package com.seven.asimov.b;

import android.os.Build;
import com.seven.d.m;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import org.spongycastle.asn1.ASN1Encodable;
import org.spongycastle.asn1.x509.BasicConstraints;
import org.spongycastle.asn1.x509.KeyUsage;
import org.spongycastle.asn1.x509.X509Extension;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
import org.spongycastle.x509.extension.SubjectKeyIdentifierStructure;

/* loaded from: classes.dex */
public class a {

    /* renamed from: a, reason: collision with root package name */
    private static final com.seven.d.i f322a;
    private byte[] b;
    private X509Certificate c;
    private KeyPair d;
    private X509Certificate e;
    private KeyPair f;
    private com.seven.asimov.a.c g;
    private boolean h;

    static {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        f322a = com.seven.d.i.a(a.class);
    }

    private a() {
        this.b = new byte[]{123, 83, 101, 118, 101, 110, 96, 115, 83, 101, 99, 114, 101, 116, 67, 114, 121, 112, 116, 111, 103, 114, 97, 116, 104, 105, 99, 75, 101, 121, 33, 125};
        this.c = null;
        this.d = null;
        this.e = null;
        this.f = null;
        this.g = Build.VERSION.SDK_INT >= 14 ? new com.seven.asimov.a.d() : new com.seven.asimov.a.a();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public /* synthetic */ a(byte b) {
        this();
    }

    public static a a() {
        return b.f323a;
    }

    private KeyPair a(String str) {
        try {
            File file = new File(m.b);
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[(int) file.length()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            File file2 = new File(m.c);
            FileInputStream fileInputStream2 = new FileInputStream(file2);
            byte[] bArr2 = new byte[(int) file2.length()];
            fileInputStream2.read(bArr2);
            fileInputStream2.close();
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            PublicKey generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(bArr));
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.b, "AES");
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "SC");
            cipher.init(2, secretKeySpec);
            byte[] bArr3 = new byte[cipher.getOutputSize(bArr2.length)];
            cipher.doFinal(bArr3, cipher.update(bArr2, 0, bArr2.length, bArr3, 0));
            return new KeyPair(generatePublic, keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr3)));
        } catch (Exception e) {
            if (com.seven.d.i.b() && !(e instanceof FileNotFoundException)) {
                f322a.a("Failed to load CA key pair: ", (Throwable) e);
            }
            return null;
        }
    }

    private X509Certificate a(boolean z) {
        try {
            if (z) {
                this.d = com.seven.asimov.a.b.c();
                KeyPair keyPair = this.d;
                try {
                    X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
                    FileOutputStream fileOutputStream = new FileOutputStream(m.b);
                    fileOutputStream.write(x509EncodedKeySpec.getEncoded());
                    fileOutputStream.close();
                    PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(keyPair.getPrivate().getEncoded());
                    FileOutputStream fileOutputStream2 = new FileOutputStream(m.c);
                    SecretKeySpec secretKeySpec = new SecretKeySpec(this.b, "AES");
                    Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "SC");
                    cipher.init(1, secretKeySpec);
                    byte[] encoded = pKCS8EncodedKeySpec.getEncoded();
                    byte[] bArr = new byte[cipher.getOutputSize(encoded.length)];
                    int update = cipher.update(encoded, 0, encoded.length, bArr, 0);
                    fileOutputStream2.write(bArr, 0, cipher.doFinal(bArr, update) + update);
                    fileOutputStream2.close();
                } catch (Exception e) {
                    if (com.seven.d.i.b()) {
                        f322a.a("Failed to save CA key pair: ", (Throwable) e);
                    }
                }
            } else {
                this.f = com.seven.asimov.a.b.c();
            }
            f322a.d("[generateCACert]:root_on:C=US, O=SEVEN Networks Inc., OU=AdClear Primary Certificate,isTrusted:" + z);
            X500Principal x500Principal = new X500Principal(z ? "C=US, O=SEVEN Networks Inc., OU=AdClear Primary Certificate" : "C=US, O=SEVEN Networks Inc., OU=Untrusted Certificate");
            JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Principal, com.seven.asimov.a.b.d(), new Date(System.currentTimeMillis() - (z ? 788400000000L : 31536000000L)), new Date((z ? 788400000000L : 31536000000L) + System.currentTimeMillis()), x500Principal, z ? this.d.getPublic() : this.f.getPublic());
            jcaX509v3CertificateBuilder.a(X509Extension.g, true, (ASN1Encodable) new BasicConstraints(true));
            jcaX509v3CertificateBuilder.a(X509Extension.c, true, (ASN1Encodable) new KeyUsage(134));
            jcaX509v3CertificateBuilder.a(X509Extension.b, false, (ASN1Encodable) new SubjectKeyIdentifierStructure(z ? this.d.getPublic() : this.f.getPublic()));
            return new JcaX509CertificateConverter().a("SC").a(jcaX509v3CertificateBuilder.a(new JcaContentSignerBuilder("SHA1WithRSA").a("SC").a(z ? this.d.getPrivate() : this.f.getPrivate())));
        } catch (Exception e2) {
            if (com.seven.d.i.a()) {
                f322a.a("Failed to create OC CA certificate: " + e2.toString(), e2);
            }
            return null;
        }
    }

    public static boolean h() {
        return com.seven.vpnui.util.b.a();
    }

    private boolean i() {
        KeyPair a2 = a("RSA");
        if (a2 == null || com.seven.asimov.a.b.a(a2.getPublic()) == null) {
            if (com.seven.d.i.e()) {
                f322a.d("OC CA will be installed to TrustStore.");
            }
            return true;
        }
        if (com.seven.d.i.e()) {
            f322a.d("OC CA is already exist in TrustStore.");
        }
        return false;
    }

    /* JADX WARN: Removed duplicated region for block: B:61:0x0055 A[Catch: all -> 0x01e0, Exception -> 0x0200, TryCatch #0 {Exception -> 0x0200, blocks: (B:51:0x0025, B:53:0x0031, B:55:0x0041, B:57:0x0047, B:59:0x004f, B:61:0x0055, B:63:0x0060, B:65:0x0066, B:71:0x0156, B:96:0x01c9, B:98:0x01d6, B:99:0x01d9, B:101:0x0146, B:103:0x014c), top: B:50:0x0025 }] */
    /* JADX WARN: Removed duplicated region for block: B:80:0x0177  */
    /* JADX WARN: Removed duplicated region for block: B:82:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:96:0x01c9 A[Catch: all -> 0x01e0, Exception -> 0x0200, TRY_ENTER, TryCatch #0 {Exception -> 0x0200, blocks: (B:51:0x0025, B:53:0x0031, B:55:0x0041, B:57:0x0047, B:59:0x004f, B:61:0x0055, B:63:0x0060, B:65:0x0066, B:71:0x0156, B:96:0x01c9, B:98:0x01d6, B:99:0x01d9, B:101:0x0146, B:103:0x014c), top: B:50:0x0025 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final boolean b() {
        /*
            Method dump skipped, instructions count: 519
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.seven.asimov.b.a.b():boolean");
    }

    public final X509Certificate c() {
        return this.c;
    }

    public final KeyPair d() {
        return this.d;
    }

    public final X509Certificate e() {
        if (this.e == null) {
            this.e = a(false);
        }
        return this.e;
    }

    public final KeyPair f() {
        if (this.f == null) {
            this.e = a(false);
        }
        return this.f;
    }

    public final boolean g() {
        f322a.d("isCACertInvalid:" + com.seven.vpnui.util.b.a() + "," + i());
        return com.seven.vpnui.util.b.a() && i();
    }
}
