package com.minhui.vpn.certificate;

import com.minhui.vpn.log.VPNLog;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.a.a.bf;
import org.a.a.k;
import org.a.a.n.g;
import org.a.a.n.l;
import org.a.a.n.o;
import org.a.a.n.t;
import org.a.a.n.u;
import org.a.a.n.x;
import org.a.a.n.y;
import org.a.b.b.f;
import org.a.b.h;

/* loaded from: classes.dex */
public final class a {

    /* renamed from: a, reason: collision with root package name */
    private static final String f4659a;

    /* renamed from: b, reason: collision with root package name */
    private static final Date f4660b;
    private static final Date c;

    static {
        Security.addProvider(new org.a.e.a.a());
        StringBuilder sb = new StringBuilder();
        sb.append(b() ? "SHA256" : "SHA512");
        sb.append("WithRSAEncryption");
        f4659a = sb.toString();
        f4660b = new Date(System.currentTimeMillis() - 31536000000L);
        c = new Date(System.currentTimeMillis() + 3153600000000L);
    }

    public static long a() {
        new Random().setSeed(System.currentTimeMillis());
        return ((r0.nextInt() << 32) | (r0.nextInt() & 4294967295L)) & 281474976710655L;
    }

    public static KeyPair a(int i) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyStore a(Authority authority, String str) {
        KeyPair a2 = a(2048);
        org.a.a.m.d dVar = new org.a.a.m.d(org.a.a.m.a.b.J);
        dVar.a(org.a.a.m.a.b.e, authority.commonName());
        dVar.a(org.a.a.m.a.b.f5048b, authority.organization());
        dVar.a(org.a.a.m.a.b.c, authority.organizationalUnitName());
        org.a.a.m.c a3 = dVar.a();
        BigInteger valueOf = BigInteger.valueOf(a());
        PublicKey publicKey = a2.getPublic();
        f fVar = new f(a3, valueOf, f4660b, c, a3, publicKey);
        fVar.a(l.f5085b, false, a(publicKey));
        fVar.a(l.g, true, new g(true));
        fVar.a(l.c, false, new u(182));
        org.a.a.g gVar = new org.a.a.g();
        gVar.a(t.f5100b);
        gVar.a(t.c);
        gVar.a(t.f5099a);
        fVar.a(l.u, false, new bf(gVar));
        X509Certificate a4 = a(fVar, a2.getPrivate());
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        keyStore.setKeyEntry(authority.alias(), a2.getPrivate(), authority.password(), new Certificate[]{a4});
        return keyStore;
    }

    public static KeyStore a(String str, Authority authority, Certificate certificate, PrivateKey privateKey) {
        KeyPair a2 = a(1024);
        org.a.a.m.c a3 = new org.a.b.f(certificate.getEncoded()).a();
        BigInteger valueOf = BigInteger.valueOf(a());
        org.a.a.m.d dVar = new org.a.a.m.d(org.a.a.m.a.b.J);
        dVar.a(org.a.a.m.a.b.e, str);
        dVar.a(org.a.a.m.a.b.f5048b, authority.certOrganisation());
        dVar.a(org.a.a.m.a.b.c, authority.certOrganizationalUnitName());
        f fVar = new f(a3, valueOf, f4660b, new Date(System.currentTimeMillis() + 86400000), dVar.a(), a2.getPublic());
        fVar.a(l.f5085b, false, a(a2.getPublic()));
        fVar.a(l.g, false, new g(false));
        fVar.a(l.e, false, new bf(new org.a.a.f[]{new o(2, str)}));
        X509Certificate a4 = a(fVar, privateKey);
        a4.checkValidity(new Date());
        a4.verify(certificate.getPublicKey());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry(authority.alias(), a2.getPrivate(), authority.password(), new Certificate[]{a4, certificate});
        return keyStore;
    }

    private static X509Certificate a(h hVar, PrivateKey privateKey) {
        return new org.a.b.b.d().a("BC").a(hVar.a(new org.a.g.a.a(f4659a).a("BC").a(privateKey)));
    }

    public static SSLContext a(KeyManager[] keyManagerArr) {
        SSLContext c2 = c();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        c2.init(keyManagerArr, null, secureRandom);
        return c2;
    }

    public static SSLContext a(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        SSLContext c2 = c();
        c2.init(keyManagerArr, trustManagerArr, null);
        return c2;
    }

    private static x a(Key key) {
        k kVar;
        Throwable th;
        try {
            kVar = new k(new ByteArrayInputStream(key.getEncoded()));
            try {
                x a2 = new org.a.b.a.a().a(new y((org.a.a.u) kVar.d()));
                org.apache.a.a.a.a((InputStream) kVar);
                return a2;
            } catch (Throwable th2) {
                th = th2;
                org.apache.a.a.a.a((InputStream) kVar);
                throw th;
            }
        } catch (Throwable th3) {
            kVar = null;
            th = th3;
        }
    }

    public static KeyManager[] a(KeyStore keyStore, Authority authority) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, authority.password());
        return keyManagerFactory.getKeyManagers();
    }

    private static boolean b() {
        Integer integer = Integer.getInteger("sun.arch.data.model");
        return integer != null && integer.intValue() == 32;
    }

    private static SSLContext c() {
        try {
            VPNLog.d("CertificateHelper", "Using protocol {}TLSv1.2");
            return SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException unused) {
            VPNLog.w("CertificateHelper", "Protocol {} not available, falling back to {}TLSv1.2TLSv1");
            return SSLContext.getInstance("TLSv1");
        }
    }
}
