package app.ssldecryptor;

import android.content.Context;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.Locale;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.ExtendedKeyUsage;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: CACertGenerator.kt */
/* loaded from: classes.dex */
public final class CACertGenerator {
    public static final CACertGenerator INSTANCE = new CACertGenerator();
    private static long ONEYEAR_IN_MS = 31536000000L;
    private static final String BC = BC;
    private static final String BC = BC;

    private CACertGenerator() {
    }

    private final CertKeyStore generate(String str) {
        try {
            KeyPair generateRSAKeyPair = generateRSAKeyPair();
            PrivateKey privKey = generateRSAKeyPair.getPrivate();
            X509Certificate generateV3Certificate = generateV3Certificate(generateRSAKeyPair);
            generateV3Certificate.checkValidity(new Date());
            generateV3Certificate.verify(generateV3Certificate.getPublicKey());
            char[] charArray = "password".toCharArray();
            Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
            char[] charArray2 = "keypass".toCharArray();
            Intrinsics.checkExpressionValueIsNotNull(charArray2, "(this as java.lang.String).toCharArray()");
            Intrinsics.checkExpressionValueIsNotNull(privKey, "privKey");
            KeyStore save = save(str, charArray, "alias", charArray2, privKey, generateV3Certificate);
            char[] charArray3 = "password".toCharArray();
            Intrinsics.checkExpressionValueIsNotNull(charArray3, "(this as java.lang.String).toCharArray()");
            return new CertKeyStore(save, charArray3, generateV3Certificate, privKey);
        } catch (Exception e) {
            System.out.printf("cacert store create error %s\n", e.toString());
            throw e;
        }
    }

    private final KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BC);
        keyPairGenerator.initialize(1024, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "kpGen.generateKeyPair()");
        return generateKeyPair;
    }

    private final X509Certificate generateV3Certificate(KeyPair keyPair) throws InvalidKeyException, NoSuchProviderException, SignatureException {
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=Packet Capture CA Certificate"), BigInteger.valueOf(System.currentTimeMillis()), new Date(System.currentTimeMillis() - ONEYEAR_IN_MS), new Date(System.currentTimeMillis() + (ONEYEAR_IN_MS * 10)), Locale.ENGLISH, new X500Name("CN=Packet Capture CA Certificate"), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
        x509v3CertificateBuilder.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
        x509v3CertificateBuilder.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(164));
        x509v3CertificateBuilder.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
        x509v3CertificateBuilder.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(1, "test@test.test")));
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider("BC").getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate())));
        Intrinsics.checkExpressionValueIsNotNull(certificate, "JcaX509CertificateConver…te(builder.build(signer))");
        return certificate;
    }

    private final CertKeyStore loadFsCert(String str) {
        FileInputStream fileInputStream;
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream2 = (FileInputStream) null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                if (keyStore == null) {
                    try {
                        Intrinsics.throwNpe();
                    } catch (Exception e) {
                        e = e;
                        fileInputStream2 = fileInputStream;
                        System.out.printf("store load error %s\n", e.toString());
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException unused) {
                            }
                        }
                        return null;
                    } catch (Throwable th) {
                        th = th;
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException unused2) {
                            }
                        }
                        throw th;
                    }
                }
                char[] charArray = "password".toCharArray();
                Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
                keyStore.load(fileInputStream, charArray);
                char[] charArray2 = "keypass".toCharArray();
                Intrinsics.checkExpressionValueIsNotNull(charArray2, "(this as java.lang.String).toCharArray()");
                PrivateKey privateKey = (PrivateKey) keyStore.getKey("alias", charArray2);
                Certificate certificate = keyStore.getCertificate("alias");
                if (certificate == null) {
                    throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                try {
                    fileInputStream.close();
                } catch (IOException unused3) {
                }
                if (privateKey == null || x509Certificate == null) {
                    return null;
                }
                char[] charArray3 = "password".toCharArray();
                Intrinsics.checkExpressionValueIsNotNull(charArray3, "(this as java.lang.String).toCharArray()");
                return new CertKeyStore(keyStore, charArray3, x509Certificate, privateKey);
            } catch (Exception e2) {
                e = e2;
            }
        } catch (Throwable th2) {
            th = th2;
            fileInputStream = fileInputStream2;
        }
    }

    private final KeyStore save(String str, char[] cArr, String str2, char[] cArr2, PrivateKey privateKey, X509Certificate x509Certificate) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, cArr);
        keyStore.setKeyEntry(str2, privateKey, cArr2, new Certificate[]{x509Certificate});
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        keyStore.store(fileOutputStream, cArr);
        fileOutputStream.close();
        Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
        return keyStore;
    }

    public final CertKeyStore generateFsCertStore(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null) {
            return null;
        }
        try {
            CertKeyStore generate = generate(makeStoreFileName);
            ProxyCertCache.INSTANCE.clear();
            return generate;
        } catch (Exception unused) {
            return null;
        }
    }

    public final boolean isCertInstalled(CertKeyStore fsCert) {
        Intrinsics.checkParameterIsNotNull(fsCert, "fsCert");
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load(null, null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                Log.i("SSL", nextElement);
                X509Certificate x509Certificate = (X509Certificate) certificate;
                Log.i("SSL", x509Certificate.getSubjectDN().getName());
                Log.i("SSL", x509Certificate.getSubjectX500Principal().getName());
                if (Arrays.equals(x509Certificate.getSignature(), fsCert.getCert().getSignature())) {
                    Log.i("SSL", "signature match");
                    return true;
                }
            }
        }
        Log.i("SSL", "no matching signagure");
        return false;
    }

    public final CertKeyStore loadCert(Context context) {
        CertKeyStore loadFsCert;
        Intrinsics.checkParameterIsNotNull(context, "context");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null || (loadFsCert = loadFsCert(makeStoreFileName)) == null) {
            return null;
        }
        return loadFsCert;
    }

    public final CertKeyStore loadOrGenerate(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null) {
            return null;
        }
        CertKeyStore loadFsCert = loadFsCert(makeStoreFileName);
        if (loadFsCert != null) {
            return loadFsCert;
        }
        CertKeyStore generate = generate(makeStoreFileName);
        ProxyCertCache.INSTANCE.clear();
        return generate;
    }

    public final String makeStoreFileName(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        return new File(context.getFilesDir(), "castore").getAbsolutePath();
    }

    public final void save(Context context, PrivateKey privKey, X509Certificate cert) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(privKey, "privKey");
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null) {
            return;
        }
        char[] charArray = "password".toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        char[] charArray2 = "keypass".toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray2, "(this as java.lang.String).toCharArray()");
        save(makeStoreFileName, charArray, "alias", charArray2, privKey, cert);
    }
}
