package b.f.a.a.a.b.a.e;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Random;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: classes2.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    private static final String f631a = "b.f.a.a.a.b.a.e.b";

    /* renamed from: b, reason: collision with root package name */
    private static final org.slf4j.b f632b;

    /* renamed from: c, reason: collision with root package name */
    private static String f633c;

    static {
        org.slf4j.b i = org.slf4j.c.i(b.class);
        f632b = i;
        b.f.a.a.a.b.c.b.e(i);
        f633c = String.valueOf(new Random(System.currentTimeMillis()).nextInt());
    }

    private static PrivateKey a(InputStream inputStream, String str) throws IOException, GeneralSecurityException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        boolean z = false;
        boolean z2 = false;
        while (true) {
            if (readLine == null) {
                break;
            }
            if (z) {
                if (readLine.startsWith("-----END ") && readLine.endsWith(" PRIVATE KEY-----")) {
                    z2 = readLine.contains("RSA");
                    break;
                }
                sb.append(readLine);
            } else if (readLine.startsWith("-----BEGIN ") && readLine.endsWith(" PRIVATE KEY-----")) {
                z = true;
                z2 = readLine.contains("RSA");
            }
            readLine = bufferedReader.readLine();
        }
        byte[] a2 = c.a(sb.toString(), 0);
        KeySpec b2 = z2 ? b(a2) : new PKCS8EncodedKeySpec(a2);
        if (str == null) {
            str = "RSA";
        }
        return KeyFactory.getInstance(str).generatePrivate(b2);
    }

    private static RSAPrivateCrtKeySpec b(byte[] bArr) throws IOException {
        a b2 = new d(bArr).b();
        if (b2.c() != 16) {
            throw new IOException("Invalid DER: not a sequence");
        }
        d b3 = b2.b();
        b3.b();
        return new RSAPrivateCrtKeySpec(b3.b().a(), b3.b().a(), b3.b().a(), b3.b().a(), b3.b().a(), b3.b().a(), b3.b().a(), b3.b().a());
    }

    public static SSLSocketFactory c(InputStream inputStream, InputStream inputStream2) {
        return d(inputStream, inputStream2, null);
    }

    public static SSLSocketFactory d(InputStream inputStream, InputStream inputStream2, String str) {
        CertificateFactory certificateFactory;
        Security.addProvider(new BouncyCastleProvider());
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            b.f.a.a.a.b.c.b.b(f631a, "getSocketFactory failed, create CertificateFactory error. " + e);
            certificateFactory = null;
        }
        org.bouncycastle.openssl.e eVar = new org.bouncycastle.openssl.e(new InputStreamReader((str == null || str.length() <= 0) ? new ByteArrayInputStream(b.f.a.a.a.b.a.a.a.f603a.getBytes(Charset.forName("UTF-8"))) : new ByteArrayInputStream(str.getBytes(Charset.forName("UTF-8")))));
        try {
            Object readObject = eVar.readObject();
            if (!(readObject instanceof org.bouncycastle.cert.d)) {
                b.f.a.a.a.b.c.b.b(f631a, "CA file not X509CertificateHolder.");
                return null;
            }
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(((org.bouncycastle.cert.d) readObject).a());
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                eVar.close();
                org.bouncycastle.openssl.e eVar2 = new org.bouncycastle.openssl.e(new InputStreamReader(inputStream));
                try {
                    Object readObject2 = eVar2.readObject();
                    if (!(readObject2 instanceof org.bouncycastle.cert.d)) {
                        b.f.a.a.a.b.c.b.b(f631a, "Client CRT file not X509CertificateHolder.");
                        return null;
                    }
                    try {
                        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(((org.bouncycastle.cert.d) readObject2).a());
                        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                        byteArrayInputStream2.close();
                        eVar2.close();
                        try {
                            PrivateKey a2 = a(inputStream2, null);
                            try {
                                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                                keyStore.load(null, null);
                                keyStore.setCertificateEntry("ca-certificate", x509Certificate);
                                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                                trustManagerFactory.init(keyStore);
                                KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                                keyStore2.load(null, null);
                                keyStore2.setCertificateEntry("certificate", x509Certificate2);
                                keyStore2.setKeyEntry("private-key", a2, f633c.toCharArray(), new Certificate[]{x509Certificate2});
                                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                                keyManagerFactory.init(keyStore2, f633c.toCharArray());
                                SSLContext sSLContext = SSLContext.getInstance("TLS");
                                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                                return sSLContext.getSocketFactory();
                            } catch (Exception e2) {
                                b.f.a.a.a.b.c.b.b(f631a, "construct SSLSocketFactory failed. " + e2);
                                return null;
                            }
                        } catch (Exception e3) {
                            b.f.a.a.a.b.c.b.b(f631a, "generate PrivateKey failed. " + e3);
                            return null;
                        }
                    } catch (Exception e4) {
                        b.f.a.a.a.b.c.b.b(f631a, "generate Client certtificate failed. " + e4);
                        return null;
                    }
                } catch (IOException e5) {
                    b.f.a.a.a.b.c.b.b(f631a, "parse Client CRT failed. " + e5);
                    return null;
                }
            } catch (Exception e6) {
                b.f.a.a.a.b.c.b.b(f631a, "generate CA certtificate failed. " + e6);
                return null;
            }
        } catch (IOException e7) {
            b.f.a.a.a.b.c.b.b(f631a, "parse CA failed." + e7);
            return null;
        }
    }
}
