package com.microsoft.powerapps.hostingsdk.model.httpwebserver;

import android.net.http.SslCertificate;
import com.microsoft.identity.common.java.platform.AbstractDevicePopManager;
import com.microsoft.powerapps.hostingsdk.model.telemetry.FailureType;
import com.microsoft.powerapps.hostingsdk.model.telemetry.TelemetryScenario;
import com.microsoft.powerapps.hostingsdk.model.telemetry.TelemetryScenarioName;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Locale;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.Time;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes4.dex */
public class CertGenerator {
    private static CertGenerator _instance = null;
    private static final String alias = "localWebServerKey";
    public static String domainName = "localhost";
    private X509Certificate _cert = null;
    private KeyStore _keyStore = null;

    private CertGenerator() {
        _init();
    }

    private void _init() {
        X509Certificate x509Certificate;
        Date date;
        KeyStore.PrivateKeyEntry privateKeyEntry;
        TelemetryScenario start;
        TelemetryScenario start2 = TelemetryScenario.start(TelemetryScenarioName.RETRIEVE_CERTIFICATE_OR_TRIGGER_GENERATE);
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            try {
                x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
                try {
                    date = keyStore.getCreationDate(alias);
                } catch (Exception unused) {
                    date = null;
                }
            } catch (Exception unused2) {
                x509Certificate = null;
                date = null;
            }
            try {
                try {
                    privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null);
                } catch (Exception unused3) {
                    privateKeyEntry = null;
                    if (privateKeyEntry != null) {
                    }
                    start2.tell("No suitable certificate was present in the KeyStore; generating a new one.");
                    start = TelemetryScenario.start(TelemetryScenarioName.GENERATE_LWS_CERTIFICATE);
                    try {
                        KeyPair generateKeyPair = generateKeyPair();
                        X509Certificate generateCert = generateCert(generateKeyPair);
                        KeyStore.PrivateKeyEntry privateKeyEntry2 = new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), new X509Certificate[]{generateCert});
                        keyStore.setEntry(alias, privateKeyEntry2, null);
                        start.pass("Successfully generated and saved new certificate");
                        x509Certificate = generateCert;
                        privateKeyEntry = privateKeyEntry2;
                        KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
                        keyStore2.load(null);
                        keyStore2.setEntry(alias, privateKeyEntry, null);
                        this._keyStore = keyStore2;
                        start2.pass("Done creating a dedicated keystore with the certificate.");
                        this._cert = x509Certificate;
                        return;
                    } catch (Exception e) {
                        start.fail("Failed to generate a new self signed certificate", FailureType.ERROR, e);
                        start2.fail("Failed to generate a new self signed certificate", FailureType.ERROR, e);
                        return;
                    }
                }
                KeyStore keyStore22 = KeyStore.getInstance("PKCS12");
                keyStore22.load(null);
                keyStore22.setEntry(alias, privateKeyEntry, null);
                this._keyStore = keyStore22;
                start2.pass("Done creating a dedicated keystore with the certificate.");
                this._cert = x509Certificate;
                return;
            } catch (Exception e2) {
                start2.fail("Failed to create ephemeral keystore for the local web server", FailureType.ERROR, e2);
                return;
            }
            if (privateKeyEntry != null || privateKeyEntry.getCertificateChain().length == 0 || x509Certificate == null || date == null || date.before(new Date(System.currentTimeMillis() - 62899200000L))) {
                start2.tell("No suitable certificate was present in the KeyStore; generating a new one.");
                start = TelemetryScenario.start(TelemetryScenarioName.GENERATE_LWS_CERTIFICATE);
                KeyPair generateKeyPair2 = generateKeyPair();
                X509Certificate generateCert2 = generateCert(generateKeyPair2);
                KeyStore.PrivateKeyEntry privateKeyEntry22 = new KeyStore.PrivateKeyEntry(generateKeyPair2.getPrivate(), new X509Certificate[]{generateCert2});
                keyStore.setEntry(alias, privateKeyEntry22, null);
                start.pass("Successfully generated and saved new certificate");
                x509Certificate = generateCert2;
                privateKeyEntry = privateKeyEntry22;
            } else {
                start2.tell("Reusing the certificate from the KeyStore.");
            }
        } catch (Exception e3) {
            start2.fail("Failed to open Android keystore for the local web server", FailureType.ERROR, e3);
        }
    }

    private static AuthorityKeyIdentifier createAuthorityKeyId(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createAuthorityKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    private static SubjectKeyIdentifier createSubjectKeyId(PublicKey publicKey) throws OperatorCreationException {
        return new X509ExtensionUtils(new BcDigestCalculatorProvider().get(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1))).createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
    }

    protected static X509Certificate generateCert(KeyPair keyPair) throws OperatorCreationException, CertificateException, CertIOException {
        Date date = new Date(System.currentTimeMillis() - 604800000);
        Date date2 = new Date(System.currentTimeMillis() + 97718400000L);
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
        X500Name x500Name = new X500Name("CN=" + domainName);
        return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new JcaX509v3CertificateBuilder(x500Name, BigInteger.valueOf(System.currentTimeMillis()), new Time(date, Locale.ENGLISH), new Time(date2, Locale.ENGLISH), x500Name, keyPair.getPublic()).addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyId(keyPair.getPublic())).addExtension(Extension.authorityKeyIdentifier, false, (ASN1Encodable) createAuthorityKeyId(keyPair.getPublic())).addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true)).build(build));
    }

    protected static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(AbstractDevicePopManager.KeyPairGeneratorAlgorithms.RSA);
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    public static X509Certificate getCert() {
        return getInstance()._cert;
    }

    public static CertGenerator getInstance() {
        if (_instance == null) {
            synchronized (CertGenerator.class) {
                if (_instance == null) {
                    _instance = new CertGenerator();
                }
            }
        }
        return _instance;
    }

    public static KeyStore getKeyStore() throws IllegalStateException {
        KeyStore keyStore = getInstance()._keyStore;
        if (keyStore != null) {
            return keyStore;
        }
        throw new IllegalStateException("Failed to initialize keystore in CertGenerator");
    }

    public static Certificate getX509Certificate(SslCertificate sslCertificate) {
        byte[] byteArray = SslCertificate.saveState(sslCertificate).getByteArray("x509-certificate");
        if (byteArray == null) {
            return null;
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(byteArray));
        } catch (Exception unused) {
            return null;
        }
    }
}
