package ru.cprocsp.NGate.tls;

import android.content.Context;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.util.Enumeration;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Destroyable;
import ru.CryptoPro.JCP.KeyStore.StoreInputStream;
import ru.CryptoPro.ssl.cl_36;
import ru.cprocsp.NGate.tools.ProviderInit;
import ru.cprocsp.NGate.tools.log.Logger;

/* loaded from: classes4.dex */
public class TlsManager {

    /* loaded from: classes4.dex */
    public static class SSLContextWrapper {
        private final KeyManager[] keyManagers;
        private final KeyStore keyStore;
        private SSLContext sslCtx;

        public SSLContextWrapper(SSLContext sSLContext, KeyStore keyStore, KeyManager[] keyManagerArr) {
            this.sslCtx = sSLContext;
            this.keyStore = keyStore;
            this.keyManagers = keyManagerArr;
        }

        public void destroyAll() {
            KeyManager[] keyManagerArr;
            if (this.keyStore == null || (keyManagerArr = this.keyManagers) == null || keyManagerArr.length <= 0) {
                return;
            }
            Logger.d("Destroying all private keys in key managers...");
            int i = 0;
            while (true) {
                KeyManager[] keyManagerArr2 = this.keyManagers;
                if (i >= keyManagerArr2.length) {
                    Logger.d("Destroying completed.");
                    return;
                }
                KeyManager keyManager = keyManagerArr2[i];
                Logger.d("Current key manager is " + keyManager);
                if (keyManager instanceof X509KeyManager) {
                    X509KeyManager x509KeyManager = (X509KeyManager) keyManager;
                    Logger.d("X509 key manager is " + keyManager);
                    try {
                        Logger.d("Reading aliases from key store " + this.keyStore.getType() + " used for key manager...");
                        Enumeration<String> aliases = this.keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            PrivateKey privateKey = x509KeyManager.getPrivateKey(nextElement);
                            if (privateKey != null) {
                                if (privateKey instanceof Destroyable) {
                                    Logger.d("Destroying a key with alias " + nextElement + "...");
                                    privateKey.destroy();
                                    Logger.d("The key with alias " + nextElement + " has been destroyed: " + privateKey.isDestroyed());
                                } else {
                                    Logger.d("A key with alias " + nextElement + " does not implement Destroyable and can not be destroyed.");
                                }
                            }
                        }
                    } catch (Exception e) {
                        Logger.e("Reading of key store failed", e);
                    }
                }
                i++;
            }
        }

        public SSLContext getSslCtx() {
            return this.sslCtx;
        }

        public void setSslCtx(SSLContext sSLContext) {
            this.sslCtx = sSLContext;
        }
    }

    public static SSLContextWrapper createSSLContext(Context context, String str, String str2, char[] cArr) throws Exception {
        KeyStore createTrustStore = createTrustStore(context);
        Logger.d("Initialize key store. Key alias: " + str2);
        KeyStore keyStore = KeyStore.getInstance(str, "JCSP");
        if (str2 == null) {
            keyStore.load(null, null);
        } else {
            keyStore.load(new StoreInputStream(str2), null);
        }
        return createSSLContext(keyStore, cArr, createTrustStore);
    }

    public static SSLContextWrapper createSSLContext(KeyStore keyStore, char[] cArr, KeyStore keyStore2) throws Exception {
        KeyManagerFactory keyManagerFactory;
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("GostX509");
        trustManagerFactory.init(keyStore2);
        if (keyStore != null) {
            keyManagerFactory = KeyManagerFactory.getInstance("GostX509");
            keyManagerFactory.init(keyStore, cArr);
        } else {
            keyManagerFactory = null;
        }
        Logger.d("Initialize SSL context.");
        SSLContext sSLContext = SSLContext.getInstance(cl_36.ALGORITHM_12);
        sSLContext.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory.getTrustManagers(), null);
        Logger.d("SSL context completed.");
        return new SSLContextWrapper(sSLContext, keyStore, keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null);
    }

    public static KeyStore createTrustStore(Context context) throws Exception {
        String trustStoreType = ProviderInit.getTrustStoreType();
        String trustStore = ProviderInit.getTrustStore(context);
        String trustStorePassword = ProviderInit.getTrustStorePassword();
        Logger.d("Initialize trust store.");
        KeyStore keyStore = KeyStore.getInstance(trustStoreType);
        keyStore.load(new FileInputStream(trustStore), trustStorePassword.toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance("AndroidCAStore");
        keyStore2.load(null, null);
        KeyStore keyStore3 = KeyStore.getInstance(trustStoreType);
        keyStore3.load(null, null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            keyStore3.setCertificateEntry(nextElement, keyStore.getCertificate(nextElement));
        }
        Enumeration<String> aliases2 = keyStore2.aliases();
        while (aliases2.hasMoreElements()) {
            String nextElement2 = aliases2.nextElement();
            keyStore3.setCertificateEntry(nextElement2, keyStore2.getCertificate(nextElement2));
        }
        return keyStore3;
    }

    public static X509TrustManager createX509TrustManager(Context context) throws Exception {
        KeyStore createTrustStore = createTrustStore(context);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("GostX509");
        trustManagerFactory.init(createTrustStore);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }
}
