package com.doulong.binding.crypto;

import android.annotation.SuppressLint;
import android.content.Context;
import android.util.Base64;
import com.doulong.LimeLog;
import com.doulong.nvstream.http.LimelightCryptoProvider;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Calendar;
import java.util.Date;
import java.util.Locale;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes.dex */
public class AndroidCryptoProvider implements LimelightCryptoProvider {
    private X509Certificate cert;
    private final File certFile;
    private RSAPrivateKey key;
    private final File keyFile;
    private byte[] pemCertBytes;
    private static final Object globalCryptoLock = new Object();
    private static final Provider bcProvider = new BouncyCastleProvider();
    String keyStr = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD6WIcNj8GE1eP4\nihzoIzox30QRcRLW4GGxTzGUDGSH1FHy6YTuXYqFe20DVgwrC4RxerGSKHAgrRe1\n9qGmm7wFZSj7WInD79G+DgZ9I8DUcEYhlNbgKGfRPijENsmPaygfdF/qbyx06MzV\ni3NX9vTkdnxj01E1+s0kXvTrKXxyFzz1IxFC+phjcfJLnL3OHFHHLQsxQ981u8Hk\nmTuolAPf9jXBpkY04pBhR2pYMOl76HSzSXQ06hP8S2EftvNBDkxBKIp5qZITzoGB\n0DOTqBOQ+v6vuASoSYAhM0pcEwjYTMyXdhX46VT/Y/bcJEQNU0pHcWjajBu/K4Rd\nIddlulUrAgMBAAECggEBAO1ENBONWMrt8Rdgxs7YfFJCGYAyW7mdhdmHhiSbrjfx\n6g1Ad0V3EE88UHBmADhXvRnUQDGW89Z0VtGVw1VlqkiuvK2jF0bFp1Lqdgnqddqh\n4kX3i8N9aA+vSvHUPyoXVDqjkDhfT5IqBeCqPxJys11IUtJFuGVho0XCXXv3oMN7\nFN0HgBn4deLowt7/Xd2lbiHfQCQmmHDHn+ESJUkitFOYJfIdbKPTmplnQAOYRITH\nqHmuFuQdBw7mLXzdQyiqCtS+1o3oEIxZv+gJnxOFcl1OHARMNq/3KRDMYGNE6x70\nBRd6N93MW/6EJXAxBxrC/bID1OX1LA0QqqQuv1cPmlECgYEA/8WkgaYg0WsFIbgp\n17KAQGLcw7ep/16qrdCyZfA7bv/8bzwk32SDvifG89Dve3AdjSv7BcYqGlkkFMGL\nyQXmzAhG/wuRU6TLphjR44VwOAFjuwKP3ETfDVmj4ysaARRkc/fKMnKP7ufuL1xr\ndkoFC42/bLYRM25MLV5cQ6Mp+WkCgYEA+pGlmoZIdhR2CiRqAVOJloQF4r1Atxfc\nYc+VUWS2ULyYN4QaRiEW4Nf3dkHINhvMwx0POsj2Sr2rn0v6LS2ih8P0cdg++/sL\n/ULUf9orYuvAD9zy9hvzA8qRKpTo/vqM1fxnhQKRGQ6LbgkqGEsRcUWMc1qukyf0\ng2athqVok3MCgYBJKwUQgbHJts/VAZYWul2uDZoR8yySfUZeSuF9/+dArcJNH+t8\nbIizkTV88jxQF5acmARLdpD80JtdxLB0ZVfM7mFA/NIqF26aqWcBq16a5urcyLLW\n1GzqqMYVanMZ8/d4pV4WaGd8dKTSr6GeSTaAQ6CLPNpW2Cq6n8/NGZQcYQKBgH9l\nmAZl6eenZZCojQEZoSXXAEsVIBc3WYSdj3SvuQZ5rQbk8prfbgtpotcMgSgJoGU/\nnCOuU5MStnSqo4te3Xkbx2guo29oZ+MfnH1YxqBn7uHh2+IHudoenwpAZepmJz8R\nMuzsritIOtn6bN2nJTorO0rXO1V0hhxdEzMXXIFDAoGAdb8DgKPGSYrk1CypWhMS\noXENHQx8PsnD4MIRSmXjkglMaVcCve/+l0gG/X4/D/rUhsZQIww3DlEdcsISn5i1\ne/b9dQuo9pxaqtX6PdtmpHTUWyFId3ZwDqxBLEnyczUYv9lD2FfTvLmc845KfL9P\nELdlBm5KwZz7uL37At2/LSU=";
    String certStr = "-----BEGIN CERTIFICATE-----\nMIICvzCCAaegAwIBAgIBADANBgkqhkiG9w0BAQUFADAjMSEwHwYDVQQDDBhOVklE\nSUEgR2FtZVN0cmVhbSBDbGllbnQwHhcNMTkwMTE0MDkyMDEwWhcNMzkwMTA5MDky\nMDEwWjAjMSEwHwYDVQQDDBhOVklESUEgR2FtZVN0cmVhbSBDbGllbnQwggEiMA0G\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6WIcNj8GE1eP4ihzoIzox30QRcRLW\n4GGxTzGUDGSH1FHy6YTuXYqFe20DVgwrC4RxerGSKHAgrRe19qGmm7wFZSj7WInD\n79G+DgZ9I8DUcEYhlNbgKGfRPijENsmPaygfdF/qbyx06MzVi3NX9vTkdnxj01E1\n+s0kXvTrKXxyFzz1IxFC+phjcfJLnL3OHFHHLQsxQ981u8HkmTuolAPf9jXBpkY0\n4pBhR2pYMOl76HSzSXQ06hP8S2EftvNBDkxBKIp5qZITzoGB0DOTqBOQ+v6vuASo\nSYAhM0pcEwjYTMyXdhX46VT/Y/bcJEQNU0pHcWjajBu/K4RdIddlulUrAgMBAAEw\nDQYJKoZIhvcNAQEFBQADggEBAFzCW2cLGB4xRu0GGuFYKQq/NN8l0DTI78xPlR0g\nloHxLNWI+lrjQifxGA1PPdD8gPTNkdpv2evBqzB4T08sRAjEn3GO9rNu+Z//kim6\nCL7jBUj8jfpb1KjF6x8gJQIgMUO6JZ+6KSGdbPGuTuh70XZzjEPxGzZ8wf344BLE\nw50tJhXR57+SCxP2vKHIixuL8rfvQHp7NJuFmgGzsXi4LRyEOrzOak+U7O/BtUc1\n/KZXeumzj6pUxwlvgEVOdFAKPNgBUWj29Zn/RBwNqe3OtT/CyuVQPG1p6dqnQinS\njWW5x0GAIu9lDHrBVPEkYjkgClL2ZOuvipsGJ4yczV4n31k=\n-----END CERTIFICATE-----\n";

    public AndroidCryptoProvider(Context context) {
        String absolutePath = context.getFilesDir().getAbsolutePath();
        this.certFile = new File(absolutePath + File.separator + "client.crt");
        this.keyFile = new File(absolutePath + File.separator + "client.key");
    }

    @SuppressLint({"TrulyRandom"})
    private boolean generateCertKeyPair() {
        byte[] bArr = new byte[8];
        new SecureRandom().nextBytes(bArr);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", bcProvider);
            keyPairGenerator.initialize(2048);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            calendar.add(1, 20);
            Date time = calendar.getTime();
            BigInteger abs = new BigInteger(bArr).abs();
            X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            x500NameBuilder.addRDN(BCStyle.CN, "NVIDIA GameStream Client");
            X500Name build = x500NameBuilder.build();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(build, abs, date, time, Locale.ENGLISH, build, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
            try {
                this.cert = new JcaX509CertificateConverter().setProvider(bcProvider).getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA1withRSA").setProvider(bcProvider).build(generateKeyPair.getPrivate())));
                this.key = (RSAPrivateKey) generateKeyPair.getPrivate();
                LimeLog.info("Generated a new key pair");
                saveCertKeyPair();
                return true;
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    private boolean loadCertKeyPair() {
        byte[] bytes = this.certStr.getBytes();
        byte[] decode = Base64.decode(this.keyStr, 0);
        if (bytes == null || decode == null) {
            LimeLog.info("Missing cert or key; need to generate a new one");
            return false;
        }
        try {
            this.cert = (X509Certificate) CertificateFactory.getInstance("X.509", bcProvider).generateCertificate(new ByteArrayInputStream(bytes));
            this.pemCertBytes = bytes;
            this.key = (RSAPrivateKey) KeyFactory.getInstance("RSA", bcProvider).generatePrivate(new PKCS8EncodedKeySpec(decode));
            return true;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
            return false;
        } catch (CertificateException unused) {
            LimeLog.warning("Corrupted certificate");
            return false;
        } catch (InvalidKeySpecException unused2) {
            LimeLog.warning("Corrupted key");
            return false;
        }
    }

    private void saveCertKeyPair() {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.certFile);
            FileOutputStream fileOutputStream2 = new FileOutputStream(this.keyFile);
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(this.cert);
            jcaPEMWriter.close();
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(fileOutputStream);
            String stringBuffer = stringWriter.getBuffer().toString();
            for (int i = 0; i < stringBuffer.length(); i++) {
                char charAt = stringBuffer.charAt(i);
                if (charAt != '\r') {
                    outputStreamWriter.append(charAt);
                }
            }
            outputStreamWriter.close();
            fileOutputStream2.write(this.key.getEncoded());
            fileOutputStream.close();
            fileOutputStream2.close();
            LimeLog.info("Saved generated key pair to disk");
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    @Override // com.doulong.nvstream.http.LimelightCryptoProvider
    public X509Certificate getClientCertificate() {
        synchronized (globalCryptoLock) {
            if (this.cert != null) {
                return this.cert;
            }
            if (loadCertKeyPair()) {
                return this.cert;
            }
            if (!generateCertKeyPair()) {
                return null;
            }
            loadCertKeyPair();
            return this.cert;
        }
    }

    @Override // com.doulong.nvstream.http.LimelightCryptoProvider
    public RSAPrivateKey getClientPrivateKey() {
        synchronized (globalCryptoLock) {
            if (this.key != null) {
                return this.key;
            }
            if (loadCertKeyPair()) {
                return this.key;
            }
            if (!generateCertKeyPair()) {
                return null;
            }
            loadCertKeyPair();
            return this.key;
        }
    }

    @Override // com.doulong.nvstream.http.LimelightCryptoProvider
    public byte[] getPemEncodedClientCertificate() {
        byte[] bArr;
        synchronized (globalCryptoLock) {
            getClientCertificate();
            bArr = this.pemCertBytes;
        }
        return bArr;
    }
}
