package com.nvidia.pgc.commchannel;

import com.nvidia.grid.PersonalGridService.NvMjolnirClientCertificateInfo;
import com.nvidia.grid.PersonalGridService.aa;
import com.nvidia.grid.z;
import java.io.BufferedWriter;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.a.a.k.u;
import org.a.a.s;
import org.a.f.h;

/* compiled from: GameStream */
/* loaded from: classes2.dex */
public class e {

    /* renamed from: a, reason: collision with root package name */
    private static final z f3443a = new z();

    /* renamed from: b, reason: collision with root package name */
    private static X509Certificate f3444b = null;
    private static PrivateKey c = null;
    private static String d = null;
    private static String e = null;
    private static KeyManager[] f = null;
    private static X509Certificate g = null;
    private static boolean h = false;
    private static boolean i = false;

    /* compiled from: GameStream */
    /* loaded from: classes2.dex */
    protected static class a implements X509TrustManager {

        /* renamed from: a, reason: collision with root package name */
        private aa f3445a;

        public a(aa aaVar) {
            this.f3445a = null;
            this.f3445a = aaVar;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            boolean z = false;
            if (x509CertificateArr.length > 1) {
                e.f3443a.e("PgcCertificateUtils", "PgcTrustManager::checkServerTrusted: Server certificate chain is longer than expected. Length = " + x509CertificateArr.length);
            }
            if (this.f3445a == null) {
                e.f3443a.e("PgcCertificateUtils", "PgcTrustManager::checkServerTrusted null mPgcDbHelper");
            } else if (0 < x509CertificateArr.length) {
                X509Certificate x509Certificate = x509CertificateArr[0];
                try {
                    x509Certificate.verify(x509Certificate.getPublicKey());
                    StringBuilder sb = new StringBuilder();
                    sb.append(com.nvidia.grid.b.f.a(x509Certificate.getSignature()));
                    if (this.f3445a.e(sb.toString()) == null) {
                        e.f3443a.e("PgcCertificateUtils", "PgcTrustManager::checkServerTrusted cannot match sslCertHash = " + sb.toString().substring(0, Math.min(16, sb.toString().length())));
                        e.a("PgcCertificateUtils", "Server certificate: ", x509Certificate);
                    } else {
                        z = true;
                    }
                } catch (Exception e) {
                    e.f3443a.d("PgcCertificateUtils", "PgcTrustManager::checkServerTrusted X509Certificate.verify() exception ", e);
                }
            }
            if (!z) {
                throw new CertificateException("PgcTrustManager::checkServerTrusted failed");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    }

    public static String a(X509Certificate x509Certificate) {
        return com.nvidia.grid.b.f.a(x509Certificate.getSignature());
    }

    public static X509Certificate a() {
        return f3444b;
    }

    public static X509Certificate a(String str) throws CertificateException {
        return b(b.a(str));
    }

    public static X509Certificate a(byte[] bArr) {
        X509Certificate x509Certificate;
        Exception e2;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            x509Certificate = new org.a.b.a.e().a((org.a.b.e) new org.a.f.g(new InputStreamReader(byteArrayInputStream)).a());
            try {
                byteArrayInputStream.close();
            } catch (Exception e3) {
                e2 = e3;
                e2.printStackTrace();
                return x509Certificate;
            }
        } catch (Exception e4) {
            x509Certificate = null;
            e2 = e4;
        }
        return x509Certificate;
    }

    public static void a(String str, String str2, X509Certificate x509Certificate) {
        String b2 = b(x509Certificate);
        if (b2 != null) {
            b2 = b2.replace("\n", " ");
        }
        com.nvidia.grid.b.f.a(str, str2, b2, 64);
    }

    public static synchronized boolean a(String str, aa aaVar) {
        boolean a2;
        synchronized (e.class) {
            a2 = a(str, aaVar, (Boolean) false);
        }
        return a2;
    }

    public static synchronized boolean a(String str, aa aaVar, Boolean bool) {
        boolean z = false;
        synchronized (e.class) {
            if ((h && i) || bool.booleanValue()) {
                f3443a.b("PgcCertificateUtils", "deleting certificate from DB for new generation");
                aaVar.i();
                d = null;
                e = null;
                f3444b = null;
                c = null;
                f = null;
                i = false;
            } else if (e != null && d != null) {
                BigInteger serialNumber = f3444b.getSerialNumber();
                if (serialNumber.compareTo(new BigInteger(com.nvidia.grid.b.f.c(str), 16)) == 0) {
                    z = true;
                } else {
                    f3443a.c("PgcCertificateUtils", "Deleting certificate from database to regenerate  has ClientId = " + com.nvidia.grid.b.f.c(str) + " SerialNumber from cert = " + serialNumber.toString(16));
                    aaVar.i();
                }
            }
            NvMjolnirClientCertificateInfo h2 = aaVar.h();
            if (h2 != null) {
                e = h2.f2570a;
                d = h2.f2571b;
                c = c(b.a(e));
                f3444b = a(b.a(d));
                g();
                h();
                if (e == null || d == null || c == null || f3444b == null) {
                    f3443a.e("PgcCertificateUtils", "X509 Certificate reload from DB failed");
                }
                z = e();
            }
            if (!z) {
                if (b(str)) {
                    f3443a.c("PgcCertificateUtils", "Generated X509 Certificate");
                    NvMjolnirClientCertificateInfo nvMjolnirClientCertificateInfo = new NvMjolnirClientCertificateInfo(e, d);
                    aaVar.i();
                    if (aaVar.a(nvMjolnirClientCertificateInfo) == -1) {
                        f3443a.e("PgcCertificateUtils", "X509 Certificate failed to store in database");
                    }
                } else {
                    f3443a.e("PgcCertificateUtils", "X509Certificate generation error");
                }
                z = e();
            }
        }
        return z;
    }

    public static byte[] a(Object obj) {
        byte[] bArr;
        Exception e2;
        ByteArrayOutputStream byteArrayOutputStream;
        try {
            byteArrayOutputStream = new ByteArrayOutputStream();
            h hVar = new h(new PrintWriter(new BufferedWriter(new OutputStreamWriter(byteArrayOutputStream))));
            hVar.a(obj);
            hVar.flush();
            hVar.close();
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e3) {
            bArr = null;
            e2 = e3;
        }
        try {
            byteArrayOutputStream.close();
        } catch (Exception e4) {
            e2 = e4;
            e2.printStackTrace();
            return bArr;
        }
        return bArr;
    }

    public static synchronized KeyManager[] a(X509Certificate x509Certificate, PrivateKey privateKey) {
        KeyManager[] keyManagerArr;
        synchronized (e.class) {
            if (g == null || !x509Certificate.equals(g)) {
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry("GameStreamCertificate", x509Certificate);
                    keyStore.setKeyEntry("GameStreamKey", privateKey, null, new X509Certificate[]{x509Certificate});
                    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                    keyManagerFactory.init(keyStore, null);
                    f = keyManagerFactory.getKeyManagers();
                    g = x509Certificate;
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
                if (f == null) {
                    f3443a.b("PgcCertificateUtils", "No KeyManager[] retrieved");
                } else {
                    f3443a.b("PgcCertificateUtils", "KeyManager[] retrieved");
                }
            }
            keyManagerArr = f;
        }
        return keyManagerArr;
    }

    public static TrustManager[] a(aa aaVar) {
        return new TrustManager[]{new a(aaVar)};
    }

    public static String b(Object obj) {
        String str;
        Exception e2;
        ByteArrayOutputStream byteArrayOutputStream;
        try {
            byteArrayOutputStream = new ByteArrayOutputStream();
            h hVar = new h(new PrintWriter(new BufferedWriter(new OutputStreamWriter(byteArrayOutputStream))));
            hVar.a(obj);
            hVar.flush();
            hVar.close();
            str = byteArrayOutputStream.toString("UTF-8");
        } catch (Exception e3) {
            str = null;
            e2 = e3;
        }
        try {
            byteArrayOutputStream.close();
        } catch (Exception e4) {
            e2 = e4;
            e2.printStackTrace();
            return str;
        }
        return str;
    }

    public static PrivateKey b() {
        return c;
    }

    public static X509Certificate b(byte[] bArr) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    private static boolean b(String str) {
        boolean z;
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PublicKey publicKey = generateKeyPair.getPublic();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            X509Certificate a2 = new org.a.b.a.e().a(new org.a.b.f(new org.a.a.j.c("CN=NVIDIA GameStream Client"), new BigInteger(com.nvidia.grid.b.f.c(str), 16), new Date(System.currentTimeMillis()), new Date(System.currentTimeMillis() + 622080000000L), new org.a.a.j.c("CN=NVIDIA GameStream Client"), new u(s.a((Object) publicKey.getEncoded()))).a(new org.a.g.a.a("SHA256WithRSAEncryption").a(privateKey)));
            f3444b = a2;
            c = privateKey;
            byte[] a3 = a((Object) a2);
            if (a3 == null) {
                f3443a.e("PgcCertificateUtils", "X509Certificate null");
                z = false;
            } else {
                d = com.nvidia.grid.b.f.a(a3);
                byte[] a4 = a(privateKey);
                if (a4 == null) {
                    f3443a.e("PgcCertificateUtils", "RSAPrivateKey null");
                    z = false;
                } else {
                    e = com.nvidia.grid.b.f.a(a4);
                    g();
                    h();
                    z = true;
                }
            }
            return z;
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    private static PrivateKey c(byte[] bArr) {
        PrivateKey privateKey;
        Exception e2;
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(((org.a.f.e) new org.a.f.g(new InputStreamReader(byteArrayInputStream)).a()).a().b()));
            try {
                byteArrayInputStream.close();
            } catch (Exception e3) {
                e2 = e3;
                e2.printStackTrace();
                return privateKey;
            }
        } catch (Exception e4) {
            privateKey = null;
            e2 = e4;
        }
        return privateKey;
    }

    public static KeyManager[] c() {
        if (f3444b != null && c != null) {
            return a(f3444b, c);
        }
        f3443a.e("PgcCertificateUtils", "PgcCertificateUtils GetPgcKeyManagers returns null");
        return null;
    }

    public static String d() {
        return d;
    }

    public static boolean e() {
        if (e == null || d == null || c == null || f3444b == null || !(c instanceof RSAPrivateKey)) {
            f3443a.d("PgcCertificateUtils", "PrivateKey/Cert components incomplete");
            return false;
        }
        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) c;
        if (rSAPrivateKey.getModulus().bitLength() >= 2048) {
            f3443a.c("PgcCertificateUtils", "All PrivateKey/Cert checkings are good, prikeyBitlen=" + rSAPrivateKey.getModulus().bitLength());
            return true;
        }
        f3443a.d("PgcCertificateUtils", "Key length " + rSAPrivateKey.getModulus().bitLength() + " is too short");
        return false;
    }

    private static void g() {
        if (h) {
            f3443a.c("PgcCertificateUtils", "Pgc Certificate:");
            f3443a.c("PgcCertificateUtils", new String(b.a(d)));
            f3443a.c("PgcCertificateUtils", "Pgc Certificate Hex:");
            f3443a.c("PgcCertificateUtils", d);
        }
    }

    private static void h() {
        if (h) {
            f3443a.c("PgcCertificateUtils", "Pgc Private Key:");
            f3443a.c("PgcCertificateUtils", new String(b.a(e)));
            f3443a.c("PgcCertificateUtils", "Pgc Private Key Hex:");
            f3443a.c("PgcCertificateUtils", e);
        }
    }
}
