package com.mw.adultblock.vpn.cert;

import android.content.Context;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.SubjectKeyIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.bc.BcX509ExtensionUtils;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.crypto.tls.CipherSuite;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class CertificateHelper {
    private static final String CA_CERTIFICATE_ALIAS = "ca";
    private static final String CA_CERTIFICATE_STORE = "AdultBlockCA14.keystore";
    private static final String CA_KS_PASSWORD = "adultblockcacert11";
    private static final long ONE_DAY = 86400000;
    private static final String PROVIDER_NAME = "SC";
    public static int REGISTER_CLIENT_CERT = 2016;
    public static String Tag = "AdultBlock_CertGen";

    /* loaded from: classes.dex */
    public interface onCertificateResponse {
        void processFinish(X509Certificate x509Certificate);
    }

    /* loaded from: classes.dex */
    public interface onGetKeystoreResponse {
        void processFinish(KeyStore keyStore);
    }

    /* loaded from: classes.dex */
    public interface onGetServerKeystoreResponse {
        void processFinish(KeyStore keyStore);
    }

    public static void GenerateCA(final Context context, final onCertificateResponse oncertificateresponse) {
        new Thread(new Runnable() { // from class: com.mw.adultblock.vpn.cert.CertificateHelper.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                    keyPairGenerator.initialize(2048);
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    PublicKey publicKey = generateKeyPair.getPublic();
                    Calendar calendar = Calendar.getInstance();
                    calendar.add(1, 1000);
                    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=AdultBlock authority CA,O=AdultBlock,C=UK"), BigInteger.valueOf(CertificateHelper.initRandomSerial()), new Date(), calendar.getTime(), new X500Name("CN=AdultBlock authority CA,O=AdultBlock,C=UK"), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
                    x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) CertificateHelper.createSubjectKeyIdentifier(publicKey));
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
                    x509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256));
                    ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
                    aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
                    aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
                    aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
                    x509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
                    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair.getPrivate())));
                    CertificateHelper.saveCaKeystore(context, certificate, generateKeyPair.getPrivate());
                    oncertificateresponse.processFinish(certificate);
                } catch (Exception e) {
                    Log.i(CertificateHelper.Tag, e.toString());
                    oncertificateresponse.processFinish(null);
                }
            }
        }).start();
    }

    public static void GenerateCA1(final Context context, final onCertificateResponse oncertificateresponse) {
        new Thread(new Runnable() { // from class: com.mw.adultblock.vpn.cert.CertificateHelper.3
            @Override // java.lang.Runnable
            public void run() {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                    keyPairGenerator.initialize(1024);
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    Calendar calendar = Calendar.getInstance();
                    calendar.add(1, 1000);
                    X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name("CN=AdultBlock authority CA,O=AdultBlock,C=UK"), BigInteger.ONE, new Date(), calendar.getTime(), new X500Name("CN=AdultBlock authority CA,O=AdultBlock,C=UK"), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
                    x509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(true));
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").build(generateKeyPair.getPrivate())).getEncoded());
                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                    byteArrayInputStream.close();
                    CertificateHelper.saveCaKeystore(context, x509Certificate, generateKeyPair.getPrivate());
                    oncertificateresponse.processFinish(x509Certificate);
                } catch (Exception e) {
                    Log.i(CertificateHelper.Tag, e.toString());
                    oncertificateresponse.processFinish(null);
                }
            }
        }).start();
    }

    public static void GetCA(final Context context, final onGetKeystoreResponse ongetkeystoreresponse) {
        KeyStore caKeystore = getCaKeystore(context);
        if (caKeystore == null) {
            GenerateCA(context, new onCertificateResponse() { // from class: com.mw.adultblock.vpn.cert.CertificateHelper.1
                @Override // com.mw.adultblock.vpn.cert.CertificateHelper.onCertificateResponse
                public void processFinish(X509Certificate x509Certificate) {
                    try {
                        ongetkeystoreresponse.processFinish(CertificateHelper.getCaKeystore(context));
                    } catch (Exception e) {
                        Log.i(CertificateHelper.Tag, e.toString());
                        ongetkeystoreresponse.processFinish(null);
                    }
                }
            });
        } else {
            ongetkeystoreresponse.processFinish(caKeystore);
        }
    }

    public static KeyStore createServerCertificate(Certificate certificate, PrivateKey privateKey, X509Certificate x509Certificate, X500Name x500Name) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X500Name subject = new X509CertificateHolder(certificate.getEncoded()).getSubject();
            SubjectAlternativeNameHolder subjectAlternativeNameHolder = new SubjectAlternativeNameHolder();
            subjectAlternativeNameHolder.addAll(x509Certificate.getSubjectAlternativeNames());
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject, BigInteger.valueOf(initRandomSerial()), new Date(), new Date(System.currentTimeMillis() + ONE_DAY), x500Name, generateKeyPair.getPublic());
            jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(generateKeyPair.getPublic()));
            jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false));
            subjectAlternativeNameHolder.fillInto(jcaX509v3CertificateBuilder);
            X509Certificate certificate2 = new JcaX509CertificateConverter().getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(privateKey)));
            certificate2.checkValidity(new Date());
            certificate2.verify(certificate.getPublicKey());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("server", generateKeyPair.getPrivate(), null, new Certificate[]{certificate2, certificate});
            return keyStore;
        } catch (Exception e) {
            Log.i(Tag, e.toString());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
        ASN1InputStream aSN1InputStream;
        Throwable th;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
            try {
                SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(new SubjectPublicKeyInfo((ASN1Sequence) aSN1InputStream.readObject()));
                aSN1InputStream.close();
                return createSubjectKeyIdentifier;
            } catch (Throwable th2) {
                th = th2;
                aSN1InputStream.close();
                throw th;
            }
        } catch (Throwable th3) {
            aSN1InputStream = null;
            th = th3;
        }
    }

    public static String getCaCertificateAlias() {
        return CA_CERTIFICATE_ALIAS;
    }

    public static KeyStore getCaKeystore(Context context) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(context.openFileInput(CA_CERTIFICATE_STORE), CA_KS_PASSWORD.toCharArray());
            return keyStore;
        } catch (Exception unused) {
            return null;
        }
    }

    public static String getCaKsPassword() {
        return CA_KS_PASSWORD;
    }

    public static long initRandomSerial() {
        new Random().setSeed(System.currentTimeMillis());
        return ((r0.nextInt() << 32) | (r0.nextInt() & 4294967295L)) & 281474976710655L;
    }

    public static KeyStore saveCaKeystore(Context context, X509Certificate x509Certificate, PrivateKey privateKey) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, CA_KS_PASSWORD.toCharArray());
        keyStore.setKeyEntry(CA_CERTIFICATE_ALIAS, privateKey, CA_KS_PASSWORD.toCharArray(), new Certificate[]{x509Certificate});
        FileOutputStream openFileOutput = context.openFileOutput(CA_CERTIFICATE_STORE, 0);
        keyStore.store(openFileOutput, CA_KS_PASSWORD.toCharArray());
        openFileOutput.close();
        return keyStore;
    }
}
