package net.lightbody.bmp.mitm.tools;

import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.KeyManager;
import net.lightbody.bmp.mitm.CertificateAndKey;
import net.lightbody.bmp.mitm.CertificateInfo;
import net.lightbody.bmp.mitm.exception.CertificateCreationException;
import net.lightbody.bmp.mitm.exception.ExportException;
import net.lightbody.bmp.mitm.exception.ImportException;
import net.lightbody.bmp.mitm.util.EncryptionUtil;
import org.bouncycastle.asn1.ae.a.c;
import org.bouncycastle.asn1.ae.d;
import org.bouncycastle.asn1.ae.e;
import org.bouncycastle.asn1.br;
import org.bouncycastle.asn1.x.u;
import org.bouncycastle.asn1.x509.ab;
import org.bouncycastle.asn1.x509.ac;
import org.bouncycastle.asn1.x509.aj;
import org.bouncycastle.asn1.x509.ak;
import org.bouncycastle.asn1.x509.ba;
import org.bouncycastle.asn1.x509.bb;
import org.bouncycastle.asn1.x509.j;
import org.bouncycastle.asn1.x509.y;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.a.a;
import org.bouncycastle.cert.g;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.n;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.b.h;
import org.bouncycastle.openssl.f;
import org.bouncycastle.openssl.i;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.b;

/* loaded from: classes2.dex */
public class BouncyCastleSecurityProviderTool implements SecurityProviderTool {
    private static final int CERTIFICATE_SERIAL_NUMBER_SIZE = 160;

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private static X509Certificate convertToJcaCertificate(g gVar) {
        try {
            return new JcaX509CertificateConverter().a(gVar);
        } catch (CertificateException e) {
            throw new CertificateCreationException("Unable to convert X590CertificateHolder to JCA X590Certificate", e);
        }
    }

    private static ba createSubjectKeyIdentifier(Key key) {
        return new a().b(bb.a(key.getEncoded()));
    }

    private static d createX500NameForCertificate(CertificateInfo certificateInfo) {
        e eVar = new e(c.K);
        if (certificateInfo.getCommonName() != null) {
            eVar.a(c.f, certificateInfo.getCommonName());
        }
        if (certificateInfo.getOrganization() != null) {
            eVar.a(c.c, certificateInfo.getOrganization());
        }
        if (certificateInfo.getOrganizationalUnit() != null) {
            eVar.a(c.d, certificateInfo.getOrganizationalUnit());
        }
        if (certificateInfo.getEmail() != null) {
            eVar.a(c.H, certificateInfo.getEmail());
        }
        if (certificateInfo.getLocality() != null) {
            eVar.a(c.j, certificateInfo.getLocality());
        }
        if (certificateInfo.getState() != null) {
            eVar.a(c.k, certificateInfo.getState());
        }
        if (certificateInfo.getCountryCode() != null) {
            eVar.a(c.b, certificateInfo.getCountryCode());
        }
        return eVar.a();
    }

    private static String encodeObjectAsPemString(Object obj, f fVar) {
        StringWriter stringWriter = new StringWriter();
        try {
            org.bouncycastle.openssl.b.c cVar = new org.bouncycastle.openssl.b.c(stringWriter);
            cVar.a(obj, fVar);
            cVar.flush();
            return stringWriter.toString();
        } catch (IOException e) {
            throw new ExportException("Unable to generate PEM string representing object", e);
        }
    }

    private static org.bouncycastle.operator.e getCertificateSigner(PrivateKey privateKey, String str) {
        try {
            return new b(str).a(privateKey);
        } catch (OperatorCreationException e) {
            throw new CertificateCreationException("Unable to create ContentSigner using signature algorithm: " + str, e);
        }
    }

    private static ac getDomainNameSANsAsASN1Encodable(List<String> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (String str : list) {
            arrayList.add(new ab(com.google.common.net.c.b(str) ? 7 : 2, str));
        }
        return new ac((ab[]) arrayList.toArray(new ab[arrayList.size()]));
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public CertificateAndKey createCARootCertificate(CertificateInfo certificateInfo, KeyPair keyPair, String str) {
        if (certificateInfo.getNotBefore() == null) {
            throw new IllegalArgumentException("Must specify Not Before for server certificate");
        }
        if (certificateInfo.getNotAfter() == null) {
            throw new IllegalArgumentException("Must specify Not After for server certificate");
        }
        d createX500NameForCertificate = createX500NameForCertificate(certificateInfo);
        BigInteger randomBigInteger = EncryptionUtil.getRandomBigInteger(160);
        PublicKey publicKey = keyPair.getPublic();
        org.bouncycastle.operator.e certificateSigner = getCertificateSigner(keyPair.getPrivate(), EncryptionUtil.getSignatureAlgorithm(str, keyPair.getPrivate()));
        org.bouncycastle.asn1.g gVar = new org.bouncycastle.asn1.g();
        gVar.a(aj.b);
        gVar.a(aj.c);
        gVar.a(aj.a);
        try {
            return new CertificateAndKey(convertToJcaCertificate(new n(createX500NameForCertificate, randomBigInteger, certificateInfo.getNotBefore(), certificateInfo.getNotAfter(), createX500NameForCertificate, publicKey).a(y.b, false, (org.bouncycastle.asn1.f) createSubjectKeyIdentifier(publicKey)).a(y.g, true, (org.bouncycastle.asn1.f) new j(true)).a(y.c, false, (org.bouncycastle.asn1.f) new ak(org.bouncycastle.crypto.tls.ab.cs)).a(y.f251u, false, (org.bouncycastle.asn1.f) new br(gVar)).a(certificateSigner)), keyPair.getPrivate());
        } catch (CertIOException e) {
            throw new CertificateCreationException("Error creating root certificate", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore createRootCertificateKeyStore(String str, CertificateAndKey certificateAndKey, String str2, String str3) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public CertificateAndKey createServerCertificate(CertificateInfo certificateInfo, X509Certificate x509Certificate, PrivateKey privateKey, KeyPair keyPair, String str) {
        if (certificateInfo.getCommonName() == null) {
            throw new IllegalArgumentException("Must specify CN for server certificate");
        }
        if (certificateInfo.getNotBefore() == null) {
            throw new IllegalArgumentException("Must specify Not Before for server certificate");
        }
        if (certificateInfo.getNotAfter() == null) {
            throw new IllegalArgumentException("Must specify Not After for server certificate");
        }
        d createX500NameForCertificate = createX500NameForCertificate(certificateInfo);
        try {
            return new CertificateAndKey(convertToJcaCertificate(new n(x509Certificate, EncryptionUtil.getRandomBigInteger(160), certificateInfo.getNotBefore(), certificateInfo.getNotAfter(), createX500NameForCertificate, keyPair.getPublic()).a(y.e, false, (org.bouncycastle.asn1.f) getDomainNameSANsAsASN1Encodable(certificateInfo.getSubjectAlternativeNames())).a(y.b, false, (org.bouncycastle.asn1.f) createSubjectKeyIdentifier(keyPair.getPublic())).a(y.g, false, (org.bouncycastle.asn1.f) new j(false)).a(getCertificateSigner(privateKey, EncryptionUtil.getSignatureAlgorithm(str, privateKey)))), keyPair.getPrivate());
        } catch (CertIOException e) {
            throw new CertificateCreationException("Error creating new server certificate", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore createServerKeyStore(String str, CertificateAndKey certificateAndKey, X509Certificate x509Certificate, String str2, String str3) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public X509Certificate decodePemEncodedCertificate(Reader reader) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public PrivateKey decodePemEncodedPrivateKey(Reader reader, String str) {
        u a;
        try {
            Object a2 = new i(reader).a();
            if (!(a2 instanceof org.bouncycastle.openssl.e)) {
                a = ((org.bouncycastle.openssl.g) a2).a();
            } else {
                if (str == null) {
                    throw new ImportException("Unable to import private key. Key is encrypted, but no password was provided.");
                }
                a = ((org.bouncycastle.openssl.e) a2).a(new h().a(str.toCharArray())).a();
            }
            return new org.bouncycastle.openssl.b.b().a(a);
        } catch (IOException e) {
            throw new ImportException("Unable to read PEM-encoded PrivateKey", e);
        }
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public String encodeCertificateAsPem(Certificate certificate) {
        return encodeObjectAsPemString(certificate, null);
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public String encodePrivateKeyAsPem(PrivateKey privateKey, String str, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("You must specify a password when serializing a private key");
        }
        return encodeObjectAsPemString(privateKey, new org.bouncycastle.openssl.b.i(str2).a(str.toCharArray()));
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyManager[] getKeyManagers(KeyStore keyStore, String str) {
        return new KeyManager[0];
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public KeyStore loadKeyStore(File file, String str, String str2) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }

    @Override // net.lightbody.bmp.mitm.tools.SecurityProviderTool
    public void saveKeyStore(File file, KeyStore keyStore, String str) {
        throw new UnsupportedOperationException("BouncyCastle implementation does not implement this method");
    }
}
