package sk.mimac.slideshow.utils;

import fi.iki.elonen.NanoHTTPD;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.net.ServerSocket;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.asn1.x509.AlgorithmIdentifier;
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
import org.spongycastle.cert.X509v1CertificateBuilder;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.crypto.util.PrivateKeyFactory;
import org.spongycastle.operator.DefaultDigestAlgorithmIdentifierFinder;
import org.spongycastle.operator.DefaultSignatureAlgorithmIdentifierFinder;
import org.spongycastle.operator.bc.BcRSAContentSignerBuilder;
import sk.mimac.slideshow.FileConstants;
import sk.mimac.slideshow.settings.SystemSettings;
import sk.mimac.slideshow.settings.UserSettings;
import sk.mimac.slideshow.utils.CertificateUtils;

/* loaded from: classes5.dex */
public class CertificateUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateUtils.class);

    private CertificateUtils() {
    }

    public static String checkCertificate(String str, String str2) {
        try {
            SSLContext.getInstance("TLS").init(getKeyManagerFactory(loadKeystore(str, str2), str2).getKeyManagers(), null, null);
            return null;
        } catch (Exception e) {
            return e.getMessage();
        }
    }

    public static boolean checkCertificate() {
        if (!new File(FileConstants.CERTIFICATE_FILE).exists() || SystemSettings.getHttpsCertPassword() == null) {
            return false;
        }
        String checkCertificate = checkCertificate(FileConstants.CERTIFICATE_FILE, CryptUtils.decryptPassword(SystemSettings.getHttpsCertPassword()));
        if (checkCertificate == null) {
            return true;
        }
        LOG.error("HTTPS certificate check failed: {}", checkCertificate);
        return false;
    }

    public static void generateCertificate() {
        try {
            LOG.info("Generating HTTPS certificate");
            SecureRandom secureRandom = new SecureRandom();
            String bigInteger = new BigInteger(132, secureRandom).toString(34);
            Calendar calendar = Calendar.getInstance();
            calendar.add(1, 70);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            X500Name x500Name = new X500Name("CN=Slideshow");
            SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded());
            AlgorithmIdentifier find = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA256withRSA");
            X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new X509v1CertificateBuilder(x500Name, new BigInteger(250, secureRandom).add(BigInteger.valueOf(System.currentTimeMillis())), new Date(), calendar.getTime(), x500Name, subjectPublicKeyInfo).build(new BcRSAContentSignerBuilder(find, new DefaultDigestAlgorithmIdentifierFinder().find(find)).build(PrivateKeyFactory.createKey(generateKeyPair.getPrivate().getEncoded()))));
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, null);
            keyStore.setKeyEntry("mykey", generateKeyPair.getPrivate(), bigInteger.toCharArray(), new Certificate[]{certificate});
            FileOutputStream fileOutputStream = new FileOutputStream(FileConstants.CERTIFICATE_FILE);
            try {
                keyStore.store(fileOutputStream, bigInteger.toCharArray());
                fileOutputStream.close();
                SystemSettings.setHttpsCertPassword(CryptUtils.encryptPassword(bigInteger));
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Can't generate HTTPS certificate", (Throwable) e);
        }
    }

    private static KeyManagerFactory getKeyManagerFactory(KeyStore keyStore, String str) {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, str.toCharArray());
        return keyManagerFactory;
    }

    public static NanoHTTPD.ServerSocketFactory getServerSocketFactory() {
        String decryptPassword = CryptUtils.decryptPassword(SystemSettings.getHttpsCertPassword());
        KeyManagerFactory keyManagerFactory = getKeyManagerFactory(loadKeystore(FileConstants.CERTIFICATE_FILE, decryptPassword), decryptPassword);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        final SSLServerSocketFactory serverSocketFactory = sSLContext.getServerSocketFactory();
        return new NanoHTTPD.ServerSocketFactory() { // from class: E0.a
            @Override // fi.iki.elonen.NanoHTTPD.ServerSocketFactory
            public final ServerSocket create() {
                ServerSocket lambda$getServerSocketFactory$0;
                lambda$getServerSocketFactory$0 = CertificateUtils.lambda$getServerSocketFactory$0(serverSocketFactory);
                return lambda$getServerSocketFactory$0;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ ServerSocket lambda$getServerSocketFactory$0(SSLServerSocketFactory sSLServerSocketFactory) {
        SSLServerSocket sSLServerSocket = (SSLServerSocket) sSLServerSocketFactory.createServerSocket();
        sSLServerSocket.setUseClientMode(false);
        sSLServerSocket.setWantClientAuth(false);
        sSLServerSocket.setNeedClientAuth(false);
        if (UserSettings.DISABLE_NON_SSL_INTERFACES.getBoolean()) {
            HashSet hashSet = new HashSet(Arrays.asList(sSLServerSocket.getEnabledProtocols()));
            hashSet.removeAll(Arrays.asList("SSLv3", "TLSv1", "TLSv1.1"));
            sSLServerSocket.setEnabledProtocols((String[]) hashSet.toArray(new String[0]));
        }
        return sSLServerSocket;
    }

    private static KeyStore loadKeystore(String str, String str2) {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            keyStore.load(fileInputStream, str2.toCharArray());
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
