package a3;

import io.netty.util.internal.StringUtil;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Calendar;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: classes.dex */
public final class o3 {

    /* renamed from: i, reason: collision with root package name */
    public static final /* synthetic */ int f412i = 0;

    /* renamed from: a, reason: collision with root package name */
    public final p5 f413a;

    /* renamed from: b, reason: collision with root package name */
    public PublicKey f414b;

    /* renamed from: c, reason: collision with root package name */
    public PrivateKey f415c;

    /* renamed from: d, reason: collision with root package name */
    public X509Certificate f416d;

    /* renamed from: e, reason: collision with root package name */
    public X509Certificate f417e;

    /* renamed from: f, reason: collision with root package name */
    public KeyStore f418f;

    /* renamed from: g, reason: collision with root package name */
    public final String f419g;

    /* renamed from: h, reason: collision with root package name */
    public final String f420h = f6.n.L2(g3.t.A4(f3.t));

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public o3(p5 p5Var, String str) {
        this.f413a = p5Var;
        this.f419g = str.concat("-cert-key");
    }

    public final X509Certificate a() {
        StringBuilder sb = new StringBuilder("C=");
        p5 p5Var = this.f413a;
        sb.append(p5Var.f433b);
        sb.append(", O=");
        sb.append(p5Var.f434c);
        sb.append(", CN=");
        sb.append(p5Var.f436e);
        X500Name x500Name = new X500Name(sb.toString());
        BigInteger valueOf = BigInteger.valueOf(Instant.now().toEpochMilli());
        Date from = Date.from(Instant.now().minus((TemporalAmount) Duration.ofDays(1L)));
        Date from2 = Date.from(Instant.now().plus((TemporalAmount) Duration.ofDays(365L)));
        PublicKey publicKey = this.f414b;
        if (publicKey == null) {
            androidx.navigation.compose.l.V1("pubKey");
            throw null;
        }
        X509v3CertificateBuilder addExtension = new JcaX509v3CertificateBuilder(x500Name, valueOf, from, from2, x500Name, publicKey).addExtension(new ASN1ObjectIdentifier("2.5.29.19"), true, (ASN1Encodable) new BasicConstraints(1)).addExtension(new ASN1ObjectIdentifier("2.5.29.15"), true, (ASN1Encodable) new X509KeyUsage(6));
        androidx.navigation.compose.l.R(addExtension, "JcaX509v3CertificateBuil…          )\n            )");
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(f6.n.L2(g3.t.A4(f3.J)));
        PrivateKey privateKey = this.f415c;
        if (privateKey == null) {
            androidx.navigation.compose.l.V1("privKey");
            throw null;
        }
        X509Certificate certificate = provider.getCertificate(addExtension.build(jcaContentSignerBuilder.build(privateKey)));
        androidx.navigation.compose.l.R(certificate, "JcaX509CertificateConver…          )\n            )");
        return certificate;
    }

    public final void b(String str, String str2, String str3, String str4) {
        X509Certificate a7;
        X509Certificate c7;
        PublicKey publicKey;
        PrivateKey privateKey;
        androidx.navigation.compose.l.S(str, "caCertPEM");
        androidx.navigation.compose.l.S(str2, "serverCertPEM");
        androidx.navigation.compose.l.S(str3, "privKeyPEM");
        androidx.navigation.compose.l.S(str4, "pubKeyPEM");
        if (f6.n.Z2(str3) || f6.n.Z2(str4)) {
            try {
                KeyPair genKeyPair = KeyPairGenerator.getInstance("RSA").genKeyPair();
                PublicKey publicKey2 = genKeyPair.getPublic();
                androidx.navigation.compose.l.R(publicKey2, "keyPair.public");
                this.f414b = publicKey2;
                PrivateKey privateKey2 = genKeyPair.getPrivate();
                androidx.navigation.compose.l.R(privateKey2, "keyPair.private");
                this.f415c = privateKey2;
            } catch (Exception e3) {
                e3.printStackTrace();
            }
        } else {
            try {
                X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decode(f6.n.l3(f6.n.l3(f6.n.l3(str4, "-----BEGIN PUBLIC KEY-----", ""), "\n", ""), "-----END PUBLIC KEY-----", "")));
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                androidx.navigation.compose.l.R(keyFactory, "getInstance(\"RSA\")");
                publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
            } catch (Exception e7) {
                e7.printStackTrace();
                publicKey = null;
            }
            if (publicKey == null) {
                throw new Exception("Public Key cannot be null!");
            }
            this.f414b = publicKey;
            try {
                PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(f6.n.l3(f6.n.l3(f6.n.l3(str3, "-----BEGIN PRIVATE KEY-----", ""), "\n", ""), "-----END PRIVATE KEY-----", "")));
                KeyFactory keyFactory2 = KeyFactory.getInstance("RSA");
                androidx.navigation.compose.l.R(keyFactory2, "getInstance(\"RSA\")");
                privateKey = keyFactory2.generatePrivate(pKCS8EncodedKeySpec);
            } catch (Exception e8) {
                e8.printStackTrace();
                privateKey = null;
            }
            if (privateKey == null) {
                throw new Exception("Private Key cannot be null!");
            }
            this.f415c = privateKey;
        }
        if ((str.length() == 0) || (a7 = v2.j.b(str)) == null) {
            a7 = a();
        }
        this.f416d = a7;
        if ((str2.length() == 0) || (c7 = v2.j.b(str2)) == null) {
            c7 = c(e());
        }
        this.f417e = c7;
        X509Certificate e9 = e();
        X509Certificate x509Certificate = this.f417e;
        if (x509Certificate == null) {
            androidx.navigation.compose.l.V1("certServer");
            throw null;
        }
        KeyStore keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME);
        androidx.navigation.compose.l.R(keyStore, "getInstance(\"BKS\", \"BC\")");
        keyStore.load(null, null);
        PrivateKey privateKey3 = this.f415c;
        if (privateKey3 == null) {
            androidx.navigation.compose.l.V1("privKey");
            throw null;
        }
        char[] charArray = this.f420h.toCharArray();
        androidx.navigation.compose.l.R(charArray, "this as java.lang.String).toCharArray()");
        keyStore.setKeyEntry(this.f419g, privateKey3, charArray, new X509Certificate[]{x509Certificate, e9});
        this.f418f = keyStore;
    }

    public final X509Certificate c(X509Certificate x509Certificate) {
        GeneralNames generalNames = GeneralNames.getInstance(new DERSequence(new GeneralName[]{new GeneralName(7, f6.n.L2(g3.t.A4(f3.E))), new GeneralName(2, f6.n.L2(g3.t.A4(f3.I)))}));
        StringBuilder sb = new StringBuilder("C=");
        p5 p5Var = this.f413a;
        sb.append(p5Var.f433b);
        sb.append(", O=");
        sb.append(p5Var.f434c);
        sb.append(", CN=");
        sb.append(p5Var.f435d);
        X500Name x500Name = new X500Name(sb.toString());
        BigInteger valueOf = BigInteger.valueOf(Instant.now().toEpochMilli());
        Date from = Date.from(Instant.now().minus((TemporalAmount) Duration.ofDays(1L)));
        Date from2 = Date.from(Instant.now().plus((TemporalAmount) Duration.ofDays(365L)));
        PublicKey publicKey = this.f414b;
        if (publicKey == null) {
            androidx.navigation.compose.l.V1("pubKey");
            throw null;
        }
        X509v3CertificateBuilder addExtension = new JcaX509v3CertificateBuilder(x509Certificate, valueOf, from, from2, x500Name, publicKey).addExtension(new ASN1ObjectIdentifier("2.5.29.19"), false, (ASN1Encodable) new BasicConstraints(false)).addExtension(new ASN1ObjectIdentifier("2.5.29.37"), true, (ASN1Encodable) new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth})).addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) generalNames);
        androidx.navigation.compose.l.R(addExtension, "JcaX509v3CertificateBuil…, false, subjectAltNames)");
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder(f6.n.L2(g3.t.A4(f3.J)));
        PrivateKey privateKey = this.f415c;
        if (privateKey == null) {
            androidx.navigation.compose.l.V1("privKey");
            throw null;
        }
        X509Certificate certificate = provider.getCertificate(addExtension.build(jcaContentSignerBuilder.build(privateKey)));
        androidx.navigation.compose.l.R(certificate, "JcaX509CertificateConver…          )\n            )");
        return certificate;
    }

    public final n3 d() {
        String str;
        String name;
        if (this.f416d == null) {
            Date from = Date.from(Instant.now());
            androidx.navigation.compose.l.R(from, "from(Instant.now())");
            return new n3(from, 0L, "");
        }
        Date notAfter = e().getNotAfter();
        Principal issuerDN = e().getIssuerDN();
        if (issuerDN == null || (name = issuerDN.getName()) == null) {
            str = null;
        } else {
            String x32 = f6.n.x3(name, "CN=", name);
            str = f6.n.A3(x32, StringUtil.COMMA, x32);
        }
        return new n3(notAfter, TimeUnit.MILLISECONDS.toDays(notAfter.getTime() - Calendar.getInstance().getTimeInMillis()), str != null ? str : "");
    }

    public final X509Certificate e() {
        X509Certificate x509Certificate = this.f416d;
        if (x509Certificate != null) {
            return x509Certificate;
        }
        androidx.navigation.compose.l.V1("certCA");
        throw null;
    }
}
