package com.microsoft.aad.msal4j;

import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
final class ClientCertificate implements IClientCertificate {
    public static final String DEFAULT_PKCS12_PASSWORD = "";
    private static final int MIN_KEY_SIZE_IN_BITS = 2048;
    private final PrivateKey privateKey;
    private final List<X509Certificate> publicKeyCertificateChain;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientCertificate(PrivateKey privateKey, List<X509Certificate> list) {
        if (privateKey == null) {
            throw new NullPointerException("PrivateKey is null or empty");
        }
        this.privateKey = privateKey;
        if (privateKey instanceof RSAPrivateKey) {
            if (((RSAPrivateKey) privateKey).getModulus().bitLength() < 2048) {
                throw new IllegalArgumentException("certificate key size must be at least 2048");
            }
        } else {
            if (!"sun.security.mscapi.RSAPrivateKey".equals(privateKey.getClass().getName()) && !"sun.security.mscapi.CPrivateKey".equals(privateKey.getClass().getName())) {
                throw new IllegalArgumentException("certificate key must be an instance of java.security.interfaces.RSAPrivateKey or sun.security.mscapi.RSAPrivateKey");
            }
            try {
                Method method = privateKey.getClass().getMethod("length", new Class[0]);
                method.setAccessible(true);
                if (((Integer) method.invoke(privateKey, new Object[0])).intValue() < 2048) {
                    throw new IllegalArgumentException("certificate key size must be at least 2048");
                }
            } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e10) {
                throw new RuntimeException("error accessing sun.security.mscapi.RSAPrivateKey length: " + e10.getMessage());
            }
        }
        this.publicKeyCertificateChain = list;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientCertificate create(InputStream inputStream, String str) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        if (str == null) {
            str = "";
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(inputStream, str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            throw new IllegalArgumentException("certificate not loaded from input stream");
        }
        String nextElement = aliases.nextElement();
        if (aliases.hasMoreElements()) {
            throw new IllegalArgumentException("more than one certificate alias found in input stream");
        }
        ArrayList arrayList = new ArrayList();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(nextElement, str.toCharArray());
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
        if (certificateChain == null || certificateChain.length <= 0) {
            arrayList.add(x509Certificate);
        } else {
            for (Certificate certificate : certificateChain) {
                arrayList.add((X509Certificate) certificate);
            }
        }
        return new ClientCertificate(privateKey, arrayList);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ClientCertificate create(PrivateKey privateKey, X509Certificate x509Certificate) {
        return new ClientCertificate(privateKey, Arrays.asList(x509Certificate));
    }

    private static byte[] getHash(byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance(IDevicePopManager.SHA_1);
        messageDigest.update(bArr);
        return messageDigest.digest();
    }

    @Override // com.microsoft.aad.msal4j.IClientCertificate
    public List<String> getEncodedPublicKeyCertificateChain() throws CertificateEncodingException {
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = this.publicKeyCertificateChain.iterator();
        while (it.hasNext()) {
            arrayList.add(Base64.getEncoder().encodeToString(it.next().getEncoded()));
        }
        return arrayList;
    }

    @Override // com.microsoft.aad.msal4j.IClientCertificate
    public PrivateKey privateKey() {
        return this.privateKey;
    }

    @Override // com.microsoft.aad.msal4j.IClientCertificate
    public String publicCertificateHash() throws CertificateEncodingException, NoSuchAlgorithmException {
        return Base64.getEncoder().encodeToString(getHash(this.publicKeyCertificateChain.get(0).getEncoded()));
    }
}
