package defpackage;

import com.minhui.vpn.certificate.Authority;
import com.minhui.vpn.log.VPNLog;
import com.tencent.mm.opensdk.modelmsg.WXMediaMessage;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Random;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

/* loaded from: classes.dex */
public final class gu {
    private static final String a;
    private static final Date b;
    private static final Date c;

    static {
        Security.addProvider(new agm());
        a = (b() ? "SHA256" : "SHA512") + "WithRSAEncryption";
        b = new Date(System.currentTimeMillis() - 31536000000L);
        c = new Date(System.currentTimeMillis() + 3153600000000L);
    }

    public static long a() {
        new Random().setSeed(System.currentTimeMillis());
        return ((r0.nextInt() & 4294967295L) | (r0.nextInt() << 32)) & 281474976710655L;
    }

    private static afc a(Key key) {
        aam aamVar;
        try {
            aamVar = new aam(new ByteArrayInputStream(key.getEncoded()));
        } catch (Throwable th) {
            th = th;
            aamVar = null;
        }
        try {
            afc a2 = new afs().a(new afd((aaw) aamVar.d()));
            aaa.a((InputStream) aamVar);
            return a2;
        } catch (Throwable th2) {
            th = th2;
            aaa.a((InputStream) aamVar);
            throw th;
        }
    }

    public static KeyPair a(int i) {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(i, SecureRandom.getInstance("SHA1PRNG"));
        return keyPairGenerator.generateKeyPair();
    }

    public static KeyStore a(Authority authority, String str) {
        KeyPair a2 = a(2048);
        adz adzVar = new adz(aec.J);
        adzVar.a(aec.e, authority.commonName());
        adzVar.a(aec.b, authority.organization());
        adzVar.a(aec.c, authority.organizationalUnitName());
        ady a3 = adzVar.a();
        BigInteger valueOf = BigInteger.valueOf(a());
        PublicKey publicKey = a2.getPublic();
        afy afyVar = new afy(a3, valueOf, b, c, a3, publicKey);
        afyVar.a(aeq.b, false, a(publicKey));
        afyVar.a(aeq.g, true, new ael(true));
        afyVar.a(aeq.c, false, new aez(182));
        aai aaiVar = new aai();
        aaiVar.a(aey.b);
        aaiVar.a(aey.c);
        aaiVar.a(aey.a);
        afyVar.a(aeq.u, false, new ach(aaiVar));
        X509Certificate a4 = a(afyVar, a2.getPrivate());
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        keyStore.setKeyEntry(authority.alias(), a2.getPrivate(), authority.password(), new Certificate[]{a4});
        return keyStore;
    }

    public static KeyStore a(String str, Authority authority, Certificate certificate, PrivateKey privateKey) {
        KeyPair a2 = a(WXMediaMessage.DESCRIPTION_LENGTH_LIMIT);
        ady a3 = new afp(certificate.getEncoded()).a();
        BigInteger valueOf = BigInteger.valueOf(a());
        adz adzVar = new adz(aec.J);
        adzVar.a(aec.e, str);
        adzVar.a(aec.b, authority.certOrganisation());
        adzVar.a(aec.c, authority.certOrganizationalUnitName());
        afy afyVar = new afy(a3, valueOf, b, new Date(System.currentTimeMillis() + 86400000), adzVar.a(), a2.getPublic());
        afyVar.a(aeq.b, false, a(a2.getPublic()));
        afyVar.a(aeq.g, false, new ael(false));
        afyVar.a(aeq.e, false, new ach(new aah[]{new aet(2, str)}));
        X509Certificate a4 = a(afyVar, privateKey);
        a4.checkValidity(new Date());
        a4.verify(certificate.getPublicKey());
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry(authority.alias(), a2.getPrivate(), authority.password(), new Certificate[]{a4, certificate});
        return keyStore;
    }

    private static X509Certificate a(afr afrVar, PrivateKey privateKey) {
        return new afw().a("BC").a(afrVar.a(new ahc(a).a("BC").a(privateKey)));
    }

    public static SSLContext a(KeyManager[] keyManagerArr) {
        SSLContext c2 = c();
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(System.currentTimeMillis());
        c2.init(keyManagerArr, null, secureRandom);
        return c2;
    }

    public static SSLContext a(KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) {
        SSLContext c2 = c();
        c2.init(keyManagerArr, trustManagerArr, null);
        return c2;
    }

    public static KeyManager[] a(KeyStore keyStore, Authority authority) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, authority.password());
        return keyManagerFactory.getKeyManagers();
    }

    private static boolean b() {
        Integer integer = Integer.getInteger("sun.arch.data.model");
        return integer != null && integer.intValue() == 32;
    }

    private static SSLContext c() {
        try {
            VPNLog.d("CertificateHelper", "Using protocol {}TLSv1.2");
            return SSLContext.getInstance("TLSv1.2");
        } catch (NoSuchAlgorithmException e) {
            VPNLog.w("CertificateHelper", "Protocol {} not available, falling back to {}TLSv1.2TLSv1");
            return SSLContext.getInstance("TLSv1");
        }
    }
}
