package tech.lp2p.core;

import com.android.tools.r8.RecordTag;
import com.google.protobuf.ByteString;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import tech.lp2p.Lite$Settings$$ExternalSyntheticRecord0;
import tech.lp2p.cert.ASN1Encodable;
import tech.lp2p.cert.ASN1Object;
import tech.lp2p.cert.ASN1ObjectIdentifier;
import tech.lp2p.cert.ASN1OctetString;
import tech.lp2p.cert.ASN1Primitive;
import tech.lp2p.cert.DEROctetString;
import tech.lp2p.cert.DERSequence;
import tech.lp2p.cert.DLSequence;
import tech.lp2p.cert.JcaContentSignerBuilder;
import tech.lp2p.cert.SubjectPublicKeyInfo;
import tech.lp2p.cert.X500Name;
import tech.lp2p.cert.X509CertificateConverter;
import tech.lp2p.cert.X509v3CertificateBuilder;
import tech.lp2p.proto.Crypto;
import tech.lp2p.utils.Utils;

/* loaded from: classes3.dex */
public final class Certificate extends RecordTag {
    private static final String NAMED_CURVE = "secp256r1";
    private static final String TLS_HANDSHAKE = "libp2p-tls-handshake:";
    private final byte[] certificate;
    private final PrivateKey key;
    private final byte[] privateKey;
    private final X509Certificate x509Certificate;
    private static final int[] EXTENSION_PREFIX = {1, 3, 6, 1, 4, 1, 53594};
    public static final int[] PREFIXED_EXTENSION_ID = getPrefixedExtensionID(new int[]{1, 1});

    /* loaded from: classes3.dex */
    public static class SignedKey extends ASN1Object {
        private final ASN1OctetString PubKey;
        private final ASN1OctetString Signature;

        SignedKey(byte[] bArr, byte[] bArr2) {
            this.PubKey = new DEROctetString(bArr);
            this.Signature = new DEROctetString(bArr2);
        }

        @Override // tech.lp2p.cert.ASN1Object, tech.lp2p.cert.ASN1Encodable
        public ASN1Primitive toASN1Primitive() {
            return new DERSequence(new ASN1Encodable[]{this.PubKey, this.Signature});
        }
    }

    private /* synthetic */ boolean $record$equals(Object obj) {
        if (obj != null && getClass() == obj.getClass()) {
            return Arrays.equals($record$getFieldsAsObjects(), ((Certificate) obj).$record$getFieldsAsObjects());
        }
        return false;
    }

    private /* synthetic */ Object[] $record$getFieldsAsObjects() {
        return new Object[]{this.x509Certificate, this.key, this.certificate, this.privateKey};
    }

    public Certificate(X509Certificate x509Certificate, PrivateKey privateKey, byte[] bArr, byte[] bArr2) {
        this.x509Certificate = x509Certificate;
        this.key = privateKey;
        this.certificate = bArr;
        this.privateKey = bArr2;
    }

    public static Certificate createCertificate(Keys keys) throws Exception {
        SecureRandom secureRandom = new SecureRandom();
        Calendar calendar = Calendar.getInstance();
        calendar.set(1, 2099);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.set(1, 2020);
        Date time = calendar2.getTime();
        Date time2 = calendar.getTime();
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(new ECGenParameterSpec(NAMED_CURVE));
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        PrivateKey privateKey = genKeyPair.getPrivate();
        PublicKey publicKey = genKeyPair.getPublic();
        BigInteger bigInteger = new BigInteger(64, secureRandom);
        X500Name x500Name = new X500Name("CN=localhost");
        X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(x500Name, bigInteger, time, time2, Locale.US, x500Name, genKeyPair.getPublic());
        byte[] byteArray = Crypto.PublicKey.newBuilder().setType(Crypto.KeyType.Ed25519).setData(ByteString.copyFrom(keys.peerId().hash())).build().toByteArray();
        SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
        Objects.requireNonNull(subjectPublicKeyInfo);
        SignedKey signedKey = new SignedKey(byteArray, keys.sign(Utils.concat(TLS_HANDSHAKE.getBytes(), subjectPublicKeyInfo.getEncoded())));
        X509Certificate certificate = X509CertificateConverter.getCertificate(x509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier(getLiteExtension()), false, signedKey).build(new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey)));
        certificate.verify(publicKey);
        byte[] bytes = ("-----BEGIN PRIVATE KEY-----\n" + Base64.getEncoder().encodeToString(privateKey.getEncoded()) + "\n-----END PRIVATE KEY-----\n").getBytes(StandardCharsets.US_ASCII);
        byte[] bytes2 = ("-----BEGIN CERTIFICATE-----\n" + Base64.getEncoder().encodeToString(certificate.getEncoded()) + "\n-----END CERTIFICATE-----\n").getBytes(StandardCharsets.US_ASCII);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes2);
        try {
            Certificate certificate2 = new Certificate((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream), privateKey, bytes2, bytes);
            byteArrayInputStream.close();
            return certificate2;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static PeerId extractPeerId(X509Certificate x509Certificate) throws Exception {
        byte[] extensionValue = x509Certificate.getExtensionValue(getLiteExtension());
        Objects.requireNonNull(extensionValue);
        DLSequence dLSequence = (DLSequence) DERSequence.getInstance(ASN1Primitive.fromByteArray(((ASN1OctetString) ASN1Primitive.fromByteArray(extensionValue)).getOctets()));
        Crypto.PublicKey parseFrom = Crypto.PublicKey.parseFrom(((DEROctetString) dLSequence.getObjectAt(0)).getOctets());
        Utils.checkArgument(parseFrom.getType(), Crypto.KeyType.Ed25519, "Only Ed25519 expected");
        PeerId create = PeerId.create(parseFrom.getData().toByteArray());
        create.verify(Utils.concat(TLS_HANDSHAKE.getBytes(), x509Certificate.getPublicKey().getEncoded()), ((DEROctetString) dLSequence.getObjectAt(1)).getOctets());
        return create;
    }

    public static String getLiteExtension() {
        return integersToString(PREFIXED_EXTENSION_ID);
    }

    private static int[] getPrefixedExtensionID(int[] iArr) {
        return Utils.concat(EXTENSION_PREFIX, iArr);
    }

    public static String integersToString(int[] iArr) {
        String str = "";
        for (int i = 0; i < iArr.length; i++) {
            if (i > 0) {
                str = str.concat(".");
            }
            str = str.concat(String.valueOf(iArr[i]));
        }
        return str;
    }

    public static void validCertificate(X509Certificate x509Certificate) throws Exception {
        x509Certificate.checkValidity();
        x509Certificate.verify(x509Certificate.getPublicKey());
        Set<String> criticalExtensionOIDs = x509Certificate.getCriticalExtensionOIDs();
        if (criticalExtensionOIDs.contains(getLiteExtension())) {
            Utils.checkTrue(criticalExtensionOIDs.size() == 1, "unknown critical extensions");
            r4 = true;
        } else {
            Utils.checkTrue(criticalExtensionOIDs.isEmpty(), "unknown critical extensions");
        }
        Utils.checkTrue((r4 || !x509Certificate.getNonCriticalExtensionOIDs().contains(getLiteExtension())) ? r4 : true, "libp2p Public Key Extension is missing");
    }

    public byte[] certificate() {
        return this.certificate;
    }

    public final boolean equals(Object obj) {
        return $record$equals(obj);
    }

    public final int hashCode() {
        return Lite$Settings$$ExternalSyntheticRecord0.m(getClass(), $record$getFieldsAsObjects());
    }

    public PrivateKey key() {
        return this.key;
    }

    public byte[] privateKey() {
        return this.privateKey;
    }

    public final String toString() {
        return Lite$Settings$$ExternalSyntheticRecord0.m($record$getFieldsAsObjects(), Certificate.class, "x509Certificate;key;certificate;privateKey");
    }

    public X509Certificate x509Certificate() {
        return this.x509Certificate;
    }
}
