package com.alibaba.cloudmeeting.certificate;

import android.support.annotation.Nullable;
import android.text.TextUtils;
import android.util.Base64;
import com.alibaba.cloudmeeting.BuildConfig;
import com.alibaba.cloudmeeting.utils.SecurityStorageUtils;
import com.aliwork.baseutil.utils.CertRSAKeyUtils;
import com.aliwork.baseutil.utils.CertificateUtils;
import com.aliwork.common.log.Logger;
import com.aliwork.security.SecurityBox;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class CertificateManager {
    private static CertificateManager sCertManager = new CertificateManager();
    private final String TAG = CertificateManager.class.getSimpleName();
    private String alias;
    private X509Certificate[] caCertificates;
    private String certIssueCN;
    private X509Certificate[] userCertificates;

    private CertificateManager() {
    }

    private static byte[] encryptByPublicKey(byte[] bArr) throws Exception {
        return CertRSAKeyUtils.a(bArr, CertRSAKeyUtils.b("-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEA1CrxeQ4RD/TVW1eZq03o2uHox2wstdy6g6gX35GkB0Qnti4JAUwH\nMCjdo7JvfmnWBsIVpfVSJjPthNC59lozfxNcMxucV8fFhRBTGfYPq1mesawfuQbQ\nKYS3Q4CmVHW0m3dUbk15Uq9N7YxhpL0Mnts2O39+PMee5n1aKY9eoK1xa7JP3lqs\nxhUCElWAgRPWjQCWQ4B+FSwhX+BwLV9odcSmI0ep3Se/2sTOGoeAYzlAzRvK2qPu\npQPuTYtpcS++33lghQKz3y6jUllD6yKozuslHCVUq5KoO3gzLJGl0IG9SiLnr10l\nFoHZdNY+KAbdY5ML8EgIe9dONbYAbHnIOQIDAQAB\n-----END RSA PUBLIC KEY-----"));
    }

    public static String encryptWithAppCertificate(String str) {
        try {
            return Base64.encodeToString(encryptByPublicKey(str.getBytes()), 2);
        } catch (Exception e) {
            e.printStackTrace();
            return "";
        }
    }

    private PrivateKey getEmbeddedPriveteKey() {
        try {
            return CertRSAKeyUtils.a(SecurityStorageUtils.getSecurityValue("app_private_key"));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static CertificateManager getInstance() {
        return sCertManager;
    }

    private void recordException(Exception exc) {
        Logger.b(BuildConfig.MODULE, this.TAG, exc.getLocalizedMessage());
    }

    private boolean verifyData(String str, String str2) {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(getUserCertificates()[0]);
            signature.update(str.getBytes());
            return signature.verify(Base64.decode(str2, 0));
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return false;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        } catch (SignatureException e3) {
            e3.printStackTrace();
            return false;
        }
    }

    public X509Certificate[] getCaCertificates() {
        return this.caCertificates;
    }

    public String getIdentity() {
        return this.alias;
    }

    @Nullable
    public PrivateKey getUserCAPrivateKeyFromSecurity() {
        try {
            String a = SecurityBox.a().b().a(this.alias + "_privateKey");
            if (a != null) {
                return CertRSAKeyUtils.a(a);
            }
            return null;
        } catch (Exception unused) {
            return null;
        }
    }

    public X509Certificate[] getUserCertificates() {
        return this.userCertificates;
    }

    public void init(String str, String str2, String str3) {
        this.alias = str;
        this.certIssueCN = str3;
        if (TextUtils.isEmpty(str2)) {
            Logger.b(BuildConfig.MODULE, this.TAG, "CertificateManager init error: empty pem string");
            return;
        }
        X509Certificate[] a = CertificateUtils.a(str2);
        this.caCertificates = CertificateUtils.a(a);
        this.userCertificates = CertificateUtils.a(a, str3);
    }

    public void saveCertificateToSecurity(PrivateKey privateKey) {
        if (privateKey == null || privateKey.getEncoded() == null) {
            return;
        }
        String encodeToString = Base64.encodeToString(privateKey.getEncoded(), 0);
        SecurityBox.a().b().a(this.alias + "_privateKey", encodeToString);
    }

    public String signWithEmbeddedKey(String str) {
        PrivateKey embeddedPriveteKey = getEmbeddedPriveteKey();
        return (embeddedPriveteKey == null || str == null) ? "" : CertRSAKeyUtils.a(str, embeddedPriveteKey);
    }

    public String signWithPrivateKey(String str) {
        PrivateKey userCAPrivateKeyFromSecurity = getUserCAPrivateKeyFromSecurity();
        return (userCAPrivateKeyFromSecurity == null || str == null) ? "" : CertRSAKeyUtils.a(str, userCAPrivateKeyFromSecurity);
    }
}
