package com.seven.asimov.install;

import android.content.Context;
import android.os.Build;
import com.seven.asimov.cert.BKSCACertUpdater;
import com.seven.asimov.cert.CertUtils;
import com.seven.asimov.cert.ICACertInstaller;
import com.seven.asimov.cert.KeyChainCACertUpdater;
import com.seven.asimov.ocengine.userevent.UserEventManager;
import com.seven.crcs.ServiceMessageFieldTypes;
import com.seven.security.OCCertificateConstants;
import com.seven.util.Logger;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: classes.dex */
public class CACertInstaller {
    private static final Logger a;
    private byte[] b;
    private X509Certificate c;
    private KeyPair d;
    private X509Certificate e;
    private KeyPair f;
    private ICACertInstaller g;
    private boolean h;
    private Object i;

    /* loaded from: classes.dex */
    public static class Holder {
        public static final CACertInstaller INSTANCE = new CACertInstaller();
    }

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        a = Logger.getLogger(CACertInstaller.class);
    }

    private CACertInstaller() {
        this.b = new byte[]{123, 83, 101, 118, 101, 110, 96, 115, 83, 101, 99, 114, 101, 116, 67, 114, 121, 112, 116, 111, 103, 114, 97, 116, 104, 105, 99, 75, 101, 121, 33, 125};
        this.c = null;
        this.d = null;
        this.e = null;
        this.f = null;
        this.i = new Object();
        this.g = Build.VERSION.SDK_INT >= 14 ? new KeyChainCACertUpdater() : new BKSCACertUpdater();
    }

    private KeyPair a(String str) {
        try {
            File file = new File(OCCertificateConstants.OC_CA_PUBLIC_KEY_PATH);
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[(int) file.length()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            File file2 = new File(OCCertificateConstants.OC_CA_PRIVATE_KEY_PATH);
            FileInputStream fileInputStream2 = new FileInputStream(file2);
            byte[] bArr2 = new byte[(int) file2.length()];
            fileInputStream2.read(bArr2);
            fileInputStream2.close();
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(bArr));
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.b, "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "SC");
            cipher.init(2, secretKeySpec);
            byte[] bArr3 = new byte[cipher.getOutputSize(bArr2.length)];
            int update = cipher.update(bArr2, 0, bArr2.length, bArr3, 0);
            int doFinal = cipher.doFinal(bArr3, update) + update;
            return new KeyPair(generatePublic, keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr3)));
        } catch (Exception e) {
            if (Logger.isError() && !(e instanceof FileNotFoundException)) {
                a.error("Failed to load CA key pair: ", e);
            }
            return null;
        }
    }

    private X509Certificate a(Context context, boolean z) {
        long j = OCCertificateConstants.YEARS_25;
        try {
            if (z) {
                this.d = CertUtils.generateKeyPair();
                a(this.d);
            } else {
                this.f = CertUtils.generateKeyPair();
            }
            a.debug("[generateCACert]:root_on:C=US, O=SEVEN Networks Inc., OU=AdClear Primary Certificate,isTrusted:" + z);
            X500Principal x500Principal = new X500Principal(z ? OCCertificateConstants.ROOT_DN : OCCertificateConstants.UNTRUSTED_ROOT_DN);
            BigInteger generateCertSerialNumber = CertUtils.generateCertSerialNumber(context);
            Date date = new Date(System.currentTimeMillis() - (z ? 788400000000L : 31536000000L));
            long currentTimeMillis = System.currentTimeMillis();
            if (!z) {
                j = 31536000000L;
            }
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, generateCertSerialNumber, date, new Date(j + currentTimeMillis), x500Principal, z ? this.d.getPublic() : this.f.getPublic());
            jcaX509v3CertificateBuilder.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
            jcaX509v3CertificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(134));
            jcaX509v3CertificateBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(z ? this.d.getPublic() : this.f.getPublic()));
            return new JcaX509CertificateConverter().setProvider("SC").getCertificate(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder(OCCertificateConstants.SIG_ALG_SHA_1).setProvider("SC").build(z ? this.d.getPrivate() : this.f.getPrivate())));
        } catch (Exception e) {
            if (Logger.isFatal()) {
                a.fatal("Failed to create OC CA certificate: " + e.toString(), e);
            }
            return null;
        }
    }

    private void a(KeyPair keyPair) throws IOException {
        try {
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
            FileOutputStream fileOutputStream = new FileOutputStream(OCCertificateConstants.OC_CA_PUBLIC_KEY_PATH);
            fileOutputStream.write(x509EncodedKeySpec.getEncoded());
            fileOutputStream.close();
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());
            FileOutputStream fileOutputStream2 = new FileOutputStream(OCCertificateConstants.OC_CA_PRIVATE_KEY_PATH);
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.b, "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "SC");
            cipher.init(1, secretKeySpec);
            byte[] encoded = pKCS8EncodedKeySpec.getEncoded();
            byte[] bArr = new byte[cipher.getOutputSize(encoded.length)];
            int update = cipher.update(encoded, 0, encoded.length, bArr, 0);
            fileOutputStream2.write(bArr, 0, cipher.doFinal(bArr, update) + update);
            fileOutputStream2.close();
        } catch (Exception e) {
            if (Logger.isError()) {
                a.error("Failed to save CA key pair: ", e);
            }
        }
    }

    private boolean a() throws Exception {
        this.d = a(OCCertificateConstants.KP_ALG_RSA);
        if (this.d != null) {
            this.c = CertUtils.getOCRootCert(this.d.getPublic());
            if (this.c != null) {
                if (Logger.isDebug()) {
                    a.debug("OC CA is already exist in TrustStore.");
                }
                return false;
            }
        }
        if (Logger.isDebug()) {
            a.debug("OC CA will be installed to TrustStore.");
        }
        return true;
    }

    private boolean b() {
        ArrayList<X509Certificate> arrayList = new ArrayList();
        X509Certificate[] acceptedIssuers = CertUtils.getAcceptedIssuers();
        if (acceptedIssuers == null) {
            throw new IllegalStateException();
        }
        for (X509Certificate x509Certificate : acceptedIssuers) {
            if (x509Certificate.getIssuerDN().toString().matches(OCCertificateConstants.STRANGE_CERTS_REGEXP) || x509Certificate.getSubjectDN().toString().matches(OCCertificateConstants.STRANGE_CERTS_REGEXP)) {
                arrayList.add(x509Certificate);
            }
        }
        boolean z = arrayList.size() > 1;
        boolean z2 = z;
        for (X509Certificate x509Certificate2 : arrayList) {
            if (!OCCertificateConstants.ROOT_DN.equals(x509Certificate2.getIssuerX500Principal().toString())) {
                z2 = true;
            }
            if (z2) {
                if (Logger.isDebug()) {
                    a.debug(String.format("Strange cert: %s", x509Certificate2.toString()));
                } else if (Logger.isInfo()) {
                    a.info(String.format("Strange cert DN: %s", x509Certificate2.getIssuerDN().toString()));
                }
            }
        }
        return z2;
    }

    private boolean c() throws Exception {
        KeyPair a2 = a(OCCertificateConstants.KP_ALG_RSA);
        if (a2 == null || CertUtils.getOCRootCert(a2.getPublic()) == null) {
            if (Logger.isDebug()) {
                a.debug("OC CA will be installed to TrustStore.");
            }
            return true;
        }
        if (Logger.isDebug()) {
            a.debug("OC CA is already exist in TrustStore.");
        }
        return false;
    }

    public static CACertInstaller getInstance() {
        return Holder.INSTANCE;
    }

    public X509Certificate getFakeRootCert(Context context) {
        if (this.e == null) {
            this.e = a(context, false);
        }
        return this.e;
    }

    public KeyPair getFakeRootCertKeyPair(Context context) {
        if (this.f == null) {
            this.e = a(context, false);
        }
        return this.f;
    }

    public X509Certificate getOCRootCert() {
        return this.c;
    }

    public KeyPair getOCRootCertKeyPair() {
        return this.d;
    }

    public boolean install(Context context) {
        boolean z;
        Exception e;
        boolean z2 = false;
        if (Logger.isInfo()) {
            a.info("Start to install CA...");
        }
        synchronized (this.i) {
            long currentTimeMillis = System.currentTimeMillis();
            try {
                if (b()) {
                    if (Logger.isWarn()) {
                        a.warn("Strange OC CA detected ");
                    }
                    UserEventManager.getInstance().addSystemEvent(System.currentTimeMillis(), ServiceMessageFieldTypes.Type.CA_INSTALL_FAILED, ServiceMessageFieldTypes.Action.EVENT);
                }
            } catch (IllegalStateException e2) {
                if (Logger.isError()) {
                    a.error("Failed to check keystore for a strange certs");
                }
            }
            try {
                try {
                    this.h = a();
                    if (this.h) {
                        this.c = a(context, true);
                        if (this.c == null) {
                            if (Logger.isWarn()) {
                                a.warn("OC CA is null.");
                            }
                            long currentTimeMillis2 = System.currentTimeMillis();
                            if (Logger.isDebug()) {
                                a.debug(String.format("OC CA install/verify took %d ms", Long.valueOf(currentTimeMillis2 - currentTimeMillis)));
                            }
                        } else {
                            z = this.g.addToTrustStore(this.c);
                            try {
                                if (z) {
                                    if (Logger.isInfo()) {
                                        a.info("OC CA requested to save into TrustStore.");
                                    }
                                } else if (Logger.isError()) {
                                    a.error("OC CA saving request to TrustStore failed.");
                                }
                                saveCertificate();
                                z2 = z;
                            } catch (Exception e3) {
                                e = e3;
                                if (Logger.isError()) {
                                    a.error("OC CA install failed", e);
                                }
                                long currentTimeMillis3 = System.currentTimeMillis();
                                if (Logger.isDebug()) {
                                    a.debug(String.format("OC CA install/verify took %d ms", Long.valueOf(currentTimeMillis3 - currentTimeMillis)));
                                }
                                z2 = z;
                                return z2;
                            }
                        }
                    } else {
                        File file = new File(BKSCACertUpdater.CA_CERT_PATH);
                        if (file.exists()) {
                            file.delete();
                        }
                        z2 = true;
                    }
                    long currentTimeMillis4 = System.currentTimeMillis();
                    if (Logger.isDebug()) {
                        a.debug(String.format("OC CA install/verify took %d ms", Long.valueOf(currentTimeMillis4 - currentTimeMillis)));
                    }
                } catch (Throwable th) {
                    long currentTimeMillis5 = System.currentTimeMillis();
                    if (Logger.isDebug()) {
                        a.debug(String.format("OC CA install/verify took %d ms", Long.valueOf(currentTimeMillis5 - currentTimeMillis)));
                    }
                    throw th;
                }
            } catch (Exception e4) {
                z = false;
                e = e4;
            }
        }
        return z2;
    }

    public boolean isCACertInstalled() {
        if (Logger.isDebug()) {
            a.debug("isCACertInstalled:" + CertUtils.isCACertInstalled());
        }
        return CertUtils.isCACertInstalled();
    }

    public boolean isCACertInvalid() {
        try {
            if (Logger.isDebug()) {
                a.debug("isCACertInvalid:" + isCACertInstalled() + "," + c());
            }
            if (isCACertInstalled()) {
                if (c()) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            e.printStackTrace();
            return true;
        }
    }

    public boolean isCertificatFileExists() {
        boolean exists = new File(OCCertificateConstants.OC_CA_CERTIFICATE_FILE_PATH).exists();
        a.debug("isCertificatFileExists:" + exists);
        return exists;
    }

    public String saveCertificate() {
        String str = OCCertificateConstants.OC_CA_CERTIFICATE_FILE_PATH;
        if (Logger.isDebug()) {
            a.debug("saveCertificate:" + this.c);
        }
        if (this.c == null) {
            return null;
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(str);
            fileOutputStream.write(this.c.getEncoded());
            fileOutputStream.close();
            return str;
        } catch (Exception e) {
            if (!Logger.isError()) {
                return null;
            }
            a.error("Failed to save certificate:", e);
            return null;
        }
    }
}
