package org.littleshoot.proxy.mitm;

import com.huawei.welink.hotfix.RedirectController;
import com.huawei.welink.hotfix.common.RedirectProxy;
import io.netty.handler.ssl.GmtlsOpensslClientContext;
import io.netty.handler.ssl.GmtlsTrustedChain;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.Date;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes9.dex */
public final class CertificateHelper {
    private static final int FAKE_KEYSIZE = 1024;
    private static final String KEYGEN_ALGORITHM = "RSA";
    private static final Date NOT_AFTER = null;
    private static final Date NOT_BEFORE = null;
    private static final long ONE_DAY = 86400000;
    private static final int ROOT_KEYSIZE = 2048;
    private static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String SIGNATURE_ALGORITHM = null;
    private static final String SSL_CONTEXT_FALLBACK_PROTOCOL = "TLSv1";
    private static final String SSL_CONTEXT_PROTOCOL = "TLSv1.2";
    private static final Logger log = null;

    static {
        if (RedirectProxy.redirect("staticBlockProxy_for_patch_AUTO_M3G2_GEN_N6N()", new Object[0], null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect).isSupport) {
            return;
        }
        staticBlockProxy_for_patch_AUTO_M3G2_GEN_N6N();
    }

    private CertificateHelper() {
        if (RedirectProxy.redirect("CertificateHelper()", new Object[0], this, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect).isSupport) {
        }
    }

    public static KeyPair generateKeyPair(int i) throws NoSuchAlgorithmException, NoSuchProviderException {
        RedirectProxy.Result redirect = RedirectProxy.redirect("generateKeyPair(int)", new Object[]{new Integer(i)}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (KeyPair) redirect.result;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEYGEN_ALGORITHM);
        keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyManager[] getKeyManagers(KeyStore keyStore, Authority authority) throws NoSuchAlgorithmException, NoSuchProviderException, UnrecoverableKeyException, KeyStoreException {
        RedirectProxy.Result redirect = RedirectProxy.redirect("getKeyManagers(java.security.KeyStore,org.littleshoot.proxy.mitm.Authority)", new Object[]{keyStore, authority}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (KeyManager[]) redirect.result;
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, authority.codeByte());
        return keyManagerFactory.getKeyManagers();
    }

    private static boolean is32BitJvm() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("is32BitJvm()", new Object[0], null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return ((Boolean) redirect.result).booleanValue();
        }
        Integer integer = Integer.getInteger("sun.arch.data.model");
        return integer != null && integer.intValue() == 32;
    }

    public static SSLContext newClientContext(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newClientContext(javax.net.ssl.KeyManager[],javax.net.ssl.TrustManager[])", new Object[]{keyManagerArr, trustManagerArr}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        SSLContext newClientSSLContext = newClientSSLContext();
        newClientSSLContext.init(keyManagerArr, trustManagerArr, null);
        return newClientSSLContext;
    }

    private static SSLContext newClientSSLContext() throws NoSuchAlgorithmException {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newClientSSLContext()", new Object[0], null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        try {
            try {
                log.debug("Using default protocol {}", "TLS");
                return SSLContext.getInstance("TLS");
            } catch (NoSuchAlgorithmException unused) {
                log.warn("Protocol {} not available, falling back to {}", "TLSv1.2", SSL_CONTEXT_FALLBACK_PROTOCOL);
                return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
            }
        } catch (NoSuchAlgorithmException unused2) {
            log.debug("Using protocol {}", "TLSv1.2");
            return SSLContext.getInstance("TLSv1.2");
        }
    }

    public static SslContext newGmtlsClientContext(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory, GmtlsTrustedChain gmtlsTrustedChain) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newGmtlsClientContext(javax.net.ssl.KeyManagerFactory,javax.net.ssl.TrustManagerFactory,io.netty.handler.ssl.GmtlsTrustedChain)", new Object[]{keyManagerFactory, trustManagerFactory, gmtlsTrustedChain}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SslContext) redirect.result;
        }
        try {
            return new GmtlsOpensslClientContext(null, trustManagerFactory, null, null, null, keyManagerFactory, null, IdentityCipherSuiteFilter.INSTANCE, null, new String[0], 0L, 0L, false, gmtlsTrustedChain);
        } catch (SSLException e2) {
            throw new FakeCertificateException(e2.getMessage(), e2);
        }
    }

    public static SslContext newOpenSSLClientContext(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newOpenSSLClientContext(javax.net.ssl.KeyManagerFactory,javax.net.ssl.TrustManagerFactory)", new Object[]{keyManagerFactory, trustManagerFactory}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SslContext) redirect.result;
        }
        try {
            return SslContextBuilder.forClient().keyManager(keyManagerFactory).trustManager(trustManagerFactory).build();
        } catch (SSLException e2) {
            throw new FakeCertificateException(e2.getMessage(), e2);
        }
    }

    public static SslContext newOpenSSLServerContext(KeyManagerFactory keyManagerFactory, TrustManagerFactory trustManagerFactory) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newOpenSSLServerContext(javax.net.ssl.KeyManagerFactory,javax.net.ssl.TrustManagerFactory)", new Object[]{keyManagerFactory, trustManagerFactory}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SslContext) redirect.result;
        }
        try {
            return SslContextBuilder.forServer(keyManagerFactory).trustManager(trustManagerFactory).build();
        } catch (SSLException e2) {
            throw new FakeCertificateException(e2.getMessage(), e2);
        }
    }

    public static SSLContext newServerContext(KeyManager[] keyManagerArr) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newServerContext(javax.net.ssl.KeyManager[])", new Object[]{keyManagerArr}, null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        SSLContext newServerSSLContext = newServerSSLContext();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        newServerSSLContext.init(keyManagerArr, null, secureRandom);
        return newServerSSLContext;
    }

    private static SSLContext newServerSSLContext() throws NoSuchAlgorithmException {
        RedirectProxy.Result redirect = RedirectProxy.redirect("newServerSSLContext()", new Object[0], null, RedirectController.org_littleshoot_proxy_mitm_CertificateHelper$PatchRedirect);
        if (redirect.isSupport) {
            return (SSLContext) redirect.result;
        }
        try {
            log.debug("Using protocol {}", "TLSv1.2");
            return SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException unused) {
            log.warn("Protocol {} not available, falling back to {}", "TLSv1.2", SSL_CONTEXT_FALLBACK_PROTOCOL);
            return SSLContext.getInstance(SSL_CONTEXT_FALLBACK_PROTOCOL);
        }
    }

    private static void staticBlockProxy_for_patch_AUTO_M3G2_GEN_N6N() {
        log = LoggerFactory.getLogger((Class<?>) CertificateHelper.class);
        StringBuilder sb = new StringBuilder();
        sb.append(is32BitJvm() ? "SHA256" : "SHA512");
        sb.append("WithRSAEncryption");
        SIGNATURE_ALGORITHM = sb.toString();
        NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
        NOT_AFTER = new Date(System.currentTimeMillis() + 630720000000L);
    }
}
