package com.naloaty.syncshare.security;

import android.os.AsyncTask;
import android.util.Log;
import com.naloaty.syncshare.config.KeyConfig;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.X509KeyUsage;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcRSAContentSignerBuilder;
import retrofit2.internal.EverythingIsNonNull;

/* loaded from: classes.dex */
public class KeyTool {
    private static final String TAG = "KeyTool";

    /* loaded from: classes.dex */
    public static class CertificateConfig {
        private KeyPair keyPair;
        private String signatureAlgorithm = null;
        private String issuer = null;
        private String subject = null;
        private Date notBefore = null;
        private Date notAfter = null;

        public CertificateConfig(KeyPair keyPair) {
            this.keyPair = keyPair;
        }

        public String getIssuer() {
            String str = this.issuer;
            return str == null ? "StreamShare" : str;
        }

        public KeyPair getKeyPair() {
            return this.keyPair;
        }

        public Date getNotAfter() {
            Date date = this.notAfter;
            return date == null ? new Date(getNotBefore().getTime() + 157680000000L) : date;
        }

        public Date getNotBefore() {
            Date date = this.notBefore;
            return date == null ? new Date() : date;
        }

        public String getSignatureAlgorithm() {
            String str = this.signatureAlgorithm;
            return str == null ? KeyConfig.CERTIFICATE_SIGNATURE_ALGORITHM : str;
        }

        public String getSubject() {
            String str = this.subject;
            return str == null ? "StreamShare" : str;
        }

        public void setIssuer(String str) {
            this.issuer = str;
        }

        public void setNotAfter(Date date) {
            this.notAfter = date;
        }

        public void setNotBefore(Date date) {
            this.notBefore = date;
        }

        public void setSignatureAlgorithm(String str) {
            this.signatureAlgorithm = str;
        }

        public void setSubject(String str) {
            this.subject = str;
        }
    }

    /* loaded from: classes.dex */
    private static class GenerateSecurityStuffAT extends AsyncTask<Void, Void, Void> {
        private final KeyGeneratorCallback callback;
        private final File saveDirectory;

        GenerateSecurityStuffAT(File file, KeyGeneratorCallback keyGeneratorCallback) {
            this.callback = keyGeneratorCallback;
            this.saveDirectory = file;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public Void doInBackground(Void... voidArr) {
            KeyPair generateKeyPair;
            try {
                generateKeyPair = KeyTool.generateKeyPair("BC", 2048);
            } catch (IOException e) {
                Log.w(KeyTool.TAG, "Cannot save generated stuff: " + e.getMessage());
                cancel(true);
            } catch (NoSuchProviderException e2) {
                Log.w(KeyTool.TAG, "Crypto provider is not configured correctly: " + e2.getMessage());
                cancel(true);
            }
            if (generateKeyPair == null) {
                cancel(true);
                return null;
            }
            X509Certificate generateCertificate = KeyTool.generateCertificate("BC", new CertificateConfig(generateKeyPair));
            if (generateCertificate == null) {
                cancel(true);
                return null;
            }
            File file = new File(this.saveDirectory, "key.pem");
            File file2 = new File(this.saveDirectory, "cert.pem");
            KeyTool.saveStuff(file, generateKeyPair.getPrivate());
            KeyTool.saveStuff(file2, generateCertificate);
            return null;
        }

        @Override // android.os.AsyncTask
        protected void onCancelled() {
            super.onCancelled();
            KeyGeneratorCallback keyGeneratorCallback = this.callback;
            if (keyGeneratorCallback != null) {
                keyGeneratorCallback.onFail();
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(Void r1) {
            super.onPostExecute((GenerateSecurityStuffAT) r1);
            KeyGeneratorCallback keyGeneratorCallback = this.callback;
            if (keyGeneratorCallback != null) {
                keyGeneratorCallback.onFinish();
            }
        }

        @Override // android.os.AsyncTask
        protected void onPreExecute() {
            super.onPreExecute();
            KeyGeneratorCallback keyGeneratorCallback = this.callback;
            if (keyGeneratorCallback != null) {
                keyGeneratorCallback.onStart();
            }
        }
    }

    /* loaded from: classes.dex */
    public interface KeyGeneratorCallback {
        void onFail();

        void onFinish();

        void onStart();
    }

    static {
        SecurityUtils.initBCProvider();
    }

    public static void createSecurityStuff(File file, KeyGeneratorCallback keyGeneratorCallback) {
        new GenerateSecurityStuffAT(file, keyGeneratorCallback).execute(new Void[0]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    @EverythingIsNonNull
    public static X509Certificate generateCertificate(String str, CertificateConfig certificateConfig) {
        try {
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find(certificateConfig.getSignatureAlgorithm());
            ContentSigner build = new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(certificateConfig.getKeyPair().getPrivate().getEncoded()));
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=" + certificateConfig.getIssuer()), new BigInteger(64, new SecureRandom()), certificateConfig.getNotBefore(), certificateConfig.getNotAfter(), new X500Name("CN=" + certificateConfig.getSubject()), SubjectPublicKeyInfo.getInstance(certificateConfig.getKeyPair().getPublic().getEncoded()));
            Extension extension = new Extension(Extension.keyUsage, true, new X509KeyUsage(6).getEncoded());
            Extension create = Extension.create(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_serverAuth, KeyPurposeId.id_kp_clientAuth}));
            Extension extension2 = new Extension(Extension.basicConstraints, true, new BasicConstraints(false).getEncoded());
            x509v3CertificateBuilder.addExtension(extension);
            x509v3CertificateBuilder.addExtension(create);
            x509v3CertificateBuilder.addExtension(extension2);
            return new JcaX509CertificateConverter().setProvider(str).getCertificate(x509v3CertificateBuilder.build(build));
        } catch (IOException | CertificateException | OperatorCreationException e) {
            Log.w(TAG, "Cannot create SSL certificate: " + e.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @EverythingIsNonNull
    public static KeyPair generateKeyPair(String str, int i) throws NoSuchProviderException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", str);
            keyPairGenerator.initialize(new RSAKeyGenParameterSpec(i, RSAKeyGenParameterSpec.F4), new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            Log.w(TAG, "Key generator is not configured correctly: " + e.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @EverythingIsNonNull
    public static void saveStuff(File file, Object obj) throws IOException {
        FileWriter fileWriter = new FileWriter(file);
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
        jcaPEMWriter.writeObject(obj);
        jcaPEMWriter.flush();
        jcaPEMWriter.close();
        fileWriter.close();
    }
}
