package com.tmobile.pr.mytmobile.secureconnection;

import android.os.ConditionVariable;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.util.ByteArrayBuffer;

/* loaded from: classes.dex */
final class SecurityHelper {
    private static final String CERTIFICATE_SUBJECT_REGEX = "[\\w-]+\\.\\w+$";
    private static final String CLIENT_KEY_ALGORITHM_NAME = "AES";
    private static final int CLIENT_KEY_LENGTH = 256;
    private static final String CLIENT_TRANSFORMATION = "AES/CBC/PKCS5Padding";
    private static final String MAC_ALGORITHM_NAME = "HmacSHA256";
    private static final String SERVER_TRANSFORMATION = "RSA/NONE/PKCS1Padding";
    private static final int SOCKET_TIMEOUT = 10000;
    private final String certificateSubject;
    private final Cipher clientCipher;
    private final Mac hmac;
    private byte[] iv;
    private SecretKey secretKey;
    private final String serverHost;
    private final int serverPort;
    private X509Certificate x509;

    private SecurityHelper(Cipher cipher, Mac mac, String str, int i, String str2) {
        this.clientCipher = cipher;
        this.hmac = mac;
        this.serverHost = str;
        this.serverPort = i;
        this.certificateSubject = str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecurityHelper create(String str, int i) {
        Cipher cipher = Cipher.getInstance(CLIENT_TRANSFORMATION);
        Mac mac = Mac.getInstance(MAC_ALGORITHM_NAME);
        Matcher matcher = Pattern.compile(CERTIFICATE_SUBJECT_REGEX).matcher(str);
        if (matcher.find()) {
            return new SecurityHelper(cipher, mac, str, i, matcher.group(0));
        }
        throw new GeneralSecurityException("cannot retrieve certificate subject from hostname");
    }

    private void initCipher() {
        if (this.clientCipher.getAlgorithm().contains(CLIENT_KEY_ALGORITHM_NAME)) {
            this.iv = new byte[this.clientCipher.getBlockSize()];
            new SecureRandom().nextBytes(this.iv);
            this.clientCipher.init(2, this.secretKey, new IvParameterSpec(this.iv));
        } else {
            this.clientCipher.init(2, this.secretKey);
        }
        this.hmac.init(this.secretKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void cleanCertificate() {
        this.x509 = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] decryptWithSecretKey(byte[] bArr) {
        return this.clientCipher.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] encryptWithServerKey(byte[] bArr) {
        PublicKey serverPublicKey = getServerPublicKey();
        if (!serverPublicKey.getAlgorithm().equals("RSA")) {
            throw new GeneralSecurityException("Unsupported public key algorithm is used by server");
        }
        int bitLength = ((RSAPublicKey) serverPublicKey).getModulus().bitLength() / 8;
        int i = bitLength - 11;
        Cipher cipher = Cipher.getInstance(SERVER_TRANSFORMATION);
        cipher.init(1, serverPublicKey);
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(bitLength * ((bArr.length / i) + 1));
        int i2 = 0;
        while (i2 + i < bArr.length) {
            byte[] doFinal = cipher.doFinal(bArr, i2, i);
            byteArrayBuffer.append(doFinal, 0, doFinal.length);
            i2 += i;
        }
        byte[] doFinal2 = cipher.doFinal(bArr, i2, bArr.length - i2);
        byteArrayBuffer.append(doFinal2, 0, doFinal2.length);
        return byteArrayBuffer.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void generateSecretKey() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(CLIENT_KEY_ALGORITHM_NAME);
        keyGenerator.init(CLIENT_KEY_LENGTH);
        this.secretKey = keyGenerator.generateKey();
        initCipher();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getIV() {
        return this.iv;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSecretKey() {
        if (this.secretKey != null) {
            return this.secretKey.getEncoded();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PublicKey getServerPublicKey() {
        if (this.x509 == null) {
            loadCertificate();
        }
        return this.x509.getPublicKey();
    }

    void loadCertificate() {
        SSLSocket sSLSocket;
        SSLSocket sSLSocket2 = null;
        try {
            try {
                sSLSocket = (SSLSocket) ((SSLSocketFactory) SSLSocketFactory.getDefault()).createSocket();
            } catch (IOException e) {
                e = e;
            }
        } catch (Throwable th) {
            th = th;
        }
        try {
            sSLSocket.setSoTimeout(SOCKET_TIMEOUT);
            sSLSocket.connect(new InetSocketAddress(this.serverHost, this.serverPort), SOCKET_TIMEOUT);
            final ConditionVariable conditionVariable = new ConditionVariable();
            sSLSocket.addHandshakeCompletedListener(new HandshakeCompletedListener() { // from class: com.tmobile.pr.mytmobile.secureconnection.SecurityHelper.1
                @Override // javax.net.ssl.HandshakeCompletedListener
                public void handshakeCompleted(HandshakeCompletedEvent handshakeCompletedEvent) {
                    conditionVariable.open();
                }
            });
            sSLSocket.startHandshake();
            conditionVariable.block();
            for (Certificate certificate : sSLSocket.getSession().getPeerCertificates()) {
                if (certificate.getType().equals("X.509")) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getSubjectDN().getName().contains(this.certificateSubject)) {
                        this.x509 = x509Certificate;
                        if (sSLSocket != null) {
                            try {
                                sSLSocket.close();
                                return;
                            } catch (IOException e2) {
                                DebugLog.logException(e2);
                                return;
                            }
                        }
                        return;
                    }
                }
            }
            if (sSLSocket != null) {
                try {
                    sSLSocket.close();
                } catch (IOException e3) {
                    DebugLog.logException(e3);
                }
            }
            throw new CertificateException("Could not retrieve server certificate");
        } catch (IOException e4) {
            sSLSocket2 = sSLSocket;
            e = e4;
            DebugLog.logException(e);
            throw new CertificateException(e);
        } catch (Throwable th2) {
            sSLSocket2 = sSLSocket;
            th = th2;
            if (sSLSocket2 != null) {
                try {
                    sSLSocket2.close();
                } catch (IOException e5) {
                    DebugLog.logException(e5);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] signWithSecretKey(byte[] bArr) {
        return this.hmac.doFinal(bArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verifyServerFingerprint(byte[] bArr) {
        if (this.x509 == null) {
            loadCertificate();
        }
        try {
            return Arrays.equals(bArr, MessageDigest.getInstance("SHA-1").digest(this.x509.getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException("Can't get certificate fingerprint");
        }
    }
}
