package com.yandex.runtime.attestation.internal;

import android.security.keystore.KeyGenParameterSpec;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.android.gms.tasks.Task;
import com.yandex.runtime.Runtime;
import com.yandex.runtime.attestation.RsaPublicKey;
import defpackage.c;
import ig.f;
import ig.g;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes4.dex */
public class PlatformKeystoreImpl implements PlatformKeystore {
    private static final Integer GOOGLE_PLAY_SERVICES_VERSION_WITH_APP_ID_DEPENDENT_SAFETY_NET = 13000000;
    private String alias;
    private KeyStore keyStore;
    private KeyStore.PrivateKeyEntry privateKeyEntry;

    private PlatformKeystoreImpl(String str) throws IOException, CertificateException {
        this.alias = str;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore = keyStore;
            try {
                keyStore.load(null);
                if (hasEntry()) {
                    tryLoadEntry();
                }
            } catch (NoSuchAlgorithmException e13) {
                StringBuilder r13 = c.r("Can't check the integrity of keystore: ");
                r13.append(e13.getMessage());
                throw new IllegalStateException(r13.toString());
            }
        } catch (KeyStoreException e14) {
            StringBuilder r14 = c.r("No Android Key Store in the system: ");
            r14.append(e14.getMessage());
            throw new IllegalStateException(r14.toString());
        }
    }

    public static boolean attestationAvailable() {
        return keystoreAvailable() && ne.c.g().d(Runtime.getApplicationContext(), GOOGLE_PLAY_SERVICES_VERSION_WITH_APP_ID_DEPENDENT_SAFETY_NET.intValue()) == 0 && Security.getProviders("MessageDigest.SHA-256").length != 0;
    }

    public static PlatformKeystore createKeystore(String str) {
        try {
            return new PlatformKeystoreImpl(str);
        } catch (IOException | CertificateException unused) {
            return null;
        }
    }

    private byte[] createNonce(byte[] bArr) {
        try {
            byte[] certificateChain = getCertificateChain();
            if (certificateChain == null) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            messageDigest.update(certificateChain);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e13) {
            StringBuilder r13 = c.r("No SHA-256 algorithm in the environment: ");
            r13.append(e13.getMessage());
            throw new IllegalStateException(r13.toString());
        }
    }

    private byte[] getCertificateChain() {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            try {
                return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(this.privateKeyEntry.getCertificateChain())).getEncoded();
            } catch (CertificateEncodingException | CertificateException unused) {
                return null;
            }
        } catch (CertificateException e13) {
            StringBuilder r13 = c.r("X.509 is unsupported in the system: ");
            r13.append(e13.getMessage());
            throw new IllegalStateException(r13.toString());
        }
    }

    private boolean hasEntry() {
        try {
            return this.keyStore.containsAlias(this.alias);
        } catch (KeyStoreException e13) {
            StringBuilder r13 = c.r("Keystore is not initialized: ");
            r13.append(e13.getMessage());
            throw new IllegalStateException(r13.toString());
        }
    }

    public static boolean keystoreAvailable() {
        Provider provider = Security.getProvider("AndroidKeyStore");
        if (provider == null || provider.getService("KeyPairGenerator", "RSA") == null || provider.getService("KeyFactory", "RSA") == null || Security.getProviders("Signature.SHA256withRSA").length == 0) {
            return false;
        }
        try {
            Cipher.getInstance("RSA/ECB/PKCS1Padding");
            Cipher.getInstance("RSA/ECB/NoPadding");
            CertificateFactory.getInstance("X.509");
            return true;
        } catch (NoSuchAlgorithmException | CertificateException | NoSuchPaddingException unused) {
            return false;
        }
    }

    private void tryLoadEntry() {
        try {
            KeyStore.Entry entry = this.keyStore.getEntry(this.alias, null);
            if (entry == null) {
                return;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Key entry is not an instance of a KeyStore.PrivateKeyEntry");
            }
            this.privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
        } catch (KeyStoreException e13) {
            StringBuilder r13 = c.r("Keystore has not been loaded: ");
            r13.append(e13.getMessage());
            throw new IllegalStateException(r13.toString());
        } catch (NoSuchAlgorithmException e14) {
            StringBuilder r14 = c.r("No such algorithm in the environment: ");
            r14.append(e14.getMessage());
            throw new IllegalStateException(r14.toString());
        } catch (UnrecoverableEntryException e15) {
            StringBuilder r15 = c.r("Entry is protected: ");
            r15.append(e15.getMessage());
            throw new IllegalStateException(r15.toString());
        }
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public void generateKey(byte[] bArr) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            try {
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.alias, 5).setDigests("SHA-256", "NONE").setBlockModes("ECB").setEncryptionPaddings("NoPadding", "PKCS1Padding").setRandomizedEncryptionRequired(false).setSignaturePaddings("PKCS1").setAttestationChallenge(bArr).setKeySize(2048).build());
                keyPairGenerator.generateKeyPair();
                tryLoadEntry();
            } catch (InvalidAlgorithmParameterException e13) {
                StringBuilder r13 = c.r("Arguments for initialization of RSA algorithm are invalid: ");
                r13.append(e13.getMessage());
                throw new IllegalStateException(r13.toString());
            }
        } catch (NoSuchAlgorithmException e14) {
            StringBuilder r14 = c.r("RSA algorithm is unsupported in AndroidKeyStore: ");
            r14.append(e14.getMessage());
            throw new IllegalStateException(r14.toString());
        } catch (NoSuchProviderException e15) {
            StringBuilder r15 = c.r("No Android Key Store in the system: ");
            r15.append(e15.getMessage());
            throw new IllegalStateException(r15.toString());
        }
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public byte[] getKeystoreProof() {
        return getCertificateChain();
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public RsaPublicKey getRsaPublicKey() {
        try {
            RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) KeyFactory.getInstance("RSA").getKeySpec(this.privateKeyEntry.getCertificate().getPublicKey(), RSAPublicKeySpec.class);
            return new RsaPublicKey(rSAPublicKeySpec.getModulus().toByteArray(), rSAPublicKeySpec.getPublicExponent().toByteArray());
        } catch (NoSuchAlgorithmException e13) {
            StringBuilder r13 = c.r("RSA algorithm is unsupported in AndroidKeyStore: ");
            r13.append(e13.getMessage());
            throw new IllegalStateException(r13.toString());
        } catch (InvalidKeySpecException e14) {
            StringBuilder r14 = c.r("Invalid KeySpec or key could not be processed: ");
            r14.append(e14.getMessage());
            throw new IllegalStateException(r14.toString());
        }
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public boolean hasKey() {
        return this.privateKeyEntry != null;
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public void removeKey() {
        this.privateKeyEntry = null;
        if (hasEntry()) {
            try {
                this.keyStore.deleteEntry(this.alias);
            } catch (KeyStoreException e13) {
                StringBuilder r13 = c.r("Keystore is not initialized: ");
                r13.append(e13.getMessage());
                throw new IllegalStateException(r13.toString());
            }
        }
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public void requestAttestKey(byte[] bArr, String str, final AttestationListener attestationListener) {
        byte[] createNonce = createNonce(bArr);
        if (createNonce == null) {
            attestationListener.onAttestationFailed("Could not create nonce");
        }
        Task attest = SafetyNet.getClient(Runtime.getApplicationContext()).attest(createNonce, str);
        attest.f(new g<SafetyNetApi.AttestationResponse>() { // from class: com.yandex.runtime.attestation.internal.PlatformKeystoreImpl.1
            @Override // ig.g
            public void onSuccess(SafetyNetApi.AttestationResponse attestationResponse) {
                attestationListener.onAttestationReceived(attestationResponse.getJwsResult());
            }
        });
        attest.d(new f() { // from class: com.yandex.runtime.attestation.internal.PlatformKeystoreImpl.2
            @Override // ig.f
            public void onFailure(Exception exc) {
                attestationListener.onAttestationFailed(exc.getMessage());
            }
        });
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public byte[] rsaEncrypt(byte[] bArr, boolean z13) {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        String str = z13 ? "RSA/ECB/PKCS1Padding" : "RSA/ECB/NoPadding";
        try {
            Cipher cipher = Cipher.getInstance(str);
            cipher.init(1, this.privateKeyEntry.getPrivateKey());
            return cipher.doFinal(bArr);
        } catch (InvalidKeyException e13) {
            StringBuilder r13 = c.r("Key provided for encription is invalid: ");
            r13.append(e13.getMessage());
            throw new IllegalStateException(r13.toString());
        } catch (NoSuchAlgorithmException e14) {
            StringBuilder u13 = c.u("No ", str, "algorithm support: ");
            u13.append(e14.getMessage());
            throw new IllegalStateException(u13.toString());
        } catch (BadPaddingException e15) {
            StringBuilder r14 = c.r("Key is in decryption mode and padding is incorrect: ");
            r14.append(e15.getMessage());
            throw new IllegalStateException(r14.toString());
        } catch (IllegalBlockSizeException e16) {
            StringBuilder r15 = c.r("Data length is not a multiplier of a block size: ");
            r15.append(e16.getMessage());
            throw new IllegalStateException(r15.toString());
        } catch (NoSuchPaddingException e17) {
            StringBuilder u14 = c.u("No ", str, "padding support: ");
            u14.append(e17.getMessage());
            throw new IllegalStateException(u14.toString());
        }
    }

    @Override // com.yandex.runtime.attestation.internal.PlatformKeystore
    public byte[] rsaSign(byte[] bArr) {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            try {
                signature.initSign(this.privateKeyEntry.getPrivateKey());
                try {
                    signature.update(bArr);
                    return signature.sign();
                } catch (SignatureException e13) {
                    StringBuilder r13 = c.r("Could not sign provided data: ");
                    r13.append(e13.getMessage());
                    throw new IllegalStateException(r13.toString());
                }
            } catch (InvalidKeyException e14) {
                StringBuilder r14 = c.r("Key provided for signing is invalid: ");
                r14.append(e14.getMessage());
                throw new IllegalStateException(r14.toString());
            }
        } catch (NoSuchAlgorithmException e15) {
            StringBuilder r15 = c.r("No SHA256withRSA support: ");
            r15.append(e15.getMessage());
            throw new IllegalStateException(r15.toString());
        }
    }
}
