package com.stackpath.cloak.util;

import android.content.Context;
import android.util.Base64;
import com.stackpath.cloak.model.certificate.Anchor;
import com.stackpath.cloak.model.certificate.DeviceCertificateResponse;
import com.stackpath.cloak.model.certificate.Extra;
import com.stackpath.cloak.model.certificate.Intermediate;
import com.stackpath.cloak.model.crl.Credentials;
import com.stackpath.cloak.model.crl.CrlUrl;
import com.stackpath.cloak.net.CloakServerApi;
import com.stackpath.cloak.vpn.OpenVPNService;
import i.a.w;
import io.realm.b0;
import io.realm.x;
import java.io.File;
import java.io.IOException;
import java.io.StringWriter;
import java.security.SecureRandom;
import org.spongycastle.operator.OperatorCreationException;

/* loaded from: classes.dex */
public class CertificateGenerator {
    private static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----\n";
    private static final String CRL_FILENAME = "crls.pem";
    private static final String END_CERT = "-----END CERTIFICATE-----\n";
    private static final String LINE_BREAk = "\n";
    private CloakServerApi mCloakApi;
    private CloakPreferences mCloakPrefs;
    private File mFileDir;
    private String mNetworkId;
    private String mReferenceKey;

    public CertificateGenerator(Context context, String str, CloakServerApi cloakServerApi, CloakPreferences cloakPreferences) {
        this.mFileDir = context.getFilesDir();
        this.mNetworkId = str;
        this.mCloakApi = cloakServerApi;
        this.mCloakPrefs = cloakPreferences;
    }

    public static i.a.b generateCert(final DeviceCertificateResponse deviceCertificateResponse, final String str, final String str2, final File file) {
        return i.a.b.i(new i.a.e() { // from class: com.stackpath.cloak.util.b
            @Override // i.a.e
            public final void subscribe(i.a.c cVar) {
                CertificateGenerator.lambda$generateCert$2(str, str2, deviceCertificateResponse, file, cVar);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: lambda$createCertificate$0, reason: merged with bridge method [inline-methods] */
    public /* synthetic */ i.a.f a(DeviceCertificateResponse deviceCertificateResponse) throws Exception {
        return generateCert(deviceCertificateResponse, this.mCloakPrefs.getCurrentNetwork(), this.mReferenceKey, this.mFileDir);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$generateCert$1(String str, String str2, DeviceCertificateResponse deviceCertificateResponse, File file, x xVar) {
        Credentials credentials = new Credentials();
        credentials.setNetworkId(str);
        credentials.setKey(str2);
        b0<CrlUrl> b0Var = new b0<>();
        StringBuilder sb = new StringBuilder();
        sb.append(BEGIN_CERT);
        sb.append(deviceCertificateResponse.getEntity().getData());
        sb.append(deviceCertificateResponse.getEntity().getData().length() % 64 != 0 ? LINE_BREAk : "");
        sb.append(END_CERT);
        for (Intermediate intermediate : deviceCertificateResponse.getIntermediates()) {
            sb.append(BEGIN_CERT);
            sb.append(intermediate.getData());
            sb.append(intermediate.getData().length() % 64 != 0 ? LINE_BREAk : "");
            sb.append(END_CERT);
        }
        credentials.setCert(sb.toString());
        StringBuilder sb2 = new StringBuilder();
        for (Anchor anchor : deviceCertificateResponse.getAnchors()) {
            sb2.append(BEGIN_CERT);
            sb2.append(anchor.getData());
            sb2.append(anchor.getData().length() % 64 != 0 ? LINE_BREAk : "");
            sb2.append(END_CERT);
        }
        credentials.setCa(sb2.toString());
        StringBuilder sb3 = new StringBuilder();
        for (Extra extra : deviceCertificateResponse.getExtras()) {
            sb3.append(BEGIN_CERT);
            sb3.append(extra.getData());
            sb3.append(extra.getData().length() % 64 != 0 ? LINE_BREAk : "");
            sb3.append(END_CERT);
        }
        credentials.setExtraCerts(sb3.toString());
        File file2 = new File(file, str + CRL_FILENAME);
        if (!file2.exists()) {
            try {
                file2.createNewFile();
            } catch (IOException e2) {
                m.a.a.d(e2, "Exception creating CRL file", new Object[0]);
            }
        }
        Number s = xVar.x0(CrlUrl.class).s("id");
        int intValue = s == null ? 1 : s.intValue() + 1;
        credentials.setCrlVerify(file2.getAbsolutePath());
        if (deviceCertificateResponse.getCrls() != null) {
            for (String str3 : deviceCertificateResponse.getCrls()) {
                CrlUrl crlUrl = new CrlUrl();
                crlUrl.setId(intValue);
                crlUrl.setCredentials(credentials);
                crlUrl.setUrl(str3);
                b0Var.add(crlUrl);
                intValue++;
            }
        }
        credentials.setCrlUrls(b0Var);
        xVar.u0(credentials);
        m.a.a.h("Certificate updated successfully of %s", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$generateCert$2(final String str, final String str2, final DeviceCertificateResponse deviceCertificateResponse, final File file, i.a.c cVar) throws Exception {
        m.a.a.e("Generating new cert", new Object[0]);
        x o0 = x.o0();
        try {
            o0.l0(new x.a() { // from class: com.stackpath.cloak.util.a
                @Override // io.realm.x.a
                public final void a(x xVar) {
                    CertificateGenerator.lambda$generateCert$1(str, str2, deviceCertificateResponse, file, xVar);
                }
            });
            o0.close();
            cVar.b();
        } catch (Throwable th) {
            if (o0 != null) {
                try {
                    o0.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public i.a.b createCertificate() {
        return getCloakDeviceCertificateResponse(this.mCloakPrefs.getCurrentNetwork()).n(new i.a.d0.j() { // from class: com.stackpath.cloak.util.c
            @Override // i.a.d0.j
            public final Object apply(Object obj) {
                return CertificateGenerator.this.a((DeviceCertificateResponse) obj);
            }
        }).b(CrlGenerator.generateCrlAsCompletable(this.mCloakPrefs));
    }

    public w<DeviceCertificateResponse> getCloakDeviceCertificateResponse(String str) {
        StringWriter stringWriter = new StringWriter();
        org.spongycastle.openssl.a.a aVar = new org.spongycastle.openssl.a.a(stringWriter);
        try {
            org.spongycastle.crypto.m.b bVar = new org.spongycastle.crypto.m.b();
            bVar.d(new org.spongycastle.crypto.o.n(CryptoUtil.RSA_PUBLIC_EXPONENT, new SecureRandom(), CryptoUtil.RSA_BITSIZE, 80));
            org.spongycastle.crypto.b b2 = bVar.b();
            aVar.f(new org.spongycastle.util.io.pem.b("RSA PRIVATE KEY", org.spongycastle.crypto.q.a.a(b2.a()).l()));
            aVar.close();
            this.mReferenceKey = stringWriter.toString();
            org.spongycastle.pkcs.c.a aVar2 = new org.spongycastle.pkcs.c.a(new org.spongycastle.asn1.f2.c(OpenVPNService.X500_NAME_STRING), b2.b());
            org.spongycastle.asn1.x509.a b3 = new org.spongycastle.operator.c().b("SHA256withRSA");
            return this.mCloakApi.getDeviceCertificateRequest(str, Base64.encodeToString(aVar2.a(new org.spongycastle.operator.d.d(b3, new org.spongycastle.operator.b().a(b3)).b(b2.a())).a(), 4));
        } catch (IOException | OperatorCreationException e2) {
            m.a.a.c(e2);
            return w.j(e2);
        }
    }
}
