package com.airwatch.storage;

import android.content.SharedPreferences;
import android.os.Bundle;
import android.text.TextUtils;
import android.util.Base64;
import com.airwatch.app.OpenForTesting;
import com.airwatch.crypto.openssl.OpenSSLCryptUtil;
import com.airwatch.data.content.ContentPath;
import com.airwatch.gateway.ConsoleVersion;
import com.airwatch.sdk.certificate.CertificateFetchResponse;
import com.airwatch.sdk.configuration.SDKConfigurationKeys;
import com.airwatch.sdk.context.SDKContextManager;
import com.airwatch.storage.PreferenceErrorListener;
import com.airwatch.storage.SDKKeyStore;
import com.airwatch.util.Logger;
import com.airwatch.util.ReportAdapterUtil;
import com.microsoft.identity.common.internal.cache.CacheKeyValueDelegate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.json.JSONException;
import org.json.JSONObject;

@OpenForTesting
@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u000e\b\u0017\u0018\u0000 22\u00020\u0001:\u00012B\u0005¢\u0006\u0002\u0010\u0002J\u001c\u0010\b\u001a\b\u0012\u0004\u0012\u00020\u00040\t2\f\u0010\n\u001a\b\u0012\u0004\u0012\u00020\f0\u000bH\u0002J\r\u0010\r\u001a\u00020\u000eH\u0011¢\u0006\u0002\b\u000fJ\u001e\u0010\u0010\u001a\u0010\u0012\u0004\u0012\u00020\u0004\u0012\u0004\u0012\u00020\u0012\u0018\u00010\u00112\u0006\u0010\u0013\u001a\u00020\u0004H\u0016J\u0012\u0010\u0014\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u0013\u001a\u00020\u0004H\u0016J\u0017\u0010\u0016\u001a\u0004\u0018\u00010\u00152\u0006\u0010\u0013\u001a\u00020\u0004H\u0010¢\u0006\u0002\b\u0017J\u0010\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u0013\u001a\u00020\u0004H\u0002J\r\u0010\u001a\u001a\u00020\u0019H\u0011¢\u0006\u0002\b\u001bJ\b\u0010\u001c\u001a\u00020\u0019H\u0002J\u001f\u0010\u001d\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010\u001f\u001a\u00020\u0004H\u0011¢\u0006\u0002\b J\u001a\u0010!\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010\"\u001a\u00020#H\u0016J\u0018\u0010$\u001a\u00020%2\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010\"\u001a\u00020#H\u0016J\b\u0010&\u001a\u00020%H\u0002J\b\u0010'\u001a\u00020%H\u0002J\u001d\u0010(\u001a\u00020%2\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010)\u001a\u00020\u0012H\u0011¢\u0006\u0002\b*J\u0010\u0010+\u001a\u00020%2\u0006\u0010,\u001a\u00020\u001eH\u0016J\u001d\u0010-\u001a\u00020%2\u0006\u0010\u0013\u001a\u00020\u00042\u0006\u0010.\u001a\u00020\u0015H\u0011¢\u0006\u0002\b/J\u0016\u00100\u001a\u00020%2\f\u00101\u001a\b\u0012\u0004\u0012\u00020\u00040\tH\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0006\u001a\n \u0005*\u0004\u0018\u00010\u00070\u0007X\u0082\u0004¢\u0006\u0002\n\u0000¨\u00063"}, d2 = {"Lcom/airwatch/storage/SDKKeyStoreUtils;", "", "()V", "TAG", "", "kotlin.jvm.PlatformType", "sdkKeyStore", "Lcom/airwatch/storage/SDKKeyStore;", "getCertIssuersList", "Ljava/util/HashSet;", "certBundleList", "", "Landroid/os/Bundle;", "getConsoleVersion", "Lcom/airwatch/gateway/ConsoleVersion;", "getConsoleVersion$AWFramework_release", "getLeafCertificates", "", "Ljava/security/cert/X509Certificate;", org.apache.tika.metadata.Metadata.IDENTIFIER, "getPKCS12", "Ljava/security/KeyStore;", "getPKCS12TrimmedAlias", "getPKCS12TrimmedAlias$AWFramework_release", "migrateEntryData", "", "migrateFromPreferencesToSDKKeyStore", "migrateFromPreferencesToSDKKeyStore$AWFramework_release", "migrateIAEntry", "parseCertificateEntry", "Lcom/airwatch/sdk/certificate/CertificateFetchResponse;", "certificateString", "parseCertificateEntry$AWFramework_release", "parseCertificateResponse", "certificateResponse", "Lorg/json/JSONObject;", "parseCertificateResponseAndStore", "", "removeIAFromPreferences", "removeTunnelEntry", "saveCertificate", ContentPath.PATH_CERTIFICATE, "saveCertificate$AWFramework_release", "saveCertificateResponse", "certificateFetchResponse", "saveKeyStore", "keyStore", "saveKeyStore$AWFramework_release", "setCertIssuerList", "newCertList", "Companion", "AWFramework_release"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes4.dex */
public class SDKKeyStoreUtils {
    private static final String PEM_FOOTER_CERTIFICATE = "-----END CERTIFICATE-----";
    private static final String PEM_HEADER_CERTIFICATE = "-----BEGIN CERTIFICATE-----\n";
    private static final String TUNNEL_SDK_CLIENT_CERT_ALIAS = "tunnelsdkclientcertalias";
    private static final String certPrefix = "certificate:";
    private final String TAG = SDKKeyStoreUtils.class.getSimpleName();
    private final SDKKeyStore sdkKeyStore = SDKContextManager.getSDKContext().getKeyStore();

    private final HashSet<String> getCertIssuersList(List<Bundle> certBundleList) {
        HashSet<String> hashSet = new HashSet<>();
        for (Bundle bundle : certBundleList) {
            String string = bundle.getString(SDKConfigurationKeys.CERTIFICATE_ISSUER);
            if (string == null) {
                string = bundle.getString("ConfigurationGroupID");
            }
            if (string != null) {
                hashSet.add(string);
            }
        }
        return hashSet;
    }

    private final boolean migrateEntryData(String identifier) {
        SharedPreferences.Editor remove;
        SharedPreferences sDKSecurePreferences = SDKContextManager.getSDKContext().getSDKSecurePreferences();
        SharedPreferences credentialSecurePreferences = SDKContextManager.getSDKContext().getCredentialSecurePreferences();
        try {
            String string = credentialSecurePreferences.getString(Intrinsics.stringPlus(certPrefix, identifier), null);
            if (TextUtils.isEmpty(string)) {
                String string2 = sDKSecurePreferences.getString(Intrinsics.stringPlus(certPrefix, identifier), null);
                if (!TextUtils.isEmpty(string2)) {
                    parseCertificateResponseAndStore(identifier, new JSONObject(string2));
                    remove = sDKSecurePreferences.edit().remove(Intrinsics.stringPlus(certPrefix, identifier));
                }
                return true;
            }
            parseCertificateResponseAndStore(identifier, new JSONObject(string));
            remove = credentialSecurePreferences.edit().remove(Intrinsics.stringPlus(certPrefix, identifier));
            remove.apply();
            return true;
        } catch (Exception e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e(TAG, Intrinsics.stringPlus("Exception while migrating cert with issuer ", identifier), (Throwable) e);
            return false;
        }
    }

    private final boolean migrateIAEntry() {
        SharedPreferences sDKSecurePreferences = SDKContextManager.getSDKContext().getSDKSecurePreferences();
        try {
            String string = SDKContextManager.getSDKContext().getCredentialSecurePreferences().getString("certificate:awIACertAuthAlias", null);
            if (TextUtils.isEmpty(string)) {
                String TAG = this.TAG;
                Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
                Logger.i$default(TAG, "IA cert not available during migrate, skipping IA migrate", null, 4, null);
                return true;
            }
            JSONObject jSONObject = new JSONObject(string);
            String string2 = jSONObject.getString("Password");
            if (!TextUtils.isEmpty(string2) && !StringsKt.equals(string2, "null", true)) {
                List<Bundle> certBundleList = SDKContextManager.getSDKContext().getSDKConfiguration().getSettingList("CertificatesV2");
                Intrinsics.checkNotNullExpressionValue(certBundleList, "certBundleList");
                if (!certBundleList.isEmpty()) {
                    Bundle bundle = certBundleList.get(0);
                    String string3 = bundle.getString(SDKConfigurationKeys.CERTIFICATE_ISSUER);
                    if (string3 == null && (string3 = bundle.getString("ConfigurationGroupID")) == null) {
                        return false;
                    }
                    parseCertificateResponseAndStore(string3, jSONObject);
                    sDKSecurePreferences.edit().putString(SDKSecurePreferencesKeys.IA_CERT_ALIAS, string3).apply();
                    String TAG2 = this.TAG;
                    Intrinsics.checkNotNullExpressionValue(TAG2, "TAG");
                    Logger.i$default(TAG2, "successfully set " + string3 + " as IA on upgrade", null, 4, null);
                }
                removeIAFromPreferences();
                return true;
            }
            String TAG3 = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG3, "TAG");
            Logger.i$default(TAG3, "IA cert is not a keystore, so ignoring entry on upgrade", null, 4, null);
            removeIAFromPreferences();
            return true;
        } catch (Exception e) {
            String TAG4 = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG4, "TAG");
            Logger.e(TAG4, "Exception while migrating cert IA cert", (Throwable) e);
            return false;
        }
    }

    private final void removeIAFromPreferences() {
        SharedPreferences.Editor edit;
        SharedPreferences sDKSecurePreferences = SDKContextManager.getSDKContext().getSDKSecurePreferences();
        SharedPreferences credentialSecurePreferences = SDKContextManager.getSDKContext().getCredentialSecurePreferences();
        if (credentialSecurePreferences.contains("certificate:awIACertAuthAlias")) {
            edit = credentialSecurePreferences.edit();
        } else if (!sDKSecurePreferences.contains("certificate:awIACertAuthAlias")) {
            return;
        } else {
            edit = sDKSecurePreferences.edit();
        }
        edit.remove("certificate:awIACertAuthAlias").apply();
    }

    private final void removeTunnelEntry() {
        SharedPreferences.Editor edit;
        SharedPreferences sDKSecurePreferences = SDKContextManager.getSDKContext().getSDKSecurePreferences();
        SharedPreferences credentialSecurePreferences = SDKContextManager.getSDKContext().getCredentialSecurePreferences();
        if (credentialSecurePreferences.contains("certificate:tunnelsdkclientcertalias")) {
            edit = credentialSecurePreferences.edit();
        } else if (!sDKSecurePreferences.contains("certificate:tunnelsdkclientcertalias")) {
            return;
        } else {
            edit = sDKSecurePreferences.edit();
        }
        edit.remove("certificate:tunnelsdkclientcertalias").apply();
    }

    private final void setCertIssuerList(HashSet<String> newCertList) {
        SDKContextManager.getSDKContext().getSDKSecurePreferences().edit().putStringSet(SDKSecurePreferencesKeys.SDK_CERT_IDENTIFIERS, newCertList).apply();
    }

    public ConsoleVersion getConsoleVersion$AWFramework_release() {
        try {
            ConsoleVersion fromString = ConsoleVersion.fromString(SDKContextManager.getSDKContext().getSDKSecurePreferences().getString(SDKSecurePreferencesKeys.CONSOLE_VERSION, ""));
            Intrinsics.checkNotNullExpressionValue(fromString, "{\n            ConsoleVer…eVersionString)\n        }");
            return fromString;
        } catch (Exception unused) {
            ConsoleVersion consoleVersion = ConsoleVersion.EIGHT_DOT_ZERO;
            Intrinsics.checkNotNullExpressionValue(consoleVersion, "{\n            //Default ….EIGHT_DOT_ZERO\n        }");
            return consoleVersion;
        }
    }

    public Map<String, X509Certificate> getLeafCertificates(String identifier) {
        String alias;
        X509Certificate x509Certificate;
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        try {
            List<SDKKeyStore.Entry> entries = this.sdkKeyStore.getEntries(identifier);
            if (entries == null) {
                return null;
            }
            HashMap hashMap = new HashMap();
            for (SDKKeyStore.Entry entry : entries) {
                if (entry instanceof SDKKeyStore.Entry.PrivateKeyEntry) {
                    alias = entry.getAlias();
                    Intrinsics.checkNotNull(alias);
                    x509Certificate = (X509Certificate) ((SDKKeyStore.Entry.PrivateKeyEntry) entry).getCertificateChain()[0];
                } else if (entry instanceof SDKKeyStore.Entry.CertificateEntry) {
                    alias = entry.getAlias();
                    Intrinsics.checkNotNull(alias);
                    x509Certificate = ((SDKKeyStore.Entry.CertificateEntry) entry).getCertificate();
                }
                hashMap.put(alias, x509Certificate);
            }
            return hashMap;
        } catch (Exception e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e(TAG, Intrinsics.stringPlus("Unable to retrieve and create keystore with Identifier ", identifier), (Throwable) e);
            return null;
        }
    }

    public KeyStore getPKCS12(String identifier) throws CertificateException, KeyStoreException {
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        try {
            List<SDKKeyStore.Entry> entries = this.sdkKeyStore.getEntries(identifier);
            if (entries == null) {
                return null;
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null);
            for (SDKKeyStore.Entry entry : entries) {
                if (entry instanceof SDKKeyStore.Entry.PrivateKeyEntry) {
                    keyStore.setKeyEntry(entry.getAlias(), ((SDKKeyStore.Entry.PrivateKeyEntry) entry).getPrivateKey(), null, ((SDKKeyStore.Entry.PrivateKeyEntry) entry).getCertificateChain());
                } else if (entry instanceof SDKKeyStore.Entry.CertificateEntry) {
                    keyStore.setCertificateEntry(entry.getAlias(), ((SDKKeyStore.Entry.CertificateEntry) entry).getCertificate());
                }
            }
            return keyStore;
        } catch (Exception e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e(TAG, Intrinsics.stringPlus("Unable to retrieve and create keystore with Identifier ", identifier), (Throwable) e);
            return null;
        }
    }

    public KeyStore getPKCS12TrimmedAlias$AWFramework_release(String identifier) {
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        try {
            List<SDKKeyStore.Entry> entries = this.sdkKeyStore.getEntries(identifier);
            if (entries == null) {
                return null;
            }
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null);
            for (SDKKeyStore.Entry entry : entries) {
                if (entry instanceof SDKKeyStore.Entry.PrivateKeyEntry) {
                    String alias = entry.getAlias();
                    keyStore.setKeyEntry(alias == null ? null : StringsKt.removePrefix(alias, (CharSequence) Intrinsics.stringPlus(identifier, CacheKeyValueDelegate.CACHE_VALUE_SEPARATOR)), ((SDKKeyStore.Entry.PrivateKeyEntry) entry).getPrivateKey(), null, ((SDKKeyStore.Entry.PrivateKeyEntry) entry).getCertificateChain());
                } else if (entry instanceof SDKKeyStore.Entry.CertificateEntry) {
                    String alias2 = entry.getAlias();
                    keyStore.setCertificateEntry(alias2 == null ? null : StringsKt.removePrefix(alias2, (CharSequence) Intrinsics.stringPlus(identifier, CacheKeyValueDelegate.CACHE_VALUE_SEPARATOR)), ((SDKKeyStore.Entry.CertificateEntry) entry).getCertificate());
                }
            }
            return keyStore;
        } catch (Exception e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e(TAG, Intrinsics.stringPlus("Unable to retrieve and create keystore with Identifier ", identifier), (Throwable) e);
            return null;
        }
    }

    public boolean migrateFromPreferencesToSDKKeyStore$AWFramework_release() {
        String TAG;
        String str;
        String TAG2 = this.TAG;
        Intrinsics.checkNotNullExpressionValue(TAG2, "TAG");
        Logger.i$default(TAG2, "Started Migrating certificate data from preferences to SDK KeyStore", null, 4, null);
        SharedPreferences credentialSecurePreferences = SDKContextManager.getSDKContext().getCredentialSecurePreferences();
        List<Bundle> certBundleList = SDKContextManager.getSDKContext().getSDKConfiguration().getSettingList("CertificatesV2");
        boolean migrateIAEntry = migrateIAEntry();
        Intrinsics.checkNotNullExpressionValue(certBundleList, "certBundleList");
        HashSet<String> certIssuersList = getCertIssuersList(certBundleList);
        Iterator<Bundle> it = certBundleList.iterator();
        while (it.hasNext()) {
            String string = it.next().getString(SDKConfigurationKeys.CERTIFICATE_ISSUER);
            if (string != null) {
                migrateIAEntry = migrateEntryData(string) && migrateIAEntry;
            }
        }
        removeTunnelEntry();
        SharedPreferences.Editor edit = credentialSecurePreferences.edit();
        Map<String, ?> all = credentialSecurePreferences.getAll();
        Intrinsics.checkNotNullExpressionValue(all, "sdkCredentialSharedPreference.all");
        for (Map.Entry<String, ?> entry : all.entrySet()) {
            try {
                String key = entry.getKey();
                Intrinsics.checkNotNullExpressionValue(key, "it.key");
                parseCertificateResponseAndStore(StringsKt.removePrefix(key, (CharSequence) certPrefix), new JSONObject(credentialSecurePreferences.getString(entry.getKey(), null)));
                edit.remove(entry.getKey());
            } catch (Exception e) {
                String TAG3 = this.TAG;
                Intrinsics.checkNotNullExpressionValue(TAG3, "TAG");
                Logger.e(TAG3, Intrinsics.stringPlus("Exception while migrating cert with issuer ", entry.getKey()), (Throwable) e);
                migrateIAEntry = false;
            }
        }
        edit.apply();
        setCertIssuerList(certIssuersList);
        if (migrateIAEntry) {
            TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            str = "Migrated certificate data from preferences to SDK KeyStore";
        } else {
            ReportAdapterUtil.report(SDKContextManager.getSDKContext().getContext().getApplicationContext(), PreferenceErrorListener.PreferenceErrorCode.CERT_DATA_MIGRATE_FAILED, "Migrating data failed from secure preferences to keystore");
            TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            str = "Migrating data failed from preferences to keystore";
        }
        Logger.i$default(TAG, str, null, 4, null);
        return migrateIAEntry;
    }

    public CertificateFetchResponse parseCertificateEntry$AWFramework_release(String identifier, String certificateString) {
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        Intrinsics.checkNotNullParameter(certificateString, "certificateString");
        try {
            byte[] decode = Base64.decode(certificateString, 0);
            if (getConsoleVersion$AWFramework_release().isLesserThan(ConsoleVersion.NINE_DOT_TWO_ZERO)) {
                OpenSSLCryptUtil openSSLCryptUtil = OpenSSLCryptUtil.getInstance();
                String[] certArrayFromPKCS12 = openSSLCryptUtil == null ? null : openSSLCryptUtil.getCertArrayFromPKCS12(decode, "");
                if (certArrayFromPKCS12 != null) {
                    if (!(certArrayFromPKCS12.length == 0)) {
                        String str = certArrayFromPKCS12[0];
                        Intrinsics.checkNotNullExpressionValue(str, "result[0]");
                        decode = Base64.decode(StringsKt.replace$default(StringsKt.replace$default(str, PEM_HEADER_CERTIFICATE, "", false, 4, (Object) null), PEM_FOOTER_CERTIFICATE, "", false, 4, (Object) null), 0);
                    }
                }
                String TAG = this.TAG;
                Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
                Logger.e$default(TAG, "Unable to create X509Certificate from pkcs12", null, 4, null);
                return null;
            }
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode));
            if (generateCertificate != null) {
                return new CertificateFetchResponse.CertificateResponse(identifier, (X509Certificate) generateCertificate);
            }
            throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        } catch (CertificateException e) {
            String TAG2 = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG2, "TAG");
            Logger.e$default(TAG2, Intrinsics.stringPlus("Certificate exception while generating certificateString with ", identifier), null, 4, null);
            throw e;
        }
    }

    public CertificateFetchResponse parseCertificateResponse(String identifier, JSONObject certificateResponse) throws CertificateException, KeyStoreException, JSONException, NoSuchAlgorithmException, IOException {
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        Intrinsics.checkNotNullParameter(certificateResponse, "certificateResponse");
        try {
            String certificate = certificateResponse.getString("Pkcs12");
            if (!TextUtils.isEmpty(certificate) && !StringsKt.equals(certificate, "null", true)) {
                String password = certificateResponse.getString("Password");
                if (!TextUtils.isEmpty(password) && !StringsKt.equals(password, "null", true)) {
                    KeyStore keyStore = KeyStore.getInstance("PKCS12");
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(certificate, 0));
                    Intrinsics.checkNotNullExpressionValue(password, "password");
                    char[] charArray = password.toCharArray();
                    Intrinsics.checkNotNullExpressionValue(charArray, "(this as java.lang.String).toCharArray()");
                    keyStore.load(byteArrayInputStream, charArray);
                    Intrinsics.checkNotNullExpressionValue(keyStore, "keyStore");
                    return new CertificateFetchResponse.KeyStoreResponse(identifier, keyStore);
                }
                Intrinsics.checkNotNullExpressionValue(certificate, "certificate");
                return parseCertificateEntry$AWFramework_release(identifier, certificate);
            }
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e$default(TAG, "Attempting to store invalid certificate in SDK Keystore. Ignoring.", null, 4, null);
            return null;
        } catch (Exception e) {
            String TAG2 = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG2, "TAG");
            Logger.e(TAG2, Intrinsics.stringPlus("Exception while parsing certificate data with issuer ", identifier), (Throwable) e);
            throw e;
        }
    }

    public void parseCertificateResponseAndStore(String identifier, JSONObject certificateResponse) throws CertificateException, KeyStoreException, JSONException, NoSuchAlgorithmException, IOException {
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        Intrinsics.checkNotNullParameter(certificateResponse, "certificateResponse");
        try {
            CertificateFetchResponse parseCertificateResponse = parseCertificateResponse(identifier, certificateResponse);
            if (parseCertificateResponse != null) {
                saveCertificateResponse(parseCertificateResponse);
            }
        } catch (Exception e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e(TAG, Intrinsics.stringPlus("Exception while saving certificate data with issuer ", identifier), (Throwable) e);
            throw e;
        }
    }

    public void saveCertificate$AWFramework_release(String identifier, X509Certificate certificate) {
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        Intrinsics.checkNotNullParameter(certificate, "certificate");
        try {
            this.sdkKeyStore.setEntry(identifier, new SDKKeyStore.Entry.CertificateEntry(null, certificate, 1, null));
        } catch (CertificateException e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e$default(TAG, Intrinsics.stringPlus("Certificate exception while generating certificateString with ", identifier), null, 4, null);
            throw e;
        }
    }

    public void saveCertificateResponse(CertificateFetchResponse certificateFetchResponse) {
        Intrinsics.checkNotNullParameter(certificateFetchResponse, "certificateFetchResponse");
        this.sdkKeyStore.removeEntry(certificateFetchResponse.getIdentifier());
        if (certificateFetchResponse instanceof CertificateFetchResponse.KeyStoreResponse) {
            saveKeyStore$AWFramework_release(certificateFetchResponse.getIdentifier(), ((CertificateFetchResponse.KeyStoreResponse) certificateFetchResponse).getKeyStore());
        } else if (certificateFetchResponse instanceof CertificateFetchResponse.CertificateResponse) {
            saveCertificate$AWFramework_release(certificateFetchResponse.getIdentifier(), ((CertificateFetchResponse.CertificateResponse) certificateFetchResponse).getCertificate());
        }
    }

    public void saveKeyStore$AWFramework_release(String identifier, KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, IOException {
        SDKKeyStore sDKKeyStore;
        SDKKeyStore.Entry.PrivateKeyEntry privateKeyEntry;
        Intrinsics.checkNotNullParameter(identifier, "identifier");
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        try {
            Enumeration<String> aliases = keyStore.aliases();
            Intrinsics.checkNotNullExpressionValue(aliases, "keyStore.aliases()");
            Iterator it = CollectionsKt.iterator(aliases);
            while (it.hasNext()) {
                String keyStoreAlias = (String) it.next();
                KeyStore.Entry entry = keyStore.getEntry(keyStoreAlias, null);
                if (entry instanceof KeyStore.PrivateKeyEntry) {
                    sDKKeyStore = this.sdkKeyStore;
                    Intrinsics.checkNotNullExpressionValue(keyStoreAlias, "keyStoreAlias");
                    PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                    Intrinsics.checkNotNullExpressionValue(privateKey, "entry.privateKey");
                    Certificate[] certificateChain = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
                    Intrinsics.checkNotNullExpressionValue(certificateChain, "entry.certificateChain");
                    privateKeyEntry = new SDKKeyStore.Entry.PrivateKeyEntry(keyStoreAlias, privateKey, certificateChain);
                } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
                    sDKKeyStore = this.sdkKeyStore;
                    Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
                    if (trustedCertificate == null) {
                        throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                    }
                    privateKeyEntry = new SDKKeyStore.Entry.CertificateEntry(keyStoreAlias, (X509Certificate) trustedCertificate);
                } else {
                    continue;
                }
                sDKKeyStore.setEntry(identifier, privateKeyEntry);
            }
        } catch (IOException e) {
            String TAG = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG, "TAG");
            Logger.e(TAG, Intrinsics.stringPlus("invalid key store with ", identifier), (Throwable) e);
            throw e;
        } catch (KeyStoreException e2) {
            String TAG2 = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG2, "TAG");
            Logger.e(TAG2, Intrinsics.stringPlus("KeyStore exception while reading keystore with ", identifier), (Throwable) e2);
            throw e2;
        } catch (NoSuchAlgorithmException e3) {
            String TAG3 = this.TAG;
            Intrinsics.checkNotNullExpressionValue(TAG3, "TAG");
            Logger.e(TAG3, Intrinsics.stringPlus("pkcs12 keystore not available with ", identifier), (Throwable) e3);
            throw e3;
        }
    }
}
