package com.promobitech.oneauth.httpserver;

import android.util.Base64;
import com.promobitech.bamboo.Bamboo;
import com.promobitech.oneauth.OneAuthApp;
import com.promobitech.oneauth.repository.local.sharedprefs.SharedPrefsHelper;
import com.promobitech.oneauth.utils.OneAuthUtils;
import io.netty.handler.ssl.SslHandler;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.Charsets;
import kotlin.text.StringsKt__StringsJVMKt;

@SourceDebugExtension({"SMAP\nSSLHandlerProvider.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SSLHandlerProvider.kt\ncom/promobitech/oneauth/httpserver/SSLHandlerProvider\n+ 2 ArraysJVM.kt\nkotlin/collections/ArraysKt__ArraysJVMKt\n*L\n1#1,184:1\n37#2,2:185\n*S KotlinDebug\n*F\n+ 1 SSLHandlerProvider.kt\ncom/promobitech/oneauth/httpserver/SSLHandlerProvider\n*L\n136#1:185,2\n*E\n"})
/* loaded from: classes3.dex */
public final class SSLHandlerProvider {

    /* renamed from: a, reason: collision with root package name */
    public static final SSLHandlerProvider f8037a = new SSLHandlerProvider();

    /* renamed from: b, reason: collision with root package name */
    private static final String f8038b = "TLS";

    /* renamed from: c, reason: collision with root package name */
    private static SSLContext f8039c;

    private SSLHandlerProvider() {
    }

    private final X509Certificate[] b(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(f(str));
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
    }

    private final KeyStore c(String str, String str2, String str3) throws Exception, KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        X509Certificate[] b2 = b(str2);
        KeyStore keystore = KeyStore.getInstance("BKS");
        keystore.load(null);
        PrivateKey d2 = d(str);
        char[] charArray = str3.toCharArray();
        Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
        keystore.setKeyEntry("SF One Auth", d2, charArray, b2);
        Intrinsics.checkNotNullExpressionValue(keystore, "keystore");
        return keystore;
    }

    private final PrivateKey d(String str) throws Exception {
        String replace$default;
        String replace$default2;
        String replace$default3;
        replace$default = StringsKt__StringsJVMKt.replace$default(str, "-----BEGIN PRIVATE KEY-----", "", false, 4, (Object) null);
        replace$default2 = StringsKt__StringsJVMKt.replace$default(replace$default, "\n", "", false, 4, (Object) null);
        replace$default3 = StringsKt__StringsJVMKt.replace$default(replace$default2, "-----END PRIVATE KEY-----", "", false, 4, (Object) null);
        byte[] encoded = Base64.decode(replace$default3, 0);
        Intrinsics.checkNotNullExpressionValue(encoded, "encoded");
        return g(encoded);
    }

    private final void e() {
        OneAuthUtils.Companion companion = OneAuthUtils.f8125a;
        if (companion.e()) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize(4096);
                KeyPair keyPair = keyPairGenerator.generateKeyPair();
                SelfSignedCertificate selfSignedCertificate = SelfSignedCertificate.f8040a;
                Intrinsics.checkNotNullExpressionValue(keyPair, "keyPair");
                X509Certificate a2 = selfSignedCertificate.a(keyPair);
                SharedPrefsHelper sharedPrefsHelper = SharedPrefsHelper.f8051a;
                String f2 = sharedPrefsHelper.f();
                if (f2 == null) {
                    f2 = "SF_AUTH-" + companion.d(10);
                }
                OneAuthApp.Companion companion2 = OneAuthApp.f8006a;
                PrivateKey privateKey = keyPair.getPrivate();
                Intrinsics.checkNotNullExpressionValue(privateKey, "keyPair.private");
                Intrinsics.checkNotNull(a2, "null cannot be cast to non-null type java.security.cert.Certificate");
                companion2.m(privateKey, a2, f2);
                Bamboo.l("Certificate installed %s", f2);
                sharedPrefsHelper.q(f2);
                j(a2);
            } catch (Throwable th) {
                Bamboo.i(th, "Exception in generateAndInstallCert", new Object[0]);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final X509Certificate f(String str) throws CertificateException, NoSuchProviderException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        byte[] bytes = str.getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(bytes));
        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        return (X509Certificate) generateCertificate;
    }

    private final RSAPrivateKey g(byte[] bArr) throws InvalidKeySpecException, NoSuchAlgorithmException {
        PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
        Intrinsics.checkNotNull(generatePrivate, "null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey");
        return (RSAPrivateKey) generatePrivate;
    }

    private final void j(X509Certificate x509Certificate) {
        try {
            byte[] encoded = x509Certificate.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "certificate.encoded");
            byte[] encode = Base64.encode(encoded, 0);
            Intrinsics.checkNotNullExpressionValue(encode, "encode(derCert, Base64.DEFAULT)");
            SharedPrefsHelper.f8051a.r("-----BEGIN CERTIFICATE-----\n" + new String(encode, Charsets.UTF_8) + "\n-----END CERTIFICATE-----");
        } catch (Throwable th) {
            Bamboo.i(th, "Exception in savingCert", new Object[0]);
        }
    }

    public final SslHandler h() {
        SSLContext sSLContext = f8039c;
        if (sSLContext == null) {
            Bamboo.h("Server SSL context is null", new Object[0]);
            return null;
        }
        Intrinsics.checkNotNull(sSLContext);
        SSLEngine createSSLEngine = sSLContext.createSSLEngine();
        createSSLEngine.setUseClientMode(false);
        boolean z = OneAuthApp.f8006a.e().h();
        createSSLEngine.setNeedClientAuth(z);
        createSSLEngine.setWantClientAuth(z);
        return new SslHandler(createSSLEngine);
    }

    public final void i(String privateKeyPem, String certificatePem, String password) {
        Intrinsics.checkNotNullParameter(privateKeyPem, "privateKeyPem");
        Intrinsics.checkNotNullParameter(certificatePem, "certificatePem");
        Intrinsics.checkNotNullParameter(password, "password");
        Bamboo.l("Initiating SSL context", new Object[0]);
        try {
            KeyStore c2 = c(privateKeyPem, certificatePem, password);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
            char[] charArray = password.toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
            keyManagerFactory.init(c2, charArray);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            f8039c = SSLContext.getInstance(f8038b);
            if (OneAuthApp.f8006a.e().h()) {
                e();
                X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.promobitech.oneauth.httpserver.SSLHandlerProvider$initSSLContext$tm$1
                    @Override // javax.net.ssl.X509TrustManager
                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                        X509Certificate f2;
                        Intrinsics.checkNotNullParameter(chain, "chain");
                        Intrinsics.checkNotNullParameter(authType, "authType");
                        String g2 = SharedPrefsHelper.f8051a.g();
                        if (g2 != null) {
                            f2 = SSLHandlerProvider.f8037a.f(g2);
                            for (X509Certificate x509Certificate : chain) {
                                if (Intrinsics.areEqual(f2, x509Certificate)) {
                                    Bamboo.l("checkClientTrusted certs are equal", new Object[0]);
                                    return;
                                }
                            }
                        }
                        Bamboo.l("checkClientTrusted throwing exception", new Object[0]);
                        throw new CertificateException();
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                        Intrinsics.checkNotNullParameter(chain, "chain");
                        Intrinsics.checkNotNullParameter(authType, "authType");
                    }

                    @Override // javax.net.ssl.X509TrustManager
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                };
                SSLContext sSLContext = f8039c;
                Intrinsics.checkNotNull(sSLContext);
                sSLContext.init(keyManagers, new TrustManager[]{x509TrustManager}, null);
            } else {
                SSLContext sSLContext2 = f8039c;
                Intrinsics.checkNotNull(sSLContext2);
                sSLContext2.init(keyManagers, null, null);
            }
        } catch (Exception e) {
            Bamboo.i(e, "Failed to initialize the server-side SSLContext", new Object[0]);
        }
    }
}
