package app.ssldecryptor;

import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Locale;
import javax.security.auth.x500.X500Principal;
import kotlin.jvm.internal.Intrinsics;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509CertificateHolder;
import org.spongycastle.operator.ContentSigner;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* compiled from: ProxyCertGenerator.kt */
/* loaded from: classes.dex */
public final class ProxyCertGenerator {
    public static final ProxyCertGenerator INSTANCE = new ProxyCertGenerator();
    private static final String BC = BC;
    private static final String BC = BC;
    private static long ONEYEAR_IN_MS = 31536000000L;

    private ProxyCertGenerator() {
    }

    private final KeyPair generateRSAKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BC);
        keyPairGenerator.initialize(1024, new SecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "kpGen.generateKeyPair()");
        return generateKeyPair;
    }

    private final X509Certificate generateV3Certificate(PublicKey publicKey, CertKeyStore certKeyStore, X509Certificate x509Certificate) throws InvalidKeyException, NoSuchProviderException, SignatureException {
        X500Principal subjectX500Principal = certKeyStore.getCert().getSubjectX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal, "caCert.cert.getSubjectX500Principal()");
        X500Name x500Name = X500Name.getInstance(subjectX500Principal.getEncoded());
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Date date = new Date(System.currentTimeMillis() - ONEYEAR_IN_MS);
        Date date2 = new Date(System.currentTimeMillis() + ONEYEAR_IN_MS);
        Locale locale = Locale.ENGLISH;
        X500Principal subjectX500Principal2 = x509Certificate.getSubjectX500Principal();
        Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal2, "orgCert.getSubjectX500Principal()");
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, valueOf, date, date2, locale, X500Name.getInstance(subjectX500Principal2.getEncoded()), SubjectPublicKeyInfo.getInstance(publicKey.getEncoded()));
        try {
            x509v3CertificateBuilder.copyAndAddExtension(X509Extension.subjectAlternativeName, false, new JcaX509CertificateHolder(x509Certificate));
        } catch (Exception e) {
            System.out.printf("failed to copy extension %s\n", e.toString());
        }
        ContentSigner build = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(certKeyStore.getPrivKey());
        Intrinsics.checkExpressionValueIsNotNull(build, "JcaContentSignerBuilder(…BC).build(caCert.privKey)");
        X509CertificateHolder build2 = x509v3CertificateBuilder.build(build);
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        jcaX509CertificateConverter.setProvider(BC);
        X509Certificate certificate = jcaX509CertificateConverter.getCertificate(build2);
        Intrinsics.checkExpressionValueIsNotNull(certificate, "converter.getCertificate(holder)");
        return certificate;
    }

    public final CertKeyStore generate(X509Certificate orgCert, CertKeyStore caCert) {
        Intrinsics.checkParameterIsNotNull(orgCert, "orgCert");
        Intrinsics.checkParameterIsNotNull(caCert, "caCert");
        KeyPair generateRSAKeyPair = generateRSAKeyPair();
        PublicKey publicKey = generateRSAKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "pair.getPublic()");
        X509Certificate generateV3Certificate = generateV3Certificate(publicKey, caCert, orgCert);
        generateV3Certificate.checkValidity(new Date());
        generateV3Certificate.verify(caCert.getCert().getPublicKey());
        char[] charArray = "keypass".toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, charArray);
        keyStore.setKeyEntry("alias", generateRSAKeyPair.getPrivate(), charArray, new Certificate[]{generateV3Certificate});
        Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
        PrivateKey privateKey = generateRSAKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "pair.getPrivate()");
        return new CertKeyStore(keyStore, charArray, generateV3Certificate, privateKey);
    }
}
