package ze;

import android.content.Context;
import android.text.TextUtils;
import com.huawei.wisesecurity.kfs.crypto.key.KfsKeyPurpose;
import com.huawei.wisesecurity.kfs.exception.KfsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsErrorCode;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.common.exception.UcsKeyStoreException;
import com.huawei.wisesecurity.ucs.common.log.LogUcs;
import com.huawei.wisesecurity.ucs.common.utils.SpUtil;
import com.huawei.wisesecurity.ucs.common.utils.StringUtil;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.EcKeyPair;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.entity.UcsKeyStoreProvider;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.util.List;
import jregex.WildcardPattern;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public final class a extends d {

    /* renamed from: h, reason: collision with root package name */
    public final /* synthetic */ int f53399h;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public /* synthetic */ a(CredentialClient credentialClient, Context context, NetworkCapability networkCapability, int i12) {
        super(credentialClient, context, networkCapability);
        this.f53399h = i12;
    }

    @Override // ze.d
    public final Credential a(String str) {
        int i12 = this.f53399h;
        CredentialClient credentialClient = this.f53420g;
        switch (i12) {
            case 0:
                try {
                    if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                        return credentialClient.genCredentialFromString(str);
                    }
                    throw new UcsException(1017L, "unenable expire.");
                } catch (NumberFormatException e12) {
                    StringBuilder b12 = nc.k.b("parse TSMS resp expire error : ");
                    b12.append(e12.getMessage());
                    throw new UcsException(2001L, b12.toString());
                } catch (JSONException e13) {
                    StringBuilder b13 = nc.k.b("parse TSMS resp get json error : ");
                    b13.append(e13.getMessage());
                    throw new UcsException(UcsErrorCode.JSON_ERROR, b13.toString());
                }
            default:
                try {
                    if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                        return credentialClient.genCredentialFromString(str);
                    }
                    throw new UcsException(1017L, "unenable expire.");
                } catch (NumberFormatException e14) {
                    StringBuilder b14 = nc.k.b("parse TSMS resp expire error : ");
                    b14.append(e14.getMessage());
                    throw new UcsException(2001L, b14.toString());
                } catch (JSONException e15) {
                    StringBuilder b15 = nc.k.b("parse TSMS resp get json error : ");
                    b15.append(e15.getMessage());
                    throw new UcsException(UcsErrorCode.JSON_ERROR, b15.toString());
                }
        }
    }

    @Override // ze.d
    public final Credential c(String str, String str2, String str3, String str4, g gVar) {
        switch (this.f53399h) {
            case 0:
                try {
                    LogUcs.i("KeyStoreHandler", "applyCredential use KeyStoreHandler.", new Object[0]);
                    return b(str, str2, str3, str4);
                } catch (Throwable th2) {
                    StringBuilder b12 = nc.k.b("applyCredential use KeyStoreHandler get exception: ");
                    b12.append(th2.getMessage());
                    LogUcs.e("KeyStoreHandler", b12.toString(), new Object[0]);
                    return gVar.a(0, str, str2, str3, str4, gVar);
                }
            default:
                try {
                    LogUcs.i("UcsECKeyStoreHandler", "applyCredential use KeyStoreEcHandler.", new Object[0]);
                    return b(str, str2, str3, str4);
                } catch (Throwable th3) {
                    StringBuilder b13 = nc.k.b("applyCredential use KeyStoreEcHandler get exception: ");
                    b13.append(th3.getMessage());
                    LogUcs.e("UcsECKeyStoreHandler", b13.toString(), new Object[0]);
                    return gVar.a(3, str, str2, str3, str4, gVar);
                }
        }
    }

    @Override // ze.d
    public final String d(NetworkResponse networkResponse) {
        int i12 = this.f53399h;
        Context context = this.f53415b;
        switch (i12) {
            case 0:
                boolean isSuccessful = networkResponse.isSuccessful();
                String body = networkResponse.getBody();
                if (isSuccessful) {
                    return body;
                }
                ErrorBody fromString = ErrorBody.fromString(body);
                StringBuilder b12 = nc.k.b("tsms service error, ");
                b12.append(fromString.getErrorMessage());
                String sb2 = b12.toString();
                LogUcs.e("KeyStoreHandler", sb2, new Object[0]);
                if (d.g(fromString.getErrorCode())) {
                    SpUtil.putInt("ucs_keystore_sp_key_t", 0, context);
                    LogUcs.i("KeyStoreHandler", "turn off android keystore CertificateChain", new Object[0]);
                }
                throw new UcsException(UcsErrorCode.TSMS_SERVICE_ERROR, sb2);
            default:
                boolean isSuccessful2 = networkResponse.isSuccessful();
                String body2 = networkResponse.getBody();
                if (isSuccessful2) {
                    return body2;
                }
                ErrorBody fromString2 = ErrorBody.fromString(body2);
                StringBuilder b13 = nc.k.b("tsms service error, ");
                b13.append(fromString2.getErrorMessage());
                b13.append("; error code : ");
                b13.append(fromString2.getErrorCode());
                String sb3 = b13.toString();
                LogUcs.e("UcsECKeyStoreHandler", sb3, new Object[0]);
                if (d.g(fromString2.getErrorCode())) {
                    SpUtil.putInt("ucs_ec_keystore_sp_key_t", 0, context);
                    LogUcs.i("UcsECKeyStoreHandler", "turn off android keystore EC CertificateChain", new Object[0]);
                }
                throw new UcsException(UcsErrorCode.TSMS_SERVICE_ERROR, sb3);
        }
    }

    @Override // ze.d
    public final void e() {
        int i12 = this.f53399h;
        Context context = this.f53415b;
        switch (i12) {
            case 0:
                if (!(SpUtil.getInt("ucs_keystore_sp_key_t", -1, context) != 0)) {
                    throw androidx.datastore.preferences.core.c.T1("KeyStoreHandler", "keyStoreCertificateChain is off. not support keyStore RSA.", new Object[0], 1022L, "keyStoreCertificateChain is off. not support keyStore RSA.");
                }
                return;
            default:
                if (!(SpUtil.getInt("ucs_ec_keystore_sp_key_t", -1, context) != 0)) {
                    throw androidx.datastore.preferences.core.c.T1("UcsECKeyStoreHandler", "keyStoreCertificateChain is off. not support android keyStore EC.", new Object[0], 1022L, "keyStoreCertificateChain is off. not support android keyStore EC.");
                }
                return;
        }
    }

    @Override // ze.d
    public final String f() {
        String str;
        int i12 = this.f53399h;
        Context context = this.f53415b;
        switch (i12) {
            case 0:
                if (u.f53447a == null) {
                    ge.e eVar = u.f53447a;
                    u.f53447a = new ge.e();
                }
                u uVar = u.f53448b;
                try {
                    if (u.f53447a.e("ucs_alias_rootKey")) {
                        LogUcs.i("KeyStoreManager", "the alias exists", new Object[0]);
                    } else {
                        try {
                            u.f53447a.a(new ge.c("ucs_alias_rootKey", 3072, KfsKeyPurpose.PURPOSE_ALL));
                            LogUcs.i("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                        } catch (KfsException e12) {
                            LogUcs.e("KeyStoreManager", androidx.lifecycle.x.e(e12, nc.k.b("generateKeyPair failed, ")), new Object[0]);
                            throw new UcsKeyStoreException(androidx.lifecycle.x.e(e12, nc.k.b("generateKeyPair failed , exception ")));
                        }
                    }
                    try {
                        Certificate[] c12 = u.f53447a.c("ucs_alias_rootKey");
                        if (e.a(c12)) {
                            SpUtil.putInt("ucs_keystore_sp_key_t", 0, context);
                            throw new UcsException(2001L, "android keystore RSA no support software attestation root.");
                        }
                        String eVar2 = new g5.e(c12).toString();
                        List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(context);
                        String str2 = this.f53418e;
                        String str3 = this.f53417d;
                        String str4 = pkgNameCertFP.get(0);
                        String str5 = pkgNameCertFP.get(1);
                        try {
                            JSONObject jSONObject = new JSONObject();
                            jSONObject.put("alg", 2);
                            jSONObject.put("kekAlg", 1);
                            jSONObject.put("packageName", str2);
                            jSONObject.put("appId", str3);
                            jSONObject.put("akskVersion", 1);
                            jSONObject.put("appPkgName", str4);
                            jSONObject.put("appCertFP", str5);
                            str = StringUtil.base64EncodeToString(jSONObject.toString().getBytes(StandardCharsets.UTF_8), 10);
                        } catch (UcsException | JSONException e13) {
                            LogUcs.e("CredentialJws", "generate payload exception: {0}", e13.getMessage());
                            str = "";
                        }
                        if (TextUtils.isEmpty(eVar2) || TextUtils.isEmpty(str)) {
                            throw new UcsException(1006L, "Get signStr error");
                        }
                        String base64EncodeToString = StringUtil.base64EncodeToString(uVar.a("ucs_alias_rootKey", eVar2 + WildcardPattern.ANY_CHAR + str), 10);
                        if (TextUtils.isEmpty(eVar2) || TextUtils.isEmpty(str) || TextUtils.isEmpty(base64EncodeToString)) {
                            throw new UcsException(1006L, "get credential JWS is empty...");
                        }
                        StringBuilder sb2 = new StringBuilder();
                        if (TextUtils.isEmpty(eVar2) || TextUtils.isEmpty(str)) {
                            throw new UcsException(1006L, "Get signStr error");
                        }
                        sb2.append(eVar2 + WildcardPattern.ANY_CHAR + str);
                        sb2.append(WildcardPattern.ANY_CHAR);
                        sb2.append(base64EncodeToString);
                        return sb2.toString();
                    } catch (KfsException e14) {
                        LogUcs.e("KeyStoreManager", androidx.lifecycle.x.e(e14, nc.k.b("getCertificateChain failed, ")), new Object[0]);
                        throw new UcsKeyStoreException(androidx.lifecycle.x.e(e14, nc.k.b("getCertificateChain failed , exception ")));
                    }
                } catch (KfsException e15) {
                    LogUcs.e("KeyStoreManager", androidx.lifecycle.x.e(e15, nc.k.b("containsAlias failed, ")), new Object[0]);
                    throw new UcsKeyStoreException(androidx.lifecycle.x.e(e15, nc.k.b("containsAlias failed , exception ")));
                }
            default:
                r.b(UcsKeyStoreProvider.ANDROID_KEYSTORE);
                r rVar = r.f53445b;
                rVar.a();
                Certificate[] d2 = rVar.d();
                if (e.a(d2)) {
                    SpUtil.putInt("ucs_ec_keystore_sp_key_t", 0, context);
                    throw new UcsException(2001L, "android keystore EC no support software attestation root.");
                }
                y yVar = new y();
                yVar.f53459i = "ucs_ec_alias_rootKey";
                yVar.f53461k = "ED256";
                yVar.f53460j = rVar;
                yVar.f53463m = d2;
                yVar.f53462l = "AndroidKS";
                List<String> pkgNameCertFP2 = UcsLib.getPkgNameCertFP(context);
                yVar.f53453c = 1;
                yVar.f53454d = this.f53418e;
                yVar.f53455e = this.f53417d;
                yVar.f53456f = 1;
                yVar.f53457g = pkgNameCertFP2.get(0);
                yVar.f53458h = pkgNameCertFP2.get(1);
                EcKeyPair a12 = s.a(context);
                yVar.f53465o = StringUtil.base64EncodeToString(a12.getPublicKey(), 2);
                s.b(a12);
                return yVar.a();
        }
    }
}
