package me.id.mobile.helper.crypto;

import android.support.annotation.CheckResult;
import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import android.util.Base64;
import com.annimon.stream.Collectors;
import com.annimon.stream.Stream;
import com.annimon.stream.function.Function;
import com.annimon.stream.function.Predicate;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import javax.crypto.Cipher;
import me.id.mobile.helper.DateHelper;
import org.jcodec.common.IOUtils;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.ASN1EncodableVector;
import org.spongycastle.asn1.ASN1InputStream;
import org.spongycastle.asn1.ASN1Sequence;
import org.spongycastle.asn1.DERSequence;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.Extension;
import org.spongycastle.asn1.x509.KeyPurposeId;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.SubjectKeyIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.X509v3CertificateBuilder;
import org.spongycastle.cert.bc.BcX509ExtensionUtils;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.crypto.tls.CipherSuite;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openssl.jcajce.JcaPEMWriter;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.util.Arrays;
import org.spongycastle.util.io.pem.PemObject;
import org.spongycastle.util.io.pem.PemReader;
import org.spongycastle.util.io.pem.PemWriter;
import org.threeten.bp.Duration;
import org.threeten.bp.LocalDateTime;
import timber.log.Timber;

/* loaded from: classes.dex */
public class RsaCryptoHelper {
    private static final int BASE64_FLAGS = 2;
    private static final String ENCRYPTION_ALGORITHM = "RSA";
    private static final String ENCRYPTION_TRANSFORMATION = "RSA/NONE/PKCS1Padding";
    private static final int KEY_SIZE = 2048;
    private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
    }

    public static String convertToBase64PemString(Certificate certificate) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(certificate);
        jcaPEMWriter.close();
        return stringWriter.toString();
    }

    private static SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) throws IOException {
        ASN1InputStream aSN1InputStream;
        ASN1InputStream aSN1InputStream2 = null;
        try {
            aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(key.getEncoded()));
        } catch (Throwable th) {
            th = th;
        }
        try {
            SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance((ASN1Sequence) aSN1InputStream.readObject()));
            IOUtils.closeQuietly(aSN1InputStream);
            return createSubjectKeyIdentifier;
        } catch (Throwable th2) {
            th = th2;
            aSN1InputStream2 = aSN1InputStream;
            IOUtils.closeQuietly(aSN1InputStream2);
            throw th;
        }
    }

    public static X509Certificate createX509Certificate(KeyPair keyPair) throws IOException, CertificateException, OperatorCreationException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(new X500Name("dc=id.me.name"), BigInteger.valueOf(new SecureRandom().nextInt()), DateHelper.localDateTimeToDate(LocalDateTime.now().plusDays(-1L)), DateHelper.localDateTimeToDate(LocalDateTime.now().plusYears(10L)), new X500Name("dc=id.me.subject"), keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(keyPair.getPublic()));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(true));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, keyPair.getPrivate());
        validateCertificate(keyPair.getPublic(), signCertificate);
        return signCertificate;
    }

    @CheckResult
    @NonNull
    private static byte[] decrypt(PrivateKey privateKey, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(ENCRYPTION_TRANSFORMATION, BouncyCastleProvider.PROVIDER_NAME);
        cipher.init(2, privateKey);
        return cipher.doFinal(bArr);
    }

    @CheckResult
    @NonNull
    public static byte[] decryptFromBase64(PrivateKey privateKey, String str) throws GeneralSecurityException {
        return decrypt(privateKey, Base64.decode(str, 2));
    }

    @CheckResult
    @NonNull
    private static byte[] encrypt(PublicKey publicKey, String str) throws GeneralSecurityException {
        return encrypt(publicKey, str.getBytes());
    }

    @CheckResult
    @NonNull
    private static byte[] encrypt(PublicKey publicKey, byte[] bArr) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(ENCRYPTION_TRANSFORMATION, BouncyCastleProvider.PROVIDER_NAME);
        cipher.init(1, publicKey);
        return cipher.doFinal(bArr);
    }

    @CheckResult
    @NonNull
    public static String encryptToBase64(PublicKey publicKey, byte[] bArr) throws GeneralSecurityException {
        return Base64.encodeToString(encrypt(publicKey, bArr), 2);
    }

    @CheckResult
    @NonNull
    public static KeyPair generateRsaKey() {
        return generateRsaKey(2048);
    }

    @VisibleForTesting
    @CheckResult
    @NonNull
    public static KeyPair generateRsaKey(int i) {
        try {
            LocalDateTime now = LocalDateTime.now();
            SecureRandom secureRandom = new SecureRandom();
            RSAKeyGenParameterSpec rSAKeyGenParameterSpec = new RSAKeyGenParameterSpec(i, RSAKeyGenParameterSpec.F4);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ENCRYPTION_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(rSAKeyGenParameterSpec, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Timber.d("Rsa key was generated in %s", Duration.between(now, LocalDateTime.now()));
            return generateKeyPair;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @CheckResult
    @NonNull
    private static String getKeyAsString(String str, byte[] bArr) throws IOException {
        StringWriter stringWriter = new StringWriter();
        PemWriter pemWriter = new PemWriter(stringWriter);
        pemWriter.writeObject(new PemObject(str, bArr));
        pemWriter.flush();
        pemWriter.close();
        return stringWriter.toString();
    }

    @CheckResult
    @NonNull
    public static String getPrivateKeyAsString(PrivateKey privateKey) throws IOException {
        return getKeyAsString("PRIVATE KEY", privateKey.getEncoded());
    }

    @CheckResult
    @NonNull
    public static String getPublicKeyAsString(@NonNull PublicKey publicKey) throws IOException {
        return getKeyAsString("PUBLIC KEY", publicKey.getEncoded());
    }

    @CheckResult
    @NonNull
    public static PrivateKey getRsaPrivateKeyFromString(String str) throws Exception {
        String stripPrivateKeyHeaders = stripPrivateKeyHeaders(str);
        KeyFactory keyFactory = KeyFactory.getInstance(ENCRYPTION_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
        byte[] decode = Base64.decode(stripPrivateKeyHeaders, 2);
        PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decode));
        Arrays.fill(decode, (byte) 0);
        return generatePrivate;
    }

    @CheckResult
    @NonNull
    public static PublicKey getRsaPublicKeyFromString(String str) throws Exception {
        return KeyFactory.getInstance(ENCRYPTION_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME).generatePublic(new X509EncodedKeySpec(Base64.decode(stripPublicKeyHeaders(str).getBytes("UTF-8"), 2)));
    }

    public static X509Certificate getX509CertificateFromString(String str) throws CertificateException, IOException, NoSuchProviderException, NoSuchAlgorithmException {
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(new X509CertificateHolder(new PemReader(new StringReader(str)).readPemObject().getContent()));
    }

    private static X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) throws OperatorCreationException, CertificateException {
        return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(privateKey)));
    }

    @CheckResult
    @NonNull
    private static String stripKeyHeaders(@NonNull String str, @NonNull String str2, @NonNull String str3) {
        Function function;
        Predicate predicate;
        Stream of = Stream.of(str.split("\n"));
        function = RsaCryptoHelper$$Lambda$1.instance;
        Stream map = of.map(function);
        predicate = RsaCryptoHelper$$Lambda$2.instance;
        return (String) map.filterNot(predicate).filterNot(RsaCryptoHelper$$Lambda$3.lambdaFactory$(str2)).filterNot(RsaCryptoHelper$$Lambda$4.lambdaFactory$(str3)).collect(Collectors.joining());
    }

    @CheckResult
    @NonNull
    public static String stripPrivateKeyHeaders(@NonNull String str) {
        return stripKeyHeaders(str, "BEGIN PRIVATE KEY", "END PRIVATE KEY");
    }

    @CheckResult
    @NonNull
    public static String stripPublicKeyHeaders(@NonNull String str) {
        return stripKeyHeaders(str, "BEGIN PUBLIC KEY", "END PUBLIC KEY");
    }

    private static void validateCertificate(PublicKey publicKey, X509Certificate x509Certificate) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
        x509Certificate.checkValidity(new Date());
        x509Certificate.verify(publicKey);
    }
}
