package net.lightbody.bmp.mitm.tools;

import com.tencent.bugly.beta.tinker.TinkerReport;
import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.KeyManager;
import net.lightbody.bmp.mitm.CertificateAndKey;
import net.lightbody.bmp.mitm.CertificateInfo;
import net.lightbody.bmp.mitm.exception.CertificateCreationException;
import net.lightbody.bmp.mitm.exception.ExportException;
import net.lightbody.bmp.mitm.exception.ImportException;
import net.lightbody.bmp.mitm.util.EncryptionUtil;
import org.bouncycastle.asn1.bd;
import org.bouncycastle.asn1.g;
import org.bouncycastle.asn1.n.a.b;
import org.bouncycastle.asn1.n.c;
import org.bouncycastle.asn1.o.l;
import org.bouncycastle.asn1.o.o;
import org.bouncycastle.asn1.o.p;
import org.bouncycastle.asn1.o.t;
import org.bouncycastle.asn1.o.u;
import org.bouncycastle.asn1.o.x;
import org.bouncycastle.asn1.o.y;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.a.a;
import org.bouncycastle.cert.d;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.e;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.f;
import org.bouncycastle.openssl.i;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: classes.dex */
public class BouncyCastleSecurityProviderTool implements SecurityProviderTool {
    private static final int CERTIFICATE_SERIAL_NUMBER_SIZE = 160;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private static X509Certificate convertToJcaCertificate(d dVar) {
        try {
            return new JcaX509CertificateConverter().a(dVar);
        } catch (CertificateException e) {
            throw new CertificateCreationException("Unable to convert X590CertificateHolder to JCA X590Certificate", e);
        }
    }

    private static x createSubjectKeyIdentifier(Key key) {
        return new a().a(y.a(key.getEncoded()));
    }

    private static c createX500NameForCertificate(CertificateInfo certificateInfo) {
        org.bouncycastle.asn1.n.d dVar = new org.bouncycastle.asn1.n.d(b.J);
        if (certificateInfo.getCommonName() != null) {
            dVar.a(b.e, certificateInfo.getCommonName());
        }
        if (certificateInfo.getOrganization() != null) {
            dVar.a(b.b, certificateInfo.getOrganization());
        }
        if (certificateInfo.getOrganizationalUnit() != null) {
            dVar.a(b.c, certificateInfo.getOrganizationalUnit());
        }
        if (certificateInfo.getEmail() != null) {
            dVar.a(b.G, certificateInfo.getEmail());
        }
        if (certificateInfo.getLocality() != null) {
            dVar.a(b.i, certificateInfo.getLocality());
        }
        if (certificateInfo.getState() != null) {
            dVar.a(b.j, certificateInfo.getState());
        }
        if (certificateInfo.getCountryCode() != null) {
            dVar.a(b.f1479a, certificateInfo.getCountryCode());
        }
        return dVar.a();
    }

    private static String encodeObjectAsPemString(Object obj, f fVar) {
        StringWriter stringWriter = new StringWriter();
        try {
            org.bouncycastle.openssl.a.c cVar = new org.bouncycastle.openssl.a.c(stringWriter);
            Throwable th = null;
            try {
                try {
                    cVar.a(obj, fVar);
                    cVar.flush();
                    if (cVar != null) {
                        cVar.close();
                    }
                    return stringWriter.toString();
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ExportException("Unable to generate PEM string representing object", e);
        }
    }

    private static org.bouncycastle.operator.a getCertificateSigner(PrivateKey privateKey, String str) {
        try {
            return new org.bouncycastle.operator.a.a(str).a(privateKey);
        } catch (OperatorCreationException e) {
            throw new CertificateCreationException("Unable to create ContentSigner using signature algorithm: " + str, e);
        }
    }

    private static p getDomainNameSANsAsASN1Encodable(List<String> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (String str : list) {
            arrayList.add(new o(com.google.common.net.a.b(str) ? 7 : 2, str));
        }
        return new p((o[]) arrayList.toArray(new o[arrayList.size()]));
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public CertificateAndKey createCARootCertificate(CertificateInfo certificateInfo, KeyPair keyPair, String str) {
        if (certificateInfo.getNotBefore() == null) {
            throw new IllegalArgumentException("Must specify Not Before for server certificate");
        }
        if (certificateInfo.getNotAfter() == null) {
            throw new IllegalArgumentException("Must specify Not After for server certificate");
        }
        c createX500NameForCertificate = createX500NameForCertificate(certificateInfo);
        BigInteger randomBigInteger = EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE);
        PublicKey publicKey = keyPair.getPublic();
        org.bouncycastle.operator.a certificateSigner = getCertificateSigner(keyPair.getPrivate(), EncryptionUtil.getSignatureAlgorithm(str, keyPair.getPrivate()));
        g gVar = new g();
        gVar.a(t.b);
        gVar.a(t.c);
        gVar.a(t.f1509a);
        try {
            return new CertificateAndKey(convertToJcaCertificate(new e(createX500NameForCertificate, randomBigInteger, certificateInfo.getNotBefore(), certificateInfo.getNotAfter(), createX500NameForCertificate, publicKey).a(l.b, false, createSubjectKeyIdentifier(publicKey)).a(l.g, true, new org.bouncycastle.asn1.o.g(true)).a(l.c, false, new u(TinkerReport.KEY_APPLIED_DEX_EXTRACT)).a(l.u, false, new bd(gVar)).a(certificateSigner)), keyPair.getPrivate());
        } catch (CertIOException e) {
            throw new CertificateCreationException("Error creating root certificate", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore createRootCertificateKeyStore(String str, CertificateAndKey certificateAndKey, String str2, String str3) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public CertificateAndKey createServerCertificate(CertificateInfo certificateInfo, X509Certificate x509Certificate, PrivateKey privateKey, KeyPair keyPair, String str) {
        if (certificateInfo.getCommonName() == null) {
            throw new IllegalArgumentException("Must specify CN for server certificate");
        }
        if (certificateInfo.getNotBefore() == null) {
            throw new IllegalArgumentException("Must specify Not Before for server certificate");
        }
        if (certificateInfo.getNotAfter() == null) {
            throw new IllegalArgumentException("Must specify Not After for server certificate");
        }
        c createX500NameForCertificate = createX500NameForCertificate(certificateInfo);
        try {
            return new CertificateAndKey(convertToJcaCertificate(new e(x509Certificate, EncryptionUtil.getRandomBigInteger(CERTIFICATE_SERIAL_NUMBER_SIZE), certificateInfo.getNotBefore(), certificateInfo.getNotAfter(), createX500NameForCertificate, keyPair.getPublic()).a(l.e, false, getDomainNameSANsAsASN1Encodable(certificateInfo.getSubjectAlternativeNames())).a(l.b, false, createSubjectKeyIdentifier(keyPair.getPublic())).a(l.g, false, new org.bouncycastle.asn1.o.g(false)).a(getCertificateSigner(privateKey, EncryptionUtil.getSignatureAlgorithm(str, privateKey)))), keyPair.getPrivate());
        } catch (CertIOException e) {
            throw new CertificateCreationException("Error creating new server certificate", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore createServerKeyStore(String str, CertificateAndKey certificateAndKey, X509Certificate x509Certificate, String str2, String str3) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public X509Certificate decodePemEncodedCertificate(Reader reader) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public PrivateKey decodePemEncodedPrivateKey(Reader reader, String str) {
        org.bouncycastle.asn1.k.f a2;
        try {
            i iVar = new i(reader);
            try {
                Object a3 = iVar.a();
                if (!(a3 instanceof org.bouncycastle.openssl.e)) {
                    a2 = ((org.bouncycastle.openssl.g) a3).a();
                } else {
                    if (str == null) {
                        throw new ImportException("Unable to import private key. Key is encrypted, but no password was provided.");
                    }
                    a2 = ((org.bouncycastle.openssl.e) a3).a(new org.bouncycastle.openssl.a.d().a(str.toCharArray())).a();
                }
                PrivateKey a4 = new org.bouncycastle.openssl.a.b().a(a2);
                if (iVar != null) {
                    iVar.close();
                }
                return a4;
            } finally {
            }
        } catch (IOException e) {
            throw new ImportException("Unable to read PEM-encoded PrivateKey", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public String encodeCertificateAsPem(Certificate certificate) {
        return encodeObjectAsPemString(certificate, null);
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public String encodePrivateKeyAsPem(PrivateKey privateKey, String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("You must specify a password when serializing a private key");
        }
        return encodeObjectAsPemString(privateKey, new org.bouncycastle.openssl.a.e(str2).a(str.toCharArray()));
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyManager[] getKeyManagers(KeyStore keyStore, String str) {
        return new KeyManager[0];
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore loadKeyStore(File file, String str, String str2) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public void saveKeyStore(File file, KeyStore keyStore, String str) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }
}
