package com.samsung.android.knox.dai.framework.keystore.util;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import com.samsung.android.knox.dai.framework.logging.Log;
import com.samsung.android.knox.dai.framework.utils.Constants;
import com.samsung.android.knox.ex.peripheral.PeripheralBarcodeConstants;
import com.samsung.android.security.keystore.AttestParameterSpec;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.security.keystore.DeviceIdAttestationException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStoreException;
import java.security.ProviderException;

/* loaded from: classes2.dex */
public class KeyPairGenerator {
    private static final String TAG = "KeyPairGenerator";
    private final String mCertificateAlias;

    private KeyPairGenerator(String str) {
        this.mCertificateAlias = str;
    }

    private boolean createAttestKey() {
        try {
            new AttestationUtils().generateKeyPair(new AttestParameterSpec.Builder(this.mCertificateAlias, getChallenge()).setDeviceAttestation(true).setVerifiableIntegrity(true).setPackageName("com.samsung.android.knox.dai").setKeyGenParameterSpec(createKeyGenParameterSpec()).build());
            return true;
        } catch (IllegalArgumentException | NullPointerException | ProviderException e) {
            Log.e(TAG, "Failed to generate key pair " + e.getMessage());
            return false;
        }
    }

    private KeyGenParameterSpec createKeyGenParameterSpec() {
        return new KeyGenParameterSpec.Builder(this.mCertificateAlias, 4).setDigests(PeripheralBarcodeConstants.Symbology.Type.TYPE_NONE, "SHA-256", "SHA-512").setEncryptionPaddings("NoPadding", "OAEPPadding").setSignaturePaddings("PSS").build();
    }

    private boolean generateAuthCertSignedBySAK() {
        try {
            AttestParameterSpec build = new AttestParameterSpec.Builder(this.mCertificateAlias, getChallenge()).setDeviceAttestation(true).setVerifiableIntegrity(true).setPackageName((String) null).build();
            AttestationUtils attestationUtils = new AttestationUtils();
            attestationUtils.storeCertificateChain(this.mCertificateAlias, attestationUtils.attestDevice(build));
            return true;
        } catch (IllegalArgumentException | NullPointerException | KeyStoreException | ProviderException | DeviceIdAttestationException e) {
            Log.e(TAG, "Failed generate auth certificate " + e.getMessage());
            return false;
        }
    }

    private static byte[] getChallenge() {
        return Constants.SYMBOLS.getBytes(StandardCharsets.UTF_8);
    }

    public static KeyPairGenerator getInstance(String str) {
        return new KeyPairGenerator(str);
    }

    public void createKeyPair() {
        if (TextUtils.isEmpty(this.mCertificateAlias)) {
            Log.e(TAG, "Invalid alias for certificate chain: " + this.mCertificateAlias);
        } else if (!createAttestKey()) {
            Log.e(TAG, "Failed to create key");
        } else {
            if (generateAuthCertSignedBySAK()) {
                return;
            }
            Log.e(TAG, "Failed to create certificate");
        }
    }
}
