package io.github.muntashirakon.AppManager.crypto.ks;

import android.content.ContentResolver;
import android.content.Context;
import android.net.Uri;
import android.sun.misc.BASE64Decoder;
import android.sun.misc.BASE64Encoder;
import android.sun.security.provider.JavaKeyStoreProvider;
import android.sun.security.provider.X509Factory;
import android.sun.security.x509.AlgorithmId;
import android.sun.security.x509.CertificateAlgorithmId;
import android.sun.security.x509.CertificateExtensions;
import android.sun.security.x509.CertificateIssuerName;
import android.sun.security.x509.CertificateSerialNumber;
import android.sun.security.x509.CertificateSubjectName;
import android.sun.security.x509.CertificateValidity;
import android.sun.security.x509.CertificateVersion;
import android.sun.security.x509.CertificateX509Key;
import android.sun.security.x509.KeyIdentifier;
import android.sun.security.x509.PrivateKeyUsageExtension;
import android.sun.security.x509.SubjectKeyIdentifierExtension;
import android.sun.security.x509.X509CertImpl;
import android.sun.security.x509.X509CertInfo;
import android.text.TextUtils;
import io.github.muntashirakon.AppManager.logs.Log;
import io.github.muntashirakon.io.IoUtils;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes16.dex */
public class KeyStoreUtils {
    private static final String DSA_BEGIN_HEADER = "-----BEGIN DSA PRIVATE KEY-----";
    private static final String DSA_END_HEADER = "-----END DSA PRIVATE KEY-----";
    private static final String PKCS8_BEGIN_HEADER = "-----BEGIN PRIVATE KEY-----";
    private static final String PKCS8_END_HEADER = "-----END PRIVATE KEY-----";
    private static final String RSA_BEGIN_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String RSA_END_HEADER = "-----END RSA PRIVATE KEY-----";
    public static final String TAG = KeyStoreUtils.class.getSimpleName();
    public static final String KEY_STORE_TYPE_JKS = "JKS";
    public static final String KEY_STORE_TYPE_PKCS12 = "PKCS12";
    public static final String KEY_STORE_TYPE_BKS = "BKS";
    private static final String[] TYPES = {KEY_STORE_TYPE_JKS, KEY_STORE_TYPE_PKCS12, KEY_STORE_TYPE_BKS};

    /* loaded from: classes16.dex */
    public @interface KeyType {
        public static final int BKS = 2;
        public static final int JKS = 0;
        public static final int PK8 = 3;
        public static final int PKCS12 = 1;
    }

    private static void ASN1Parse(byte[] bArr, List<BigInteger> list) throws KeyException {
        int i = 0;
        while (i < bArr.length) {
            int i2 = i + 1;
            int i3 = bArr[i];
            int i4 = i2 + 1;
            int i5 = bArr[i2];
            if ((i5 & 128) != 0) {
                int i6 = 0;
                int i7 = 0;
                while (i7 < (i5 & 127)) {
                    i6 = (i6 << 8) | (bArr[i4] & 255);
                    i7++;
                    i4++;
                }
                i5 = i6;
            }
            byte[] bArr2 = new byte[i5];
            System.arraycopy(bArr, i4, bArr2, 0, i5);
            int i8 = i4 + i5;
            if (i3 == 48) {
                ASN1Parse(bArr2, list);
            } else {
                if (i3 != 2) {
                    throw new KeyException("Unsupported ASN.1 tag " + i3 + " encountered.  Is this a valid RSA key?");
                }
                list.add(new BigInteger(bArr2));
            }
            i = i8;
        }
    }

    public static KeyPair generateECCKeyPair(String str, long j) throws GeneralSecurityException, OperatorCreationException {
        X9ECParameters byName = CustomNamedCurves.getByName("curve25519");
        ECParameterSpec eCParameterSpec = new ECParameterSpec(byName.getCurve(), byName.getG(), byName.getN(), byName.getH());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());
        keyPairGenerator.initialize(eCParameterSpec, SecureRandom.getInstance("SHA1PRNG"));
        java.security.KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        return new KeyPair(privateKey, generateECDSACert(privateKey, publicKey, str, j));
    }

    private static X509Certificate generateECDSACert(PrivateKey privateKey, PublicKey publicKey, String str, long j) throws OperatorCreationException, CertificateException {
        Date date = new Date();
        Date date2 = new Date(j);
        X500Name x500Name = new X500Name(str);
        JcaContentSignerBuilder jcaContentSignerBuilder = new JcaContentSignerBuilder("SHA512withECDSA");
        jcaContentSignerBuilder.setProvider(new BouncyCastleProvider());
        return new JcaX509CertificateConverter().getCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.valueOf(new SecureRandom().nextInt() & Integer.MAX_VALUE), date, date2, x500Name, SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())).build(jcaContentSignerBuilder.build(privateKey)));
    }

    public static PrivateKey generatePrivateKey(InputStream inputStream) throws IOException, GeneralSecurityException {
        KeyFactory keyFactory;
        KeySpec dSAPrivateKeySpec;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        try {
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                char c = 2;
                if (readLine == null) {
                    if (sb.length() == 0) {
                        throw new IOException("Stream does not contain an unencrypted private key.");
                    }
                    byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(sb.toString());
                    if (z2) {
                        keyFactory = KeyFactory.getInstance("RSA");
                        dSAPrivateKeySpec = new PKCS8EncodedKeySpec(decodeBuffer);
                    } else if (z3) {
                        KeyFactory keyFactory2 = KeyFactory.getInstance("RSA");
                        ArrayList arrayList = new ArrayList();
                        ASN1Parse(decodeBuffer, arrayList);
                        if (arrayList.size() < 8) {
                            throw new InvalidKeyException("Stream does not appear to be a properly formatted RSA key.");
                        }
                        dSAPrivateKeySpec = new RSAPrivateCrtKeySpec((BigInteger) arrayList.get(1), (BigInteger) arrayList.get(2), (BigInteger) arrayList.get(3), (BigInteger) arrayList.get(4), (BigInteger) arrayList.get(5), (BigInteger) arrayList.get(6), (BigInteger) arrayList.get(7), (BigInteger) arrayList.get(8));
                        keyFactory = keyFactory2;
                    } else {
                        if (!z4) {
                            throw new NoSuchAlgorithmException("Couldn't find any suitable algorithm");
                        }
                        KeyFactory keyFactory3 = KeyFactory.getInstance("DSA");
                        ArrayList arrayList2 = new ArrayList();
                        ASN1Parse(decodeBuffer, arrayList2);
                        if (arrayList2.size() < 5) {
                            throw new InvalidKeyException("Stream does not appear to be a properly formatted DSA key");
                        }
                        BigInteger bigInteger = (BigInteger) arrayList2.get(1);
                        keyFactory = keyFactory3;
                        dSAPrivateKeySpec = new DSAPrivateKeySpec(bigInteger, (BigInteger) arrayList2.get(3), (BigInteger) arrayList2.get(4), (BigInteger) arrayList2.get(5));
                    }
                    PrivateKey generatePrivate = keyFactory.generatePrivate(dSAPrivateKeySpec);
                    bufferedReader.close();
                    return generatePrivate;
                }
                String trim = readLine.trim();
                if (!z) {
                    switch (trim.hashCode()) {
                        case -1436523811:
                            if (trim.equals(DSA_BEGIN_HEADER)) {
                                c = 1;
                                break;
                            }
                            break;
                        case 870197263:
                            if (trim.equals(PKCS8_BEGIN_HEADER)) {
                                break;
                            }
                            break;
                        case 1429871631:
                            if (trim.equals(RSA_BEGIN_HEADER)) {
                                c = 0;
                                break;
                            }
                            break;
                    }
                    c = 65535;
                    switch (c) {
                        case 0:
                            z = true;
                            z3 = true;
                            break;
                        case 1:
                            z = true;
                            z4 = true;
                            break;
                        case 2:
                            z = true;
                            z2 = true;
                            break;
                    }
                } else {
                    switch (trim.hashCode()) {
                        case -1921281749:
                            if (trim.equals(DSA_END_HEADER)) {
                                c = 1;
                                break;
                            }
                            break;
                        case 494447965:
                            if (trim.equals(PKCS8_END_HEADER)) {
                                break;
                            }
                            break;
                        case 945113693:
                            if (trim.equals(RSA_END_HEADER)) {
                                c = 0;
                                break;
                            }
                            break;
                    }
                    c = 65535;
                    switch (c) {
                        case 0:
                        case 1:
                        case 2:
                            z = false;
                            break;
                        default:
                            sb.append(trim);
                            break;
                    }
                }
            }
        } catch (Throwable th) {
            try {
                bufferedReader.close();
                throw th;
            } catch (Throwable th2) {
                th.addSuppressed(th2);
                throw th;
            }
        }
    }

    private static X509Certificate generateRSACert(PrivateKey privateKey, PublicKey publicKey, String str, long j) throws GeneralSecurityException, IOException {
        CertificateExtensions certificateExtensions = new CertificateExtensions();
        certificateExtensions.set(SubjectKeyIdentifierExtension.NAME, new SubjectKeyIdentifierExtension(new KeyIdentifier(publicKey).getIdentifier()));
        android.sun.security.x509.X500Name x500Name = new android.sun.security.x509.X500Name(str);
        Date date = new Date();
        Date date2 = new Date(j);
        certificateExtensions.set(PrivateKeyUsageExtension.NAME, new PrivateKeyUsageExtension(date, date2));
        CertificateValidity certificateValidity = new CertificateValidity(date, date2);
        X509CertInfo x509CertInfo = new X509CertInfo();
        x509CertInfo.set("version", new CertificateVersion(2));
        x509CertInfo.set("serialNumber", new CertificateSerialNumber(new SecureRandom().nextInt() & Integer.MAX_VALUE));
        x509CertInfo.set("algorithmID", new CertificateAlgorithmId(AlgorithmId.get("SHA512withRSA")));
        x509CertInfo.set("subject", new CertificateSubjectName(x500Name));
        x509CertInfo.set("key", new CertificateX509Key(publicKey));
        x509CertInfo.set("validity", certificateValidity);
        x509CertInfo.set("issuer", new CertificateIssuerName(x500Name));
        x509CertInfo.set("extensions", certificateExtensions);
        X509CertImpl x509CertImpl = new X509CertImpl(x509CertInfo);
        x509CertImpl.sign(privateKey, "SHA512withRSA");
        return x509CertImpl;
    }

    public static KeyPair generateRSAKeyPair(String str, int i, long j) throws GeneralSecurityException, IOException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
        java.security.KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        return new KeyPair(privateKey, generateRSACert(privateKey, publicKey, str, j));
    }

    public static KeyPair getKeyPair(Context context, Uri uri, int i, String str, char[] cArr, char[] cArr2) throws GeneralSecurityException, IOException {
        String str2 = TYPES[i];
        Log.d(TAG, "Loading keystore %s", str2);
        KeyStore keyStore = KeyStore.getInstance(str2, getKeyStoreProvider(str2));
        InputStream openInputStream = context.getContentResolver().openInputStream(uri);
        try {
            if (openInputStream == null) {
                throw new FileNotFoundException(uri + " does not exist.");
            }
            keyStore.load(openInputStream, cArr);
            if (openInputStream != null) {
                openInputStream.close();
            }
            if (TextUtils.isEmpty(str)) {
                str = keyStore.aliases().nextElement();
            }
            Key key = keyStore.getKey(str, cArr2);
            if (key instanceof PrivateKey) {
                return new KeyPair((PrivateKey) key, (X509Certificate) keyStore.getCertificate(str));
            }
            throw new KeyStoreException("The provided alias " + str + " does not exist.");
        } catch (Throwable th) {
            if (openInputStream != null) {
                try {
                    openInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public static KeyPair getKeyPair(Context context, Uri uri, Uri uri2) throws GeneralSecurityException, IOException {
        ContentResolver contentResolver = context.getContentResolver();
        InputStream openInputStream = contentResolver.openInputStream(uri);
        try {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(IoUtils.readFully(openInputStream, -1, true));
            if (openInputStream != null) {
                openInputStream.close();
            }
            openInputStream = contentResolver.openInputStream(uri2);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(openInputStream);
                PrivateKey generatePrivate = KeyFactory.getInstance(x509Certificate.getPublicKey().getAlgorithm()).generatePrivate(pKCS8EncodedKeySpec);
                if (openInputStream != null) {
                    openInputStream.close();
                }
                return new KeyPair(generatePrivate, x509Certificate);
            } finally {
            }
        } finally {
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    private static Provider getKeyStoreProvider(String str) {
        char c;
        switch (str.hashCode()) {
            case -1933293812:
                if (str.equals(KEY_STORE_TYPE_PKCS12)) {
                    c = 2;
                    break;
                }
                c = 65535;
                break;
            case 65834:
                if (str.equals(KEY_STORE_TYPE_BKS)) {
                    c = 3;
                    break;
                }
                c = 65535;
                break;
            case 73522:
                if (str.equals(KEY_STORE_TYPE_JKS)) {
                    c = 1;
                    break;
                }
                c = 65535;
                break;
            default:
                c = 65535;
                break;
        }
        switch (c) {
            case 2:
            case 3:
                return new BouncyCastleProvider();
            default:
                return new JavaKeyStoreProvider();
        }
    }

    public static byte[] getPemCertificate(Certificate certificate) throws CertificateEncodingException, IOException {
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(X509Factory.BEGIN_CERT.length() + X509Factory.BEGIN_CERT.length() + certificate.getEncoded().length + 2);
        try {
            byteArrayOutputStream.write(X509Factory.BEGIN_CERT.getBytes(StandardCharsets.UTF_8));
            byteArrayOutputStream.write(10);
            bASE64Encoder.encode(certificate.getEncoded(), byteArrayOutputStream);
            byteArrayOutputStream.write(10);
            byteArrayOutputStream.write(X509Factory.END_CERT.getBytes(StandardCharsets.UTF_8));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            return byteArray;
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static ArrayList<String> listAliases(Context context, Uri uri, int i, char[] cArr) throws IOException, GeneralSecurityException {
        String str = TYPES[i];
        Log.d(TAG, "Loading keystore %s", str);
        KeyStore keyStore = KeyStore.getInstance(str, getKeyStoreProvider(str));
        InputStream openInputStream = context.getContentResolver().openInputStream(uri);
        try {
            if (openInputStream == null) {
                throw new FileNotFoundException(uri + " does not exist.");
            }
            keyStore.load(openInputStream, cArr);
            if (openInputStream != null) {
                openInputStream.close();
            }
            return Collections.list(keyStore.aliases());
        } catch (Throwable th) {
            if (openInputStream != null) {
                try {
                    openInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
