package de.flyingsnail.ipv6droid.android.dtlsrequest;

import android.security.keystore.KeyGenParameterSpec;
import de.flyingsnail.ipv6droid.android.AndroidLoggingHandler;
import java.io.ByteArrayOutputStream;
import java.io.CharArrayWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.logging.Logger;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.tls.Certificate;
import org.bouncycastle.tls.SignatureAndHashAlgorithm;
import org.bouncycastle.tls.TlsCredentialedSigner;
import org.bouncycastle.tls.crypto.TlsStreamSigner;

/* loaded from: classes.dex */
public class AndroidBackedKeyPair {
    private static final Logger logger = AndroidLoggingHandler.getLogger(AndroidBackedKeyPair.class);
    private static final SignatureAndHashAlgorithm myAlgorithm = new SignatureAndHashAlgorithm(4, 1);
    private final String alias;
    private final KeyPair keyPair;

    public AndroidBackedKeyPair(String str) throws IOException {
        this.alias = str;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalArgumentException("Not an instance of PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            this.keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new IllegalStateException("Cannot access AndroidKeyStore", e);
        }
    }

    public static KeyPair create(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, 12).setDigests("SHA-256", "SHA-512", "NONE").setEncryptionPaddings("NoPadding", "PKCS1Padding", "OAEPPadding").setSignaturePaddings("PKCS1", "PSS").build());
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            logger.info("Created new keypair for alias " + str);
            return generateKeyPair;
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new IllegalStateException("Standard algorithms not available on this device", e);
        }
    }

    public static List<String> createKey(String str) throws IOException {
        List<String> listAliases = listAliases();
        if (str.isEmpty() || listAliases.contains(str)) {
            logger.warning("Requested alias already existing: " + str);
            return null;
        }
        create(str);
        logger.info("Convert to key: " + new AndroidBackedKeyPair(str).getPrivateKey());
        return listAliases;
    }

    public static List<String> listAliases() throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                Enumeration<String> aliases = keyStore.aliases();
                ArrayList arrayList = new ArrayList(5);
                while (aliases.hasMoreElements()) {
                    arrayList.add(aliases.nextElement());
                }
                logger.info("Found " + arrayList.size() + " elements in AndroidKeyStore");
                return arrayList;
            } catch (KeyStoreException | CertificateException e) {
                throw new IOException(e.getMessage(), e);
            } catch (NoSuchAlgorithmException e2) {
                throw new IllegalStateException("Algorithm for elements of Keystore not available", e2);
            }
        } catch (KeyStoreException e3) {
            throw new IllegalStateException("Cannot access AndroidKeyStore", e3);
        }
    }

    public String getCertificationRequest() throws IOException {
        PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(new X500Name("C=DE,ST=Hessen,L=Niederdorfelden,O=Flying Furry CSnail Creature,OU=IPv6Droid,CN=" + this.alias), getPublicKey()).build(getContentSigner());
        CharArrayWriter charArrayWriter = new CharArrayWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(charArrayWriter);
        jcaPEMWriter.writeObject(build);
        jcaPEMWriter.close();
        return charArrayWriter.toString();
    }

    public ContentSigner getContentSigner() {
        return new ContentSigner() { // from class: de.flyingsnail.ipv6droid.android.dtlsrequest.AndroidBackedKeyPair.2
            private final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();

            @Override // org.bouncycastle.operator.ContentSigner
            public AlgorithmIdentifier getAlgorithmIdentifier() {
                return new AlgorithmIdentifier(new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"));
            }

            @Override // org.bouncycastle.operator.ContentSigner
            public OutputStream getOutputStream() {
                return this.outputStream;
            }

            @Override // org.bouncycastle.operator.ContentSigner
            public byte[] getSignature() {
                try {
                    Signature signature = Signature.getInstance("SHA256withRSA");
                    signature.initSign(AndroidBackedKeyPair.this.getPrivateKey());
                    signature.update(this.outputStream.toByteArray());
                    byte[] sign = signature.sign();
                    this.outputStream.reset();
                    return sign;
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                    throw new IllegalStateException("Cannot calculate a signature", e);
                }
            }
        };
    }

    public PrivateKey getPrivateKey() {
        return this.keyPair.getPrivate();
    }

    public PublicKey getPublicKey() {
        return this.keyPair.getPublic();
    }

    public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
        return myAlgorithm;
    }

    public TlsCredentialedSigner getTlsCredentialedSigner(final Certificate certificate) {
        return new TlsCredentialedSigner() { // from class: de.flyingsnail.ipv6droid.android.dtlsrequest.AndroidBackedKeyPair.1
            @Override // org.bouncycastle.tls.TlsCredentialedSigner
            public byte[] generateRawSignature(byte[] bArr) throws IOException {
                try {
                    Signature signature = Signature.getInstance("NONEwithRSA");
                    signature.initSign(AndroidBackedKeyPair.this.getPrivateKey());
                    signature.update(bArr);
                    return signature.sign();
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                    throw new IOException("Cannot create requested signature", e);
                }
            }

            @Override // org.bouncycastle.tls.TlsCredentials
            public Certificate getCertificate() {
                return certificate;
            }

            @Override // org.bouncycastle.tls.TlsCredentialedSigner
            public SignatureAndHashAlgorithm getSignatureAndHashAlgorithm() {
                return AndroidBackedKeyPair.this.getSignatureAndHashAlgorithm();
            }

            @Override // org.bouncycastle.tls.TlsCredentialedSigner
            public TlsStreamSigner getStreamSigner() {
                return new TlsStreamSigner() { // from class: de.flyingsnail.ipv6droid.android.dtlsrequest.AndroidBackedKeyPair.1.1
                    final ContentSigner delegate;

                    {
                        this.delegate = AndroidBackedKeyPair.this.getContentSigner();
                    }

                    @Override // org.bouncycastle.tls.crypto.TlsStreamSigner
                    public OutputStream getOutputStream() {
                        return this.delegate.getOutputStream();
                    }

                    @Override // org.bouncycastle.tls.crypto.TlsStreamSigner
                    public byte[] getSignature() {
                        return this.delegate.getSignature();
                    }
                };
            }
        };
    }
}
