package com.samsung.android.oneconnect.manager.e2ee.e;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.os.SemSystemProperties;
import android.security.keystore.KeyGenParameterSpec;
import com.google.common.collect.h;
import com.samsung.android.oneconnect.base.utils.f;
import com.samsung.android.oneconnect.manager.e2ee.c;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.security.keystore.SamsungKeyStoreUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes11.dex */
public final class a {
    private Context a;

    /* renamed from: b, reason: collision with root package name */
    private SamsungKeyStoreUtils f10515b;

    /* renamed from: c, reason: collision with root package name */
    private AttestationUtils f10516c;

    /* renamed from: d, reason: collision with root package name */
    private C0383a f10517d = new C0383a();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.samsung.android.oneconnect.manager.e2ee.e.a$a, reason: collision with other inner class name */
    /* loaded from: classes11.dex */
    public static class C0383a {
        C0383a() {
        }

        public KeyGenParameterSpec.Builder a(String str, int i2) {
            return new KeyGenParameterSpec.Builder(str, i2);
        }

        public int b() {
            return Build.VERSION.SDK_INT;
        }
    }

    public a(Context context) {
        this.a = context;
        if (i()) {
            if (h()) {
                this.f10515b = new SamsungKeyStoreUtils();
            } else {
                this.f10516c = new AttestationUtils();
            }
        }
    }

    private Key e(String str) throws KeyStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            return keyStore.getKey(str, null);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw new KeyStoreException(e2.getMessage());
        }
    }

    private boolean h() {
        return this.f10517d.b() == 27;
    }

    public synchronized byte[] a(byte[] bArr) {
        c.c("[E2ee]AttestationManager", "decryptSharedKey", "");
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
            PrivateKey f2 = f();
            if (f2 == null) {
                return null;
            }
            cipher.init(2, f2, new OAEPParameterSpec(McElieceCCA2KeyGenParameterSpec.SHA256, "MGF1", new MGF1ParameterSpec(McElieceCCA2KeyGenParameterSpec.SHA1), PSource.PSpecified.DEFAULT));
            return cipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e2) {
            c.b("[E2ee]AttestationManager", "decryptSharedKey", "", e2);
            return null;
        }
    }

    @SuppressLint({"NewApi"})
    public synchronized KeyPair b() {
        c.c("[E2ee]AttestationManager", "generateKeyPair", "");
        try {
            KeyGenParameterSpec build = this.f10517d.a("com.samsung.android.oneconnect_sak_attestation", 15).setKeySize(2048).setSignaturePaddings("PSS").setDigests(McElieceCCA2KeyGenParameterSpec.SHA256).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(build);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e2) {
            com.samsung.android.oneconnect.base.debug.a.k("[E2ee]AttestationManager", "generateKeyPair", "" + e2);
            return null;
        }
    }

    public synchronized byte[] c(String str, byte[] bArr) {
        com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "generateSignatureForGetSharedKey", "");
        try {
            Signature signature = Signature.getInstance("SHA256withRSA/PSS");
            signature.initSign((PrivateKey) e("com.samsung.android.oneconnect_sak_attestation"));
            signature.update(str.getBytes(Charset.defaultCharset()));
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException e2) {
            c.b("[E2ee]AttestationManager", "generateSignatureForRegisterDevice", "", e2);
            return null;
        }
    }

    public synchronized byte[] d(String str, String str2, byte[] bArr) {
        com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "generateSignatureForRegisterDevice", "");
        try {
            Signature signature = Signature.getInstance("SHA256withRSA/PSS");
            signature.initSign((PrivateKey) e("com.samsung.android.oneconnect_sak_attestation"));
            signature.update(str.getBytes(Charset.defaultCharset()));
            signature.update(str2.getBytes(Charset.defaultCharset()));
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException e2) {
            c.b("[E2ee]AttestationManager", "generateSignatureForRegisterDevice", "", e2);
            return null;
        }
    }

    public PrivateKey f() {
        com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "getPrivateKey", "");
        try {
            Key e2 = e("com.samsung.android.oneconnect_sak_attestation");
            if (e2 instanceof PrivateKey) {
                return (PrivateKey) e2;
            }
            com.samsung.android.oneconnect.base.debug.a.k("[E2ee]AttestationManager", "getPrivateKey", "key does not exist");
            return null;
        } catch (KeyStoreException e3) {
            c.b("[E2ee]AttestationManager", "getPrivateKey", "KeyStoreException", e3);
            return null;
        }
    }

    public synchronized boolean g() {
        com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "isKeyPairGenerated", "");
        try {
        } catch (KeyStoreException e2) {
            c.b("[E2ee]AttestationManager", "isKeyPairGenerated", "KeyStoreException", e2);
            return false;
        }
        return e("com.samsung.android.oneconnect_sak_attestation") != null;
    }

    public boolean i() {
        if (!f.z(this.a)) {
            com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "isSakSupported", "GED device");
            return false;
        }
        if (this.f10517d.b() < 27) {
            com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "isSakSupported", "SEP device less than O_MR1");
            return false;
        }
        String str = SemSystemProperties.get("ro.security.keystore.keytype", "");
        com.samsung.android.oneconnect.base.debug.a.x("[E2ee]AttestationManager", "isSakSupported", "keystore key type = " + str);
        return str != null && str.contains("sak");
    }

    public synchronized List<byte[]> j(byte[] bArr) throws ProviderException, KeyStoreException, CertificateException {
        Iterable attestKey;
        ArrayList g2;
        c.c("[E2ee]AttestationManager", "requestAttestation", "");
        if (!g()) {
            c.a("[E2ee]AttestationManager", "requestAttestation", "key is empty. generate key");
            if (b() == null) {
                c.a("[E2ee]AttestationManager", "requestAttestation", "failed to generate key");
                throw new KeyStoreException("failed to generate key");
            }
        }
        try {
            if (h()) {
                c.c("[E2ee]AttestationManager", "requestAttestation", "use SamsungKeyStoreUtils");
                attestKey = this.f10515b.SamsungAttestKey("com.samsung.android.oneconnect_sak_attestation", bArr);
                this.f10515b.storeCertificateChain("com.samsung.android.oneconnect_sak_attestation", attestKey);
            } else {
                c.c("[E2ee]AttestationManager", "requestAttestation", "use AttestationUtils");
                attestKey = this.f10516c.attestKey("com.samsung.android.oneconnect_sak_attestation", bArr);
                this.f10516c.storeCertificateChain("com.samsung.android.oneconnect_sak_attestation", attestKey);
            }
            if (attestKey == null) {
                c.a("[E2ee]AttestationManager", "requestAttestation", "certChainIterable is null");
                throw new KeyStoreException("certChainIterable is null");
            }
            g2 = h.g(attestKey);
            Iterator it = g2.iterator();
            while (it.hasNext()) {
                try {
                    com.samsung.android.oneconnect.base.debug.a.f("[E2ee]AttestationManager", "requestAttestation", ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream((byte[]) it.next()))).toString());
                } catch (CertificateException e2) {
                    c.b("[E2ee]AttestationManager", "requestAttestation", "CertificateException", e2);
                    throw new CertificateException(e2);
                }
            }
        } catch (KeyStoreException e3) {
            c.a("[E2ee]AttestationManager", "requestAttestation", "" + e3);
            throw new KeyStoreException(e3);
        } catch (ProviderException e4) {
            c.a("[E2ee]AttestationManager", "requestAttestation", "" + e4);
            throw new ProviderException(e4);
        }
        return g2;
    }
}
