package com.tencent.iot.hub.device.java.core.util;

import com.mpush.util.crypto.RSAUtils;
import com.tencent.iot.hub.device.java.core.device.CA;
import com.tencent.iot.hub.device.java.utils.Loggor;
import e.b.e.e.b.d;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Random;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.e;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;
import org.slf4j.b;
import org.slf4j.c;

/* loaded from: classes2.dex */
public class AsymcSslUtils {
    private static String PASSWORD = null;
    private static final String TAG = "com.tencent.iot.hub.device.java.core.util.AsymcSslUtils";
    private static final b logger;

    static {
        b i = c.i(AsymcSslUtils.class);
        logger = i;
        Loggor.setLogger(i);
        PASSWORD = String.valueOf(new Random(System.currentTimeMillis()).nextInt());
    }

    private static PrivateKey getPrivateKey(InputStream inputStream, String str) throws IOException, GeneralSecurityException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        boolean z = false;
        boolean z2 = false;
        while (true) {
            if (readLine == null) {
                break;
            }
            if (z) {
                if (readLine.startsWith("-----END ") && readLine.endsWith(" PRIVATE KEY-----")) {
                    z2 = readLine.contains(RSAUtils.KEY_ALGORITHM);
                    break;
                }
                sb.append(readLine);
            } else if (readLine.startsWith("-----BEGIN ") && readLine.endsWith(" PRIVATE KEY-----")) {
                z = true;
                z2 = readLine.contains(RSAUtils.KEY_ALGORITHM);
            }
            readLine = bufferedReader.readLine();
        }
        byte[] decode = Base64.decode(sb.toString(), 0);
        KeySpec rSAKeySpec = z2 ? getRSAKeySpec(decode) : new PKCS8EncodedKeySpec(decode);
        if (str == null) {
            str = RSAUtils.KEY_ALGORITHM;
        }
        return KeyFactory.getInstance(str).generatePrivate(rSAKeySpec);
    }

    private static RSAPrivateCrtKeySpec getRSAKeySpec(byte[] bArr) throws IOException {
        Asn1Object read = new DerParser(bArr).read();
        if (read.getType() != 16) {
            throw new IOException("Invalid DER: not a sequence");
        }
        DerParser parser = read.getParser();
        parser.read();
        return new RSAPrivateCrtKeySpec(parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger());
    }

    public static byte[] getRSAPublicKeyFromPem(String str) {
        byte[] bArr = new byte[24];
        try {
            System.arraycopy(((RSAPublicKey) KeyFactory.getInstance(RSAUtils.KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(new d(new StringReader(str)).b().a()))).getModulus().toByteArray(), 1, bArr, 0, 24);
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e2) {
            e2.printStackTrace();
        }
        return bArr;
    }

    public static SSLSocketFactory getSocketFactory() {
        return getSocketFactory(null);
    }

    public static SSLSocketFactory getSocketFactory(String str) {
        CertificateFactory certificateFactory;
        Security.addProvider(new BouncyCastleProvider());
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e2) {
            Loggor.error(TAG, "getSocketFactory failed, create CertificateFactory error. " + e2);
            certificateFactory = null;
        }
        e eVar = new e(new InputStreamReader((str == null || str.length() <= 0) ? new ByteArrayInputStream(CA.caCrt.getBytes(Charset.forName("UTF-8"))) : new ByteArrayInputStream(str.getBytes(Charset.forName("UTF-8")))));
        try {
            Object readObject = eVar.readObject();
            if (!(readObject instanceof org.bouncycastle.cert.d)) {
                Loggor.error(TAG, "CA file not X509CertificateHolder.");
                return null;
            }
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(((org.bouncycastle.cert.d) readObject).a());
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                eVar.close();
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry("ca-certificate", x509Certificate);
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactoryFactory.DEFAULT_PROTOCOL);
                    sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                    return sSLContext.getSocketFactory();
                } catch (Exception e3) {
                    Loggor.error(TAG, "construct SSLSocketFactory failed." + e3);
                    return null;
                }
            } catch (Exception e4) {
                Loggor.error(TAG, "generate CA certtificate failed. " + e4);
                return null;
            }
        } catch (IOException e5) {
            Loggor.error(TAG, "parse CA failed. " + e5);
            return null;
        }
    }

    public static SSLSocketFactory getSocketFactoryByAssetsFile(String str, String str2) {
        return getSocketFactoryByStream(AsymcSslUtils.class.getClassLoader().getResourceAsStream(str), AsymcSslUtils.class.getClassLoader().getResourceAsStream(str2));
    }

    /* JADX WARN: Code restructure failed: missing block: B:22:0x004b, code lost:
    
        if (r5 == null) goto L26;
     */
    /* JADX WARN: Removed duplicated region for block: B:34:0x005a A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:38:0x0053 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static javax.net.ssl.SSLSocketFactory getSocketFactoryByFile(java.lang.String r5, java.lang.String r6) {
        /*
            r0 = 0
            java.io.FileInputStream r1 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L28 java.io.FileNotFoundException -> L2b
            java.io.File r2 = new java.io.File     // Catch: java.lang.Throwable -> L28 java.io.FileNotFoundException -> L2b
            r2.<init>(r5)     // Catch: java.lang.Throwable -> L28 java.io.FileNotFoundException -> L2b
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L28 java.io.FileNotFoundException -> L2b
            java.io.FileInputStream r5 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L22 java.io.FileNotFoundException -> L25
            java.io.File r2 = new java.io.File     // Catch: java.lang.Throwable -> L22 java.io.FileNotFoundException -> L25
            r2.<init>(r6)     // Catch: java.lang.Throwable -> L22 java.io.FileNotFoundException -> L25
            r5.<init>(r2)     // Catch: java.lang.Throwable -> L22 java.io.FileNotFoundException -> L25
            javax.net.ssl.SSLSocketFactory r0 = getSocketFactoryByStream(r1, r5)     // Catch: java.io.FileNotFoundException -> L20 java.lang.Throwable -> L4f
            r1.close()     // Catch: java.lang.Exception -> L1c
        L1c:
            r5.close()     // Catch: java.lang.Exception -> L4e
            goto L4e
        L20:
            r6 = move-exception
            goto L2e
        L22:
            r6 = move-exception
            r5 = r0
            goto L50
        L25:
            r6 = move-exception
            r5 = r0
            goto L2e
        L28:
            r6 = move-exception
            r5 = r0
            goto L51
        L2b:
            r6 = move-exception
            r5 = r0
            r1 = r5
        L2e:
            java.lang.String r2 = com.tencent.iot.hub.device.java.core.util.AsymcSslUtils.TAG     // Catch: java.lang.Throwable -> L4f
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L4f
            r3.<init>()     // Catch: java.lang.Throwable -> L4f
            java.lang.String r4 = "getSocketFactory failed, cannot open CRT Files. "
            r3.append(r4)     // Catch: java.lang.Throwable -> L4f
            r3.append(r6)     // Catch: java.lang.Throwable -> L4f
            java.lang.String r6 = r3.toString()     // Catch: java.lang.Throwable -> L4f
            com.tencent.iot.hub.device.java.utils.Loggor.error(r2, r6)     // Catch: java.lang.Throwable -> L4f
            if (r1 == 0) goto L4b
            r1.close()     // Catch: java.lang.Exception -> L4a
            goto L4b
        L4a:
        L4b:
            if (r5 == 0) goto L4e
            goto L1c
        L4e:
            return r0
        L4f:
            r6 = move-exception
        L50:
            r0 = r1
        L51:
            if (r0 == 0) goto L58
            r0.close()     // Catch: java.lang.Exception -> L57
            goto L58
        L57:
        L58:
            if (r5 == 0) goto L5d
            r5.close()     // Catch: java.lang.Exception -> L5d
        L5d:
            goto L5f
        L5e:
            throw r6
        L5f:
            goto L5e
        */
        throw new UnsupportedOperationException("Method not decompiled: com.tencent.iot.hub.device.java.core.util.AsymcSslUtils.getSocketFactoryByFile(java.lang.String, java.lang.String):javax.net.ssl.SSLSocketFactory");
    }

    public static SSLSocketFactory getSocketFactoryByStream(InputStream inputStream, InputStream inputStream2) {
        return getSocketFactoryByStream(inputStream, inputStream2, null);
    }

    public static SSLSocketFactory getSocketFactoryByStream(InputStream inputStream, InputStream inputStream2, String str) {
        CertificateFactory certificateFactory;
        Security.addProvider(new BouncyCastleProvider());
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e2) {
            Loggor.error(TAG, "getSocketFactory failed, create CertificateFactory error. " + e2);
            certificateFactory = null;
        }
        e eVar = new e(new InputStreamReader((str == null || str.length() <= 0) ? new ByteArrayInputStream(CA.caCrt.getBytes(Charset.forName("UTF-8"))) : new ByteArrayInputStream(str.getBytes(Charset.forName("UTF-8")))));
        try {
            Object readObject = eVar.readObject();
            if (!(readObject instanceof org.bouncycastle.cert.d)) {
                Loggor.error(TAG, "CA file not X509CertificateHolder.");
                return null;
            }
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(((org.bouncycastle.cert.d) readObject).a());
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                eVar.close();
                e eVar2 = new e(new InputStreamReader(inputStream));
                try {
                    Object readObject2 = eVar2.readObject();
                    if (!(readObject2 instanceof org.bouncycastle.cert.d)) {
                        Loggor.error(TAG, "Client CRT file not X509CertificateHolder.");
                        return null;
                    }
                    try {
                        ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(((org.bouncycastle.cert.d) readObject2).a());
                        X509Certificate x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream2);
                        byteArrayInputStream2.close();
                        eVar2.close();
                        try {
                            PrivateKey privateKey = getPrivateKey(inputStream2, null);
                            try {
                                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                                keyStore.load(null, null);
                                keyStore.setCertificateEntry("ca-certificate", x509Certificate);
                                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                                trustManagerFactory.init(keyStore);
                                KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                                keyStore2.load(null, null);
                                keyStore2.setCertificateEntry("certificate", x509Certificate2);
                                keyStore2.setKeyEntry("private-key", privateKey, PASSWORD.toCharArray(), new Certificate[]{x509Certificate2});
                                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                                keyManagerFactory.init(keyStore2, PASSWORD.toCharArray());
                                SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactoryFactory.DEFAULT_PROTOCOL);
                                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                                return sSLContext.getSocketFactory();
                            } catch (Exception e3) {
                                Loggor.error(TAG, "construct SSLSocketFactory failed. " + e3);
                                return null;
                            }
                        } catch (Exception e4) {
                            Loggor.error(TAG, "generate PrivateKey failed. " + e4);
                            return null;
                        }
                    } catch (Exception e5) {
                        Loggor.error(TAG, "generate Client certtificate failed. " + e5);
                        return null;
                    }
                } catch (IOException e6) {
                    Loggor.error(TAG, "parse Client CRT failed. " + e6);
                    return null;
                }
            } catch (Exception e7) {
                Loggor.error(TAG, "generate CA certtificate failed. " + e7);
                return null;
            }
        } catch (IOException e8) {
            Loggor.error(TAG, "parse CA failed." + e8);
            return null;
        }
    }
}
