package com.mobileiron.polaris.manager.connection;

import android.util.Base64;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public final class CheckinKeyManager extends c {

    /* renamed from: h, reason: collision with root package name */
    private static final Logger f13593h = LoggerFactory.getLogger("CheckinKeyManager");

    /* renamed from: i, reason: collision with root package name */
    private static volatile CheckinKeyManager f13594i;

    /* renamed from: f, reason: collision with root package name */
    private volatile String f13595f;

    /* renamed from: g, reason: collision with root package name */
    private volatile String f13596g;

    /* loaded from: classes2.dex */
    public enum RsaSignatureAlgorithm {
        SHA1withRSA,
        SHA256withRSA
    }

    private CheckinKeyManager() {
        super("GeneratedCert", d.f(), ((com.mobileiron.polaris.model.l) com.mobileiron.polaris.model.b.j()).J());
    }

    public static CheckinKeyManager d() {
        if (f13594i == null) {
            synchronized (CheckinKeyManager.class) {
                if (f13594i == null) {
                    f13594i = new CheckinKeyManager();
                }
            }
        }
        return f13594i;
    }

    public String c() {
        try {
            X509Certificate d2 = this.f13618a.d("GeneratedCert");
            if (d2 != null) {
                return d2.getSerialNumber().toString(16);
            }
            return null;
        } catch (KeyStoreException e2) {
            throw new IllegalStateException(e2);
        }
    }

    public boolean e() {
        try {
            return this.f13618a.d("GeneratedCert") != null;
        } catch (KeyStoreException e2) {
            f13593h.debug("hasCheckinCertificate: {}", e2.getMessage());
            return false;
        }
    }

    public void f(X509Certificate x509Certificate) throws KeyStoreException, NoSuchAlgorithmException, InvalidKeySpecException {
        f13593h.debug("   Setting generated certificate to keyStore");
        if (StringUtils.isEmpty(this.f13595f) || StringUtils.isEmpty(this.f13596g)) {
            throw new IllegalStateException("Generated private key and algorithm cannot be empty.");
        }
        this.f13618a.k("GeneratedCert", KeyFactory.getInstance(this.f13596g).generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(this.f13595f, 0))), x509Certificate);
        this.f13595f = null;
        this.f13596g = null;
    }

    public void g(String str, String str2) {
        f13593h.debug("    setting generated privateKey and algorithm");
        this.f13595f = str;
        this.f13596g = str2;
    }

    public byte[] h(RsaSignatureAlgorithm rsaSignatureAlgorithm, String str, String str2) {
        byte[] bytes = str2.getBytes(Charset.forName("UTF-8"));
        if (!e()) {
            f13593h.error("Attempted to sign, but generated certificate is not available");
            return null;
        }
        try {
            Key g2 = this.f13618a.g("GeneratedCert", ((com.mobileiron.polaris.model.l) com.mobileiron.polaris.model.b.j()).J().toCharArray());
            Signature signature = str == null ? Signature.getInstance(rsaSignatureAlgorithm.name()) : Signature.getInstance(rsaSignatureAlgorithm.name(), str);
            signature.initSign((PrivateKey) g2);
            signature.update(bytes);
            return signature.sign();
        } catch (InvalidKeyException e2) {
            throw new IllegalStateException(e2);
        } catch (KeyStoreException e3) {
            throw new IllegalStateException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new IllegalStateException(e4);
        } catch (NoSuchProviderException e5) {
            throw new IllegalStateException(e5);
        } catch (SignatureException e6) {
            throw new IllegalStateException(e6);
        } catch (UnrecoverableKeyException e7) {
            throw new IllegalStateException(e7);
        }
    }
}
