package com.huawei.wisesecurity.ucs_credential;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import androidx.compose.ui.unit.Density;
import androidx.core.view.ViewKt;
import com.cellrebel.sdk.utils.Utils$$ExternalSyntheticApiModelOutline0;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsKeyStoreException;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import com.opensignal.cd$$ExternalSyntheticApiModelOutline0;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import kotlin.ResultKt;
import okhttp3.internal.ws.RealWebSocket;
import okio.SegmentedByteString;
import org.json.JSONException;
import org.json.JSONObject;
import org.koin.core.instance.InstanceContext;

/* loaded from: classes.dex */
public final class c extends b {
    public c(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) {
        super(credentialClient, context, networkCapability);
        KeyStore keyStore = c0.a;
        if (!(ViewKt.getInstance(context).getInt("ucs_keystore_sp_key_t", -1) == -1)) {
            SegmentedByteString.i("KeyStoreManager", "keyStoreRootKey status already init", new Object[0]);
        } else if (Build.VERSION.SDK_INT >= 24) {
            ViewKt.getInstance(context).edit().putInt("ucs_keystore_sp_key_t", 1).apply();
        } else {
            ViewKt.getInstance(context).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
        }
        if (ViewKt.getInstance(context).getInt("ucs_keystore_sp_key_t", -1) == 1) {
            return;
        }
        SegmentedByteString.e("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0]);
        throw new UcsException(1022L, " keyStoreCertificateChain is off.");
    }

    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final Credential a(String str) {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.g.genCredentialFromString(str);
            }
            throw new UcsException(1017L, "unenable expire.");
        } catch (NumberFormatException e) {
            throw new UcsException(2001L, "parse TSMS resp expire error : " + e.getMessage());
        } catch (JSONException e2) {
            throw new UcsException(1002L, "parse TSMS resp get json error : " + e2.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final String a() {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder attestationChallenge;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        byte[] sign;
        c0.m852a();
        KeyStore keyStore = c0.a;
        try {
            if (c0.a.containsAlias("ucs_alias_rootKey")) {
                SegmentedByteString.i("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    Utils$$ExternalSyntheticApiModelOutline0.m();
                    digests = cd$$ExternalSyntheticApiModelOutline0.m881m().setDigests("SHA-256", "SHA-512");
                    keySize = digests.setKeySize(3072);
                    attestationChallenge = keySize.setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8));
                    signaturePaddings = attestationChallenge.setSignaturePaddings("PSS");
                    encryptionPaddings = signaturePaddings.setEncryptionPaddings("OAEPPadding");
                    build = encryptionPaddings.build();
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                    SegmentedByteString.i("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
                    SegmentedByteString.e("KeyStoreManager", "generateKeyPair failed, " + e.getMessage(), new Object[0]);
                    throw new UcsKeyStoreException("generateKeyPair failed , exception " + e.getMessage());
                }
            }
            try {
                String instanceContext = new InstanceContext((Serializable) "PS256", (Object) c0.a.getCertificateChain("ucs_alias_rootKey"), "AndroidKS", 18).toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.b);
                String xVar = new x(this.e, this.d, pkgNameCertFP.get(0), pkgNameCertFP.get(1)).toString();
                if (TextUtils.isEmpty(instanceContext) || TextUtils.isEmpty(xVar)) {
                    throw new UcsException(1006L, "Get signStr error");
                }
                String m = Density.CC.m(instanceContext, ".", xVar);
                synchronized (c0.c) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(c0.a());
                        signature.update(m.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
                        SegmentedByteString.e("KeyStoreManager", "doSign failed, " + e2.getMessage(), new Object[0]);
                        throw new UcsKeyStoreException("doSign failed , exception " + e2.getMessage());
                    }
                }
                String base64EncodeToString = ResultKt.base64EncodeToString(10, sign);
                if (TextUtils.isEmpty(instanceContext) || TextUtils.isEmpty(xVar) || TextUtils.isEmpty(base64EncodeToString)) {
                    throw new UcsException(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb = new StringBuilder();
                if (TextUtils.isEmpty(instanceContext) || TextUtils.isEmpty(xVar)) {
                    throw new UcsException(1006L, "Get signStr error");
                }
                sb.append(instanceContext + "." + xVar);
                sb.append(".");
                sb.append(base64EncodeToString);
                return sb.toString();
            } catch (KeyStoreException e3) {
                SegmentedByteString.e("KeyStoreManager", "getCertificateChain failed, " + e3.getMessage(), new Object[0]);
                throw new UcsKeyStoreException("getCertificateChain failed , exception " + e3.getMessage());
            }
        } catch (KeyStoreException e4) {
            SegmentedByteString.e("KeyStoreManager", "containsAlias failed, " + e4.getMessage(), new Object[0]);
            throw new UcsKeyStoreException("containsAlias failed , exception " + e4.getMessage());
        }
    }

    @Override // com.huawei.wisesecurity.ucs_credential.b
    public final String a(NetworkResponse networkResponse) {
        boolean isSuccessful = networkResponse.isSuccessful();
        String body = networkResponse.getBody();
        if (isSuccessful) {
            return body;
        }
        ErrorBody fromString = ErrorBody.fromString(body);
        String str = "tsms service error, " + fromString.getErrorMessage();
        SegmentedByteString.e("KeyStoreHandler", str, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            KeyStore keyStore = c0.a;
            ViewKt.getInstance(this.b).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
            SegmentedByteString.i("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new UcsException(RealWebSocket.DEFAULT_MINIMUM_DEFLATE_SIZE, str);
    }
}
