package ap;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.support.v4.media.session.PlaybackStateCompat;
import android.text.TextUtils;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.json.JSONException;
import org.json.JSONObject;
import ri1.o1;
import ru.yandex.market.base.network.common.address.HttpAddress;

/* loaded from: classes2.dex */
public final class g extends e {
    public g(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) throws wo.b {
        super(credentialClient, context, networkCapability);
        KeyStore keyStore = f.f9351a;
        if (!(zo.b.b("ucs_keystore_sp_key_t", context) == -1)) {
            o1.e("KeyStoreManager", "keyStoreRootKey status already init", new Object[0]);
        } else if (Build.VERSION.SDK_INT >= 24) {
            zo.b.d("ucs_keystore_sp_key_t", 1, context);
        } else {
            f.d(context);
        }
        if (zo.b.b("ucs_keystore_sp_key_t", context) == 1) {
            return;
        }
        o1.b("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0]);
        throw new wo.b(1022L, " keyStoreCertificateChain is off.");
    }

    @Override // ap.e
    public final Credential a(String str) throws wo.b {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.f9350g.genCredentialFromString(str);
            }
            throw new wo.b(1017L, "unenable expire.");
        } catch (NumberFormatException e15) {
            StringBuilder a15 = a.a.a("parse TSMS resp expire error : ");
            a15.append(e15.getMessage());
            throw new wo.b(2001L, a15.toString());
        } catch (JSONException e16) {
            StringBuilder a16 = a.a.a("parse TSMS resp get json error : ");
            a16.append(e16.getMessage());
            throw new wo.b(1002L, a16.toString());
        }
    }

    @Override // ap.e
    @SuppressLint({"NewApi"})
    public final String c() throws wo.b {
        byte[] sign;
        f.b();
        f fVar = f.f9352b;
        try {
            if (f.f9351a.containsAlias("ucs_alias_rootKey")) {
                o1.e("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    keyPairGenerator.initialize(new KeyGenParameterSpec.Builder("ucs_alias_rootKey", 15).setDigests("SHA-256", MessageDigestAlgorithms.SHA_512).setKeySize(3072).setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8)).setSignaturePaddings("PSS").setEncryptionPaddings("OAEPPadding").build());
                    keyPairGenerator.generateKeyPair();
                    o1.e("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e15) {
                    StringBuilder a15 = a.a.a("generateKeyPair failed, ");
                    a15.append(e15.getMessage());
                    o1.b("KeyStoreManager", a15.toString(), new Object[0]);
                    StringBuilder a16 = a.a.a("generateKeyPair failed , exception ");
                    a16.append(e15.getMessage());
                    throw new wo.c(a16.toString());
                }
            }
            try {
                String eVar = new androidx.viewpager2.widget.e(f.f9351a.getCertificateChain("ucs_alias_rootKey")).toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f9345b);
                String xVar = new x(this.f9348e, this.f9347d, pkgNameCertFP.get(0), pkgNameCertFP.get(1)).toString();
                if (TextUtils.isEmpty(eVar) || TextUtils.isEmpty(xVar)) {
                    throw new wo.b(1006L, "Get signStr error");
                }
                String a17 = a.h.a(eVar, HttpAddress.HOST_SEPARATOR, xVar);
                synchronized (f.f9353c) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(fVar.a());
                        signature.update(a17.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e16) {
                        o1.b("KeyStoreManager", "doSign failed, " + e16.getMessage(), new Object[0]);
                        throw new wo.c("doSign failed , exception " + e16.getMessage());
                    }
                }
                String c15 = zo.c.c(sign, 10);
                if (TextUtils.isEmpty(eVar) || TextUtils.isEmpty(xVar) || TextUtils.isEmpty(c15)) {
                    throw new wo.b(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb5 = new StringBuilder();
                if (TextUtils.isEmpty(eVar) || TextUtils.isEmpty(xVar)) {
                    throw new wo.b(1006L, "Get signStr error");
                }
                sb5.append(eVar + HttpAddress.HOST_SEPARATOR + xVar);
                sb5.append(HttpAddress.HOST_SEPARATOR);
                sb5.append(c15);
                return sb5.toString();
            } catch (KeyStoreException e17) {
                StringBuilder a18 = a.a.a("getCertificateChain failed, ");
                a18.append(e17.getMessage());
                o1.b("KeyStoreManager", a18.toString(), new Object[0]);
                StringBuilder a19 = a.a.a("getCertificateChain failed , exception ");
                a19.append(e17.getMessage());
                throw new wo.c(a19.toString());
            }
        } catch (KeyStoreException e18) {
            StringBuilder a25 = a.a.a("containsAlias failed, ");
            a25.append(e18.getMessage());
            o1.b("KeyStoreManager", a25.toString(), new Object[0]);
            StringBuilder a26 = a.a.a("containsAlias failed , exception ");
            a26.append(e18.getMessage());
            throw new wo.c(a26.toString());
        }
    }

    @Override // ap.e
    public final String d(NetworkResponse networkResponse) throws wo.b {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        StringBuilder a15 = a.a.a("tsms service error, ");
        a15.append(fromString.getErrorMessage());
        String sb5 = a15.toString();
        o1.b("KeyStoreHandler", sb5, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            f.d(this.f9345b);
            o1.e("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new wo.b(PlaybackStateCompat.ACTION_PLAY_FROM_MEDIA_ID, sb5);
    }
}
