package com.asterinet.react.tcpsocket;

import android.content.Context;
import android.os.Build;
import com.amazon.a.a.o.b.f;
import com.facebook.react.bridge.Arguments;
import com.facebook.react.bridge.ReadableMap;
import com.facebook.react.bridge.WritableMap;
import io.sentry.SentryEvent;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Socket;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Base64;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: classes3.dex */
final class SSLCertificateHelper {

    /* loaded from: classes3.dex */
    private static class BlindTrustManager implements X509TrustManager {
        private BlindTrustManager() {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    SSLCertificateHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLSocketFactory createBlindSocketFactory() throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, new TrustManager[]{new BlindTrustManager()}, null);
        return sSLContext.getSocketFactory();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLSocketFactory createCustomTrustedSocketFactory(Context context, ResolvableOption resolvableOption, ResolvableOption resolvableOption2, ResolvableOption resolvableOption3, KeystoreInfo keystoreInfo) throws IOException, GeneralSecurityException {
        if (resolvableOption3 == null || resolvableOption2 == null) {
            InputStream resolvableinputStream = getResolvableinputStream(context, resolvableOption);
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(resolvableinputStream);
            resolvableinputStream.close();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", generateCertificate);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
            return sSLContext.getSocketFactory();
        }
        KeyStore keyStore2 = KeyStore.getInstance(keystoreInfo.getKeystoreName().isEmpty() ? KeyStore.getDefaultType() : keystoreInfo.getKeystoreName());
        keyStore2.load(null, null);
        boolean isCertificateEntry = keyStore2.isCertificateEntry(keystoreInfo.getCertAlias());
        boolean isKeyEntry = keyStore2.isKeyEntry(keystoreInfo.getKeyAlias());
        if (!isCertificateEntry || !isKeyEntry) {
            Certificate generateCertificate2 = CertificateFactory.getInstance("X.509").generateCertificate(getResolvableinputStream(context, resolvableOption3));
            keyStore2.setCertificateEntry(keystoreInfo.getCertAlias(), generateCertificate2);
            keyStore2.setKeyEntry(keystoreInfo.getKeyAlias(), getPrivateKeyFromPEM(getResolvableinputStream(context, resolvableOption2)), null, new Certificate[]{generateCertificate2});
        }
        boolean isCertificateEntry2 = keyStore2.isCertificateEntry(keystoreInfo.getCaAlias());
        if (resolvableOption != null && !isCertificateEntry2) {
            InputStream resolvableinputStream2 = getResolvableinputStream(context, resolvableOption);
            Certificate generateCertificate3 = CertificateFactory.getInstance("X.509").generateCertificate(resolvableinputStream2);
            resolvableinputStream2.close();
            keyStore2.setCertificateEntry(keystoreInfo.getCaAlias(), generateCertificate3);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore2, new char[0]);
        SSLContext sSLContext2 = SSLContext.getInstance("TLS");
        sSLContext2.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new BlindTrustManager()}, null);
        return sSLContext2.getSocketFactory();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SSLServerSocketFactory createServerSocketFactory(Context context, String str) throws GeneralSecurityException, IOException {
        char[] charArray = "".toCharArray();
        InputStream rawResourceStream = getRawResourceStream(context, str);
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(rawResourceStream, charArray);
        rawResourceStream.close();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
        keyManagerFactory.init(keyStore, charArray);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new BlindTrustManager()}, null);
        return sSLContext.getServerSocketFactory();
    }

    private static String decodeHexString(String str) {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (i < str.length()) {
            int i2 = i + 2;
            sb.append((char) Integer.parseInt(str.substring(i, i2), 16));
            i = i2;
        }
        return sb.toString().replaceAll("^\\p{Cntrl}", "").trim();
    }

    private static String formatDate(Date date) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MMM dd HH:mm:ss yyyy 'GMT'", Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        return simpleDateFormat.format(date);
    }

    public static ReadableMap getCertificateInfo(Socket socket, boolean z) {
        WritableMap createMap = Arguments.createMap();
        if (socket instanceof SSLSocket) {
            try {
                SSLSession session = ((SSLSocket) socket).getSession();
                Certificate[] peerCertificates = z ? session.getPeerCertificates() : session.getLocalCertificates();
                if (peerCertificates != null && peerCertificates.length > 0) {
                    Certificate certificate = peerCertificates[0];
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        createMap = Arguments.createMap();
                        createMap.putMap("subject", parseDN(x509Certificate.getSubjectDN().getName()));
                        createMap.putMap("issuer", parseDN(x509Certificate.getIssuerDN().getName()));
                        createMap.putBoolean("ca", x509Certificate.getBasicConstraints() != -1);
                        createMap.putString("modulus", getModulus(x509Certificate));
                        createMap.putInt("bits", getModulusBitLength(x509Certificate));
                        createMap.putString("exponent", "0x" + getExponent(x509Certificate));
                        if (Build.VERSION.SDK_INT >= 26) {
                            createMap.putString("pubkey", Base64.getEncoder().encodeToString(x509Certificate.getPublicKey().getEncoded()));
                        }
                        createMap.putString("valid_from", formatDate(x509Certificate.getNotBefore()));
                        createMap.putString("valid_to", formatDate(x509Certificate.getNotAfter()));
                        createMap.putString(SentryEvent.JsonKeys.FINGERPRINT, getFingerprint(x509Certificate, "SHA-1"));
                        createMap.putString("fingerprint256", getFingerprint(x509Certificate, "SHA-256"));
                        createMap.putString("fingerprint512", getFingerprint(x509Certificate, "SHA-512"));
                        createMap.putString("serialNumber", getSerialNumber(x509Certificate));
                    }
                }
            } catch (SSLPeerUnverifiedException e) {
                throw new RuntimeException(e);
            } catch (Exception e2) {
                throw new RuntimeException("Error processing certificate", e2);
            }
        }
        return createMap;
    }

    private static String getExponent(X509Certificate x509Certificate) throws Exception {
        return ((RSAPublicKey) x509Certificate.getPublicKey()).getPublicExponent().toString(16).toUpperCase();
    }

    private static String getFingerprint(X509Certificate x509Certificate, String str) throws Exception {
        byte[] digest = MessageDigest.getInstance(str).digest(x509Certificate.getEncoded());
        StringBuilder sb = new StringBuilder();
        for (byte b : digest) {
            sb.append(String.format("%02X:", Byte.valueOf(b)));
        }
        return sb.substring(0, sb.length() - 1);
    }

    private static String getModulus(X509Certificate x509Certificate) throws Exception {
        return ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().toString(16).toUpperCase();
    }

    private static int getModulusBitLength(X509Certificate x509Certificate) throws Exception {
        return ((RSAPublicKey) x509Certificate.getPublicKey()).getModulus().bitLength();
    }

    public static PrivateKey getPrivateKeyFromPEM(InputStream inputStream) {
        try {
            PemReader pemReader = new PemReader(new InputStreamReader(inputStream));
            try {
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()));
                pemReader.close();
                return generatePrivate;
            } finally {
            }
        } catch (Exception e) {
            throw new RuntimeException("Failed to parse private key from PEM", e);
        }
    }

    private static InputStream getRawResourceStream(Context context, String str) throws IOException {
        int resourceId = getResourceId(context, str);
        return resourceId == 0 ? URI.create(str).toURL().openStream() : context.getResources().openRawResource(resourceId);
    }

    public static InputStream getResolvableinputStream(Context context, ResolvableOption resolvableOption) throws IOException {
        return resolvableOption.needsResolution() ? getRawResourceStream(context, resolvableOption.getValue()) : new ByteArrayInputStream(resolvableOption.getValue().getBytes());
    }

    private static int getResourceId(Context context, String str) {
        String replace = str.toLowerCase().replace("-", "_");
        try {
            return Integer.parseInt(replace);
        } catch (NumberFormatException unused) {
            return context.getResources().getIdentifier(replace, "raw", context.getPackageName());
        }
    }

    private static String getSerialNumber(X509Certificate x509Certificate) {
        return x509Certificate.getSerialNumber().toString(16).toUpperCase();
    }

    private static WritableMap parseDN(String str) {
        WritableMap createMap = Arguments.createMap();
        for (String str2 : str.split(",(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)")) {
            String[] split = str2.split(f.b, 2);
            if (split.length == 2) {
                String trim = split[0].trim();
                String trim2 = split[1].trim();
                if ("2.5.4.46".equals(trim)) {
                    if (trim2.startsWith("#")) {
                        createMap.putString("dnQualifier", decodeHexString(trim2.substring(1)));
                    } else {
                        createMap.putString("dnQualifier", trim2);
                    }
                } else if ("CN".equals(trim)) {
                    createMap.putString("CN", trim2);
                }
            }
        }
        return createMap;
    }
}
