package com.samsung.android.kmxservice.sdk.util;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.samsung.android.security.keystore.AttestParameterSpec;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.security.keystore.DeviceIdAttestationException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;

/* compiled from: SksAttestation.java */
/* loaded from: classes.dex */
public class k {

    /* renamed from: b, reason: collision with root package name */
    private static final String f4387b = w2.a.a(k.class.getSimpleName());

    /* renamed from: a, reason: collision with root package name */
    private Context f4388a;

    public k(Context context) {
        this.f4388a = context;
    }

    private boolean a(byte[] bArr, byte[] bArr2) {
        if (bArr == null || bArr.length == 0) {
            Log.e(f4387b, "No challenge in the certificate");
            return false;
        }
        if (Arrays.equals(bArr, bArr2)) {
            return true;
        }
        String str = new String(bArr, StandardCharsets.UTF_8);
        Log.e(f4387b, "Challenge in different with certificate : " + str);
        return false;
    }

    private int b(h hVar) {
        if (hVar != null && hVar.b()) {
            return hVar.a();
        }
        Log.e(f4387b, "integrityStatus is abnormal : " + hVar);
        return -1;
    }

    private boolean c(int i10) {
        if (i10 == 0) {
            return true;
        }
        Log.e(f4387b, "The key was not generated in hardware-backed keystore");
        return false;
    }

    private boolean d(i iVar) {
        if (iVar.a() != 0) {
            Log.e(f4387b, "ROT : VerifiedBootState is invalid");
            return false;
        }
        if (iVar.b()) {
            return true;
        }
        Log.e(f4387b, "ROT : Device is unlocked");
        return false;
    }

    public static X509Certificate[] g(String str, byte[] bArr) {
        Certificate[] certificateChain;
        AttestParameterSpec build = new AttestParameterSpec.Builder(str, bArr).setAlgorithm("RSA").setKeyGenParameterSpec(new KeyGenParameterSpec.Builder(str, 32).setDigests("SHA-256").setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").build()).setVerifiableIntegrity(true).build();
        X509Certificate[] x509CertificateArr = null;
        try {
            AttestationUtils attestationUtils = new AttestationUtils();
            attestationUtils.generateKeyPair(build);
            certificateChain = attestationUtils.getCertificateChain(str);
        } catch (IllegalArgumentException | NullPointerException | ProviderException e10) {
            e10.printStackTrace();
        }
        if (certificateChain == null) {
            Log.e(f4387b, "getWrapKey certChain is NULL : ");
            return null;
        }
        x509CertificateArr = new X509Certificate[certificateChain.length];
        for (int i10 = 0; i10 < certificateChain.length; i10++) {
            x509CertificateArr[i10] = (X509Certificate) certificateChain[i10];
        }
        return x509CertificateArr;
    }

    private byte[] h() {
        byte[] bArr = new byte[4];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private String i(String str) {
        int indexOf = str.indexOf("\"", str.indexOf("CN=")) + 1;
        return str.substring(indexOf, str.indexOf("\"", indexOf));
    }

    public static void j(String str) {
        try {
            new AttestationUtils().deleteKey(str);
        } catch (KeyStoreException e10) {
            e10.printStackTrace();
            throw new RuntimeException(e10);
        }
    }

    private boolean k(Certificate[] certificateArr, byte[] bArr) {
        if (certificateArr == null) {
            Log.e(f4387b, "verifyCertChain certChain is null.");
            return false;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
        for (int i10 = 0; i10 < certificateArr.length; i10++) {
            x509CertificateArr[i10] = (X509Certificate) certificateArr[i10];
        }
        return l(x509CertificateArr, bArr);
    }

    private boolean l(X509Certificate[] x509CertificateArr, byte[] bArr) {
        if (x509CertificateArr == null) {
            Log.e(f4387b, "verifyCertChain certChain is null.");
            return false;
        }
        if (x509CertificateArr.length != 3) {
            Log.e(f4387b, "Invalid certification chain size : " + x509CertificateArr.length);
            return false;
        }
        try {
            d dVar = new d(x509CertificateArr[0]);
            if (!a(dVar.b(), bArr) || !c(dVar.e()) || !d(dVar.f())) {
                return false;
            }
            try {
                X509Certificate a10 = j.a(dVar.g());
                int length = x509CertificateArr.length - 1;
                while (length >= 0) {
                    X509Certificate x509Certificate = x509CertificateArr[length];
                    x509Certificate.checkValidity();
                    x509Certificate.verify(a10.getPublicKey());
                    length--;
                    a10 = x509Certificate;
                }
                return true;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e10) {
                e10.printStackTrace();
                if (e10 instanceof CertificateNotYetValidException) {
                    Log.e(f4387b, e10.getMessage() + System.lineSeparator() + System.lineSeparator() + "Please set to the current time (Settings > General management > Date and time)");
                } else {
                    e10.printStackTrace();
                }
                return false;
            }
        } catch (CertificateParsingException e11) {
            Log.e(f4387b, "verifyCertChain certificate Parsing Error : ", e11);
            return false;
        }
    }

    public int e() {
        byte[] h10 = h();
        try {
            AttestationUtils attestationUtils = new AttestationUtils();
            attestationUtils.generateKeyPair("integrity", h10);
            attestationUtils.storeCertificateChain("integrity", attestationUtils.attestDevice(new AttestParameterSpec.Builder("integrity", h10).setDeviceAttestation(true).setVerifiableIntegrity(true).build()));
            Certificate[] certificateChain = attestationUtils.getCertificateChain("integrity");
            if (certificateChain == null) {
                Log.e(f4387b, "getDeviceIntegrity certChain is null");
                return -1;
            }
            try {
                int b10 = b(new d((X509Certificate) certificateChain[0]).c());
                attestationUtils.deleteKey("integrity");
                return b10;
            } catch (CertificateParsingException e10) {
                Log.e(f4387b, "getDeviceIntegrity certificate Parsing Error : ", e10);
                return -1;
            }
        } catch (DeviceIdAttestationException | KeyStoreException e11) {
            throw new RuntimeException((Throwable) e11);
        }
    }

    public String f() {
        try {
            AttestationUtils attestationUtils = new AttestationUtils();
            Certificate[] certificateChain = attestationUtils.getCertificateChain("sakUid");
            if (certificateChain == null || certificateChain.length < 3) {
                byte[] h10 = h();
                attestationUtils.generateKeyPair("sakUid", h10);
                Certificate[] certificateChain2 = attestationUtils.getCertificateChain("sakUid");
                if (!k(certificateChain2, h10)) {
                    Log.e(f4387b, "certificate chain verification failed.");
                    return null;
                }
                certificateChain = certificateChain2;
            }
            return i(((X509Certificate) certificateChain[0]).getIssuerX500Principal().toString());
        } catch (IllegalArgumentException | NullPointerException | ProviderException e10) {
            e10.printStackTrace();
            return null;
        }
    }
}
