package com.bairuitech.anychat;

import android.os.Build;
import android.util.Base64;
import android.util.Log;
import com.cfmmc.common.ca.CertificateHandle;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyFactory;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AnyChatCertHelper {
    private static final int AC_RSA_PKCS1_OAEP_PADDING_SHE256 = 100;
    private static final String RSA = "RSA";
    private static final String RSA_OAEP_SHA256_PADDING = "RSA/ECB/OAEPWithSHA256AndMGF1Padding";
    private static String beginCertificate = "-----BEGIN CERTIFICATE-----";
    private static String endCertificate = "-----END CERTIFICATE-----";

    public static int GetRSAPaddingMode(int i) {
        return 100;
    }

    public static String GetX509CertInfo(byte[] bArr) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(CertificateHandle.X509).generateCertificate(new ByteArrayInputStream(bArr));
            PublicKey publicKey = x509Certificate.getPublicKey();
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("Before", x509Certificate.getNotBefore().getTime() / 1000);
            jSONObject.put("After", x509Certificate.getNotAfter().getTime() / 1000);
            jSONObject.put("OwnerUrl", cropString(x509Certificate.getSubjectDN().getName()));
            jSONObject.put("PubKey", Base64.encodeToString(publicKey.getEncoded(), 2));
            return jSONObject.toString();
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "GetX509CertInfo failure", e.fillInStackTrace());
            return null;
        }
    }

    public static byte[] RSA_PrivateDecrypt(byte[] bArr, byte[] bArr2) {
        try {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(getKey(bArr2), 2)));
            int bitLength = rSAPrivateKey.getModulus().bitLength();
            Cipher cipher = Cipher.getInstance(RSA_OAEP_SHA256_PADDING);
            cipher.init(2, rSAPrivateKey);
            return rsaSplitCodec(2, bArr, bitLength, cipher);
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "RSA_PrivateDecrypt failure", e.fillInStackTrace());
            return null;
        }
    }

    public static byte[] RSA_PrivateEncrypt(byte[] bArr, byte[] bArr2) {
        try {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(getKey(bArr2), 2)));
            int bitLength = rSAPrivateKey.getModulus().bitLength();
            Cipher cipher = Cipher.getInstance(RSA_OAEP_SHA256_PADDING);
            cipher.init(1, rSAPrivateKey);
            return rsaSplitCodec(1, bArr, bitLength, cipher);
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "RSA_PrivateEncrypt failure", e.fillInStackTrace());
            return null;
        }
    }

    public static byte[] RSA_PublicDecrypt(byte[] bArr, byte[] bArr2) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(bArr2, 2)));
            int bitLength = rSAPublicKey.getModulus().bitLength();
            Cipher cipher = Cipher.getInstance(RSA_OAEP_SHA256_PADDING);
            cipher.init(2, rSAPublicKey);
            return rsaSplitCodec(2, bArr, bitLength, cipher);
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "RSA_PublicDecrypt failure", e.fillInStackTrace());
            return null;
        }
    }

    public static byte[] RSA_PublicEncrypt(byte[] bArr, byte[] bArr2) {
        try {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(bArr2, 2)));
            int bitLength = rSAPublicKey.getModulus().bitLength();
            Cipher cipher = Cipher.getInstance(RSA_OAEP_SHA256_PADDING);
            cipher.init(1, rSAPublicKey);
            return rsaSplitCodec(1, bArr, bitLength, cipher);
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "RSA_PublicEncrypt failure", e.fillInStackTrace());
            return null;
        }
    }

    public static int VerifyX509Cert(byte[] bArr, byte[] bArr2) {
        String str;
        ArrayList arrayList = new ArrayList();
        String str2 = new String(bArr);
        if (str2.length() > 0) {
            String[] split = str2.split(beginCertificate);
            str = String.valueOf(beginCertificate) + split[split.length - 1];
        } else {
            str = null;
        }
        try {
            String[] splitCert = splitCert(str.getBytes());
            CertificateFactory certificateFactory = Build.VERSION.SDK_INT >= 27 ? CertificateFactory.getInstance(CertificateHandle.X509) : CertificateFactory.getInstance(CertificateHandle.X509, BouncyCastleProvider.PROVIDER_NAME);
            arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(bArr2)));
            for (String str3 : splitCert) {
                if (str3.indexOf(beginCertificate) == -1) {
                    break;
                }
                StringBuilder sb = new StringBuilder();
                sb.append(str3);
                if (!str3.endsWith(endCertificate)) {
                    sb.append(endCertificate);
                }
                try {
                    arrayList.add((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(sb.toString().getBytes())));
                } catch (Exception e) {
                    Log.e("AnyChatCertHelper", "VerifyX509Cert parse failure", e.fillInStackTrace());
                }
            }
            List<X509Certificate> order = order(arrayList);
            if (order.size() > 0) {
                X509Certificate x509Certificate = order.get(order.size() - 1);
                if (!x509Certificate.getIssuerDN().equals(x509Certificate.getSubjectDN())) {
                    X509Certificate rootCert = getRootCert(x509Certificate);
                    if (rootCert == null) {
                        return -1;
                    }
                    order.add(rootCert);
                }
                verifyCerts(order);
            }
            return 0;
        } catch (Exception e2) {
            Log.e("AnyChatCertHelper", "VerifyX509Cert failure", e2.fillInStackTrace());
            return -1;
        }
    }

    private static String cropString(String str) {
        StringBuilder sb = new StringBuilder();
        Matcher matcher = Pattern.compile("(?<=CN\\=).*?(?=,|(s*$))").matcher(str);
        while (matcher.find()) {
            sb.append(matcher.group());
        }
        return sb.toString();
    }

    private static X509Certificate findParent(List<X509Certificate> list, X509Certificate x509Certificate) {
        X509Certificate x509Certificate2;
        Principal issuerDN = x509Certificate.getIssuerDN();
        if (issuerDN.equals(x509Certificate.getSubjectDN())) {
            return null;
        }
        for (int i = 0; i < list.size() && (x509Certificate2 = list.get(i)) != null; i++) {
            if (issuerDN.equals(x509Certificate2.getSubjectDN())) {
                return x509Certificate2;
            }
        }
        return null;
    }

    private static byte[] getKey(byte[] bArr) {
        String str = new String(bArr);
        return str.substring(str.indexOf("Y-----") + 7, str.lastIndexOf("-----E")).getBytes();
    }

    public static X509Certificate getRootCert(X509Certificate x509Certificate) {
        try {
            File file = new File(String.valueOf(System.getenv("ANDROID_ROOT")) + "/etc/security/cacerts");
            if (!file.isDirectory()) {
                return null;
            }
            for (String str : file.list()) {
                X509Certificate readCertificate = readCertificate(file, str);
                if (readCertificate == null) {
                    return null;
                }
                if (cropString(readCertificate.getSubjectDN().getName()).equals(cropString(x509Certificate.getIssuerDN().getName()))) {
                    return readCertificate;
                }
            }
            return null;
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "Get RootCert failure", e.fillInStackTrace());
            return null;
        }
    }

    private static List<X509Certificate> order(List<X509Certificate> list) {
        ArrayList arrayList = new ArrayList();
        X509Certificate x509Certificate = list.get(0);
        arrayList.add(x509Certificate);
        for (int i = 0; i < list.size() && (x509Certificate = findParent(list, x509Certificate)) != null; i++) {
            arrayList.add(x509Certificate);
        }
        return arrayList;
    }

    private static X509Certificate readCertificate(File file, String str) {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(file, str)));
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(CertificateHandle.X509).generateCertificate(bufferedInputStream);
            bufferedInputStream.close();
            return x509Certificate;
        } catch (Exception e) {
            Log.e("AnyChatCertHelper", "Read Certificate failure", e.fillInStackTrace());
            return null;
        }
    }

    private static byte[] rsaSplitCodec(int i, byte[] bArr, int i2, Cipher cipher) throws Exception {
        int length = bArr.length;
        int i3 = i == 2 ? i2 / 8 : (i2 / 8) - 66;
        if (length <= i3) {
            return cipher.doFinal(bArr);
        }
        ArrayList arrayList = new ArrayList();
        byte[] bArr2 = new byte[i3];
        int i4 = 0;
        int i5 = 0;
        int i6 = 0;
        while (i5 < length) {
            bArr2[i6] = bArr[i5];
            i6++;
            if (i6 == i3 || i5 == length - 1) {
                for (byte b : cipher.doFinal(bArr2)) {
                    arrayList.add(Byte.valueOf(b));
                }
                bArr2 = i5 == length + (-1) ? null : new byte[Math.min(i3, (length - i5) - 1)];
                i6 = 0;
            }
            i5++;
        }
        byte[] bArr3 = new byte[arrayList.size()];
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            bArr3[i4] = ((Byte) it.next()).byteValue();
            i4++;
        }
        return bArr3;
    }

    private static String[] splitCert(byte[] bArr) {
        return new String(bArr).split(endCertificate);
    }

    private static void verifyCerts(List<X509Certificate> list) throws Exception {
        int size = list.size();
        int i = 0;
        while (true) {
            int i2 = size - 1;
            if (i >= i2) {
                X509Certificate x509Certificate = list.get(i2);
                x509Certificate.verify(x509Certificate.getPublicKey());
                return;
            } else {
                X509Certificate x509Certificate2 = list.get(i);
                i++;
                x509Certificate2.verify(list.get(i).getPublicKey());
            }
        }
    }
}
