package com.lookout.z0.b.a.b.z;

import android.util.Base64;
import com.lookout.shaded.slf4j.Logger;
import com.lookout.z0.b.a.b.z.m;
import j.b.a.c0;
import j.b.a.f0;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.apache.commons.io.output.ByteArrayOutputStream;

/* compiled from: VpnCredentialsManager.java */
/* loaded from: classes2.dex */
public class n {

    /* renamed from: d, reason: collision with root package name */
    private static final Logger f23861d = com.lookout.shaded.slf4j.b.a(n.class);

    /* renamed from: a, reason: collision with root package name */
    private SecureRandom f23862a = null;

    /* renamed from: b, reason: collision with root package name */
    private final com.lookout.v.c f23863b;

    /* renamed from: c, reason: collision with root package name */
    private final com.lookout.z0.b.a.a.d f23864c;

    public n(com.lookout.v.c cVar, com.lookout.z0.b.a.a.d dVar) {
        this.f23863b = cVar;
        this.f23864c = dVar;
    }

    private SecureRandom a() {
        if (this.f23862a == null) {
            this.f23862a = new SecureRandom();
        }
        return this.f23862a;
    }

    private byte[] a(List<String> list, String str, String str2, char[] cArr) {
        ArrayList arrayList = new ArrayList();
        f23861d.debug("SnVpn extract device certificate");
        if (str != null && !str.isEmpty()) {
            arrayList.add(a(str));
        }
        for (String str3 : list) {
            f23861d.debug("SnVpn extract root CA certificate");
            arrayList.add(a(str3));
        }
        f23861d.debug("SnVpn extract device PrivateKey");
        PrivateKey d2 = d(str2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        f23861d.debug("SnVpn load android keystore");
        if (arrayList.isEmpty()) {
            f23861d.error("SnVpn certificate keys empty");
            throw new GeneralSecurityException("certificate keys empty");
        }
        try {
            keyStore.load(null);
            f23861d.debug("SnVpn KeyStore setKeyEntry with PrivateKey and chainOfCertificates.size()= " + arrayList.size());
            keyStore.setKeyEntry("alias", d2, cArr, (Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]));
            keyStore.store(byteArrayOutputStream, cArr);
            if (this.f23863b.f()) {
                this.f23864c.a(byteArrayOutputStream);
            }
            byteArrayOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            f23861d.error("SnVpn KeyStore throws Exception message= " + e2.getMessage());
            throw new GeneralSecurityException(e2.getMessage());
        }
    }

    private PrivateKey d(String str) {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        if (str.contains("-----BEGIN PRIVATE KEY-----")) {
            f23861d.debug("SnVpn extractPrivateKey from PKCS#8 type of pemPrivateKey");
            return keyFactory.generatePrivate(c(str));
        }
        if (!str.contains("-----BEGIN RSA PRIVATE KEY-----")) {
            throw new GeneralSecurityException("Not supported format of a private key");
        }
        f23861d.debug("SnVpn extractPrivateKey from PKCS#1 RSA type of pemPrivateKey");
        return keyFactory.generatePrivate(b(str));
    }

    m a(List<String> list, String str, String str2) {
        char[] charArray = a(32).toCharArray();
        byte[] a2 = a(list, str, str2, charArray);
        m.a c2 = m.c();
        c2.a(charArray);
        c2.a(a2);
        return c2.a();
    }

    String a(int i2) {
        StringBuilder sb = new StringBuilder(i2);
        for (int i3 = 0; i3 < i2; i3++) {
            sb.append("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#$%^&*".charAt(a().nextInt(70)));
        }
        if (this.f23863b.f()) {
            f23861d.debug("SnVpn Random number = " + sb.toString());
        }
        return sb.toString();
    }

    X509Certificate a(String str) {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(str.replaceAll("-----BEGIN CERTIFICATE-----", "").replaceAll("-----END CERTIFICATE-----", ""), 0)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public m b(List<String> list, String str, String str2) {
        try {
            return a(list, str, str2);
        } catch (IOException | GeneralSecurityException e2) {
            f23861d.error("SnVpn VpnCredentialsManager ex.getMessage= " + e2.getMessage());
            return null;
        }
    }

    KeySpec b(String str) {
        byte[] bArr;
        try {
            bArr = Base64.decode(str.replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "").replaceAll("\\s", "").replaceAll("\\n", ""), 0);
        } catch (Exception e2) {
            e = e2;
            bArr = null;
        }
        try {
            f23861d.debug("SnVpn extractPkcs1PrivateKey retrieve the Sequence data");
            Enumeration k = ((f0) c0.a(bArr)).k();
            f23861d.debug("SnVpn extractPkcs1PrivateKey retrieve modulas exponent data");
            int intValue = ((j.b.a.s) k.nextElement()).j().intValue();
            if (intValue != 0 && intValue != 1) {
                f23861d.error("SnVpn extractPkcs1PrivateKey invalid version... throw exception");
                throw new IllegalArgumentException("wrong version for RSA private key");
            }
            BigInteger j2 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j3 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j4 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j5 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j6 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j7 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j8 = ((j.b.a.s) k.nextElement()).j();
            BigInteger j9 = ((j.b.a.s) k.nextElement()).j();
            f23861d.debug("SnVpn create and return RSAPrivateCrtKeySpec");
            return new RSAPrivateCrtKeySpec(j2, j3, j4, j5, j6, j7, j8, j9);
        } catch (Exception e3) {
            e = e3;
            f23861d.warn("SnVpn RSAPrivateCrtKeySpec throws Exception= " + e.getMessage() + " Fallback and try with PKCS8EncodedKeySpec Key Spec");
            return new PKCS8EncodedKeySpec(bArr);
        }
    }

    KeySpec c(String str) {
        return new PKCS8EncodedKeySpec(Base64.decode(str.replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "").replaceAll("\\s", "").replaceAll("\\n", ""), 0));
    }
}
