package com.seven.asimov.cert;

import android.content.Context;
import android.os.Build;
import com.seven.asimov.install.CACertInstaller;
import com.seven.security.OCCertificateConstants;
import com.seven.util.Logger;
import com.seven.util.Utils;
import io.fabric.sdk.android.services.common.CommonUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.cert.CertIOException;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: classes.dex */
public final class CertUtils {
    private static final String CACERT_PATH_DEFAULT = "/data/misc/keychain/cacerts-added/abdf37d5.0";
    private static final String CACERT_PATH_LOLIPOPS = "/data/misc/user/0/cacerts-added/abdf37d5.0";
    private static X509Certificate[] sAcceptedIssuers;
    private static final Logger LOG = Logger.getLogger(CertUtils.class);
    private static final Object sAcceptedIssuersLoadLock = new Object();
    private static X509TrustManager sDefaultTrustManager = null;

    /* loaded from: classes.dex */
    public enum CertValidity {
        OC_CERT_FAILED_INTEGRITY_CHECK(-1),
        OC_CERT_PASSED_ALL_CHECKS(0),
        OC_CERT_FAILED_AUTHORITY_CHECK(1),
        OC_CERT_FAILED_YET_NOT_VALID_CHECK(2),
        OC_CERT_FAILED_EXPIRATION_CHECK(4);

        private int validityResult;

        CertValidity(int i) {
            this.validityResult = i;
        }
    }

    private CertUtils() {
    }

    public static byte[] convertCertsToChain(X509Certificate[] x509CertificateArr) {
        try {
            byte[][] bArr = new byte[x509CertificateArr.length];
            int i = 0;
            for (int i2 = 0; i2 < x509CertificateArr.length; i2++) {
                bArr[i2] = x509CertificateArr[i2].getEncoded();
                i += bArr[i2].length;
            }
            int length = i + (bArr.length * 3);
            byte[] bArr2 = new byte[length + 3];
            bArr2[0] = (byte) ((16711680 & length) >> 16);
            bArr2[1] = (byte) ((65280 & length) >> 8);
            int i3 = 3;
            bArr2[2] = (byte) (length & 255);
            for (byte[] bArr3 : bArr) {
                long length2 = bArr3.length;
                int i4 = i3 + 1;
                bArr2[i3] = (byte) ((16711680 & length2) >> 16);
                int i5 = i4 + 1;
                bArr2[i4] = (byte) ((65280 & length2) >> 8);
                int i6 = i5 + 1;
                bArr2[i5] = (byte) (length2 & 255);
                System.arraycopy(bArr3, 0, bArr2, i6, bArr3.length);
                i3 = bArr3.length + i6;
            }
            return bArr2;
        } catch (Exception e) {
            if (Logger.isError()) {
                LOG.error("FC chain generation failure: " + e.toString());
            }
            return null;
        }
    }

    public static byte[] convertToByteArray(int i) {
        return new byte[]{(byte) (i & 255), (byte) ((65280 & i) >> 8), (byte) ((16711680 & i) >> 16), (byte) (((-16777216) & i) >> 24)};
    }

    public static void dumpAliases(KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            StringBuilder sb = new StringBuilder();
            sb.append("Alias List - [ ");
            while (aliases.hasMoreElements()) {
                sb.append(aliases.nextElement());
                sb.append(',');
            }
            sb.setLength(sb.length() - 1);
            sb.append(" ]");
            if (Logger.isInfo()) {
                LOG.info(sb.toString());
            }
        } catch (Exception e) {
            if (Logger.isError()) {
                LOG.error("Error in dumpAliases", e);
            }
        }
    }

    public static String generateCACertName(X509Certificate x509Certificate) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.MD5_INSTANCE);
            messageDigest.update(x509Certificate.getIssuerX500Principal().getEncoded());
            byte[] digest = messageDigest.digest();
            StringBuilder sb = new StringBuilder();
            for (int length = (digest.length / 4) - 1; length >= 0; length--) {
                sb.append(String.format("%02x", Byte.valueOf(digest[length])));
            }
            sb.append(".0");
            if (Logger.isTrace()) {
                LOG.trace(String.format("OC CA name: %s", sb.toString()));
            }
            return sb.toString();
        } catch (Exception e) {
            if (Logger.isError()) {
                LOG.error("Failde to generate OC CA name: ", e);
            }
            return null;
        }
    }

    public static byte[] generateCertHash(X509Certificate x509Certificate) {
        try {
            byte[] encoded = x509Certificate.getEncoded();
            MessageDigest messageDigest = MessageDigest.getInstance(CommonUtils.MD5_INSTANCE);
            messageDigest.update(encoded);
            return messageDigest.digest();
        } catch (Exception e) {
            return null;
        }
    }

    public static BigInteger generateCertSerialNumber(Context context) {
        String deviceID = Utils.getDeviceID(context);
        if (Logger.isDebug()) {
            LOG.debug(String.format("generateCertSerialNumber: %s", deviceID));
        }
        return new BigInteger("" + deviceID.hashCode() + System.currentTimeMillis());
    }

    public static Object[] generateFakeCertChain(Context context, boolean z, byte[] bArr) {
        Object[] objArr;
        Exception e;
        X509Certificate x509Certificate;
        X509Certificate fakeRootCert;
        KeyPair fakeRootCertKeyPair;
        try {
            CertificateFactory certificateFactory = Utils.getCertificateFactory();
            List<byte[]> certChainData = Utils.getCertChainData(bArr);
            ArrayList arrayList = new ArrayList();
            Iterator<byte[]> it = certChainData.iterator();
            while (true) {
                if (!it.hasNext()) {
                    x509Certificate = null;
                    break;
                }
                x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(it.next()));
                arrayList.add(x509Certificate);
                if (x509Certificate.getBasicConstraints() == -1) {
                    break;
                }
            }
            X509Certificate x509Certificate2 = x509Certificate == null ? (X509Certificate) arrayList.get(0) : x509Certificate;
            KeyPair generateKeyPair = generateKeyPair();
            if (z) {
                fakeRootCert = CACertInstaller.getInstance().getOCRootCert();
                fakeRootCertKeyPair = CACertInstaller.getInstance().getOCRootCertKeyPair();
            } else {
                fakeRootCert = CACertInstaller.getInstance().getFakeRootCert(context);
                fakeRootCertKeyPair = CACertInstaller.getInstance().getFakeRootCertKeyPair(context);
            }
            X509Certificate generateFakeCertificate = generateFakeCertificate(context, fakeRootCert.getIssuerX500Principal(), fakeRootCertKeyPair.getPrivate(), x509Certificate2, generateKeyPair);
            generateFakeCertificate.verify(fakeRootCertKeyPair.getPublic());
            objArr = new Object[5];
            try {
                objArr[0] = generateKeyPair.getPrivate().getEncoded();
                objArr[1] = convertCertsToChain(new X509Certificate[]{generateFakeCertificate, fakeRootCert});
                objArr[2] = generateCertHash(x509Certificate2);
                objArr[3] = convertToByteArray((int) (generateFakeCertificate.getNotBefore().getTime() / 1000));
                objArr[4] = convertToByteArray((int) (generateFakeCertificate.getNotAfter().getTime() / 1000));
            } catch (Exception e2) {
                e = e2;
                if (Logger.isError()) {
                    LOG.error("Failed to generate fake certificate", e);
                }
                return objArr;
            }
        } catch (Exception e3) {
            objArr = null;
            e = e3;
        }
        return objArr;
    }

    private static X509Certificate generateFakeCertificate(Context context, X500Principal x500Principal, PrivateKey privateKey, X509Certificate x509Certificate, KeyPair keyPair) throws CertIOException, InvalidKeyException, OperatorCreationException, CertificateException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, generateCertSerialNumber(context), x509Certificate.getNotBefore(), x509Certificate.getNotAfter(), x509Certificate.getSubjectX500Principal(), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.getPublic()));
        JcaX509CertificateHolder jcaX509CertificateHolder = new JcaX509CertificateHolder(x509Certificate);
        Extension extension = jcaX509CertificateHolder.getExtension(X509Extension.subjectAlternativeName);
        if (extension != null) {
            jcaX509v3CertificateBuilder.copyAndAddExtension(X509Extension.subjectAlternativeName, extension.isCritical(), jcaX509CertificateHolder);
        }
        Extension extension2 = jcaX509CertificateHolder.getExtension(X509Extension.keyUsage);
        if (extension2 != null) {
            jcaX509v3CertificateBuilder.copyAndAddExtension(X509Extension.keyUsage, extension2.isCritical(), jcaX509CertificateHolder);
        }
        Extension extension3 = jcaX509CertificateHolder.getExtension(X509Extension.extendedKeyUsage);
        if (extension3 != null) {
            jcaX509v3CertificateBuilder.copyAndAddExtension(X509Extension.extendedKeyUsage, extension3.isCritical(), jcaX509CertificateHolder);
        }
        String sigAlgName = x509Certificate.getSigAlgName();
        String str = !sigAlgName.toLowerCase().endsWith("withrsa") ? OCCertificateConstants.SIG_ALG_SHA_1 : sigAlgName;
        if (Logger.isDebug()) {
            LOG.debug(String.format("Orignal signature algorithm: %s, used %s", sigAlgName, str));
        }
        return new JcaX509CertificateConverter().setProvider("SC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(str).setProvider("SC").build(privateKey)));
    }

    public static KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(OCCertificateConstants.KP_ALG_RSA, "SC");
        keyPairGenerator.initialize(1024);
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] x509CertificateArr;
        X509TrustManager defaultX509TrustManager;
        synchronized (sAcceptedIssuersLoadLock) {
            if (sAcceptedIssuers == null && (defaultX509TrustManager = getDefaultX509TrustManager()) != null) {
                sAcceptedIssuers = defaultX509TrustManager.getAcceptedIssuers();
            }
            x509CertificateArr = sAcceptedIssuers;
        }
        return x509CertificateArr;
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x0007, code lost:
    
        r0 = null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static javax.net.ssl.X509TrustManager getDefaultX509TrustManager() {
        /*
            r1 = 0
            javax.net.ssl.X509TrustManager r0 = com.seven.asimov.cert.CertUtils.sDefaultTrustManager     // Catch: java.lang.Exception -> L37
            if (r0 == 0) goto L8
            javax.net.ssl.X509TrustManager r0 = com.seven.asimov.cert.CertUtils.sDefaultTrustManager     // Catch: java.lang.Exception -> L37
        L7:
            return r0
        L8:
            com.seven.util.Logger r0 = com.seven.asimov.cert.CertUtils.LOG     // Catch: java.lang.Exception -> L37
            java.lang.String r2 = "getDefaultX509TrustManager"
            r0.debug(r2)     // Catch: java.lang.Exception -> L37
            java.lang.String r0 = javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()     // Catch: java.lang.Exception -> L37
            javax.net.ssl.TrustManagerFactory r2 = javax.net.ssl.TrustManagerFactory.getInstance(r0)     // Catch: java.lang.Exception -> L37
            r0 = 0
            java.security.KeyStore r0 = (java.security.KeyStore) r0     // Catch: java.lang.Exception -> L37
            r2.init(r0)     // Catch: java.lang.Exception -> L37
            javax.net.ssl.TrustManager[] r3 = r2.getTrustManagers()     // Catch: java.lang.Exception -> L37
            int r4 = r3.length     // Catch: java.lang.Exception -> L37
            r0 = 0
            r2 = r0
        L24:
            if (r2 >= r4) goto L3f
            r0 = r3[r2]     // Catch: java.lang.Exception -> L37
            boolean r5 = r0 instanceof javax.net.ssl.X509TrustManager     // Catch: java.lang.Exception -> L37
            if (r5 == 0) goto L33
            javax.net.ssl.X509TrustManager r0 = (javax.net.ssl.X509TrustManager) r0     // Catch: java.lang.Exception -> L37
            com.seven.asimov.cert.CertUtils.sDefaultTrustManager = r0     // Catch: java.lang.Exception -> L37
            javax.net.ssl.X509TrustManager r0 = com.seven.asimov.cert.CertUtils.sDefaultTrustManager     // Catch: java.lang.Exception -> L37
            goto L7
        L33:
            int r0 = r2 + 1
            r2 = r0
            goto L24
        L37:
            r0 = move-exception
            com.seven.util.Logger r2 = com.seven.asimov.cert.CertUtils.LOG
            java.lang.String r3 = "Error in hasTrustCertificate "
            r2.error(r3, r0)
        L3f:
            r0 = r1
            goto L7
        */
        throw new UnsupportedOperationException("Method not decompiled: com.seven.asimov.cert.CertUtils.getDefaultX509TrustManager():javax.net.ssl.X509TrustManager");
    }

    public static X509Certificate getOCRootCert(PublicKey publicKey) {
        X509Certificate[] acceptedIssuers = getAcceptedIssuers();
        LOG.trace("adclear publickey:" + publicKey);
        LOG.trace("adclear publickey algorithm:" + publicKey.getAlgorithm());
        if (acceptedIssuers != null) {
            for (X509Certificate x509Certificate : acceptedIssuers) {
                if (x509Certificate.getIssuerDN().toString().toLowerCase().contains("adclear")) {
                    LOG.trace("issuer:" + x509Certificate.getIssuerDN());
                    LOG.trace("publickey:" + x509Certificate.getPublicKey());
                    LOG.trace("publickey algorithm :" + x509Certificate.getPublicKey().getAlgorithm());
                }
                if (Arrays.equals(publicKey.getEncoded(), x509Certificate.getPublicKey().getEncoded()) && publicKey.getAlgorithm().equals(x509Certificate.getPublicKey().getAlgorithm())) {
                    return x509Certificate;
                }
            }
        }
        LOG.error("Find null Root certificate!!!");
        return null;
    }

    public static boolean isCACertInstalled() {
        File file = new File(CACERT_PATH_DEFAULT);
        if (Build.VERSION.SDK_INT >= 21) {
            file = new File(CACERT_PATH_LOLIPOPS);
        }
        return file.exists();
    }

    public static void reloadAcceptedIssuers() {
        synchronized (sAcceptedIssuersLoadLock) {
            LOG.debug("reloadAcceptedIssuers");
            if (Build.VERSION.SDK_INT >= 24) {
                sDefaultTrustManager = null;
            }
            X509TrustManager defaultX509TrustManager = getDefaultX509TrustManager();
            if (defaultX509TrustManager != null) {
                sAcceptedIssuers = defaultX509TrustManager.getAcceptedIssuers();
            }
        }
    }
}
