package org.littleshoot.proxy.mitm;

import com.huawei.welink.hotfix.common.PatchRedirect;
import com.huawei.welink.hotfix.common.RedirectProxy;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Date;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.slf4j.c;
import org.slf4j.d;

/* loaded from: classes7.dex */
public final class CertificateHelper {
    public static PatchRedirect $PatchRedirect = null;
    private static final int FAKE_KEYSIZE = 1024;
    private static final String KEYGEN_ALGORITHM = "RSA";
    private static final Date NOT_AFTER;
    private static final Date NOT_BEFORE;
    private static final long ONE_DAY = 86400000;
    private static final int ROOT_KEYSIZE = 2048;
    private static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String SIGNATURE_ALGORITHM;
    private static final String SSL_CONTEXT_FALLBACK_PROTOCOL = "TLSv1";
    private static final String SSL_CONTEXT_PROTOCOL = "TLSv1.2";
    private static final c log = d.a((Class<?>) CertificateHelper.class);

    static {
        StringBuilder sb = new StringBuilder();
        sb.append(is32BitJvm() ? "SHA256" : "SHA512");
        sb.append("WithRSAEncryption");
        SIGNATURE_ALGORITHM = sb.toString();
        NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
        NOT_AFTER = new Date(System.currentTimeMillis() + 630720000000L);
    }

    private CertificateHelper() {
        boolean z = RedirectProxy.redirect("CertificateHelper()", new Object[0], this, $PatchRedirect).isSupport;
    }

    public static KeyPair generateKeyPair(int i) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("generateKeyPair(int)", new Object[]{new Integer(i)}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (KeyPair) redirect.result;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEYGEN_ALGORITHM);
        keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyManager[] getKeyManagers(KeyStore keyStore, Authority authority) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("getKeyManagers(java.security.KeyStore,org.littleshoot.proxy.mitm.Authority)", new Object[]{keyStore, authority}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (KeyManager[]) redirect.result;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, authority.password());
        return keyManagerFactory.getKeyManagers();
    }

    private static boolean is32BitJvm() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("is32BitJvm()", new Object[0], null, $PatchRedirect);
        if (redirect.isSupport) {
            return ((Boolean) redirect.result).booleanValue();
        }
        Integer integer = Integer.getInteger("sun.arch.data.model");
        return integer != null && integer.intValue() == 32;
    }

    public static SSLContext newClientContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newClientContext(javax.net.ssl.KeyManager[],javax.net.ssl.TrustManager[])", new Object[]{keyManagerArr, trustManagerArr}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        SSLContext newClientSSLContext = newClientSSLContext();
        newClientSSLContext.init(keyManagerArr, trustManagerArr, null);
        return newClientSSLContext;
    }

    private static SSLContext newClientSSLContext() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newClientSSLContext()", new Object[0], null, $PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        try {
            try {
                log.debug("Using default protocol {}", "TLS");
                return SSLContext.getInstance("TLS");
            } catch (NoSuchAlgorithmException unused) {
                log.warn("Protocol {} not available, falling back to {}", "TLSv1.2", SSL_CONTEXT_FALLBACK_PROTOCOL);
                return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
            }
        } catch (NoSuchAlgorithmException unused2) {
            log.debug("Using protocol {}", "TLSv1.2");
            return SSLContext.getInstance("TLSv1.2");
        }
    }

    public static SSLContext newServerContext(KeyManager[] keyManagerArr) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newServerContext(javax.net.ssl.KeyManager[])", new Object[]{keyManagerArr}, null, $PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        SSLContext newServerSSLContext = newServerSSLContext();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        newServerSSLContext.init(keyManagerArr, null, secureRandom);
        return newServerSSLContext;
    }

    private static SSLContext newServerSSLContext() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newServerSSLContext()", new Object[0], null, $PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        try {
            log.debug("Using protocol {}", "TLSv1.2");
            return SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException unused) {
            log.warn("Protocol {} not available, falling back to {}", "TLSv1.2", SSL_CONTEXT_FALLBACK_PROTOCOL);
            return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
        }
    }
}
