package org.kde.kdeconnect.Helpers.SecurityHelpers;

import android.content.Context;
import android.content.SharedPreferences;
import android.os.Build;
import android.preference.PreferenceManager;
import android.util.Base64;
import android.util.Log;
import java.io.IOException;
import java.math.BigInteger;
import java.net.Socket;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Formatter;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.kde.kdeconnect.Helpers.DeviceHelper;
import org.kde.kdeconnect.Helpers.RandomHelper;
import org.spongycastle.asn1.x500.X500NameBuilder;
import org.spongycastle.asn1.x500.style.BCStyle;
import org.spongycastle.cert.X509CertificateHolder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class SslHelper {
    public static final BouncyCastleProvider BC = new BouncyCastleProvider();
    public static X509Certificate certificate;

    /* loaded from: classes.dex */
    public enum SslMode {
        Client,
        Server
    }

    public static void configureSslSocket(SSLSocket sSLSocket, boolean z, boolean z2) {
        sSLSocket.setEnabledProtocols(new String[]{"TLSv1"});
        ArrayList arrayList = new ArrayList();
        if (Build.VERSION.SDK_INT >= 21) {
            arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
            arrayList.add("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256");
            arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
        } else if (Build.VERSION.SDK_INT >= 11) {
            arrayList.add("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");
            arrayList.add("SSL_RSA_WITH_RC4_128_SHA");
            arrayList.add("SSL_RSA_WITH_RC4_128_MD5");
        } else {
            arrayList.add("SSL_RSA_WITH_RC4_128_SHA");
            arrayList.add("SSL_RSA_WITH_RC4_128_MD5");
        }
        sSLSocket.setEnabledCipherSuites((String[]) arrayList.toArray(new String[arrayList.size()]));
        if (z2) {
            sSLSocket.setUseClientMode(true);
            return;
        }
        sSLSocket.setUseClientMode(false);
        if (z) {
            sSLSocket.setNeedClientAuth(true);
        } else {
            sSLSocket.setWantClientAuth(true);
        }
    }

    public static SSLSocket convertToSslSocket(Context context, Socket socket, String str, boolean z, boolean z2) throws IOException {
        SSLSocket sSLSocket = (SSLSocket) getSslContext(context, str, z).getSocketFactory().createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
        configureSslSocket(sSLSocket, z, z2);
        return sSLSocket;
    }

    public static String getCertificateHash(Certificate certificate2) {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-1").digest(certificate2.getEncoded());
            Formatter formatter = new Formatter();
            int i = 0;
            while (i < digest.length - 1) {
                formatter.format("%02x:", Byte.valueOf(digest[i]));
                i++;
            }
            formatter.format("%02x", Byte.valueOf(digest[i]));
            return formatter.toString();
        } catch (Exception e) {
            return null;
        }
    }

    public static SSLContext getSslContext(Context context, String str, boolean z) {
        try {
            PrivateKey privateKey = RsaHelper.getPrivateKey(context);
            X509Certificate certificate2 = z ? new JcaX509CertificateConverter().setProvider(BC).getCertificate(new X509CertificateHolder(Base64.decode(context.getSharedPreferences(str, 0).getString("certificate", ""), 0))) : null;
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            keyStore.setKeyEntry("key", privateKey, "".toCharArray(), new Certificate[]{certificate});
            if (certificate2 != null) {
                keyStore.setCertificateEntry(str, certificate2);
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, "".toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: org.kde.kdeconnect.Helpers.SecurityHelpers.SslHelper.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }};
            SSLContext sSLContext = SSLContext.getInstance("TLSv1");
            if (z) {
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), RandomHelper.secureRandom);
                return sSLContext;
            }
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, RandomHelper.secureRandom);
            return sSLContext;
        } catch (Exception e) {
            Log.e("KDE/SslHelper", "Error creating tls context");
            e.printStackTrace();
            return null;
        }
    }

    public static void initialiseCertificate(Context context) {
        try {
            PrivateKey privateKey = RsaHelper.getPrivateKey(context);
            PublicKey publicKey = RsaHelper.getPublicKey(context);
            SharedPreferences defaultSharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
            if (defaultSharedPreferences.contains("certificate")) {
                try {
                    certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(new X509CertificateHolder(Base64.decode(PreferenceManager.getDefaultSharedPreferences(context).getString("certificate", ""), 0)));
                    return;
                } catch (Exception e) {
                    Log.e("KDE/SslHelper", "Exception reading own certificate");
                    e.printStackTrace();
                    return;
                }
            }
            try {
                X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
                x500NameBuilder.addRDN(BCStyle.CN, DeviceHelper.getDeviceId(context));
                x500NameBuilder.addRDN(BCStyle.OU, "KDE Connect");
                x500NameBuilder.addRDN(BCStyle.O, "KDE");
                Calendar calendar = Calendar.getInstance();
                calendar.add(1, -1);
                Date time = calendar.getTime();
                calendar.add(1, 10);
                certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(new JcaX509v3CertificateBuilder(x500NameBuilder.build(), BigInteger.ONE, time, calendar.getTime(), x500NameBuilder.build(), publicKey).build(new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(privateKey)));
                SharedPreferences.Editor edit = defaultSharedPreferences.edit();
                edit.putString("certificate", Base64.encodeToString(certificate.getEncoded(), 0));
                edit.apply();
            } catch (Exception e2) {
                e2.printStackTrace();
                Log.e("KDE/initialiseCert", "Exception");
            }
        } catch (Exception e3) {
            Log.e("SslHelper", "Error getting keys, can't create certificate");
        }
    }

    public static boolean isCertificateStored(Context context, String str) {
        return !context.getSharedPreferences(str, 0).getString("certificate", "").isEmpty();
    }

    public static Certificate parseCertificate(byte[] bArr) throws IOException, CertificateException {
        return new JcaX509CertificateConverter().setProvider(BC).getCertificate(new X509CertificateHolder(bArr));
    }
}
