package com.sap.cloud4custex.security;

import android.content.Context;
import com.sap.cloud4custex.logger.ExLOG;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.Time;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class SecurityUtil {
    private static final Integer EXPIRATION_YEAR = 100;
    private static byte[] certificatePublicKey = null;
    private static TrustManager[] trustManagers = null;

    public static SSLServerSocketFactory createSecuredSocketFactory(Context context) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException, KeyManagementException, NoSuchProviderException {
        KeyPair generateKeyPair = generateKeyPair("RSA");
        X509Certificate generateCertificate = generateCertificate(generateKeyPair);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType(), BouncyCastleProvider.PROVIDER_NAME);
        keyStore.load(null, null);
        keyStore.setKeyEntry("c4c_cert", generateKeyPair.getPrivate(), null, new X509Certificate[]{generateCertificate});
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, null);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
        trustManagerFactory.init(keyStore);
        trustManagers = trustManagerFactory.getTrustManagers();
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return sSLContext.getServerSocketFactory();
    }

    private static X509Certificate generateCertificate(KeyPair keyPair) throws CertificateException {
        ContentSigner contentSigner;
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        calendar.add(1, EXPIRATION_YEAR.intValue());
        Date time = calendar.getTime();
        Time time2 = new Time(date, Locale.ENGLISH);
        Time time3 = new Time(time, Locale.ENGLISH);
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.O, "SAP");
        x500NameBuilder.addRDN(BCStyle.OU, "C4C");
        X500Name build = x500NameBuilder.build();
        byte[] encoded = keyPair.getPublic().getEncoded();
        certificatePublicKey = encoded;
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(build, BigInteger.valueOf(new SecureRandom().nextLong()), time2, time3, build, SubjectPublicKeyInfo.getInstance(encoded));
        try {
            Security.addProvider(new BouncyCastleProvider());
            contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate());
        } catch (OperatorCreationException e) {
            ExLOG.e("SecurityUtil:generateCertificate:OperatorCreationException " + e, "Unable to prepare signature");
            contentSigner = null;
        }
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(contentSigner));
    }

    private static KeyPair generateKeyPair(String str) {
        KeyPairGenerator keyPairGenerator;
        try {
            keyPairGenerator = KeyPairGenerator.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            ExLOG.e("SecurityUtil:generateKeyPair:NoSuchAlgorithmException " + e, "Unable to get instance of algo " + str);
            keyPairGenerator = null;
        }
        keyPairGenerator.initialize(2048, new SecureRandom());
        return keyPairGenerator.genKeyPair();
    }

    public static byte[] getCertificatePinForLocalhost() {
        return certificatePublicKey;
    }

    private static boolean needCustomTrustManagers(X509Certificate[] x509CertificateArr) {
        X509Certificate x509Certificate = x509CertificateArr[0];
        return x509Certificate != null && Arrays.equals(x509Certificate.getPublicKey().getEncoded(), getCertificatePinForLocalhost());
    }

    public static boolean validateSystemTrust(X509Certificate[] x509CertificateArr, String str) {
        TrustManager[] trustManagers2;
        try {
            if (needCustomTrustManagers(x509CertificateArr)) {
                trustManagers2 = trustManagers;
            } else {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                trustManagers2 = trustManagerFactory.getTrustManagers();
            }
            if (trustManagers2 != null) {
                for (TrustManager trustManager : trustManagers2) {
                    ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
                }
                return true;
            }
        } catch (KeyStoreException e) {
            ExLOG.e("SecurityUtil:validateSystemTrust:KeyStoreException " + e, e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            ExLOG.e("SecurityUtil:validateSystemTrust:NoSuchAlgorithmException " + e2, e2.getMessage());
        } catch (CertificateException e3) {
            ExLOG.e("SecurityUtil:validateSystemTrust:CertificateException " + e3, e3.getMessage());
        }
        return false;
    }
}
