package com.sedra.gadha.utils.security;

import android.content.Context;
import android.util.Base64;
import com.google.android.gms.common.util.Hex;
import com.sedra.gadha.AppPreferences;
import com.sedra.gadha.utils.EncryptionUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

/* loaded from: classes2.dex */
public class SigningUtil {
    private KeyPair getCertKeys(String str, String str2, Context context) throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        KeyPair keyPair = null;
        keyStore.load(null);
        File file = new File(new File(context.getFilesDir(), ".sec"), str2 + "_sign.keystore");
        if (!file.exists()) {
            throw new Exception("This phone is not certified for secure communication");
        }
        keyStore.load(new FileInputStream(file), str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            keyPair = new KeyPair(((X509Certificate) keyStore.getCertificate(nextElement)).getPublicKey(), (PrivateKey) keyStore.getKey(nextElement, str.toCharArray()));
        }
        if (keyPair != null) {
            return keyPair;
        }
        throw new Exception("Certificate not found");
    }

    public boolean deviceHasCertificate(Context context) {
        File file = new File(context.getFilesDir(), ".sec");
        boolean exists = file.exists();
        if (!exists) {
            exists = file.mkdir();
        }
        if (exists) {
            return new File(file, "sign.keystore").exists();
        }
        return true;
    }

    public void removeCertFromKeystore(Context context, String str) throws Exception {
        File file = new File(context.getFilesDir(), ".sec");
        boolean exists = file.exists();
        if (!exists) {
            exists = file.mkdir();
        }
        if (!exists) {
            throw new Exception("Unable to make sec directory");
        }
        File file2 = new File(file, str + "_sign.keystore");
        if (file2.exists()) {
            file2.delete();
        }
    }

    public void saveCertInKeystore(Context context, String str, String str2, String str3) throws Exception {
        String lowerCase = str.toLowerCase();
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decode(str3, 2));
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            File file = new File(context.getFilesDir(), ".sec");
            boolean exists = file.exists();
            if (!exists) {
                exists = file.mkdir();
            }
            if (!exists) {
                throw new Exception("Unable to make sec directory");
            }
            File file2 = new File(file, lowerCase + "_sign.keystore");
            keyStore.load(byteArrayInputStream, str2.toCharArray());
            keyStore.store(new FileOutputStream(file2), str2.toCharArray());
        } catch (Exception unused) {
            throw new Exception("Unable to decode cert base64");
        }
    }

    public void savePublicCertInSharedPref(Context context, String str, String str2) throws Exception {
        try {
            new AppPreferences(context).savePublicCert(str, Hex.bytesToStringLowercase(Base64.decode(str2, 2)));
        } catch (Exception unused) {
            throw new Exception("Unable to decode cert base64");
        }
    }

    public String sign(Context context, String str, String str2, String str3) throws Exception {
        if (str2 == null || str2.isEmpty()) {
            return "";
        }
        String hashSHA512 = EncryptionUtils.hashSHA512(str3);
        KeyPair certKeys = getCertKeys(str2, str, context);
        byte[] bytes = hashSHA512.getBytes(StandardCharsets.UTF_8);
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(certKeys.getPrivate());
        signature.update(bytes);
        byte[] sign = signature.sign();
        signature.initVerify(certKeys.getPublic());
        signature.update(bytes);
        if (signature.verify(sign)) {
            return Base64.encodeToString(sign, 2);
        }
        return null;
    }
}
