package com.google.android.libraries.privacy.ppn.krypton;

import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import defpackage.gre;
import defpackage.ivw;
import defpackage.jwx;
import defpackage.jxe;
import defpackage.jxf;
import defpackage.mju;
import defpackage.mrl;
import defpackage.msd;
import defpackage.mta;
import defpackage.mtg;
import defpackage.mto;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ExecutionException;

/* compiled from: PG */
/* loaded from: classes.dex */
public abstract class AttestingOAuthTokenProvider implements OAuthTokenProvider {
    private static final String ANDROID_KEYSTORE_NAME = "AndroidKeystore";
    private static final String HARDWARE_CERTIFICATE_ALIAS = "AndroidHardwareCerts";
    private static final String NONCE_ENCODING = "UTF-8";
    private final boolean enableHardwareAttestation;
    private final jwx integrityManager;

    /* JADX WARN: Type inference failed for: r1v3, types: [orc, java.lang.Object] */
    public AttestingOAuthTokenProvider(Context context, boolean z) {
        this.enableHardwareAttestation = z;
        this.integrityManager = (jwx) mju.q(context.getApplicationContext()).d.b();
    }

    private static KeyGenParameterSpec buildKeyGenParameterSpec(String str) {
        try {
            return new KeyGenParameterSpec.Builder(HARDWARE_CERTIFICATE_ALIAS, 4).setAlgorithmParameterSpec(new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4)).setDigests("SHA-256").setUserAuthenticationRequired(false).setAttestationChallenge(str.getBytes(NONCE_ENCODING)).build();
        } catch (UnsupportedEncodingException e) {
            throw getErrorMessage("Failed to encode nonce to UTF-8", e);
        }
    }

    private static KryptonException getErrorMessage(String str, Throwable th) {
        throw new KryptonException(String.format("%s: %s", str, th.getMessage()));
    }

    private List getHardwareBackedCerts(String str) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", ANDROID_KEYSTORE_NAME);
            try {
                keyPairGenerator.initialize(buildKeyGenParameterSpec(str));
                keyPairGenerator.generateKeyPair();
                try {
                    KeyStore keyStore = KeyStore.getInstance(ANDROID_KEYSTORE_NAME);
                    keyStore.load(null);
                    Certificate[] certificateChain = keyStore.getCertificateChain(HARDWARE_CERTIFICATE_ALIAS);
                    ArrayList arrayList = new ArrayList();
                    for (Certificate certificate : certificateChain) {
                        arrayList.add(msd.s(certificate.getEncoded()));
                    }
                    return arrayList;
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    throw getErrorMessage("Failed to retrieve hardware certificates", e);
                }
            } catch (InvalidAlgorithmParameterException e2) {
                throw getErrorMessage("Failed to generate hardware certificates", e2);
            }
        } catch (NoSuchAlgorithmException | NoSuchProviderException e3) {
            throw getErrorMessage("Failed to fetch RSA KeyPairGenerator", e3);
        }
    }

    private String getIntegrityToken(String str) {
        try {
            jwx jwxVar = this.integrityManager;
            if (str != null) {
                return ((jxf) gre.d(jwxVar.a(new jxe(str)))).a;
            }
            throw new NullPointerException("Null nonce");
        } catch (InterruptedException | ExecutionException e) {
            throw getErrorMessage("Failed to retrieve integrity token", e);
        }
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.OAuthTokenProvider
    public byte[] getAttestationData(String str) {
        mta n = ivw.c.n();
        String integrityToken = getIntegrityToken(str);
        if (n.c) {
            n.t();
            n.c = false;
        }
        ivw ivwVar = (ivw) n.b;
        integrityToken.getClass();
        ivwVar.a = integrityToken;
        if (this.enableHardwareAttestation && Build.VERSION.SDK_INT < 23) {
            throw new KryptonException("Cannot perform hardware attestation on devices API 22 or lower.");
        }
        List hardwareBackedCerts = getHardwareBackedCerts(str);
        if (n.c) {
            n.t();
            n.c = false;
        }
        ivw ivwVar2 = (ivw) n.b;
        mto mtoVar = ivwVar2.b;
        if (!mtoVar.c()) {
            ivwVar2.b = mtg.C(mtoVar);
        }
        mrl.i(hardwareBackedCerts, ivwVar2.b);
        return ((ivw) n.q()).k();
    }

    @Override // com.google.android.libraries.privacy.ppn.krypton.OAuthTokenProvider
    public abstract String getOAuthToken();
}
