package com.citrix.sdk.crypto.helper;

import android.util.Base64;
import android.util.Log;
import com.citrix.sdk.crypto.exception.CryptoException;
import com.microsoft.onlineid.sts.DeviceCredentialGenerator;
import defpackage.AbstractC10853zo;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;

/* compiled from: PG */
/* loaded from: classes.dex */
public class CryptoHelper {

    /* renamed from: a, reason: collision with root package name */
    public static X509Certificate f4996a;
    public static final String b = DeviceCredentialGenerator.LegalUsernameCharacters.toUpperCase();
    public static final String c = AbstractC10853zo.a(new StringBuilder(DeviceCredentialGenerator.LegalUsernameCharacters), b, "0123456789!@#$%&*()_+-=[]?");
    public static final String d = b();

    static {
        try {
            System.loadLibrary("CoreSdkCrypto");
        } catch (Throwable th) {
            Log.e("CORE-CryptoHelper", "Unable to load Citrix Crypto" + th.getMessage());
        }
    }

    public static String a(String str, String str2, String str3) {
        String[] split;
        String[] split2 = str.split(str2);
        if (split2 == null || split2.length != 2 || (split = split2[1].split(str3)) == null || split.length <= 1) {
            return null;
        }
        return split[0];
    }

    public static KeyStore a(X509Certificate x509Certificate, RSAPrivateKey rSAPrivateKey, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null);
            keyStore.setCertificateEntry("cert-alias", x509Certificate);
            keyStore.setKeyEntry("key-alias", rSAPrivateKey, str.toCharArray(), new X509Certificate[]{x509Certificate});
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new IllegalArgumentException(e);
        }
    }

    public static X509Certificate a(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.getBytes(), 0)));
        } catch (CertificateException e) {
            Log.e("CORE-CryptoHelper", "Unable to generate certificate:" + e.getMessage());
            return null;
        }
    }

    public static KeyManager[] a() throws CryptoException {
        try {
            String generateCertificatePrivateKey = generateCertificatePrivateKey();
            if (c(generateCertificatePrivateKey)) {
                throw new CryptoException("Unable to generate Tunnel Certificate");
            }
            String a2 = a(generateCertificatePrivateKey, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
            if (c(a2)) {
                throw new CryptoException("Tunnel Certificate Private Key is empty");
            }
            String a3 = a(generateCertificatePrivateKey, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
            if (c(a3)) {
                throw new CryptoException("Tunnel Certificate is empty");
            }
            X509Certificate a4 = a(a3);
            f4996a = a4;
            if (a4 == null) {
                throw new CryptoException("Invalid Tunnel Certificate");
            }
            RSAPrivateKey b2 = b(a2);
            if (b2 == null) {
                throw new CryptoException("Invalid Tunnel Certificate Private Key");
            }
            KeyStore a5 = a(f4996a, b2, d);
            if (a5 == null) {
                throw new CryptoException("KeyStore is empty");
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(a5, d.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (Exception e) {
            throw new CryptoException(e.getMessage(), e);
        }
    }

    public static String b() {
        SecureRandom secureRandom = new SecureRandom();
        StringBuilder sb = new StringBuilder(12);
        for (int i = 0; i < 12; i++) {
            sb.append(c.charAt(secureRandom.nextInt(c.length())));
        }
        return sb.toString();
    }

    public static RSAPrivateKey b(String str) {
        try {
            return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(str.getBytes(), 0)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            Log.e("CORE-CryptoHelper", "Unable to generate private key:" + e.getMessage());
            return null;
        }
    }

    public static boolean c(String str) {
        return str == null || str.equals("");
    }

    public static native String generateCertificatePrivateKey();
}
