package com.boingo.pal.vpn;

import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.os.Environment;
import androidx.security.Credentials;
import com.boingo.lib.common.CommonConstants;
import com.boingo.lib.engine.BWCommonEngine;
import com.boingo.lib.engine.EngineExceptions;
import com.boingo.lib.util.TraceLogger;
import com.boingo.lib.vpn.VpnConstants;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.openssl.PEMWriter;

/* loaded from: classes.dex */
public class BoingoVpnCertInstaller {
    private static final String BOINGO_VPN_CERT_PASSWORD = "boingovpn";
    private static final int CERTFILE_MAX_LENGTH = 1000000;
    private static BoingoVpnCertInstaller mInstance = null;
    protected final Context mContext;
    private PrivateKey mUserKey = null;
    private X509Certificate mUserCert = null;
    private List<X509Certificate> mCaCerts = null;
    private File mCertFile = null;
    private File mCertFile2 = null;
    private String mName = CommonConstants.EMPTY_STRING;
    protected final BWCommonEngine mEngine = BWCommonEngine.instance();
    private final TraceLogger mLogger = TraceLogger.instance();

    protected BoingoVpnCertInstaller(Context context) {
        this.mContext = context;
    }

    private byte[] convertToPem(Object... objArr) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(byteArrayOutputStream));
            for (Object obj : objArr) {
                pEMWriter.writeObject(obj);
            }
            pEMWriter.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private Intent createSystemInstallIntent() {
        Intent intent = new Intent(Credentials.SYSTEM_INSTALL_ACTION);
        intent.setClassName("com.android.settings", "com.android.settings.CredentialInstaller");
        if (this.mUserKey != null) {
            intent.putExtra(Credentials.USER_PRIVATE_KEY + this.mName, convertToPem(this.mUserKey));
        }
        if (this.mUserCert != null) {
            intent.putExtra(Credentials.USER_CERTIFICATE + this.mName, convertToPem(this.mUserCert));
        }
        if (!this.mCaCerts.isEmpty()) {
            intent.putExtra(Credentials.CA_CERTIFICATE + this.mName, convertToPem(this.mCaCerts.toArray(new X509Certificate[this.mCaCerts.size()])));
        }
        intent.addFlags(268435456);
        return intent;
    }

    public static BoingoVpnCertInstaller getInstance() {
        return mInstance;
    }

    private boolean installCertData(byte[] bArr, String str) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance(Credentials.PKCS12);
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(str.toCharArray());
        keyStore.load(new ByteArrayInputStream(bArr), passwordProtection.getPassword());
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            return false;
        }
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
            this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, " Extracted alias = " + nextElement + " entry = " + entry.getClass(), new Object[0]);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                this.mName = nextElement;
                return installFrom((KeyStore.PrivateKeyEntry) entry);
            }
        }
        return true;
    }

    private synchronized boolean installFrom(KeyStore.PrivateKeyEntry privateKeyEntry) {
        synchronized (this) {
            this.mUserKey = privateKeyEntry.getPrivateKey();
            this.mUserCert = (X509Certificate) privateKeyEntry.getCertificate();
            Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
            this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "# certs extracted = " + certificateChain.length, new Object[0]);
            this.mCaCerts = new ArrayList(certificateChain.length);
            for (Certificate certificate : certificateChain) {
                X509Certificate x509Certificate = (X509Certificate) certificate;
                if (isCa(x509Certificate)) {
                    this.mCaCerts.add(x509Certificate);
                }
            }
            this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, " Number of CA certs extracted = " + this.mCaCerts.size(), new Object[0]);
        }
        return true;
    }

    public static synchronized BoingoVpnCertInstaller instance(Context context) {
        BoingoVpnCertInstaller boingoVpnCertInstaller;
        synchronized (BoingoVpnCertInstaller.class) {
            if (mInstance == null) {
                mInstance = new BoingoVpnCertInstaller(context);
            }
            boingoVpnCertInstaller = mInstance;
        }
        return boingoVpnCertInstaller;
    }

    private boolean isCa(X509Certificate x509Certificate) {
        try {
            return new BasicConstraints(new ASN1InputStream(new ASN1InputStream(x509Certificate.getExtensionValue("2.5.29.19")).readObject().getOctets()).readObject()).isCA();
        } catch (Exception e) {
            this.mLogger.writeErrorTrace(0, VpnConstants.MODULE_NAME, "isCa exception = " + e.getMessage(), new Object[0]);
            return false;
        }
    }

    private byte[] readCert(File file) {
        try {
            byte[] bArr = new byte[(int) file.length()];
            FileInputStream fileInputStream = new FileInputStream(file);
            fileInputStream.read(bArr);
            fileInputStream.close();
            return bArr;
        } catch (Exception e) {
            this.mLogger.writeErrorTrace(0, VpnConstants.MODULE_NAME, "readCert exception()" + e.getMessage(), new Object[0]);
            return null;
        }
    }

    public boolean copyCerttoStorage() throws EngineExceptions.ExternalStorageException {
        boolean z;
        FileOutputStream fileOutputStream = null;
        boolean z2 = true;
        File file = new File(this.mEngine.getDataDir(), "boingovpncert.p12");
        if (file.exists()) {
            if (!Environment.getExternalStorageState().equals("mounted")) {
                this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "copyCertToStorage throwing externalstorageexception ", new Object[0]);
                throw new EngineExceptions.ExternalStorageException();
            }
            this.mCertFile2 = null;
            try {
                String str = Environment.getExternalStorageDirectory().getAbsolutePath() + File.separator + "external_sd/";
                if (new File(str).exists()) {
                    this.mCertFile = new File(str + "boingovpncert.p12");
                    z = true;
                } else {
                    z = false;
                }
            } catch (IOException e) {
                this.mLogger.writeErrorTrace(0, VpnConstants.MODULE_NAME, "copyCertToStorage exception = " + e.getMessage(), new Object[0]);
            }
            if (!Environment.getExternalStorageDirectory().exists()) {
                throw new EngineExceptions.ExternalStorageException();
            }
            if (z) {
                this.mCertFile2 = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + File.separator + "boingovpncert.p12");
            } else {
                this.mCertFile = new File(Environment.getExternalStorageDirectory().getAbsolutePath() + File.separator + "boingovpncert.p12");
            }
            if (this.mCertFile != null && this.mCertFile.exists()) {
                this.mCertFile.delete();
            }
            if (this.mCertFile2 != null) {
                if (this.mCertFile2.exists()) {
                    this.mCertFile2.delete();
                }
                fileOutputStream = new FileOutputStream(this.mCertFile2);
            }
            FileOutputStream fileOutputStream2 = new FileOutputStream(this.mCertFile);
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[1024];
            if (fileInputStream == null || fileOutputStream2 == null) {
                return false;
            }
            while (true) {
                int read = fileInputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                fileOutputStream2.write(bArr, 0, read);
                if (fileOutputStream != null) {
                    fileOutputStream.write(bArr, 0, read);
                }
            }
            fileInputStream.close();
            fileOutputStream2.flush();
            fileOutputStream2.close();
            if (fileOutputStream != null) {
                fileOutputStream.flush();
                fileOutputStream.close();
            }
            this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "copyCertToStorage returning : " + z2, new Object[0]);
            return z2;
        }
        z2 = false;
        this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "copyCertToStorage returning : " + z2, new Object[0]);
        return z2;
    }

    public void deleteCopiedCertFiles() {
        if (this.mCertFile != null && this.mCertFile.exists()) {
            this.mCertFile.delete();
        }
        if (this.mCertFile2 == null || !this.mCertFile2.exists()) {
            return;
        }
        this.mCertFile2.delete();
    }

    public boolean installCertificate() throws EngineExceptions.ExternalStorageException {
        boolean z;
        if (copyCerttoStorage() && this.mCertFile != null && this.mCertFile.exists()) {
            try {
                Intent intent = new Intent(Credentials.INSTALL_ACTION);
                intent.addFlags(268435456);
                this.mContext.startActivity(intent);
                z = true;
            } catch (ActivityNotFoundException e) {
                z = false;
            }
            if (z) {
                return true;
            }
        } else {
            z = false;
        }
        if (copyCerttoStorage() && this.mCertFile != null && this.mCertFile.exists()) {
            long length = this.mCertFile.length();
            if (length < 1000000) {
                byte[] readCert = readCert(this.mCertFile);
                if (readCert == null) {
                    this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "Could not read byte data from certificate ", new Object[0]);
                    return false;
                }
                try {
                    z = installCertData(readCert, BOINGO_VPN_CERT_PASSWORD);
                } catch (Exception e2) {
                    this.mLogger.writeErrorTrace(0, VpnConstants.MODULE_NAME, "installCertData exception = " + e2.getMessage(), new Object[0]);
                }
            } else {
                this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, " length of cert bytes [" + length + "] is larger than max length [" + CERTFILE_MAX_LENGTH + "]", new Object[0]);
            }
        } else {
            this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "Boingo certificate file does not exist", new Object[0]);
        }
        this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, " installCertificate() , certDataInstalled = " + z, new Object[0]);
        if (z) {
            this.mLogger.writeInfoTrace(VpnConstants.MODULE_NAME, "Cert data extracted, continuing system install", new Object[0]);
            if (this.mUserKey != null || this.mUserCert != null || !this.mCaCerts.isEmpty()) {
                this.mEngine.setVpnCertInstalled(true);
                try {
                    this.mContext.startActivity(createSystemInstallIntent());
                } catch (ActivityNotFoundException e3) {
                    this.mLogger.writeErrorTrace(0, VpnConstants.MODULE_NAME, "System cert install activity exception = " + e3.getMessage(), new Object[0]);
                }
            }
        }
        return z;
    }
}
