package rikka.shizuku;

import android.annotation.SuppressLint;
import android.security.keystore.KeyGenParameterSpec;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.net.Socket;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Date;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.GCMParameterSpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;

/* loaded from: classes.dex */
public final class i3 {
    public static final a h = new a(null);
    private static final byte[] i = {0, 1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, 48, 33, 48, 9, 6, 5, 43, 14, 3, 2, 26, 5, 0, 4, 20};

    /* renamed from: a, reason: collision with root package name */
    private final l3 f6517a;
    private final Key b;
    private final RSAPrivateKey c;
    private final RSAPublicKey d;
    private final X509Certificate e;
    private final gy f;
    private final gy g;

    /* loaded from: classes.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(yi yiVar) {
            this();
        }
    }

    /* loaded from: classes.dex */
    static final class b extends yx implements mp<byte[]> {
        final /* synthetic */ String f;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        b(String str) {
            super(0);
            this.f = str;
        }

        @Override // rikka.shizuku.mp
        /* renamed from: c, reason: merged with bridge method [inline-methods] */
        public final byte[] b() {
            byte[] b;
            b = k3.b(i3.this.d, this.f);
            return b;
        }
    }

    /* loaded from: classes.dex */
    public static final class c extends X509ExtendedKeyManager {

        /* renamed from: a, reason: collision with root package name */
        private final String f6518a = "key";

        c() {
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            kv.d(strArr, "keyTypes");
            String arrays = Arrays.toString(strArr);
            String arrays2 = principalArr != null ? Arrays.toString(principalArr) : null;
            StringBuilder sb = new StringBuilder();
            sb.append("chooseClientAlias: keyType=");
            sb.append(arrays);
            sb.append(", issuers=");
            sb.append(arrays2);
            for (String str : strArr) {
                if (kv.a(str, "RSA")) {
                    return this.f6518a;
                }
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            kv.d(str, "keyType");
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            StringBuilder sb = new StringBuilder();
            sb.append("getCertificateChain: alias=");
            sb.append(str);
            if (kv.a(str, this.f6518a)) {
                return new X509Certificate[]{i3.this.e};
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            StringBuilder sb = new StringBuilder();
            sb.append("getPrivateKey: alias=");
            sb.append(str);
            if (kv.a(str, this.f6518a)) {
                return i3.this.c;
            }
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            kv.d(str, "keyType");
            return null;
        }
    }

    /* loaded from: classes.dex */
    static final class d extends yx implements mp<SSLContext> {
        d() {
            super(0);
        }

        @Override // rikka.shizuku.mp
        /* renamed from: c, reason: merged with bridge method [inline-methods] */
        public final SSLContext b() {
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            sSLContext.init(new c[]{i3.this.i()}, new e[]{i3.this.m()}, new SecureRandom());
            return sSLContext;
        }
    }

    /* loaded from: classes.dex */
    public static final class e extends X509ExtendedTrustManager {
        e() {
        }

        @Override // javax.net.ssl.X509TrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        }

        @Override // javax.net.ssl.X509TrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, Socket socket) {
        }

        @Override // javax.net.ssl.X509ExtendedTrustManager
        @SuppressLint({"TrustAllX509TrustManager"})
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str, SSLEngine sSLEngine) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }

    public i3(l3 l3Var, String str) {
        kv.d(l3Var, "adbKeyStore");
        kv.d(str, "name");
        this.f6517a = l3Var;
        Key j = j();
        if (j == null) {
            throw new IllegalStateException("Failed to generate encryption key with AndroidKeyManager.".toString());
        }
        this.b = j;
        RSAPrivateKey k = k();
        this.c = k;
        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(k.getModulus(), RSAKeyGenParameterSpec.F4));
        kv.c(generatePublic, "null cannot be cast to non-null type java.security.interfaces.RSAPublicKey");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generatePublic;
        this.d = rSAPublicKey;
        Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(new by0(new vx0("CN=00"), BigInteger.ONE, new Date(0L), new Date(2461449600000L), Locale.ROOT, new vx0("CN=00"), pl0.j(rSAPublicKey.getEncoded())).a(new vv("SHA256withRSA").b(k)).getEncoded()));
        kv.c(generateCertificate, "null cannot be cast to non-null type java.security.cert.X509Certificate");
        this.e = (X509Certificate) generateCertificate;
        k.toString();
        this.f = ly.a(new b(str));
        this.g = ly.a(new d());
    }

    private final byte[] f(byte[] bArr, byte[] bArr2) {
        if (bArr.length < 28) {
            return null;
        }
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr, 0, 12);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, this.b, gCMParameterSpec);
        cipher.updateAAD(bArr2);
        return cipher.doFinal(bArr, 12, bArr.length - 12);
    }

    private final byte[] g(byte[] bArr, byte[] bArr2) {
        if (bArr.length > 2147483619) {
            return null;
        }
        byte[] bArr3 = new byte[bArr.length + 12 + 16];
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, this.b);
        cipher.updateAAD(bArr2);
        cipher.doFinal(bArr, 0, bArr.length, bArr3, 12);
        System.arraycopy(cipher.getIV(), 0, bArr3, 0, 12);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final c i() {
        return new c();
    }

    private final Key j() {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        Key key = keyStore.getKey("_adbkey_encryption_key_", null);
        if (key != null) {
            return key;
        }
        KeyGenParameterSpec build = new KeyGenParameterSpec.Builder("_adbkey_encryption_key_", 3).setBlockModes("GCM").setEncryptionPaddings("NoPadding").setKeySize(256).build();
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
        keyGenerator.init(build);
        return keyGenerator.generateKey();
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x003c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final java.security.interfaces.RSAPrivateKey k() {
        /*
            r8 = this;
            r0 = 16
            byte[] r0 = new byte[r0]
            java.lang.String r1 = "adbkey"
            java.nio.charset.Charset r2 = rikka.shizuku.hc.b
            byte[] r1 = r1.getBytes(r2)
            r3 = 0
            r4 = 0
            r5 = 0
            r6 = 14
            r7 = 0
            r2 = r0
            rikka.shizuku.r7.d(r1, r2, r3, r4, r5, r6, r7)
            rikka.shizuku.l3 r1 = r8.f6517a
            byte[] r1 = r1.a()
            java.lang.String r2 = "null cannot be cast to non-null type java.security.interfaces.RSAPrivateKey"
            java.lang.String r3 = "RSA"
            if (r1 == 0) goto L39
            byte[] r1 = r8.f(r1, r0)     // Catch: java.lang.Exception -> L39
            java.security.KeyFactory r4 = java.security.KeyFactory.getInstance(r3)     // Catch: java.lang.Exception -> L39
            java.security.spec.PKCS8EncodedKeySpec r5 = new java.security.spec.PKCS8EncodedKeySpec     // Catch: java.lang.Exception -> L39
            r5.<init>(r1)     // Catch: java.lang.Exception -> L39
            java.security.PrivateKey r1 = r4.generatePrivate(r5)     // Catch: java.lang.Exception -> L39
            rikka.shizuku.kv.c(r1, r2)     // Catch: java.lang.Exception -> L39
            java.security.interfaces.RSAPrivateKey r1 = (java.security.interfaces.RSAPrivateKey) r1     // Catch: java.lang.Exception -> L39
            goto L3a
        L39:
            r1 = 0
        L3a:
            if (r1 != 0) goto L68
            java.security.KeyPairGenerator r1 = java.security.KeyPairGenerator.getInstance(r3)
            java.security.spec.RSAKeyGenParameterSpec r3 = new java.security.spec.RSAKeyGenParameterSpec
            r4 = 2048(0x800, float:2.87E-42)
            java.math.BigInteger r5 = java.security.spec.RSAKeyGenParameterSpec.F4
            r3.<init>(r4, r5)
            r1.initialize(r3)
            java.security.KeyPair r1 = r1.generateKeyPair()
            java.security.PrivateKey r1 = r1.getPrivate()
            rikka.shizuku.kv.c(r1, r2)
            java.security.interfaces.RSAPrivateKey r1 = (java.security.interfaces.RSAPrivateKey) r1
            byte[] r2 = r1.getEncoded()
            byte[] r0 = r8.g(r2, r0)
            if (r0 == 0) goto L68
            rikka.shizuku.l3 r2 = r8.f6517a
            r2.b(r0)
        L68:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: rikka.shizuku.i3.k():java.security.interfaces.RSAPrivateKey");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final e m() {
        return new e();
    }

    public final byte[] h() {
        return (byte[]) this.f.getValue();
    }

    public final SSLContext l() {
        return (SSLContext) this.g.getValue();
    }

    public final byte[] n(byte[] bArr) {
        Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
        cipher.init(1, this.c);
        cipher.update(i);
        return cipher.doFinal(bArr);
    }
}
