package app.ssldecryptor;

import android.content.Context;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import kotlin.KotlinPackage;
import kotlin.TypeCastException;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KClass;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.ExtendedKeyUsage;
import org.spongycastle.asn1.x509.GeneralName;
import org.spongycastle.asn1.x509.GeneralNames;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.X509Extensions;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.x509.X509V3CertificateGenerator;

/* compiled from: CACertGenerator.kt */
/* loaded from: classes.dex */
public final class CACertGenerator {
    public static final /* synthetic */ KClass $kotlinClass = Reflection.createKotlinClass(CACertGenerator.class);
    private static final String BC = "SC";
    public static final CACertGenerator INSTANCE$ = null;
    public static long ONEYEAR_IN_MS;

    static {
        new CACertGenerator();
    }

    CACertGenerator() {
        INSTANCE$ = this;
        ONEYEAR_IN_MS = 1000 * 60 * 60 * 24 * 365;
        BC = BouncyCastleProvider.PROVIDER_NAME;
    }

    private final CertKeyStore generate(String str) {
        try {
            KeyPair generateRSAKeyPair = generateRSAKeyPair();
            PrivateKey privKey = generateRSAKeyPair.getPrivate();
            X509Certificate generateV3Certificate = generateV3Certificate(generateRSAKeyPair);
            generateV3Certificate.checkValidity(new Date());
            generateV3Certificate.verify(generateV3Certificate.getPublicKey());
            char[] charArray = KotlinPackage.toCharArray("password");
            char[] charArray2 = KotlinPackage.toCharArray("keypass");
            Intrinsics.checkExpressionValueIsNotNull(privKey, "privKey");
            KeyStore save = save(str, charArray, "alias", charArray2, privKey, generateV3Certificate);
            char[] charArray3 = KotlinPackage.toCharArray("password");
            Intrinsics.checkExpressionValueIsNotNull(privKey, "privKey");
            return new CertKeyStore(save, charArray3, generateV3Certificate, privKey);
        } catch (Exception e) {
            System.out.printf("cacert store create error %s\n", e.toString());
            return (CertKeyStore) null;
        }
    }

    private final KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BC);
        keyPairGenerator.initialize(1024, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "kpGen.generateKeyPair()");
        return generateKeyPair;
    }

    private final X509Certificate generateV3Certificate(KeyPair keyPair) throws InvalidKeyException, NoSuchProviderException, SignatureException {
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setIssuerDN(new X500Principal("CN=Packet Capture CA Certificate"));
        x509V3CertificateGenerator.setNotBefore(new Date(System.currentTimeMillis() - ONEYEAR_IN_MS));
        x509V3CertificateGenerator.setNotAfter(new Date(System.currentTimeMillis() + (ONEYEAR_IN_MS * 10)));
        x509V3CertificateGenerator.setSubjectDN(new X500Principal("CN=Packet Capture CA Certificate"));
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        x509V3CertificateGenerator.setSignatureAlgorithm("SHA256WithRSAEncryption");
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
        x509V3CertificateGenerator.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.keyCertSign));
        x509V3CertificateGenerator.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
        x509V3CertificateGenerator.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test")));
        X509Certificate generateX509Certificate = x509V3CertificateGenerator.generateX509Certificate(keyPair.getPrivate(), BC);
        Intrinsics.checkExpressionValueIsNotNull(generateX509Certificate, "certGen.generateX509Cert…te(pair.getPrivate(), BC)");
        return generateX509Certificate;
    }

    private final CertKeyStore loadFsCert(String str) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        FileInputStream fileInputStream = (FileInputStream) null;
        try {
            try {
                FileInputStream fileInputStream2 = new FileInputStream(str);
                if (keyStore == null) {
                    try {
                        Intrinsics.throwNpe();
                    } catch (Exception e) {
                        e = e;
                        fileInputStream = fileInputStream2;
                        System.out.printf("store load error %s\n", e.toString());
                        CertKeyStore certKeyStore = (CertKeyStore) null;
                        if (fileInputStream == null) {
                            return certKeyStore;
                        }
                        if (fileInputStream == null) {
                            try {
                                Intrinsics.throwNpe();
                            } catch (IOException e2) {
                                return certKeyStore;
                            }
                        }
                        fileInputStream.close();
                        return certKeyStore;
                    } catch (Throwable th) {
                        th = th;
                        fileInputStream = fileInputStream2;
                        if (fileInputStream != null) {
                            if (fileInputStream == null) {
                                try {
                                    Intrinsics.throwNpe();
                                } catch (IOException e3) {
                                    throw th;
                                }
                            }
                            fileInputStream.close();
                        }
                        throw th;
                    }
                }
                keyStore.load(fileInputStream2, KotlinPackage.toCharArray("password"));
                PrivateKey privateKey = (PrivateKey) keyStore.getKey("alias", KotlinPackage.toCharArray("keypass"));
                Certificate certificate = keyStore.getCertificate("alias");
                if (certificate == null) {
                    throw new TypeCastException("java.security.cert.Certificate! cannot be cast to java.security.cert.X509Certificate");
                }
                X509Certificate x509Certificate = (X509Certificate) certificate;
                try {
                    fileInputStream2.close();
                } catch (IOException e4) {
                }
                return (keyStore == null || privateKey == null || x509Certificate == null) ? (CertKeyStore) null : new CertKeyStore(keyStore, KotlinPackage.toCharArray("password"), x509Certificate, privateKey);
            } catch (Exception e5) {
                e = e5;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private final KeyStore save(String str, char[] cArr, String str2, char[] cArr2, PrivateKey privateKey, X509Certificate x509Certificate) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load((InputStream) null, cArr);
        keyStore.setKeyEntry(str2, privateKey, cArr2, new Certificate[]{x509Certificate});
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        keyStore.store(fileOutputStream, cArr);
        fileOutputStream.close();
        Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
        return keyStore;
    }

    public final CertKeyStore generateFsCertStore(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null) {
            return (CertKeyStore) null;
        }
        CertKeyStore generate = generate(makeStoreFileName);
        ProxyCertCache.INSTANCE$.clear();
        return generate;
    }

    public final boolean isCertInstalled(CertKeyStore fsCert) {
        Intrinsics.checkParameterIsNotNull(fsCert, "fsCert");
        KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");
        keyStore.load((InputStream) null, (char[]) null);
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(nextElement);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                Log.i("SSL", nextElement);
                Log.i("SSL", ((X509Certificate) certificate).getSubjectDN().getName());
                Log.i("SSL", ((X509Certificate) certificate).getSubjectX500Principal().getName());
                if (Arrays.equals(((X509Certificate) certificate).getSignature(), fsCert.getCert().getSignature())) {
                    Log.i("SSL", "signature match");
                    return true;
                }
            }
        }
        Log.i("SSL", "no matching signagure");
        return false;
    }

    public final CertKeyStore loadCert(Context context) {
        CertKeyStore loadFsCert;
        Intrinsics.checkParameterIsNotNull(context, "context");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName != null && (loadFsCert = loadFsCert(makeStoreFileName)) != null) {
            return loadFsCert;
        }
        return (CertKeyStore) null;
    }

    public final CertKeyStore loadOrGenerate(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null) {
            return (CertKeyStore) null;
        }
        CertKeyStore loadFsCert = loadFsCert(makeStoreFileName);
        if (loadFsCert != null) {
            return loadFsCert;
        }
        CertKeyStore generate = generate(makeStoreFileName);
        ProxyCertCache.INSTANCE$.clear();
        return generate;
    }

    public final String makeStoreFileName(Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        return new File(context.getFilesDir(), "castore").getAbsolutePath();
    }

    public final void save(Context context, PrivateKey privKey, X509Certificate cert) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        Intrinsics.checkParameterIsNotNull(privKey, "privKey");
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        String makeStoreFileName = makeStoreFileName(context);
        if (makeStoreFileName == null) {
            return;
        }
        save(makeStoreFileName, KotlinPackage.toCharArray("password"), "alias", KotlinPackage.toCharArray("keypass"), privKey, cert);
    }
}
