeBodyPart(byteArrayInputStream);
                byteArrayInputStream.close();
                RecipientInformation recipientInformation = new SMIMEEnveloped(mimeBodyPart).getRecipientInfos().get(new JceKeyTransRecipientId(x509Certificate));
                if (recipientInformation == null) {
                    throw new ConfigException("Failed decrypting key");
                }
                JceKeyTransEnvelopedRecipient jceKeyTransEnvelopedRecipient = new JceKeyTransEnvelopedRecipient(privateKey);
                jceKeyTransEnvelopedRecipient.setProvider(BouncyCastleProvider.PROVIDER_NAME);
                jceKeyTransEnvelopedRecipient.setContentProvider(BouncyCastleProvider.PROVIDER_NAME);
                return new String(recipientInformation.getContent(jceKeyTransEnvelopedRecipient));
            } catch (Throwable th) {
                byteArrayInputStream.close();
                throw th;
            }
        } catch (Exception e) {
            throw new ConfigException("Failed decrypting key", e);
        }
    }

    private String encodeCertList() {
        String str = "";
        if (!this._certsList.isEmpty()) {
            StringBuilder sb = new StringBuilder();
            for (CertManager.CSIdInfo cSIdInfo : this._certsList) {
                sb.append(cSIdInfo.name).append('=').append(cSIdInfo.serial == null ? "" : cSIdInfo.serial).append('\n');
            }
            sb.deleteCharAt(sb.length() - 1);
            str = sb.toString();
        }
        return Base64.encodeToString(str.getBytes(), 0);
    }

    private String encodePassword() throws ConfigException {
        try {
            CertManager certManager = getCertManager();
            ArrayList arrayList = new ArrayList();
            Iterator<CertManager.CSIdInfo> it2 = this._certsList.iterator();
            while (it2.hasNext()) {
                arrayList.addAll(certManager.getEncryptionCerts(it2.next().name));
            }
            if (arrayList.isEmpty()) {
                throw new ConfigException("Empty certificates list");
            }
            CMSEnvelopedDataStreamGenerator cMSEnvelopedDataStreamGenerator = new CMSEnvelopedDataStreamGenerator();
            Iterator it3 = arrayList.iterator();
            while (it3.hasNext()) {
                cMSEnvelopedDataStreamGenerator.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator((X509Certificate) it3.next()).setProvider(BouncyCastleProvider.PROVIDER_NAME));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            OutputStream open = cMSEnvelopedDataStreamGenerator.open(byteArrayOutputStream, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_CBC).setProvider(BouncyCastleProvider.PROVIDER_NAME).build());
            try {
                open.write(this._password.getBytes());
                open.close();
                return new String(Base64.encode(new String(byteArrayOutputStream.toByteArray(), "Cp1251").getBytes("UTF-8"), 0));
            } catch (Throwable th) {
                open.close();
                throw th;
            }
        } catch (ConfigException e) {
            throw e;
        } catch (Exception e2) {
            throw new ConfigException("Failed encrypting password", e2);
        }
    }

    private CertManager getCertManager() throws ConfigException {
        try {
            return CertManager.getCertManager();
        } catch (Exception e) {
            throw new ConfigException(e);
        }
    }

    private CertManager.DecryptionData getPrivateKeyAndCert() throws CertManager.CertManagerException, ConfigException {
        return getCertManager().getDecryptionKeyAndCert(this._userCertName);
    }

    private boolean isCertInList(String str) {
        Iterator<CertManager.CSIdInfo> it2 = this._certsList.iterator();
        while (it2.hasNext()) {
            if (it2.next().name.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private String parseAdminCert(String str) {
        if (str == null) {
            return null;
        }
        return new String(Base64.decode(str, 0));
    }

    private Collection<CertManager.CSIdInfo> parseCertNamesList(String str) {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            try {
                BufferedReader bufferedReader = new BufferedReader(new StringReader(new String(Base64.decode(str, 0))));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String[] split = readLine.split("=", 2);
                        CertManager.CSIdInfo cSIdInfo = new CertManager.CSIdInfo();
                        cSIdInfo.name = split[0];
                        if (split.length > 1) {
                            cSIdInfo.serial = split[1];
                        }
                        arrayList.add(cSIdInfo);
                    } finally {
                        bufferedReader.close();
                    }
                }
            } catch (IOException e) {
                Logger.log(e);
            }
        }
        return arrayList;
    }

    private void parseLine(String str, Map<String, String> map) {
        String[] split = str.split("=", 2);
        if (split.length < 2) {
            return;
        }
        map.put(split[0], split[1]);
    }

    private String parsePassword(String str) throws ConfigException {
        if (str == null) {
            throw new ConfigException("CSKey is not specified");
        }
        if (!OPENSSL_PROVIDER_NAME.equalsIgnoreCase(this._provider)) {
            throw new ConfigException("Unsupported provider: " + this._provider);
        }
        try {
            CertManager.DecryptionData privateKeyAndCert = getPrivateKeyAndCert();
            return decryptPassword(privateKeyAndCert.cert, privateKeyAndCert.key, new String(Base64.decode(str, 0)));
        } catch (CertManager.CertManagerException e) {
            throw new ConfigException("Can't decrypt final key", e);
        }
    }

    private void writeParam(Writer writer, String str, String str2, boolean z) throws IOException {
        writer.write(str + '=' + str2.replaceAll("\n", "").replaceAll("\r", ""));
        if (z) {
            writer.write(10);
        }
    }

    public void addCert(String str) throws ConfigException {
        if (isCertInList(str)) {
            return;
        }
        CertManager.CSIdInfo cSIdInfo = getCertManager().getCSIdInfo(str);
        if (cSIdInfo == null) {
            throw new ConfigException("There is no certificate for " + str);
        }
        this._certsList.add(cSIdInfo);
    }

    public String getKeyId() {
        return this._keyId;
    }

    public String getPassword() {
        return this._password;
    }

    public void init() throws IOException, ConfigException, CertManager.MasterPasswordIsNotSetException {
        if (this._path.exists()) {
            try {
                load();
                return;
            } catch (Exception e) {
                Logger.log(e);
            }
        }
        initNew();
        save();
    }

    @SuppressLint({"TrulyRandom"})
    public void initNew() throws NoCertsAvailableException, CertManager.MasterPasswordIsNotSetException {
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[CSEncryptedFileInfo.CSHeader.ATE_KEY_ID_SIZE];
        secureRandom.nextBytes(bArr);
        this._keyId = SimpleCrypto.toHex(bArr);
        this._adminCert = this._userCertName;
        this._certsList = CertManager.getCertManager().listCSIdsInfo();
        if (this._certsList.isEmpty()) {
            throw new NoCertsAvailableException();
        }
        this._provider = OPENSSL_PROVIDER_NAME;
        byte[] bArr2 = new byte[256];
        secureRandom.nextBytes(bArr2);
        this._password = SimpleCrypto.toHex(bArr2);
    }

    public void load() throws IOException, ConfigException {
        HashMap hashMap = new HashMap();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this._path.getFile().getInputStream(), Charset.defaultCharset()));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                } else {
                    parseLine(readLine, hashMap);
                }
            } catch (Throwable th) {
                bufferedReader.close();
                throw th;
            }
        }
        bufferedReader.close();
        this._adminCert = parseAdminCert(hashMap.get(PARAM_CS_ADMIN_CERT_NAME));
        this._keyId = hashMap.get(PARAM_CS_KEY_ID);
        this._certsList = parseCertNamesList(hashMap.get(PARAM_CS_CERTS_LIST));
        this._provider = hashMap.get(PARAM_CS_PROVIDER);
        this._password = parsePassword(hashMap.get(PARAM_CS_KEY));
        if (this._password == null || this._password.length() < 256) {
            throw new ConfigException("Invalid password string");
        }
    }

    public void save() throws IOException, ConfigException {
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(this._path.getFile().getOutputStream());
        try {
            writeParam(outputStreamWriter, PARAM_CS_KEY, encodePassword(), true);
            writeParam(outputStreamWriter, PARAM_CS_KEY_ID, this._keyId, true);
            writeParam(outputStreamWriter, PARAM_CS_ADMIN_CERT_NAME, Base64.encodeToString(this._adminCert.getBytes(), 0), true);
            writeParam(outputStreamWriter, PARAM_CS_PROVIDER, this._provider, true);
            writeParam(outputStreamWriter, PARAM_CS_CERTS_LIST, encodeCertList(), false);
        } finally {
            outputStreamWriter.close();
        }
    }

    public void setCertsList(Iterable<String> iterable) throws ConfigException {
        this._certsList = new ArrayList();
        Iterator<String> it2 = iterable.iterator();
        while (it2.hasNext()) {
            addCert(it2.next());
        }
    }
}
