package com.github.megatronking.netbare.ssl;

import android.os.Build;
import com.github.megatronking.netbare.NetBareUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.crypto.tls.CipherSuite;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public final class CertificateGenerator {
    private static final String KEYGEN_ALGORITHM = "RSA";
    private static final String KEY_STORE_TYPE = "PKCS12";
    private static final Date NOT_AFTER;
    private static final Date NOT_BEFORE;
    private static final long ONE_DAY = 86400000;
    private static final String PROVIDER_NAME = "BC";
    private static final int ROOT_KEY_SIZE = 2048;
    private static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final int SERVER_KEY_SIZE = 1024;
    private static final String SIGNATURE_ALGORITHM;

    static {
        StringBuilder sb = new StringBuilder();
        sb.append(is32BitJvm() ? "SHA256" : "SHA512");
        sb.append("WithRSAEncryption");
        SIGNATURE_ALGORITHM = sb.toString();
        NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
        NOT_AFTER = new Date(System.currentTimeMillis() + 315360000000L);
    }

    private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
        ASN1InputStream aSN1InputStream;
        Throwable th;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
            try {
                SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()));
                NetBareUtils.closeQuietly(aSN1InputStream);
                return createSubjectKeyIdentifier;
            } catch (Throwable th2) {
                th = th2;
                NetBareUtils.closeQuietly(aSN1InputStream);
                throw th;
            }
        } catch (Throwable th3) {
            aSN1InputStream = null;
            th = th3;
        }
    }

    private KeyPair generateKeyPair(int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEYGEN_ALGORITHM);
        keyPairGenerator.initialize(i, SecureRandom.getInstance(SECURE_RANDOM_ALGORITHM));
        return keyPairGenerator.generateKeyPair();
    }

    private static boolean is32BitJvm() {
        Integer integer = Integer.getInteger("sun.arch.data.model");
        return integer != null && integer.intValue() == 32;
    }

    private long randomSerial() {
        new Random().setSeed(System.currentTimeMillis());
        return ((r0.nextInt() << 32) | (r0.nextInt() & 4294967295L)) & 281474976710655L;
    }

    private static X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        if (Build.VERSION.SDK_INT >= 28) {
            return new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(privateKey)));
        }
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider("BC").build(privateKey)));
    }

    public KeyStore generateRoot(JKS jks) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, OperatorCreationException {
        KeyPair generateKeyPair = generateKeyPair(2048);
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, jks.commonName());
        x500NameBuilder.addRDN(BCStyle.O, jks.organization());
        x500NameBuilder.addRDN(BCStyle.OU, jks.organizationalUnitName());
        X500Name build = x500NameBuilder.build();
        PublicKey publicKey = generateKeyPair.getPublic();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(build, BigInteger.valueOf(randomSerial()), NOT_BEFORE, NOT_AFTER, build, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, generateKeyPair.getPrivate());
        KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
        keyStore.load(null, null);
        keyStore.setKeyEntry(jks.alias(), generateKeyPair.getPrivate(), jks.password(), new Certificate[]{signCertificate});
        return keyStore;
    }

    public KeyStore generateServer(String str, JKS jks, Certificate certificate, PrivateKey privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, OperatorCreationException, CertificateException, InvalidKeyException, SignatureException, KeyStoreException {
        KeyPair generateKeyPair = generateKeyPair(1024);
        X500Name subject = new X509CertificateHolder(certificate.getEncoded()).getSubject();
        BigInteger valueOf = BigInteger.valueOf(randomSerial());
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, str);
        x500NameBuilder.addRDN(BCStyle.O, jks.certOrganisation());
        x500NameBuilder.addRDN(BCStyle.OU, jks.certOrganizationalUnitName());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject, valueOf, NOT_BEFORE, new Date(System.currentTimeMillis() + ONE_DAY), x500NameBuilder.build(), generateKeyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(generateKeyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new DERSequence(new GeneralName(2, str)));
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(certificate.getPublicKey());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry(jks.alias(), generateKeyPair.getPrivate(), jks.password(), new Certificate[]{signCertificate, certificate});
        return keyStore;
    }

    public String keyStoreType() {
        return KEY_STORE_TYPE;
    }
}
