package moe.shizuku.manager.adb;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import kotlin.Lazy;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import rikka.core.ktx.LazyKt;

/* compiled from: AdbKey.kt */
@Metadata(d1 = {"\u0000L\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0010\u0012\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\b\u000e*\u0002\u0012\u001f\u0018\u0000 +2\u00020\u0001:\u0001+B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u001c\u0010\"\u001a\u0004\u0018\u00010\b2\u0006\u0010#\u001a\u00020\b2\b\u0010$\u001a\u0004\u0018\u00010\bH\u0002J\u001c\u0010%\u001a\u0004\u0018\u00010\b2\u0006\u0010&\u001a\u00020\b2\b\u0010$\u001a\u0004\u0018\u00010\bH\u0002J\n\u0010'\u001a\u0004\u0018\u00010\u0010H\u0002J\b\u0010(\u001a\u00020\u0016H\u0002J\u0010\u0010)\u001a\u00020\b2\b\u0010*\u001a\u0004\u0018\u00010\bR\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u001b\u0010\u0007\u001a\u00020\b8FX\u0086\u0084\u0002¢\u0006\f\n\u0004\b\u000b\u0010\f\u001a\u0004\b\t\u0010\nR\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000f\u001a\u00020\u0010X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u0011\u001a\u00020\u00128BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\u0013\u0010\u0014R\u000e\u0010\u0015\u001a\u00020\u0016X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0017\u001a\u00020\u0018X\u0082\u0004¢\u0006\u0002\n\u0000R\u001b\u0010\u0019\u001a\u00020\u001a8FX\u0087\u0084\u0002¢\u0006\f\n\u0004\b\u001d\u0010\f\u001a\u0004\b\u001b\u0010\u001cR\u0014\u0010\u001e\u001a\u00020\u001f8BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b \u0010!¨\u0006,"}, d2 = {"Lmoe/shizuku/manager/adb/AdbKey;", "", "adbKeyStore", "Lmoe/shizuku/manager/adb/AdbKeyStore;", "name", "", "(Lmoe/shizuku/manager/adb/AdbKeyStore;Ljava/lang/String;)V", "adbPublicKey", "", "getAdbPublicKey", "()[B", "adbPublicKey$delegate", "Lkotlin/Lazy;", "certificate", "Ljava/security/cert/X509Certificate;", "encryptionKey", "Ljava/security/Key;", "keyManager", "moe/shizuku/manager/adb/AdbKey$keyManager$1", "getKeyManager", "()Lmoe/shizuku/manager/adb/AdbKey$keyManager$1;", "privateKey", "Ljava/security/interfaces/RSAPrivateKey;", "publicKey", "Ljava/security/interfaces/RSAPublicKey;", "sslContext", "Ljavax/net/ssl/SSLContext;", "getSslContext", "()Ljavax/net/ssl/SSLContext;", "sslContext$delegate", "trustManager", "moe/shizuku/manager/adb/AdbKey$trustManager$1", "getTrustManager", "()Lmoe/shizuku/manager/adb/AdbKey$trustManager$1;", "decrypt", "ciphertext", "aad", "encrypt", "plaintext", "getOrCreateEncryptionKey", "getOrCreatePrivateKey", "sign", "data", "Companion", "manager_debug"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes2.dex */
public final class AdbKey {
    private static final String ANDROID_KEYSTORE = "AndroidKeyStore";
    private static final String ENCRYPTION_KEY_ALIAS = "_adbkey_encryption_key_";
    private static final int IV_SIZE_IN_BYTES = 12;
    private static final int TAG_SIZE_IN_BYTES = 16;
    private static final String TRANSFORMATION = "AES/GCM/NoPadding";
    private final AdbKeyStore adbKeyStore;

    /* renamed from: adbPublicKey$delegate, reason: from kotlin metadata */
    private final Lazy adbPublicKey;
    private final X509Certificate certificate;
    private final Key encryptionKey;
    private final RSAPrivateKey privateKey;
    private final RSAPublicKey publicKey;

    /* renamed from: sslContext$delegate, reason: from kotlin metadata */
    private final Lazy sslContext;
    private static final byte[] PADDING = {0, 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};

    public AdbKey(AdbKeyStore adbKeyStore, final String name) {
        Intrinsics.checkNotNullParameter(adbKeyStore, "adbKeyStore");
        Intrinsics.checkNotNullParameter(name, "name");
        this.adbKeyStore = adbKeyStore;
        Key orCreateEncryptionKey = getOrCreateEncryptionKey();
        if (orCreateEncryptionKey == null) {
            throw new IllegalStateException("Failed to generate encryption key with AndroidKeyManager.".toString());
        }
        this.encryptionKey = orCreateEncryptionKey;
        RSAPrivateKey orCreatePrivateKey = getOrCreatePrivateKey();
        this.privateKey = orCreatePrivateKey;
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(orCreatePrivateKey.getModulus(), RSAKeyGenParameterSpec.F4));
        Intrinsics.checkNotNull(generatePublic, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generatePublic;
        this.publicKey = rSAPublicKey;
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new X509v3CertificateBuilder(new X500Name("CN=00"), BigInteger.ONE, new Date(0L), new Date(2461449600000L), Locale.ROOT, new X500Name("CN=00"), SubjectPublicKeyInfo.getInstance(rSAPublicKey.getEncoded())).build(new JcaContentSignerBuilder("SHA256withRSA").build(orCreatePrivateKey)).getEncoded()));
        Intrinsics.checkNotNull(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        this.certificate = (X509Certificate) generateCertificate;
        Log.d("AdbKey", orCreatePrivateKey.toString());
        this.adbPublicKey = LazyKt.unsafeLazy(new Function0<byte[]>() { // from class: moe.shizuku.manager.adb.AdbKey$adbPublicKey$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final byte[] invoke() {
                RSAPublicKey rSAPublicKey2;
                byte[] adbEncoded;
                rSAPublicKey2 = AdbKey.this.publicKey;
                adbEncoded = AdbKeyKt.adbEncoded(rSAPublicKey2, name);
                return adbEncoded;
            }
        });
        this.sslContext = LazyKt.unsafeLazy(new Function0<SSLContext>() { // from class: moe.shizuku.manager.adb.AdbKey$sslContext$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            public final SSLContext invoke() {
                AdbKey$keyManager$1 keyManager;
                AdbKey$trustManager$1 trustManager;
                SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
                keyManager = AdbKey.this.getKeyManager();
                AdbKey$keyManager$1[] adbKey$keyManager$1Arr = {keyManager};
                trustManager = AdbKey.this.getTrustManager();
                sSLContext.init(adbKey$keyManager$1Arr, new AdbKey$trustManager$1[]{trustManager}, new SecureRandom());
                return sSLContext;
            }
        });
    }

    private final byte[] decrypt(byte[] ciphertext, byte[] aad) {
        if (ciphertext.length < 28) {
            return null;
        }
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, ciphertext, 0, 12);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(2, this.encryptionKey, gCMParameterSpec);
        cipher.updateAAD(aad);
        return cipher.doFinal(ciphertext, 12, ciphertext.length - 12);
    }

    private final byte[] encrypt(byte[] plaintext, byte[] aad) {
        if (plaintext.length > 2147483619) {
            return null;
        }
        byte[] bArr = new byte[plaintext.length + 12 + 16];
        Cipher cipher = Cipher.getInstance(TRANSFORMATION);
        cipher.init(1, this.encryptionKey);
        cipher.updateAAD(aad);
        cipher.doFinal(plaintext, 0, plaintext.length, bArr, 12);
        System.arraycopy(cipher.getIV(), 0, bArr, 0, 12);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v0, types: [moe.shizuku.manager.adb.AdbKey$keyManager$1] */
    public final AdbKey$keyManager$1 getKeyManager() {
        return new X509ExtendedKeyManager() { // from class: moe.shizuku.manager.adb.AdbKey$keyManager$1
            private final String alias = "key";

            @Override // javax.net.ssl.X509KeyManager
            public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
                String str;
                Intrinsics.checkNotNullParameter(keyTypes, "keyTypes");
                StringBuilder sb = new StringBuilder();
                sb.append("chooseClientAlias: keyType=");
                String arrays = Arrays.toString(keyTypes);
                Intrinsics.checkNotNullExpressionValue(arrays, "toString(this)");
                sb.append(arrays);
                sb.append(", issuers=");
                if (issuers != null) {
                    str = Arrays.toString(issuers);
                    Intrinsics.checkNotNullExpressionValue(str, "toString(this)");
                } else {
                    str = null;
                }
                sb.append(str);
                Log.d("AdbKey", sb.toString());
                for (String str2 : keyTypes) {
                    if (Intrinsics.areEqual(str2, "RSA")) {
                        return this.alias;
                    }
                }
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
                Intrinsics.checkNotNullParameter(keyType, "keyType");
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public X509Certificate[] getCertificateChain(String alias) {
                X509Certificate x509Certificate;
                Log.d("AdbKey", "getCertificateChain: alias=" + alias);
                if (!Intrinsics.areEqual(alias, this.alias)) {
                    return null;
                }
                x509Certificate = AdbKey.this.certificate;
                return new X509Certificate[]{x509Certificate};
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getClientAliases(String keyType, Principal[] issuers) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            public PrivateKey getPrivateKey(String alias) {
                RSAPrivateKey rSAPrivateKey;
                Log.d("AdbKey", "getPrivateKey: alias=" + alias);
                if (!Intrinsics.areEqual(alias, this.alias)) {
                    return null;
                }
                rSAPrivateKey = AdbKey.this.privateKey;
                return rSAPrivateKey;
            }

            @Override // javax.net.ssl.X509KeyManager
            public String[] getServerAliases(String keyType, Principal[] issuers) {
                Intrinsics.checkNotNullParameter(keyType, "keyType");
                return null;
            }
        };
    }

    private final Key getOrCreateEncryptionKey() {
        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE);
        keyStore.load(null);
        Key key = keyStore.getKey(ENCRYPTION_KEY_ALIAS, null);
        if (key != null) {
            return key;
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder(ENCRYPTION_KEY_ALIAS, 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder(ENCRYPTION_KEY_A…                 .build()");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEYSTORE);
        keyGenerator.init(build);
        return keyGenerator.generateKey();
    }

    private final RSAPrivateKey getOrCreatePrivateKey() {
        RSAPrivateKey rSAPrivateKey = null;
        byte[] bArr = new byte[16];
        byte[] bytes = "adbkey".getBytes(Charsets.UTF_8);
        Intrinsics.checkNotNullExpressionValue(bytes, "this as java.lang.String).getBytes(charset)");
        ArraysKt.copyInto$default(bytes, bArr, 0, 0, 0, 14, (Object) null);
        byte[] bArr2 = this.adbKeyStore.get();
        if (bArr2 != null) {
            try {
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decrypt(bArr2, bArr)));
                Intrinsics.checkNotNull(generatePrivate, "null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey");
                rSAPrivateKey = (RSAPrivateKey) generatePrivate;
            } catch (Exception e) {
            }
        }
        if (rSAPrivateKey == null) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4));
            PrivateKey privateKey = keyPairGenerator.generateKeyPair().getPrivate();
            Intrinsics.checkNotNull(privateKey, "null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey");
            rSAPrivateKey = (RSAPrivateKey) privateKey;
            byte[] encoded = rSAPrivateKey.getEncoded();
            Intrinsics.checkNotNullExpressionValue(encoded, "privateKey.encoded");
            byte[] encrypt = encrypt(encoded, bArr);
            if (encrypt != null) {
                this.adbKeyStore.put(encrypt);
            }
        }
        return rSAPrivateKey;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v0, types: [moe.shizuku.manager.adb.AdbKey$trustManager$1] */
    public final AdbKey$trustManager$1 getTrustManager() {
        return new X509ExtendedTrustManager() { // from class: moe.shizuku.manager.adb.AdbKey$trustManager$1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] chain, String authType) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] chain, String authType) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    public final byte[] getAdbPublicKey() {
        return (byte[]) this.adbPublicKey.getValue();
    }

    public final SSLContext getSslContext() {
        Object value = this.sslContext.getValue();
        Intrinsics.checkNotNullExpressionValue(value, "<get-sslContext>(...)");
        return (SSLContext) value;
    }

    public final byte[] sign(byte[] data) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
        cipher.init(1, this.privateKey);
        cipher.update(PADDING);
        byte[] doFinal = cipher.doFinal(data);
        Intrinsics.checkNotNullExpressionValue(doFinal, "cipher.doFinal(data)");
        return doFinal;
    }
}
