package com.samsung.android.kmxservice.sdk.util;

import android.os.Build;
import android.util.Log;
import com.samsung.android.security.keystore.AttestParameterSpec;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.security.keystore.DeviceIdAttestationException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;

/* loaded from: classes.dex */
public final class k {
    public static final String b = "KMX|".concat(k.class.getSimpleName());

    /* renamed from: a, reason: collision with root package name */
    public final AttestationUtils f1776a = (AttestationUtils) f.d(new androidx.constraintlayout.core.state.a(13));

    public static /* synthetic */ AttestationUtils a() {
        return new AttestationUtils();
    }

    public static String e(String str, boolean z4) {
        if (!z4) {
            int indexOf = str.indexOf("\"", str.indexOf("CN=")) + 1;
            return str.substring(indexOf, str.indexOf("\"", indexOf));
        }
        Log.i(b, "[parseSakUid] SAKm Model");
        int indexOf2 = str.indexOf("=", str.indexOf("UID")) + 1;
        return str.substring(indexOf2, str.indexOf(":CA", indexOf2));
    }

    public static boolean g(Certificate[] certificateArr, byte[] bArr) {
        String str = b;
        if (certificateArr == null) {
            Log.e(str, "verifyCertChain certChain is null.");
            return false;
        }
        int length = certificateArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i5 = 0; i5 < certificateArr.length; i5++) {
            x509CertificateArr[i5] = (X509Certificate) certificateArr[i5];
        }
        if (length != 3) {
            Log.e(str, "Invalid certification chain size : " + length);
            return false;
        }
        try {
            b bVar = new b(x509CertificateArr[0]);
            e eVar = bVar.b;
            byte[] bArr2 = bVar.f1766a;
            if (bArr2 == null || bArr2.length == 0) {
                Log.e(str, "No challenge in the certificate");
                return false;
            }
            if (!Arrays.equals(bArr2, bArr)) {
                Log.e(str, "Challenge in different with certificate : ".concat(new String(bArr2, StandardCharsets.UTF_8)));
                return false;
            }
            if (eVar.f1768a.intValue() != 0) {
                Log.e(str, "The key was not generated in hardware-backed keystore");
                return false;
            }
            h hVar = eVar.b;
            if (hVar.c != 0) {
                Log.e(str, "ROT : VerifiedBootState is invalid");
                return false;
            }
            if (!hVar.b) {
                Log.e(str, "ROT : Device is unlocked");
                return false;
            }
            try {
                X509Certificate a4 = i.a(bVar.d);
                int i6 = length - 1;
                while (i6 >= 0) {
                    X509Certificate x509Certificate = x509CertificateArr[i6];
                    x509Certificate.checkValidity();
                    x509Certificate.verify(a4.getPublicKey());
                    i6--;
                    a4 = x509Certificate;
                }
                return true;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e4) {
                e4.printStackTrace();
                if (!(e4 instanceof CertificateNotYetValidException)) {
                    e4.printStackTrace();
                    return false;
                }
                Log.e(str, e4.getMessage() + System.lineSeparator() + System.lineSeparator() + "Please set to the current time (Settings > General management > Date and time)");
                return false;
            }
        } catch (CertificateParsingException e5) {
            Log.e(str, "verifyCertChain certificate Parsing Error : ", e5);
            return false;
        }
    }

    public final int b() {
        int i5;
        int i6;
        int i7 = 4;
        byte[] bArr = new byte[4];
        new SecureRandom().nextBytes(bArr);
        AttestationUtils attestationUtils = this.f1776a;
        int i8 = -1;
        if (attestationUtils == null) {
            Log.e(b, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
            return -1;
        }
        try {
            synchronized (attestationUtils) {
                try {
                    if (this.f1776a.getKey("integrity") == null) {
                        Log.i(b, "generated key for integrity checking");
                        this.f1776a.generateKeyPair("integrity", bArr);
                    }
                    this.f1776a.storeCertificateChain("integrity", this.f1776a.attestDevice(new AttestParameterSpec.Builder("integrity", bArr).setDeviceAttestation(true).setVerifiableIntegrity(true).build()));
                    Certificate[] certificateChain = this.f1776a.getCertificateChain("integrity");
                    if (certificateChain == null) {
                        Log.e(b, "getDeviceIntegrity certChain is null");
                        return -1;
                    }
                    try {
                        g a4 = new b((X509Certificate) certificateChain[0]).a();
                        if (a4 != null) {
                            int i9 = a4.f1770a;
                            int i10 = 2;
                            if ((i9 == 0 || i9 == 2) && (((i5 = a4.b) == 0 || i5 == 2) && ((i6 = a4.c) == 0 || i6 == 2))) {
                                if (i9 != -1) {
                                    int i11 = i9 == 1 ? 1 : 0;
                                    if (i5 != 1) {
                                        i10 = 0;
                                    }
                                    int i12 = i11 | i10;
                                    if (i6 != 1) {
                                        i7 = 0;
                                    }
                                    i8 = i12 | i7;
                                }
                                return i8;
                            }
                        }
                        Log.e(b, "integrityStatus is abnormal : " + a4);
                        return i8;
                    } catch (CertificateParsingException e4) {
                        Log.e(b, "getDeviceIntegrity certificate Parsing Error : ", e4);
                        return -1;
                    }
                } finally {
                }
            }
        } catch (DeviceIdAttestationException | KeyStoreException e5) {
            throw new RuntimeException((Throwable) e5);
        }
    }

    public final String c() {
        String a4 = l.a("ro.security.keystore.keytype");
        AttestationUtils attestationUtils = this.f1776a;
        String str = null;
        if (attestationUtils == null) {
            Log.e(b, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
            return null;
        }
        try {
        } catch (IllegalArgumentException | NullPointerException | ProviderException e4) {
            e4.printStackTrace();
        }
        synchronized (attestationUtils) {
            try {
                Certificate[] certificateChain = this.f1776a.getCertificateChain("sakUid");
                if (certificateChain != null) {
                    if (certificateChain.length < 3) {
                    }
                    str = e(((X509Certificate) certificateChain[0]).getIssuerX500Principal().toString(), a4.contains("sakm"));
                    return str;
                }
                byte[] bArr = new byte[4];
                new SecureRandom().nextBytes(bArr);
                this.f1776a.generateKeyPair("sakUid", bArr);
                certificateChain = this.f1776a.getCertificateChain("sakUid");
                if (!g(certificateChain, bArr)) {
                    Log.e(b, "certificate chain verification failed.");
                    return null;
                }
                str = e(((X509Certificate) certificateChain[0]).getIssuerX500Principal().toString(), a4.contains("sakm"));
                return str;
            } finally {
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:37:0x00e4 A[Catch: all -> 0x0088, LOOP:0: B:35:0x00e1->B:37:0x00e4, LOOP_END, TryCatch #0 {all -> 0x0088, blocks: (B:11:0x006c, B:13:0x0074, B:15:0x0081, B:16:0x0086, B:18:0x008a, B:20:0x0093, B:21:0x00ac, B:23:0x00b4, B:24:0x00b9, B:26:0x00bb, B:28:0x00c3, B:29:0x00c8, B:31:0x00ca, B:33:0x00cd, B:34:0x00dd, B:35:0x00e1, B:37:0x00e4, B:39:0x00ed, B:42:0x0099, B:44:0x009c), top: B:10:0x006c }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.security.cert.X509Certificate[] d(byte[] r10) {
        /*
            Method dump skipped, instructions count: 246
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.samsung.android.kmxservice.sdk.util.k.d(byte[]):java.security.cert.X509Certificate[]");
    }

    public final void f() {
        String str = b;
        Log.i(str, "[removeKey] : WRAPPING_KEY");
        AttestationUtils attestationUtils = this.f1776a;
        if (attestationUtils == null) {
            Log.e(str, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
        } else {
            try {
                synchronized (attestationUtils) {
                    this.f1776a.deleteKey("WRAPPING_KEY");
                }
            } catch (KeyStoreException e4) {
                e4.printStackTrace();
                throw new RuntimeException(e4);
            }
        }
    }
}
