package org.kde.kdeconnect.Helpers.SecurityHelpers;

import android.annotation.SuppressLint;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.res.Configuration;
import android.content.res.Resources;
import android.preference.PreferenceManager;
import android.util.Base64;
import android.util.Log;
import j$.time.LocalDate;
import j$.time.ZoneId;
import j$.util.DesugarDate;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Formatter;
import java.util.Locale;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.sshd.client.config.keys.ClientIdentity;
import org.apache.sshd.common.signature.SignatureECDSA;
import org.apache.sshd.common.signature.SignatureRSASHA512;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.kde.kdeconnect.Helpers.DeviceHelper;
import org.kde.kdeconnect.Helpers.RandomHelper;
import org.kde.kdeconnect.KdeConnect;

/* loaded from: classes3.dex */
public class SslHelper {
    public static Certificate certificate;
    private static final CertificateFactory factory;

    @SuppressLint({"CustomX509TrustManager", "TrustAllX509TrustManager"})
    private static final TrustManager[] trustAllCerts;

    static {
        try {
            factory = CertificateFactory.getInstance("X.509");
            trustAllCerts = new TrustManager[]{new X509TrustManager() { // from class: org.kde.kdeconnect.Helpers.SecurityHelpers.SslHelper.1
                private final X509Certificate[] issuers = new X509Certificate[0];

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return this.issuers;
                }
            }};
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    private static void configureSslSocket(SSLSocket sSLSocket, boolean z, boolean z2) {
        sSLSocket.setSoTimeout(10000);
        if (z2) {
            sSLSocket.setUseClientMode(true);
            return;
        }
        sSLSocket.setUseClientMode(false);
        if (z) {
            sSLSocket.setNeedClientAuth(true);
        } else {
            sSLSocket.setWantClientAuth(true);
        }
    }

    public static SSLSocket convertToSslSocket(Context context, Socket socket, String str, boolean z, boolean z2) {
        SSLSocket sSLSocket = (SSLSocket) getSslContextForDevice(context, str, z).getSocketFactory().createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
        configureSslSocket(sSLSocket, z, z2);
        return sSLSocket;
    }

    public static String getCertificateHash(Certificate certificate2) {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(certificate2.getEncoded());
            Formatter formatter = new Formatter();
            for (byte b : digest) {
                formatter.format("%02x:", Byte.valueOf(b));
            }
            return formatter.toString();
        } catch (NoSuchAlgorithmException | CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getCommonNameFromCertificate(X509Certificate x509Certificate) {
        return IETFUtils.valueToString(new X500Name(x509Certificate.getSubjectX500Principal().getName()).getRDNs(BCStyle.CN)[0].getFirst().getValue());
    }

    public static Certificate getDeviceCertificate(Context context, String str) {
        return parseCertificate(Base64.decode(context.getSharedPreferences(str, 0).getString("certificate", ClientIdentity.ID_FILE_SUFFIX), 0));
    }

    private static SSLContext getSslContextForDevice(Context context, String str, boolean z) {
        try {
            PrivateKey privateKey = RsaHelper.getPrivateKey(context);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("key", privateKey, ClientIdentity.ID_FILE_SUFFIX.toCharArray(), new Certificate[]{certificate});
            if (z) {
                keyStore.setCertificateEntry(str, getDeviceCertificate(context, str));
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, ClientIdentity.ID_FILE_SUFFIX.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            if (z) {
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), RandomHelper.secureRandom);
                return sSLContext;
            }
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, RandomHelper.secureRandom);
            return sSLContext;
        } catch (Exception e) {
            Log.e("KDE/SslHelper", "Error creating tls context", e);
            return null;
        }
    }

    public static void initialiseCertificate(Context context) {
        try {
            PrivateKey privateKey = RsaHelper.getPrivateKey(context);
            PublicKey publicKey = RsaHelper.getPublicKey(context);
            Log.i("SslHelper", "Key algorithm: " + publicKey.getAlgorithm());
            String deviceId = DeviceHelper.getDeviceId(context);
            SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
            if (defaultSharedPreferences.contains("certificate")) {
                Date date = new Date();
                try {
                    X509Certificate x509Certificate = (X509Certificate) parseCertificate(Base64.decode(PreferenceManager.getDefaultSharedPreferences(context).getString("certificate", ClientIdentity.ID_FILE_SUFFIX), 0));
                    String commonNameFromCertificate = getCommonNameFromCertificate(x509Certificate);
                    if (!commonNameFromCertificate.equals(deviceId)) {
                        Log.e("KDE/SslHelper", "The certificate stored is from a different device id! (found: " + commonNameFromCertificate + " expected:" + deviceId + ")");
                    } else if (x509Certificate.getNotAfter().getTime() < date.getTime()) {
                        Log.e("KDE/SslHelper", "The certificate expired: " + x509Certificate.getNotAfter());
                    } else {
                        if (x509Certificate.getNotBefore().getTime() <= date.getTime()) {
                            certificate = x509Certificate;
                            return;
                        }
                        Log.e("KDE/SslHelper", "The certificate is not effective yet: " + x509Certificate.getNotBefore());
                    }
                } catch (Exception e) {
                    Log.e("KDE/SslHelper", "Exception reading own certificate", e);
                }
            }
            KdeConnect.getInstance().removeRememberedDevices();
            Log.i("KDE/SslHelper", "Generating a certificate");
            try {
                Locale locale = Locale.getDefault();
                setLocale(Locale.ENGLISH, context);
                X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
                x500NameBuilder.addRDN(BCStyle.CN, deviceId);
                x500NameBuilder.addRDN(BCStyle.OU, "KDE Connect");
                x500NameBuilder.addRDN(BCStyle.O, "KDE");
                LocalDate now = LocalDate.now();
                byte[] encoded = new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.ONE, DesugarDate.from(now.minusYears(1L).atStartOfDay(ZoneId.systemDefault()).toInstant()), DesugarDate.from(now.plusYears(10L).atStartOfDay(ZoneId.systemDefault()).toInstant()), x500NameBuilder.build(), publicKey).build(new JcaContentSignerBuilder("RSA".equals(privateKey.getAlgorithm()) ? SignatureRSASHA512.ALGORITHM : SignatureECDSA.SignatureECDSA521.DEFAULT_ALGORITHM).build(privateKey)).getEncoded();
                certificate = parseCertificate(encoded);
                SharedPreferences.Editor edit = defaultSharedPreferences.edit();
                edit.putString("certificate", Base64.encodeToString(encoded, 0));
                edit.apply();
                setLocale(locale, context);
            } catch (Exception e2) {
                Log.e("KDE/initialiseCert", "Exception", e2);
            }
        } catch (Exception unused) {
            Log.e("SslHelper", "Error getting keys, can't create certificate");
        }
    }

    public static boolean isCertificateStored(Context context, String str) {
        return !context.getSharedPreferences(str, 0).getString("certificate", ClientIdentity.ID_FILE_SUFFIX).isEmpty();
    }

    public static Certificate parseCertificate(byte[] bArr) {
        return factory.generateCertificate(new ByteArrayInputStream(bArr));
    }

    private static void setLocale(Locale locale, Context context) {
        Locale.setDefault(locale);
        Resources resources = context.getResources();
        Configuration configuration = resources.getConfiguration();
        configuration.locale = locale;
        resources.updateConfiguration(configuration, resources.getDisplayMetrics());
    }
}
