package app.michaelwuensch.bitbanana.backends.coreLightning.connection;

import app.michaelwuensch.bitbanana.backendConfigs.BackendConfig;
import app.michaelwuensch.bitbanana.connection.BlindTrustManager;
import app.michaelwuensch.bitbanana.util.BBLog;
import app.michaelwuensch.bitbanana.util.CertificateUtil;
import com.google.common.io.BaseEncoding;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: classes.dex */
public class CoreLightningSSLSocketFactory {
    private static final String LOG_TAG = "CoreLightningSSLSocketFactory";

    private CoreLightningSSLSocketFactory() {
        throw new AssertionError();
    }

    public static SSLSocketFactory create(BackendConfig backendConfig) {
        TrustManager[] trustManagerArr;
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            try {
                KeyStore createClientKeyStore = createClientKeyStore(backendConfig);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(createClientKeyStore, null);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                try {
                    if (!backendConfig.isTorHostAddress() && backendConfig.getVerifyCertificate()) {
                        Certificate createServerCertificate = createServerCertificate(backendConfig);
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(null, null);
                        keyStore.setCertificateEntry("ca", createServerCertificate);
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore);
                        trustManagerArr = trustManagerFactory.getTrustManagers();
                        sSLContext.init(keyManagers, trustManagerArr, new SecureRandom());
                        return sSLContext.getSocketFactory();
                    }
                    trustManagerArr = new TrustManager[]{new BlindTrustManager()};
                    sSLContext.init(keyManagers, trustManagerArr, new SecureRandom());
                    return sSLContext.getSocketFactory();
                } catch (Exception e) {
                    String str = LOG_TAG;
                    BBLog.w(str, "Error creating TrustManager for server authentication.");
                    e.printStackTrace();
                    try {
                        sSLContext.init(keyManagers, null, new SecureRandom());
                        BBLog.w(str, "Default TrustManager is used.");
                        return sSLContext.getSocketFactory();
                    } catch (KeyManagementException e2) {
                        e2.printStackTrace();
                        BBLog.e(LOG_TAG, "SSLSocketFactory creation failed.");
                        return null;
                    }
                }
            } catch (Exception unused) {
                BBLog.e(LOG_TAG, "Error initializing key manager for client authentication.");
                return null;
            }
        } catch (NoSuchAlgorithmException e3) {
            e3.printStackTrace();
            BBLog.e(LOG_TAG, "SSLSocketFactory creation failed.");
            return null;
        }
    }

    private static Certificate createClientCertificate(BackendConfig backendConfig) throws Exception {
        return CertificateUtil.certificateFromDER(BaseEncoding.base64().decode(backendConfig.getClientCert()));
    }

    private static KeyStore createClientKeyStore(BackendConfig backendConfig) throws Exception {
        PrivateKey generatePrivate = KeyFactory.getInstance("EC").generatePrivate(getClientEncodedKeySpec(backendConfig));
        Certificate[] certificateArr = {createClientCertificate(backendConfig)};
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry("client-key", generatePrivate, null, certificateArr);
        return keyStore;
    }

    private static Certificate createServerCertificate(BackendConfig backendConfig) throws Exception {
        return CertificateUtil.certificateFromDER(BaseEncoding.base64().decode(backendConfig.getServerCert()));
    }

    private static PKCS8EncodedKeySpec getClientEncodedKeySpec(BackendConfig backendConfig) {
        return new PKCS8EncodedKeySpec(BaseEncoding.base64().decode(backendConfig.getClientKey()));
    }
}
