package h11;

import android.content.Context;
import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.google.android.gms.internal.p000firebaseauthapi.a5;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes5.dex */
public class i extends d {
    public i(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) {
        super(credentialClient, context, networkCapability);
        h.e(context);
        if (h.c(context)) {
            return;
        }
        e11.b.b("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0]);
        throw new d11.c(1022L, " keyStoreCertificateChain is off.");
    }

    @Override // h11.d
    public Credential a(String str) {
        try {
            if (Integer.parseInt(new JSONObject(str).getString("expire")) == 0) {
                return this.f60580g.genCredentialFromString(str);
            }
            throw new d11.c(1017L, "unenable expire.");
        } catch (NumberFormatException e12) {
            throw new d11.c(2001L, "parse TSMS resp expire error : " + e12.getMessage());
        } catch (JSONException e13) {
            throw new d11.c(1002L, "parse TSMS resp get json error : " + e13.getMessage());
        }
    }

    @Override // h11.d
    public String c() {
        KeyGenParameterSpec.Builder digests;
        KeyGenParameterSpec.Builder keySize;
        KeyGenParameterSpec.Builder attestationChallenge;
        KeyGenParameterSpec.Builder signaturePaddings;
        KeyGenParameterSpec.Builder encryptionPaddings;
        KeyGenParameterSpec build;
        byte[] sign;
        h a12 = h.a();
        try {
            if (h.f60598a.containsAlias("ucs_alias_rootKey")) {
                e11.b.e("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    a5.a();
                    digests = androidx.security.crypto.n.a("ucs_alias_rootKey", 15).setDigests("SHA-256", "SHA-512");
                    keySize = digests.setKeySize(3072);
                    attestationChallenge = keySize.setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8));
                    signaturePaddings = attestationChallenge.setSignaturePaddings("PSS");
                    encryptionPaddings = signaturePaddings.setEncryptionPaddings("OAEPPadding");
                    build = encryptionPaddings.build();
                    keyPairGenerator.initialize(build);
                    keyPairGenerator.generateKeyPair();
                    e11.b.e("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e12) {
                    e11.b.b("KeyStoreManager", "generateKeyPair failed, " + e12.getMessage(), new Object[0]);
                    throw new d11.d(1022L, "generateKeyPair failed , exception " + e12.getMessage());
                }
            }
            try {
                String e0Var = new e0("PS256", h.f60598a.getCertificateChain("ucs_alias_rootKey"), "AndroidKS").toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f60575b);
                String d0Var = new d0(2, 1, this.f60578e, this.f60577d, 1, pkgNameCertFP.get(0), pkgNameCertFP.get(1)).toString();
                if (TextUtils.isEmpty(e0Var) || TextUtils.isEmpty(d0Var)) {
                    throw new d11.c(1006L, "Get signStr error");
                }
                String str = e0Var + "." + d0Var;
                synchronized (h.f60600c) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(a12.b("ucs_alias_rootKey"));
                        signature.update(str.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e13) {
                        e11.b.b("KeyStoreManager", "doSign failed, " + e13.getMessage(), new Object[0]);
                        throw new d11.d(1022L, "doSign failed , exception " + e13.getMessage());
                    }
                }
                String c12 = g11.c.c(sign, 10);
                if (TextUtils.isEmpty(e0Var) || TextUtils.isEmpty(d0Var) || TextUtils.isEmpty(c12)) {
                    throw new d11.c(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb2 = new StringBuilder();
                if (TextUtils.isEmpty(e0Var) || TextUtils.isEmpty(d0Var)) {
                    throw new d11.c(1006L, "Get signStr error");
                }
                sb2.append(e0Var + "." + d0Var);
                sb2.append(".");
                sb2.append(c12);
                return sb2.toString();
            } catch (KeyStoreException e14) {
                e11.b.b("KeyStoreManager", "getCertificateChain failed, " + e14.getMessage(), new Object[0]);
                throw new d11.d(1022L, "getCertificateChain failed , exception " + e14.getMessage());
            }
        } catch (KeyStoreException e15) {
            e11.b.b("KeyStoreManager", "containsAlias failed, " + e15.getMessage(), new Object[0]);
            throw new d11.d(1022L, "containsAlias failed , exception " + e15.getMessage());
        }
    }

    @Override // h11.d
    public String d(NetworkResponse networkResponse) {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        String str = "tsms service error, " + fromString.getErrorMessage();
        e11.b.b("KeyStoreHandler", str, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            h.f(this.f60575b);
            e11.b.e("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new d11.c(1024L, str);
    }
}
