package wear.oneos.magisk.core.utils;

import android.content.Context;
import android.util.Base64;
import android.util.Base64OutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Random;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.UByte;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import wear.oneos.magisk.core.Config;
import wear.oneos.magisk.core.Const;
import wear.oneos.magisk.core.utils.Keygen;
import wear.oneos.magisk.signing.CryptoUtils;
import wear.oneos.magisk.signing.KeyData;

/* compiled from: Keygen.kt */
@Metadata(d1 = {"\u00000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u0000 \u00142\u00020\u0001:\u0003\u0014\u0015\u0016B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\b\u0010\u0012\u001a\u00020\u0013H\u0002R\u0014\u0010\u0005\u001a\u00020\u00068VX\u0096\u0004¢\u0006\u0006\u001a\u0004\b\u0007\u0010\bR\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\u000b\u001a\u00020\f8VX\u0096\u0004¢\u0006\u0006\u001a\u0004\b\r\u0010\u000eR\u000e\u0010\u000f\u001a\u00020\u0001X\u0082\u0004¢\u0006\u0002\n\u0000R\u0016\u0010\u0010\u001a\n \u0011*\u0004\u0018\u00010\n0\nX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0017"}, d2 = {"Lwear/oneos/magisk/core/utils/Keygen;", "Lwear/oneos/magisk/core/utils/CertKeyProvider;", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "cert", "Ljava/security/cert/X509Certificate;", "getCert", "()Ljava/security/cert/X509Certificate;", "end", "Ljava/util/Calendar;", "key", "Ljava/security/PrivateKey;", "getKey", "()Ljava/security/PrivateKey;", "provider", "start", "kotlin.jvm.PlatformType", "init", "Ljava/security/KeyStore;", "Companion", "KeyStoreProvider", "TestProvider", "app_debug"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes16.dex */
public final class Keygen implements CertKeyProvider {
    private static final String ALIAS = "magisk";
    private static final int BASE64_FLAG = 3;

    /* renamed from: Companion, reason: from kotlin metadata */
    public static final Companion INSTANCE = new Companion(null);
    private static final String DNAME = "C=US,ST=California,L=Mountain View,O=Google Inc.,OU=Android,CN=Android";
    private static final String TESTKEY_CERT = "61ed377e85d386a8dfee6b864bd85b0bfaa5af81";
    private final Calendar end;
    private final CertKeyProvider provider;
    private final Calendar start;

    /* compiled from: Keygen.kt */
    @Metadata(d1 = {"\u0000\"\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0010\u0019\n\u0002\b\u0004\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u0014\u0010\b\u001a\u00020\t8BX\u0082\u0004¢\u0006\u0006\u001a\u0004\b\n\u0010\u000bR\u000e\u0010\f\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\r"}, d2 = {"Lwear/oneos/magisk/core/utils/Keygen$Companion;", "", "()V", "ALIAS", "", "BASE64_FLAG", "", "DNAME", "PASSWORD", "", "getPASSWORD", "()[C", "TESTKEY_CERT", "app_debug"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes16.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final char[] getPASSWORD() {
            char[] charArray = "magisk".toCharArray();
            Intrinsics.checkNotNullExpressionValue(charArray, "this as java.lang.String).toCharArray()");
            return charArray;
        }
    }

    /* compiled from: Keygen.kt */
    @Metadata(d1 = {"\u0000$\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0086\u0004\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002R\u001b\u0010\u0003\u001a\u00020\u00048VX\u0096\u0084\u0002¢\u0006\f\n\u0004\b\u0007\u0010\b\u001a\u0004\b\u0005\u0010\u0006R\u001b\u0010\t\u001a\u00020\n8VX\u0096\u0084\u0002¢\u0006\f\n\u0004\b\r\u0010\b\u001a\u0004\b\u000b\u0010\fR\u001b\u0010\u000e\u001a\u00020\u000f8BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0012\u0010\b\u001a\u0004\b\u0010\u0010\u0011¨\u0006\u0013"}, d2 = {"Lwear/oneos/magisk/core/utils/Keygen$KeyStoreProvider;", "Lwear/oneos/magisk/core/utils/CertKeyProvider;", "(Lwear/oneos/magisk/core/utils/Keygen;)V", "cert", "Ljava/security/cert/X509Certificate;", "getCert", "()Ljava/security/cert/X509Certificate;", "cert$delegate", "Lkotlin/Lazy;", "key", "Ljava/security/PrivateKey;", "getKey", "()Ljava/security/PrivateKey;", "key$delegate", "ks", "Ljava/security/KeyStore;", "getKs", "()Ljava/security/KeyStore;", "ks$delegate", "app_debug"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes16.dex */
    public final class KeyStoreProvider implements CertKeyProvider {

        /* renamed from: cert$delegate, reason: from kotlin metadata */
        private final Lazy cert;

        /* renamed from: key$delegate, reason: from kotlin metadata */
        private final Lazy key;

        /* renamed from: ks$delegate, reason: from kotlin metadata */
        private final Lazy ks;
        final /* synthetic */ Keygen this$0;

        public KeyStoreProvider(final Keygen this$0) {
            Intrinsics.checkNotNullParameter(this$0, "this$0");
            this.this$0 = this$0;
            this.ks = LazyKt.lazy(new Function0<KeyStore>() { // from class: wear.oneos.magisk.core.utils.Keygen$KeyStoreProvider$ks$2
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final KeyStore invoke() {
                    KeyStore init;
                    init = Keygen.this.init();
                    return init;
                }
            });
            this.cert = LazyKt.lazy(new Function0<X509Certificate>() { // from class: wear.oneos.magisk.core.utils.Keygen$KeyStoreProvider$cert$2
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final X509Certificate invoke() {
                    KeyStore ks;
                    ks = Keygen.KeyStoreProvider.this.getKs();
                    Certificate certificate = ks.getCertificate(Const.Value.FLASH_MAGISK);
                    if (certificate != null) {
                        return (X509Certificate) certificate;
                    }
                    throw new NullPointerException("null cannot be cast to non-null type java.security.cert.X509Certificate");
                }
            });
            this.key = LazyKt.lazy(new Function0<PrivateKey>() { // from class: wear.oneos.magisk.core.utils.Keygen$KeyStoreProvider$key$2
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(0);
                }

                @Override // kotlin.jvm.functions.Function0
                public final PrivateKey invoke() {
                    KeyStore ks;
                    ks = Keygen.KeyStoreProvider.this.getKs();
                    Key key = ks.getKey(Const.Value.FLASH_MAGISK, Keygen.INSTANCE.getPASSWORD());
                    if (key != null) {
                        return (PrivateKey) key;
                    }
                    throw new NullPointerException("null cannot be cast to non-null type java.security.PrivateKey");
                }
            });
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final KeyStore getKs() {
            return (KeyStore) this.ks.getValue();
        }

        @Override // wear.oneos.magisk.core.utils.CertKeyProvider
        public X509Certificate getCert() {
            return (X509Certificate) this.cert.getValue();
        }

        @Override // wear.oneos.magisk.core.utils.CertKeyProvider
        public PrivateKey getKey() {
            return (PrivateKey) this.key.getValue();
        }
    }

    /* compiled from: Keygen.kt */
    @Metadata(d1 = {"\u0000\u001c\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002R#\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u00048VX\u0096\u0084\u0002¢\u0006\f\n\u0004\b\b\u0010\t\u001a\u0004\b\u0006\u0010\u0007R#\u0010\n\u001a\n \u0005*\u0004\u0018\u00010\u000b0\u000b8VX\u0096\u0084\u0002¢\u0006\f\n\u0004\b\u000e\u0010\t\u001a\u0004\b\f\u0010\r¨\u0006\u000f"}, d2 = {"Lwear/oneos/magisk/core/utils/Keygen$TestProvider;", "Lwear/oneos/magisk/core/utils/CertKeyProvider;", "()V", "cert", "Ljava/security/cert/X509Certificate;", "kotlin.jvm.PlatformType", "getCert", "()Ljava/security/cert/X509Certificate;", "cert$delegate", "Lkotlin/Lazy;", "key", "Ljava/security/PrivateKey;", "getKey", "()Ljava/security/PrivateKey;", "key$delegate", "app_debug"}, k = 1, mv = {1, 6, 0}, xi = 48)
    /* loaded from: classes16.dex */
    public static final class TestProvider implements CertKeyProvider {

        /* renamed from: cert$delegate, reason: from kotlin metadata */
        private final Lazy cert = LazyKt.lazy(new Function0<X509Certificate>() { // from class: wear.oneos.magisk.core.utils.Keygen$TestProvider$cert$2
            @Override // kotlin.jvm.functions.Function0
            public final X509Certificate invoke() {
                return CryptoUtils.readCertificate(new ByteArrayInputStream(KeyData.testCert()));
            }
        });

        /* renamed from: key$delegate, reason: from kotlin metadata */
        private final Lazy key = LazyKt.lazy(new Function0<PrivateKey>() { // from class: wear.oneos.magisk.core.utils.Keygen$TestProvider$key$2
            @Override // kotlin.jvm.functions.Function0
            public final PrivateKey invoke() {
                return CryptoUtils.readPrivateKey(new ByteArrayInputStream(KeyData.testKey()));
            }
        });

        @Override // wear.oneos.magisk.core.utils.CertKeyProvider
        public X509Certificate getCert() {
            return (X509Certificate) this.cert.getValue();
        }

        @Override // wear.oneos.magisk.core.utils.CertKeyProvider
        public PrivateKey getKey() {
            return (PrivateKey) this.key.getValue();
        }
    }

    public Keygen(Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        Calendar calendar = Calendar.getInstance();
        calendar.add(2, -3);
        this.start = calendar;
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(1, 30);
        this.end = calendar2;
        byte[] chksum = MessageDigest.getInstance("SHA1").digest(context.getPackageManager().getPackageInfo(context.getPackageName(), 64).signatures[0].toByteArray());
        StringBuilder sb = new StringBuilder();
        Intrinsics.checkNotNullExpressionValue(chksum, "chksum");
        int length = chksum.length;
        int i = 0;
        while (i < length) {
            byte b = chksum[i];
            i++;
            String format = String.format("%02x", Arrays.copyOf(new Object[]{Integer.valueOf(b & UByte.MAX_VALUE)}, 1));
            Intrinsics.checkNotNullExpressionValue(format, "format(this, *args)");
            sb.append(format);
        }
        this.provider = Intrinsics.areEqual(sb.toString(), TESTKEY_CERT) ? new TestProvider() : new KeyStoreProvider(this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final KeyStore init() {
        GZIPInputStream gZIPInputStream;
        String keyStoreRaw = Config.INSTANCE.getKeyStoreRaw();
        KeyStore ks = KeyStore.getInstance("PKCS12");
        if (keyStoreRaw.length() == 0) {
            ks.load(null);
        } else {
            byte[] decode = Base64.decode(keyStoreRaw, 3);
            Intrinsics.checkNotNullExpressionValue(decode, "decode(raw,\n            …BASE64_FLAG\n            )");
            gZIPInputStream = new GZIPInputStream(new ByteArrayInputStream(decode));
            try {
                ks.load(gZIPInputStream, INSTANCE.getPASSWORD());
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(gZIPInputStream, null);
            } finally {
                try {
                    throw th;
                } finally {
                }
            }
        }
        if (ks.containsAlias("magisk")) {
            Intrinsics.checkNotNullExpressionValue(ks, "ks");
            return ks;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(4096);
        KeyPair genKeyPair = keyPairGenerator.genKeyPair();
        X500Name x500Name = new X500Name(DNAME);
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(x500Name, new BigInteger(160, new Random()), this.start.getTime(), this.end.getTime(), x500Name, genKeyPair.getPublic()).build(new JcaContentSignerBuilder("SHA1WithRSA").build(genKeyPair.getPrivate())));
        PrivateKey privateKey = genKeyPair.getPrivate();
        Companion companion = INSTANCE;
        ks.setKeyEntry("magisk", privateKey, companion.getPASSWORD(), new X509Certificate[]{certificate});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        gZIPInputStream = new GZIPOutputStream(new Base64OutputStream(byteArrayOutputStream, 3));
        try {
            ks.store(gZIPInputStream, companion.getPASSWORD());
            Unit unit2 = Unit.INSTANCE;
            CloseableKt.closeFinally(gZIPInputStream, null);
            Config config = Config.INSTANCE;
            String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
            Intrinsics.checkNotNullExpressionValue(byteArrayOutputStream2, "bytes.toString(\"UTF-8\")");
            config.setKeyStoreRaw(byteArrayOutputStream2);
            Intrinsics.checkNotNullExpressionValue(ks, "ks");
            return ks;
        } finally {
        }
    }

    @Override // wear.oneos.magisk.core.utils.CertKeyProvider
    public X509Certificate getCert() {
        return this.provider.getCert();
    }

    @Override // wear.oneos.magisk.core.utils.CertKeyProvider
    public PrivateKey getKey() {
        return this.provider.getKey();
    }
}
