package fm.icelink;

import fm.BitAssistant;
import fm.DateExtensions;
import fm.LockedRandomizer;
import fm.Log;
import java.util.Date;

/* loaded from: classes.dex */
class Certificate {
    private String _issuerName;
    private RSAKey _key;
    private Date _notAfter = new Date();
    private Date _notBefore = new Date();
    private byte[] _serialNumber;
    private X509AlgorithmIdentifier _signatureAlgorithm;
    private String _subjectName;

    public static Certificate fromX509(X509Certificate x509Certificate) throws Exception {
        X509RsaPublicKey fromAsn1;
        if (x509Certificate == null) {
            return null;
        }
        byte[] signature = x509Certificate.getSignature();
        X509TbsCertificate certificate = x509Certificate.getCertificate();
        if (certificate == null || !X509AlgorithmIdentifier.areEqual(x509Certificate.getSignatureAlgorithm(), certificate.getSignatureAlgorithm())) {
            return null;
        }
        boolean algorithmsAreEqual = X509AlgorithmIdentifier.algorithmsAreEqual(x509Certificate.getSignatureAlgorithm(), X509AlgorithmIdentifier.getSha1WithRsaEncryption());
        boolean algorithmsAreEqual2 = X509AlgorithmIdentifier.algorithmsAreEqual(x509Certificate.getSignatureAlgorithm(), X509AlgorithmIdentifier.getSha256WithRsaEncryption());
        if (!algorithmsAreEqual && !algorithmsAreEqual2) {
            throw new Exception("Signature algorithm is not supported.");
        }
        RSAKey rSAKey = null;
        if (signature != null) {
            X509SubjectPublicKeyInfo subjectPublicKeyInfo = certificate.getSubjectPublicKeyInfo();
            if (subjectPublicKeyInfo == null || subjectPublicKeyInfo.getSubjectPublicKey() == null || (fromAsn1 = X509RsaPublicKey.fromAsn1(ASN1Any.parseBytes(subjectPublicKeyInfo.getSubjectPublicKey()))) == null) {
                return null;
            }
            RSAKey rSAKey2 = new RSAKey();
            rSAKey2.setModulus(fromAsn1.getModulus());
            rSAKey2.setPublicExponent(fromAsn1.getExponent());
            rSAKey = rSAKey2;
            if (certificate.getSourceAsn() != null) {
                byte[] sourceData = certificate.getSourceAsn().getSourceData();
                byte[] bytes = certificate.toAsn1().getBytes();
                if (!BitAssistant.sequencesAreEqual(sourceData, bytes)) {
                    Log.warnFormat("Certificate ASN.1 input does not match certificate ASN.1 output.\nINPUT: {0}\nOUTPUT: {1}", new String[]{BitAssistant.getHexString(sourceData), BitAssistant.getHexString(bytes)});
                }
                if (!algorithmsAreEqual ? !algorithmsAreEqual2 || !Crypto.verifyRsaSha256(Crypto.getSha256Hash(sourceData), signature, rSAKey) : Crypto.verifyRsaSha1(Crypto.getSha1Hash(sourceData), signature, rSAKey)) {
                }
            } else if (!algorithmsAreEqual ? !algorithmsAreEqual2 || !Crypto.verifyRsaSha256(Crypto.getSha256Hash(certificate.toAsn1().getBytes()), signature, rSAKey) : Crypto.verifyRsaSha1(Crypto.getSha1Hash(certificate.toAsn1().getBytes()), signature, rSAKey)) {
            }
        }
        if (certificate.getValidity() == null) {
            return null;
        }
        Certificate certificate2 = new Certificate();
        certificate2.setSignatureAlgorithm(x509Certificate.getSignatureAlgorithm());
        certificate2.setSerialNumber(certificate.getSerialNumber());
        certificate2.setNotBefore(certificate.getValidity().getNotBefore().getTime());
        certificate2.setNotAfter(certificate.getValidity().getNotAfter().getTime());
        certificate2.setIssuerName(getCommonName(certificate.getIssuer()));
        certificate2.setSubjectName(getCommonName(certificate.getSubject()));
        certificate2.setKey(rSAKey);
        return certificate2;
    }

    public static Certificate generateCertificate() {
        Date utcNow = DateExtensions.getUtcNow();
        Certificate certificate = new Certificate();
        certificate.setIssuerName("IceLink");
        certificate.setSubjectName("IceLink");
        certificate.setNotBefore(DateExtensions.addSeconds(utcNow, -1728000.0d));
        certificate.setNotAfter(DateExtensions.addSeconds(utcNow, 864000.0d));
        certificate.setSerialNumber(BitAssistant.getIntegerBytesNetwork(LockedRandomizer.next()));
        certificate.setSignatureAlgorithm(X509AlgorithmIdentifier.getSha1WithRsaEncryption());
        certificate.setKey(Crypto.createRsaKey());
        return certificate;
    }

    private static String getCommonName(X501Name x501Name) throws Exception {
        X501Attribute attribute;
        if (x501Name == null || (attribute = x501Name.getAttribute(X501AttributeType.getCommonName())) == null) {
            return null;
        }
        return attribute.attributeValueAsString();
    }

    public String getIssuerName() {
        return this._issuerName;
    }

    public RSAKey getKey() {
        return this._key;
    }

    public Date getNotAfter() {
        return this._notAfter;
    }

    public Date getNotBefore() {
        return this._notBefore;
    }

    public byte[] getSerialNumber() {
        return this._serialNumber;
    }

    public X509AlgorithmIdentifier getSignatureAlgorithm() {
        return this._signatureAlgorithm;
    }

    public String getSubjectName() {
        return this._subjectName;
    }

    public int getVersion() {
        return 3;
    }

    public void setIssuerName(String str) {
        this._issuerName = str;
    }

    public void setKey(RSAKey rSAKey) {
        this._key = rSAKey;
    }

    public void setNotAfter(Date date) {
        this._notAfter = date;
    }

    public void setNotBefore(Date date) {
        this._notBefore = date;
    }

    public void setSerialNumber(byte[] bArr) {
        this._serialNumber = bArr;
    }

    public void setSignatureAlgorithm(X509AlgorithmIdentifier x509AlgorithmIdentifier) {
        this._signatureAlgorithm = x509AlgorithmIdentifier;
    }

    public void setSubjectName(String str) {
        this._subjectName = str;
    }

    public X509Certificate toX509() throws Exception {
        if (getKey() == null || !getKey().hasPrivate()) {
            throw new Exception("Key is missing private information.");
        }
        X509TbsCertificate x509TbsCertificate = new X509TbsCertificate();
        x509TbsCertificate.setVersion(X509TbsCertificate.getVersion3());
        x509TbsCertificate.setSerialNumber(getSerialNumber());
        x509TbsCertificate.setSignatureAlgorithm(getSignatureAlgorithm());
        x509TbsCertificate.setIssuer(new X501Name(new X501RelativeDistinguishedName[]{new X501RelativeDistinguishedName(new X501Attribute[]{new X501Attribute(X501AttributeType.getCommonName(), new X501DirectoryString(getIssuerName()).toAsn1Printable().getBytes())})}));
        X509Validity x509Validity = new X509Validity();
        x509Validity.setNotBefore(new X509Time(getNotBefore()));
        x509Validity.setNotAfter(new X509Time(getNotAfter()));
        x509TbsCertificate.setValidity(x509Validity);
        x509TbsCertificate.setSubject(new X501Name(new X501RelativeDistinguishedName[]{new X501RelativeDistinguishedName(new X501Attribute[]{new X501Attribute(X501AttributeType.getCommonName(), new X501DirectoryString(getSubjectName()).toAsn1Printable().getBytes())})}));
        X509SubjectPublicKeyInfo x509SubjectPublicKeyInfo = new X509SubjectPublicKeyInfo();
        x509SubjectPublicKeyInfo.setAlgorithm(X509AlgorithmIdentifier.getRsaEncryption());
        x509SubjectPublicKeyInfo.setSubjectPublicKey(new X509RsaPublicKey(getKey().getModulus(), getKey().getPublicExponent()).toAsn1().getBytes());
        x509TbsCertificate.setSubjectPublicKeyInfo(x509SubjectPublicKeyInfo);
        byte[] signRsaSha1 = Crypto.signRsaSha1(Crypto.getSha1Hash(x509TbsCertificate.toAsn1().getBytes()), getKey());
        X509Certificate x509Certificate = new X509Certificate();
        x509Certificate.setCertificate(x509TbsCertificate);
        x509Certificate.setSignatureAlgorithm(getSignatureAlgorithm());
        x509Certificate.setSignature(signRsaSha1);
        return x509Certificate;
    }
}
