package moe.shizuku.manager.adb;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import androidx.annotation.RequiresApi;
import androidx.compose.runtime.internal.StabilityInferred;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.Locale;
import java8.util.Spliterator;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;
import kotlin.Lazy;
import kotlin.Metadata;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import moe.shizuku.manager.wireless_adb.rikka.UnsafeLazyKt;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@StabilityInferred
@Metadata
/* loaded from: classes3.dex */
public final class AdbKey {

    /* renamed from: h, reason: collision with root package name */
    @NotNull
    public static final Companion f52543h = new Companion(null);

    /* renamed from: i, reason: collision with root package name */
    public static final int f52544i = 8;

    /* renamed from: j, reason: collision with root package name */
    @NotNull
    private static final byte[] f52545j = {0, 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};

    /* renamed from: a, reason: collision with root package name */
    @NotNull
    private final AdbKeyStore f52546a;

    /* renamed from: b, reason: collision with root package name */
    @NotNull
    private final Key f52547b;

    /* renamed from: c, reason: collision with root package name */
    @NotNull
    private final RSAPrivateKey f52548c;

    /* renamed from: d, reason: collision with root package name */
    @NotNull
    private final RSAPublicKey f52549d;

    /* renamed from: e, reason: collision with root package name */
    @NotNull
    private final X509Certificate f52550e;

    /* renamed from: f, reason: collision with root package name */
    @NotNull
    private final Lazy f52551f;

    /* renamed from: g, reason: collision with root package name */
    @RequiresApi
    @NotNull
    private final Lazy f52552g;

    @Metadata
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public AdbKey(@NotNull AdbKeyStore adbKeyStore, @NotNull final String name) {
        Intrinsics.f(adbKeyStore, "adbKeyStore");
        Intrinsics.f(name, "name");
        this.f52546a = adbKeyStore;
        Key j2 = j();
        if (j2 == null) {
            throw new IllegalStateException("Failed to generate encryption key with AndroidKeyManager.".toString());
        }
        this.f52547b = j2;
        RSAPrivateKey k2 = k();
        this.f52548c = k2;
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(k2.getModulus(), RSAKeyGenParameterSpec.F4));
        Intrinsics.d(generatePublic, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generatePublic;
        this.f52549d = rSAPublicKey;
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new X509v3CertificateBuilder(new X500Name("CN=00"), BigInteger.ONE, new Date(0L), new Date(2461449600000L), Locale.ROOT, new X500Name("CN=00"), SubjectPublicKeyInfo.o(rSAPublicKey.getEncoded())).a(new JcaContentSignerBuilder("SHA256withRSA").b(k2)).getEncoded()));
        Intrinsics.d(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        this.f52550e = (X509Certificate) generateCertificate;
        Log.d("AdbKey", k2.toString());
        this.f52551f = UnsafeLazyKt.a(new Function0<byte[]>() { // from class: moe.shizuku.manager.adb.AdbKey$adbPublicKey$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            @NotNull
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public final byte[] e() {
                RSAPublicKey rSAPublicKey2;
                byte[] b2;
                rSAPublicKey2 = AdbKey.this.f52549d;
                b2 = AdbKeyKt.b(rSAPublicKey2, name);
                return b2;
            }
        });
        this.f52552g = UnsafeLazyKt.a(new Function0<SSLContext>() { // from class: moe.shizuku.manager.adb.AdbKey$sslContext$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @Override // kotlin.jvm.functions.Function0
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public final SSLContext e() {
                AdbKey$keyManager$1 i2;
                AdbKey$trustManager$1 m2;
                SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
                i2 = AdbKey.this.i();
                m2 = AdbKey.this.m();
                sSLContext.init(new AdbKey$keyManager$1[]{i2}, new AdbKey$trustManager$1[]{m2}, new SecureRandom());
                return sSLContext;
            }
        });
    }

    private final byte[] f(byte[] bArr, byte[] bArr2) {
        if (bArr.length < 28) {
            return null;
        }
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr, 0, 12);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, this.f52547b, gCMParameterSpec);
        cipher.updateAAD(bArr2);
        return cipher.doFinal(bArr, 12, bArr.length - 12);
    }

    private final byte[] g(byte[] bArr, byte[] bArr2) {
        if (bArr.length > 2147483619) {
            return null;
        }
        byte[] bArr3 = new byte[bArr.length + 28];
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, this.f52547b);
        cipher.updateAAD(bArr2);
        cipher.doFinal(bArr, 0, bArr.length, bArr3, 12);
        System.arraycopy(cipher.getIV(), 0, bArr3, 0, 12);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v0, types: [moe.shizuku.manager.adb.AdbKey$keyManager$1] */
    public final AdbKey$keyManager$1 i() {
        return new X509ExtendedKeyManager() { // from class: moe.shizuku.manager.adb.AdbKey$keyManager$1

            /* renamed from: a, reason: collision with root package name */
            @NotNull
            private final String f52555a = "key";

            @Override // javax.net.ssl.X509KeyManager
            @Nullable
            public String chooseClientAlias(@NotNull String[] keyTypes, @Nullable Principal[] principalArr, @Nullable Socket socket) {
                String str;
                Intrinsics.f(keyTypes, "keyTypes");
                StringBuilder sb = new StringBuilder();
                sb.append("chooseClientAlias: keyType=");
                String arrays = Arrays.toString(keyTypes);
                Intrinsics.e(arrays, "toString(...)");
                sb.append(arrays);
                sb.append(", issuers=");
                if (principalArr != null) {
                    str = Arrays.toString(principalArr);
                    Intrinsics.e(str, "toString(...)");
                } else {
                    str = null;
                }
                sb.append(str);
                Log.d("AdbKey", sb.toString());
                for (String str2 : keyTypes) {
                    if (Intrinsics.b(str2, "RSA")) {
                        return this.f52555a;
                    }
                }
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            @Nullable
            public String chooseServerAlias(@NotNull String keyType, @Nullable Principal[] principalArr, @Nullable Socket socket) {
                Intrinsics.f(keyType, "keyType");
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            @Nullable
            public X509Certificate[] getCertificateChain(@Nullable String str) {
                X509Certificate x509Certificate;
                Log.d("AdbKey", "getCertificateChain: alias=" + str);
                if (!Intrinsics.b(str, this.f52555a)) {
                    return null;
                }
                x509Certificate = AdbKey.this.f52550e;
                return new X509Certificate[]{x509Certificate};
            }

            @Override // javax.net.ssl.X509KeyManager
            @Nullable
            public String[] getClientAliases(@Nullable String str, @Nullable Principal[] principalArr) {
                return null;
            }

            @Override // javax.net.ssl.X509KeyManager
            @Nullable
            public PrivateKey getPrivateKey(@Nullable String str) {
                RSAPrivateKey rSAPrivateKey;
                Log.d("AdbKey", "getPrivateKey: alias=" + str);
                if (!Intrinsics.b(str, this.f52555a)) {
                    return null;
                }
                rSAPrivateKey = AdbKey.this.f52548c;
                return rSAPrivateKey;
            }

            @Override // javax.net.ssl.X509KeyManager
            @Nullable
            public String[] getServerAliases(@NotNull String keyType, @Nullable Principal[] principalArr) {
                Intrinsics.f(keyType, "keyType");
                return null;
            }
        };
    }

    private final Key j() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey("_adbkey_encryption_key_", null);
        if (key != null) {
            return key;
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("_adbkey_encryption_key_", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(Spliterator.NONNULL).build();
        Intrinsics.e(build, "build(...)");
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(build);
        return keyGenerator.generateKey();
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x0046  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final java.security.interfaces.RSAPrivateKey k() {
        /*
            r8 = this;
            r0 = 16
            byte[] r0 = new byte[r0]
            java.lang.String r1 = "adbkey"
            java.nio.charset.Charset r2 = kotlin.text.Charsets.f50339b
            byte[] r1 = r1.getBytes(r2)
            java.lang.String r2 = "getBytes(...)"
            kotlin.jvm.internal.Intrinsics.e(r1, r2)
            r6 = 14
            r7 = 1
            r7 = 0
            r3 = 1
            r3 = 0
            r4 = 1
            r4 = 0
            r5 = 1
            r5 = 0
            r2 = r0
            kotlin.collections.ArraysKt.l(r1, r2, r3, r4, r5, r6, r7)
            moe.shizuku.manager.adb.AdbKeyStore r1 = r8.f52546a
            byte[] r1 = r1.get()
            java.lang.String r2 = "null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey"
            java.lang.String r3 = "RSA"
            if (r1 == 0) goto L42
            byte[] r1 = r8.f(r1, r0)     // Catch: java.lang.Exception -> L42
            java.security.KeyFactory r4 = java.security.KeyFactory.getInstance(r3)     // Catch: java.lang.Exception -> L42
            java.security.spec.PKCS8EncodedKeySpec r5 = new java.security.spec.PKCS8EncodedKeySpec     // Catch: java.lang.Exception -> L42
            r5.<init>(r1)     // Catch: java.lang.Exception -> L42
            java.security.PrivateKey r1 = r4.generatePrivate(r5)     // Catch: java.lang.Exception -> L42
            kotlin.jvm.internal.Intrinsics.d(r1, r2)     // Catch: java.lang.Exception -> L42
            java.security.interfaces.RSAPrivateKey r1 = (java.security.interfaces.RSAPrivateKey) r1     // Catch: java.lang.Exception -> L42
            goto L44
        L42:
            r1 = 1
            r1 = 0
        L44:
            if (r1 != 0) goto L77
            java.security.KeyPairGenerator r1 = java.security.KeyPairGenerator.getInstance(r3)
            java.security.spec.RSAKeyGenParameterSpec r3 = new java.security.spec.RSAKeyGenParameterSpec
            r4 = 2048(0x800, float:2.87E-42)
            java.math.BigInteger r5 = java.security.spec.RSAKeyGenParameterSpec.F4
            r3.<init>(r4, r5)
            r1.initialize(r3)
            java.security.KeyPair r1 = r1.generateKeyPair()
            java.security.PrivateKey r1 = r1.getPrivate()
            kotlin.jvm.internal.Intrinsics.d(r1, r2)
            java.security.interfaces.RSAPrivateKey r1 = (java.security.interfaces.RSAPrivateKey) r1
            byte[] r2 = r1.getEncoded()
            java.lang.String r3 = "getEncoded(...)"
            kotlin.jvm.internal.Intrinsics.e(r2, r3)
            byte[] r0 = r8.g(r2, r0)
            if (r0 == 0) goto L77
            moe.shizuku.manager.adb.AdbKeyStore r2 = r8.f52546a
            r2.a(r0)
        L77:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: moe.shizuku.manager.adb.AdbKey.k():java.security.interfaces.RSAPrivateKey");
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v0, types: [moe.shizuku.manager.adb.AdbKey$trustManager$1] */
    public final AdbKey$trustManager$1 m() {
        return new X509ExtendedTrustManager() { // from class: moe.shizuku.manager.adb.AdbKey$trustManager$1
            @Override // javax.net.ssl.X509TrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkClientTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkClientTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str, @Nullable Socket socket) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkClientTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str, @Nullable SSLEngine sSLEngine) {
            }

            @Override // javax.net.ssl.X509TrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkServerTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkServerTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str, @Nullable Socket socket) {
            }

            @Override // javax.net.ssl.X509ExtendedTrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkServerTrusted(@Nullable X509Certificate[] x509CertificateArr, @Nullable String str, @Nullable SSLEngine sSLEngine) {
            }

            @Override // javax.net.ssl.X509TrustManager
            @NotNull
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
    }

    @NotNull
    public final byte[] h() {
        return (byte[]) this.f52551f.getValue();
    }

    @NotNull
    public final SSLContext l() {
        Object value = this.f52552g.getValue();
        Intrinsics.e(value, "getValue(...)");
        return (SSLContext) value;
    }

    @NotNull
    public final byte[] n(@Nullable byte[] bArr) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
        cipher.init(1, this.f52548c);
        cipher.update(f52545j);
        byte[] doFinal = cipher.doFinal(bArr);
        Intrinsics.e(doFinal, "doFinal(...)");
        return doFinal;
    }
}
