package com.iwebpp.crypto;

import com.iwebpp.SimpleDebug;
import com.iwebpp.crypto.TweetNaclFast;
import com.iwebpp.node.tests.DnsTest;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.eclipse.egit.github.core.Blob;
import org.eclipse.egit.github.core.service.RepositoryService;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class NaclCert extends SimpleDebug {
    private static final String CERT_VERSION = "1.0";
    private static final String TAG = "NaclCert";
    public static final Map<String, SelfCert> rootCACert = new Hashtable();
    public static final Map<String, CAInfo> testCA;

    /* loaded from: classes.dex */
    public static class AppendDesc {
        public String gid;
        public long signtime;
    }

    /* loaded from: classes.dex */
    public static class CAInfo {
        public String ca;
        public SelfCert cert;
        public byte[] secretkey;
        public long tte;

        public static CAInfo parse(String str) throws JSONException {
            SimpleDebug.debug(NaclCert.TAG, "CAInfo<-:" + str);
            return parse(new JSONObject(str));
        }

        public static CAInfo parse(JSONObject jSONObject) throws JSONException {
            CAInfo cAInfo = new CAInfo();
            cAInfo.cert = SelfCert.parse(jSONObject.getJSONObject("cert"));
            cAInfo.ca = cAInfo.cert.desc.reqdesc.ca;
            cAInfo.tte = cAInfo.cert.desc.reqdesc.tte;
            JSONArray jSONArray = jSONObject.getJSONArray("secretkey");
            cAInfo.secretkey = new byte[jSONArray.length()];
            for (int i = 0; i < jSONArray.length(); i++) {
                cAInfo.secretkey[i] = (byte) (jSONArray.getInt(i) & 255);
            }
            return cAInfo;
        }

        public String stringify() throws JSONException {
            String jSONObject = toJSON().toString();
            SimpleDebug.debug(NaclCert.TAG, "CAInfo->:" + jSONObject);
            return jSONObject;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("cert", this.cert.toJSON());
            JSONArray jSONArray = new JSONArray();
            for (int i = 0; i < this.secretkey.length; i++) {
                jSONArray.put(i, this.secretkey[i] & 255);
            }
            jSONObject.put("secretkey", jSONArray);
            return jSONObject;
        }

        public String toString() {
            String str = ("ca:" + this.ca + "\n") + "tte:" + this.tte + "\n";
            if (this.cert != null) {
                try {
                    str = str + this.cert.stringify();
                } catch (JSONException e) {
                }
            }
            return this.secretkey != null ? str + "secretkey:" + this.secretkey.toString() : str;
        }
    }

    /* loaded from: classes.dex */
    public static class Cert {
        public DescSignByCa desc = new DescSignByCa();
        public Signature sign = new Signature();

        public static Cert parse(String str) throws JSONException {
            SimpleDebug.debug(NaclCert.TAG, "Cert<-:" + str);
            return parse(new JSONObject(str));
        }

        public static Cert parse(JSONObject jSONObject) throws JSONException {
            Cert cert = new Cert();
            cert.desc = DescSignByCa.parse(jSONObject.getJSONObject("desc"));
            cert.sign = Signature.parse(jSONObject.getJSONObject("sign"));
            return cert;
        }

        public String stringify() throws JSONException {
            String jSONObject = toJSON().toString();
            SimpleDebug.debug(NaclCert.TAG, "Cert->:" + jSONObject);
            return jSONObject;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("desc", this.desc.toJSON());
            jSONObject.put("sign", this.sign.toJSON());
            return jSONObject;
        }
    }

    /* loaded from: classes.dex */
    public static class DescSignByCa {
        public ReqDescSignByCa reqdesc = new ReqDescSignByCa();
        public AppendDesc append = new AppendDesc();

        public static DescSignByCa parse(String str) throws JSONException {
            SimpleDebug.debug(NaclCert.TAG, "DescSignByCa<-:" + str);
            return parse(new JSONObject(str));
        }

        public static DescSignByCa parse(JSONObject jSONObject) throws JSONException {
            DescSignByCa descSignByCa = new DescSignByCa();
            descSignByCa.reqdesc.version = jSONObject.getString("version");
            descSignByCa.reqdesc.type = jSONObject.getString(RepositoryService.FILTER_TYPE);
            descSignByCa.reqdesc.tte = jSONObject.getLong("tte");
            descSignByCa.reqdesc.ca = jSONObject.getString("ca");
            JSONArray jSONArray = jSONObject.getJSONArray("publickey");
            byte[] bArr = new byte[jSONArray.length()];
            for (int i = 0; i < jSONArray.length(); i++) {
                bArr[i] = (byte) (jSONArray.getInt(i) & 255);
            }
            descSignByCa.reqdesc.publickey = bArr;
            JSONArray jSONArray2 = jSONObject.getJSONArray("names");
            ArrayList arrayList = new ArrayList();
            for (int i2 = 0; i2 < jSONArray2.length(); i2++) {
                arrayList.add(jSONArray2.getString(i2));
            }
            descSignByCa.reqdesc.names = arrayList;
            JSONArray jSONArray3 = jSONObject.getJSONArray("ips");
            ArrayList arrayList2 = new ArrayList();
            if (jSONArray3 != null) {
                for (int i3 = 0; i3 < jSONArray3.length(); i3++) {
                    arrayList2.add(jSONArray3.getString(i3));
                }
            }
            descSignByCa.reqdesc.ips = arrayList2;
            JSONArray jSONArray4 = jSONObject.getJSONArray("macs");
            ArrayList arrayList3 = new ArrayList();
            if (jSONArray4 != null) {
                for (int i4 = 0; i4 < jSONArray4.length(); i4++) {
                    arrayList3.add(jSONArray4.getString(i4));
                }
            }
            descSignByCa.reqdesc.macs = arrayList3;
            descSignByCa.append.gid = jSONObject.getString("gid");
            descSignByCa.append.signtime = jSONObject.getLong("signtime");
            return descSignByCa;
        }

        public String stringify() throws JSONException {
            String jSONObject = toJSON().toString();
            SimpleDebug.debug(NaclCert.TAG, "DescSignByCa->:" + jSONObject);
            return jSONObject;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("version", this.reqdesc.version);
            jSONObject.put(RepositoryService.FILTER_TYPE, this.reqdesc.type);
            jSONObject.put("tte", this.reqdesc.tte);
            jSONObject.put("ca", this.reqdesc.ca);
            JSONArray jSONArray = new JSONArray();
            for (int i = 0; i < this.reqdesc.publickey.length; i++) {
                jSONArray.put(i, this.reqdesc.publickey[i] & 255);
            }
            jSONObject.put("publickey", jSONArray);
            JSONArray jSONArray2 = new JSONArray();
            if (this.reqdesc.names != null) {
                Iterator<String> it = this.reqdesc.names.iterator();
                while (it.hasNext()) {
                    jSONArray2.put(it.next());
                }
            }
            jSONObject.put("names", jSONArray2);
            JSONArray jSONArray3 = new JSONArray();
            if (this.reqdesc.ips != null) {
                Iterator<String> it2 = this.reqdesc.ips.iterator();
                while (it2.hasNext()) {
                    jSONArray3.put(it2.next());
                }
            }
            jSONObject.put("ips", jSONArray3);
            JSONArray jSONArray4 = new JSONArray();
            if (this.reqdesc.macs != null) {
                Iterator<String> it3 = this.reqdesc.macs.iterator();
                while (it3.hasNext()) {
                    jSONArray4.put(it3.next());
                }
            }
            jSONObject.put("macs", jSONArray4);
            jSONObject.put("gid", this.append.gid);
            jSONObject.put("signtime", this.append.signtime);
            return jSONObject;
        }
    }

    /* loaded from: classes.dex */
    public static class DescSignBySelf {
        public ReqDescSignBySelf reqdesc = new ReqDescSignBySelf();
        public AppendDesc append = new AppendDesc();

        public static DescSignBySelf parse(String str) throws JSONException {
            SimpleDebug.debug(NaclCert.TAG, "DescSignBySelf<-:" + str);
            return parse(new JSONObject(str));
        }

        public static DescSignBySelf parse(JSONObject jSONObject) throws JSONException {
            DescSignBySelf descSignBySelf = new DescSignBySelf();
            descSignBySelf.reqdesc.version = jSONObject.getString("version");
            descSignBySelf.reqdesc.type = jSONObject.getString(RepositoryService.FILTER_TYPE);
            descSignBySelf.reqdesc.tte = jSONObject.getLong("tte");
            descSignBySelf.reqdesc.ca = jSONObject.getString("ca");
            JSONArray jSONArray = jSONObject.getJSONArray("publickey");
            byte[] bArr = new byte[jSONArray.length()];
            for (int i = 0; i < jSONArray.length(); i++) {
                bArr[i] = (byte) (jSONArray.getInt(i) & 255);
            }
            descSignBySelf.reqdesc.publickey = bArr;
            descSignBySelf.append.gid = jSONObject.getString("gid");
            descSignBySelf.append.signtime = jSONObject.getLong("signtime");
            return descSignBySelf;
        }

        public String stringify() throws JSONException {
            String jSONObject = toJSON().toString();
            SimpleDebug.debug(NaclCert.TAG, "DescSignBySelf->:" + jSONObject);
            return jSONObject;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("version", this.reqdesc.version);
            jSONObject.put(RepositoryService.FILTER_TYPE, this.reqdesc.type);
            jSONObject.put("tte", this.reqdesc.tte);
            jSONObject.put("ca", this.reqdesc.ca);
            JSONArray jSONArray = new JSONArray();
            for (int i = 0; i < this.reqdesc.publickey.length; i++) {
                jSONArray.put(i, this.reqdesc.publickey[i] & 255);
            }
            jSONObject.put("publickey", jSONArray);
            jSONObject.put("gid", this.append.gid);
            jSONObject.put("signtime", this.append.signtime);
            return jSONObject;
        }
    }

    /* loaded from: classes.dex */
    public static class ReqDescSignByCa {
        public String ca;
        public List<String> ips;
        public List<String> macs;
        public List<String> names;
        public byte[] publickey;
        public long tte;
        public String type;
        public String version;
    }

    /* loaded from: classes.dex */
    public static class ReqDescSignBySelf {
        public String ca;
        public byte[] publickey;
        public long tte;
        public String type;
        public String version;
    }

    /* loaded from: classes.dex */
    public static class SelfCert {
        public DescSignBySelf desc = new DescSignBySelf();
        public Signature sign = new Signature();

        public static SelfCert parse(String str) throws JSONException {
            SimpleDebug.debug(NaclCert.TAG, "SelfCert<-:" + str);
            return parse(new JSONObject(str));
        }

        public static SelfCert parse(JSONObject jSONObject) throws JSONException {
            SelfCert selfCert = new SelfCert();
            selfCert.desc = DescSignBySelf.parse(jSONObject.getJSONObject("desc"));
            selfCert.sign = Signature.parse(jSONObject.getJSONObject("sign"));
            return selfCert;
        }

        public String stringify() throws JSONException {
            String jSONObject = toJSON().toString();
            SimpleDebug.debug(NaclCert.TAG, "SelfCert->:" + jSONObject);
            return jSONObject;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("desc", this.desc.toJSON());
            jSONObject.put("sign", this.sign.toJSON());
            return jSONObject;
        }
    }

    /* loaded from: classes.dex */
    public static class Signature {
        public byte[] signature;

        public static Signature parse(String str) throws JSONException {
            SimpleDebug.debug(NaclCert.TAG, "Signature<-:" + str);
            return parse(new JSONObject(str));
        }

        public static Signature parse(JSONObject jSONObject) throws JSONException {
            Signature signature = new Signature();
            JSONArray jSONArray = jSONObject.getJSONArray("signature");
            byte[] bArr = new byte[jSONArray.length()];
            for (int i = 0; i < jSONArray.length(); i++) {
                bArr[i] = (byte) (jSONArray.getInt(i) & 255);
            }
            signature.signature = bArr;
            return signature;
        }

        public String stringify() throws JSONException {
            String jSONObject = toJSON().toString();
            SimpleDebug.debug(NaclCert.TAG, "Signature->:" + jSONObject);
            return jSONObject;
        }

        public JSONObject toJSON() throws JSONException {
            JSONObject jSONObject = new JSONObject();
            JSONArray jSONArray = new JSONArray();
            for (int i = 0; i < this.signature.length; i++) {
                jSONArray.put(i, this.signature[i] & 255);
            }
            jSONObject.put("signature", jSONArray);
            return jSONObject;
        }
    }

    static {
        try {
            rootCACert.put(DnsTest.HOST_2, SelfCert.parse("{\"desc\":{\"version\":\"1.0\",\"type\":\"self\",\"ca\":\"iwebpp.com\",\"tte\":4570381246341,\"publickey\":[237,135,86,100,145,128,37,184,250,64,66,132,116,123,207,51,182,199,59,95,17,186,93,249,220,212,109,77,200,222,157,67],\"signtime\":1416781246454,\"gid\":\"d2f971fc-98ad-4dea-ada2-74ebc129ed99\"},\"sign\":{\"signature\":[214,154,215,247,146,167,144,7,25,170,129,182,224,231,13,239,250,159,139,23,184,249,151,12,153,188,61,76,32,215,218,31,185,251,224,222,15,3,17,53,121,125,166,143,167,52,148,146,85,94,234,202,196,157,211,142,134,74,109,78,7,123,177,2]}}"));
        } catch (JSONException e) {
            e.printStackTrace();
        }
        testCA = new Hashtable();
        try {
            testCA.put(DnsTest.HOST_2, CAInfo.parse("{\"cert\":{\"desc\":{\"version\":\"1.0\",\"type\":\"self\",\"ca\":\"iwebpp.com\",\"tte\":1732375104475,\"publickey\":[16,239,203,168,67,4,190,200,68,163,63,140,27,142,10,25,65,227,92,199,166,33,30,92,73,221,145,174,220,55,82,34],\"signtime\":1417015104534,\"gid\":\"8d0fdd95-566c-4917-b158-36bace3254c7\"},\"sign\":{\"signature\":[84,224,227,61,149,247,74,147,167,225,148,123,103,7,168,101,136,193,121,64,93,37,82,154,3,116,119,206,5,56,96,74,87,195,58,110,233,117,52,57,237,80,91,39,25,223,50,114,201,72,159,158,75,0,230,13,33,34,134,167,171,129,52,0]}},\"secretkey\":[146,248,181,166,252,192,146,133,46,43,69,244,31,182,120,173,115,43,14,89,157,78,77,216,13,240,28,84,186,40,174,232,16,239,203,168,67,4,190,200,68,163,63,140,27,142,10,25,65,227,92,199,166,33,30,92,73,221,145,174,220,55,82,34]}"));
        } catch (JSONException e2) {
            e2.printStackTrace();
        }
    }

    public static boolean checkDomain(Cert cert, String str) {
        if (cert.desc.reqdesc.names == null) {
            return false;
        }
        Iterator<String> it = cert.desc.reqdesc.names.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean checkIP(Cert cert, String str) {
        if (cert.desc.reqdesc.ips == null) {
            return false;
        }
        Iterator<String> it = cert.desc.reqdesc.ips.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean checkMAC(Cert cert, String str) {
        if (cert.desc.reqdesc.macs == null) {
            return false;
        }
        Iterator<String> it = cert.desc.reqdesc.macs.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public static Cert generate(ReqDescSignByCa reqDescSignByCa, CAInfo cAInfo) throws Exception {
        return generate(reqDescSignByCa, cAInfo.secretkey, cAInfo.cert);
    }

    public static Cert generate(ReqDescSignByCa reqDescSignByCa, byte[] bArr, SelfCert selfCert) throws Exception {
        Cert cert = new Cert();
        if (!reqDescSignByCa.type.equalsIgnoreCase("ca")) {
            e(TAG, "Invalid cert request type");
            return null;
        }
        if (!reqDescSignByCa.version.equalsIgnoreCase("1.0")) {
            e(TAG, "Invalid cert request version");
            return null;
        }
        if (reqDescSignByCa.tte < System.currentTimeMillis()) {
            e(TAG, "Invalid cert time-to-expire, smaller than current time");
            return null;
        }
        if (bArr.length != 64) {
            e(TAG, "Invalid CA secret key");
            return null;
        }
        if (!validate(selfCert)) {
            e(TAG, "Invalid CA cert");
            return null;
        }
        reqDescSignByCa.ca = selfCert.desc.reqdesc.ca;
        if (reqDescSignByCa.tte > selfCert.desc.reqdesc.tte) {
            e(TAG, "Invalid cert time-to-expire, bigger than CA");
            return null;
        }
        AppendDesc appendDesc = new AppendDesc();
        appendDesc.signtime = System.currentTimeMillis();
        appendDesc.gid = UUID.randomUUID().toString();
        DescSignByCa descSignByCa = new DescSignByCa();
        descSignByCa.reqdesc = reqDescSignByCa;
        descSignByCa.append = appendDesc;
        String stringify = descSignByCa.stringify();
        d(TAG, "\ngenerate for " + stringify);
        byte[] sign = new TweetNaclFast.Signature(null, bArr).sign(stringify.getBytes(Blob.ENCODING_UTF8));
        cert.desc = descSignByCa;
        cert.sign = new Signature();
        cert.sign.signature = new byte[64];
        for (int i = 0; i < cert.sign.signature.length; i++) {
            cert.sign.signature[i] = sign[i];
        }
        return cert;
    }

    public static SelfCert generate(ReqDescSignBySelf reqDescSignBySelf, byte[] bArr) throws Exception {
        SelfCert selfCert = new SelfCert();
        if (!reqDescSignBySelf.type.equalsIgnoreCase("self")) {
            e(TAG, "Invalid cert request type");
            return null;
        }
        if (!reqDescSignBySelf.version.equalsIgnoreCase("1.0")) {
            e(TAG, "Invalid cert request version");
            return null;
        }
        if (reqDescSignBySelf.tte < System.currentTimeMillis()) {
            e(TAG, "Invalid cert time-to-expire, smaller than current time");
            return null;
        }
        if (bArr.length != 64) {
            e(TAG, "Invalid CA secret key");
            return null;
        }
        AppendDesc appendDesc = new AppendDesc();
        appendDesc.signtime = System.currentTimeMillis();
        appendDesc.gid = UUID.randomUUID().toString();
        DescSignBySelf descSignBySelf = new DescSignBySelf();
        descSignBySelf.reqdesc = reqDescSignBySelf;
        descSignBySelf.append = appendDesc;
        String stringify = descSignBySelf.stringify();
        d(TAG, "\ngenerate for " + stringify);
        byte[] sign = new TweetNaclFast.Signature(null, bArr).sign(stringify.getBytes(Blob.ENCODING_UTF8));
        selfCert.desc = descSignBySelf;
        selfCert.sign = new Signature();
        selfCert.sign.signature = new byte[64];
        for (int i = 0; i < selfCert.sign.signature.length; i++) {
            selfCert.sign.signature[i] = sign[i];
        }
        return selfCert;
    }

    public static CAInfo generateCA(CAInfo cAInfo) throws Exception {
        ReqDescSignBySelf reqDescSignBySelf = new ReqDescSignBySelf();
        reqDescSignBySelf.version = "1.0";
        reqDescSignBySelf.type = "self";
        reqDescSignBySelf.ca = cAInfo.ca;
        reqDescSignBySelf.tte = cAInfo.tte;
        TweetNaclFast.Signature.KeyPair keyPair = TweetNaclFast.Signature.keyPair();
        reqDescSignBySelf.publickey = keyPair.getPublicKey();
        cAInfo.cert = generate(reqDescSignBySelf, keyPair.getSecretKey());
        cAInfo.secretkey = keyPair.getSecretKey();
        return cAInfo;
    }

    public static boolean validate(Cert cert, SelfCert selfCert) throws Exception {
        if (!cert.desc.reqdesc.type.equalsIgnoreCase("ca")) {
            e(TAG, "Invalid cert request type");
            return false;
        }
        if (!cert.desc.reqdesc.version.equalsIgnoreCase("1.0")) {
            e(TAG, "Invalid cert version");
            return false;
        }
        if (cert.desc.reqdesc.tte < System.currentTimeMillis()) {
            e(TAG, "nacl cert expired");
            return false;
        }
        if (!validate(selfCert)) {
            e(TAG, "Invalid CA cert");
            return false;
        }
        if (!cert.desc.reqdesc.ca.equalsIgnoreCase(selfCert.desc.reqdesc.ca)) {
            e(TAG, "CA not matched");
            return false;
        }
        if (cert.desc.reqdesc.tte > selfCert.desc.reqdesc.tte) {
            e(TAG, "Invalid cert time-to-expire, bigger than CA");
            return false;
        }
        byte[] bArr = selfCert.desc.reqdesc.publickey;
        String stringify = cert.desc.stringify();
        d(TAG, "\nvalidate for CA-signed:" + stringify);
        byte[] bytes = stringify.getBytes(Blob.ENCODING_UTF8);
        byte[] bArr2 = cert.sign.signature;
        if (bArr2 == null || bArr2.length != 64) {
            w(TAG, "Invalid signature length");
            return false;
        }
        TweetNaclFast.Signature signature = new TweetNaclFast.Signature(bArr, null);
        byte[] bArr3 = new byte[bArr2.length + bytes.length];
        for (int i = 0; i < bArr2.length; i++) {
            bArr3[i] = bArr2[i];
        }
        for (int i2 = 0; i2 < bytes.length; i2++) {
            bArr3[bArr2.length + i2] = bytes[i2];
        }
        if (signature.open(bArr3) != null) {
            return true;
        }
        w(TAG, "Verify signature failed");
        return false;
    }

    public static boolean validate(SelfCert selfCert) throws Exception {
        if (!selfCert.desc.reqdesc.type.equalsIgnoreCase("self")) {
            e(TAG, "Invalid cert request type");
            return false;
        }
        if (!selfCert.desc.reqdesc.version.equalsIgnoreCase("1.0")) {
            e(TAG, "Invalid cert version");
            return false;
        }
        if (selfCert.desc.reqdesc.tte < System.currentTimeMillis()) {
            e(TAG, "nacl cert expired");
            return false;
        }
        byte[] bArr = selfCert.desc.reqdesc.publickey;
        String stringify = selfCert.desc.stringify();
        d(TAG, "\nvalidate for self-signed:" + stringify);
        byte[] bytes = stringify.getBytes(Blob.ENCODING_UTF8);
        byte[] bArr2 = selfCert.sign.signature;
        if (bArr2 == null || bArr2.length != 64) {
            w(TAG, "Invalid signature length");
            return false;
        }
        TweetNaclFast.Signature signature = new TweetNaclFast.Signature(bArr, null);
        byte[] bArr3 = new byte[bArr2.length + bytes.length];
        for (int i = 0; i < bArr2.length; i++) {
            bArr3[i] = bArr2[i];
        }
        for (int i2 = 0; i2 < bytes.length; i2++) {
            bArr3[bArr2.length + i2] = bytes[i2];
        }
        if (signature.open(bArr3) != null) {
            return true;
        }
        w(TAG, "Verify signature failed");
        return false;
    }
}
