package com.wizway.nfcagent.manager;

import android.content.Context;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.os.Build;
import android.provider.Settings;
import android.security.KeyPairGeneratorSpec;
import android.util.Base64;
import com.google.android.gms.safetynet.f;
import com.google.android.gms.tasks.AbstractC1900k;
import com.google.android.gms.tasks.InterfaceC1895f;
import com.google.android.gms.tasks.InterfaceC1896g;
import com.wizway.nfcagent.IdentityCard;
import com.wizway.nfcagent.exception.WizwayException;
import com.wizway.nfcagent.model.AuthenticateAgentEntity;
import com.wizway.nfcagent.model.AuthenticateResponse;
import com.wizway.nfcagent.utils.Utils;
import com.wizway.nfcagent.utils.m;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Locale;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import kotlinx.serialization.json.internal.AbstractJsonLexerKt;

/* loaded from: classes3.dex */
public class q {

    /* renamed from: b, reason: collision with root package name */
    private static final String f38489b = "c";

    /* renamed from: c, reason: collision with root package name */
    public static final String f38490c = "UTF-8";

    /* renamed from: d, reason: collision with root package name */
    public static final String f38491d = "Keystore";

    /* renamed from: e, reason: collision with root package name */
    private static q f38492e = null;

    /* renamed from: f, reason: collision with root package name */
    private static final String f38493f = "_ACL";

    /* renamed from: g, reason: collision with root package name */
    private static final String f38494g = "pubkey";

    /* renamed from: h, reason: collision with root package name */
    private static final String f38495h = "aeskeyForPubkey";

    /* renamed from: i, reason: collision with root package name */
    private static final String f38496i = "pfVersion";

    /* renamed from: j, reason: collision with root package name */
    private static final String f38497j = "RSA/ECB/PKCS1Padding";

    /* renamed from: k, reason: collision with root package name */
    private static final String f38498k = "SHA256withRSA";

    /* renamed from: l, reason: collision with root package name */
    private static final int f38499l = 1024;

    /* renamed from: m, reason: collision with root package name */
    private static final int f38500m = 128;

    /* renamed from: n, reason: collision with root package name */
    private static final String f38501n = "ag_key";

    /* renamed from: o, reason: collision with root package name */
    private static final String f38502o = "ag_pubk";

    /* renamed from: p, reason: collision with root package name */
    private static final String f38503p = "ag_privk";

    /* renamed from: q, reason: collision with root package name */
    private static KeyStore f38504q;

    /* renamed from: a, reason: collision with root package name */
    private Context f38505a = com.wizway.nfcagent.application.a.b().getApplicationContext();

    private byte[] A(Key key, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance(f38497j);
        cipher.init(2, key);
        return cipher.doFinal(bArr);
    }

    private static byte[] B(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(1, secretKeySpec);
        return cipher.doFinal(bArr2);
    }

    private synchronized void C() {
        timber.log.b.l("About to generate AgentKeyPair", new Object[0]);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 5);
        try {
            KeyPairGeneratorSpec build = new KeyPairGeneratorSpec.Builder(this.f38505a).setAlias(f38501n).setSubject(new X500Principal(String.format("CN=%s, OU=%s", f38501n, this.f38505a.getPackageName()))).setSerialNumber(BigInteger.ONE).setStartDate(calendar.getTime()).setEndDate(calendar2.getTime()).build();
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
            keyPairGenerator.initialize(build);
            keyPairGenerator.generateKeyPair();
            timber.log.b.l("AgentKeyPair generated", new Object[0]);
        } catch (Exception e3) {
            timber.log.b.j(e3, "generateAgentKeyPair failed", new Object[0]);
        }
    }

    private static String E(String str) {
        char[] charArray = str.toCharArray();
        StringBuffer stringBuffer = new StringBuffer();
        for (int i3 = 0; i3 < charArray.length; i3++) {
            stringBuffer.append(charArray[i3]);
            if (i3 < charArray.length - 1 && i3 % 2 != 0) {
                stringBuffer.append(AbstractJsonLexerKt.COLON);
            }
        }
        return stringBuffer.toString().trim().toUpperCase(Locale.getDefault());
    }

    private Key F() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException {
        j();
        return (PrivateKey) O().getKey(f38501n, null);
    }

    private String J() {
        Context context = this.f38505a;
        if (context != null) {
            return Settings.Secure.getString(context.getContentResolver(), "android_id");
        }
        return null;
    }

    private String L() {
        return this.f38505a.getPackageManager().getInstallerPackageName(this.f38505a.getPackageName());
    }

    public static synchronized q M() {
        q qVar;
        synchronized (q.class) {
            if (f38492e == null) {
                f38492e = new q();
                try {
                    O();
                } catch (Exception e3) {
                    timber.log.b.i(e3);
                }
            }
            qVar = f38492e;
        }
        return qVar;
    }

    private boolean N() {
        return (this.f38505a.getApplicationInfo().flags & 2) != 0;
    }

    private static KeyStore O() throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        if (f38504q == null) {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            f38504q = keyStore;
            keyStore.load(null);
        }
        return f38504q;
    }

    private PublicKey P() throws CertificateException, PackageManager.NameNotFoundException {
        Certificate w3;
        PackageInfo packageInfo = this.f38505a.getPackageManager().getPackageInfo(this.f38505a.getPackageName(), 64);
        if (packageInfo == null || (w3 = w(packageInfo.signatures[0].toByteArray())) == null) {
            return null;
        }
        return w3.getPublicKey();
    }

    public static String f(Context context, String str) {
        timber.log.b.e("getSafetyNetAttestation " + Thread.currentThread().getId(), new Object[0]);
        if (!Utils.isGooglePlayServicesAvailable(context)) {
            return null;
        }
        final String[] strArr = {null};
        AbstractC1900k<f.a> H3 = com.google.android.gms.safetynet.e.b(context).H(str.getBytes(), "AIzaSyCTtJdrtXS6AbtoqVIWP1cs5wxMzYgBy5s");
        final Semaphore semaphore = new Semaphore(0);
        H3.k(new InterfaceC1896g() { // from class: com.wizway.nfcagent.manager.o
            @Override // com.google.android.gms.tasks.InterfaceC1896g
            public final void a(Object obj) {
                q.n(strArr, semaphore, (f.a) obj);
            }
        });
        H3.h(new InterfaceC1895f() { // from class: com.wizway.nfcagent.manager.p
            @Override // com.google.android.gms.tasks.InterfaceC1895f
            public final void e(Exception exc) {
                semaphore.release();
            }
        });
        try {
            timber.log.b.l("Waiting for SafetyNet device assessment...", new Object[0]);
            semaphore.tryAcquire(30L, TimeUnit.SECONDS);
            timber.log.b.l("Done waiting!", new Object[0]);
        } catch (Exception e3) {
            timber.log.b.B(e3);
        }
        return strArr[0];
    }

    private static String g(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (int i3 = 0; i3 < bArr.length; i3++) {
            String hexString = Integer.toHexString(bArr[i3]);
            int length = hexString.length();
            if (length == 1) {
                hexString = "0" + hexString;
            }
            if (length > 2) {
                hexString = hexString.substring(length - 2, length);
            }
            sb.append(hexString.toUpperCase(Locale.getDefault()));
            if (i3 < bArr.length - 1) {
                sb.append(AbstractJsonLexerKt.COLON);
            }
        }
        return sb.toString();
    }

    private Certificate h(KeyStore keyStore, String str) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        Key key;
        if (Build.VERSION.SDK_INT < 28) {
            return keyStore.getCertificate(f38501n);
        }
        try {
            key = keyStore.getKey(str, null);
        } catch (UnrecoverableKeyException e3) {
            timber.log.b.j(e3, "Agent key not usable, flushing it (deviceId %s)", Settings.Secure.getString(this.f38505a.getContentResolver(), "android_id"));
            keyStore.deleteEntry(str);
            key = null;
        }
        if (key != null) {
            return keyStore.getCertificate(str);
        }
        return null;
    }

    private ArrayList<byte[]> i(byte[] bArr, Key key) throws NoSuchAlgorithmException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchPaddingException {
        if (bArr == null || key == null) {
            timber.log.b.A("hybridCipherMessage, cannot cipher with a null argument", new Object[0]);
            return null;
        }
        byte[] z3 = z();
        byte[] B3 = B(z3, bArr);
        byte[] s3 = s(key, z3);
        ArrayList<byte[]> arrayList = new ArrayList<>();
        arrayList.add(s3);
        arrayList.add(B3);
        return arrayList;
    }

    private synchronized void j() {
        try {
            try {
                if (h(O(), f38501n) == null) {
                    C();
                } else {
                    timber.log.b.e("Agent key pair already in KeyStore", new Object[0]);
                }
            } catch (Exception e3) {
                timber.log.b.j(e3, "SecurityManager: ", new Object[0]);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    private void l(String str, String str2, String str3) {
        SharedPreferences.Editor edit = this.f38505a.getSharedPreferences(str, 0).edit();
        edit.putString(str2, str3);
        edit.apply();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void n(String[] strArr, Semaphore semaphore, f.a aVar) {
        String u3 = aVar.u();
        strArr[0] = u3;
        timber.log.b.l("SafetyNet Integrity result: %s", u3);
        semaphore.release();
    }

    private byte[] r(String str, String str2) {
        SharedPreferences sharedPreferences = this.f38505a.getSharedPreferences(str, 0);
        if (!sharedPreferences.contains(str2)) {
            return null;
        }
        String string = sharedPreferences.getString(str2, "");
        if (string.isEmpty()) {
            return null;
        }
        return Base64.decode(string, 2);
    }

    private byte[] s(Key key, byte[] bArr) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher = Cipher.getInstance(f38497j);
        cipher.init(1, key);
        return cipher.doFinal(bArr);
    }

    private static byte[] t(byte[] bArr, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        if (bArr == null || privateKey == null) {
            timber.log.b.A("signMessageWithKey, cannot cipher with a null argument", new Object[0]);
            return null;
        }
        Signature signature = Signature.getInstance(f38498k);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private static byte[] u(byte[] bArr, byte[] bArr2) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(2, secretKeySpec);
        return cipher.doFinal(bArr2);
    }

    private static Certificate w(byte[] bArr) throws CertificateException {
        return CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(bArr));
    }

    private byte[] z() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);
        return keyGenerator.generateKey().getEncoded();
    }

    public byte[] D(String str) throws CertificateException, UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException, IOException, SignatureException, InvalidKeyException, InvalidKeySpecException {
        return t(str.getBytes("UTF-8"), (PrivateKey) M().F());
    }

    public Key G() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        j();
        try {
            Certificate certificate = O().getCertificate(f38501n);
            if (certificate == null) {
                return null;
            }
            return certificate.getPublicKey();
        } catch (Exception e3) {
            timber.log.b.j(e3, "getAgentPublicKey failed", new Object[0]);
            return null;
        }
    }

    public String H() {
        try {
            return this.f38505a.getPackageManager().getPackageInfo(this.f38505a.getPackageName(), 0).versionName;
        } catch (PackageManager.NameNotFoundException unused) {
            return null;
        }
    }

    public String I() {
        SharedPreferences sharedPreferences = this.f38505a.getSharedPreferences(this.f38505a.getPackageName() + "_ACL", 0);
        if (!sharedPreferences.contains(f38496i)) {
            return null;
        }
        String string = sharedPreferences.getString(f38496i, "");
        if (string.isEmpty()) {
            return null;
        }
        return string;
    }

    public IdentityCard K() {
        return new IdentityCard(v(this.f38505a.getPackageName()), L(), N());
    }

    public boolean Q() {
        String I3 = I();
        timber.log.b.e("isUpdateNeeded: " + I3, new Object[0]);
        if (I3 == null) {
            return false;
        }
        com.wizway.nfcagent.utils.n nVar = new com.wizway.nfcagent.utils.n(I3);
        com.wizway.nfcagent.utils.n nVar2 = new com.wizway.nfcagent.utils.n(H());
        timber.log.b.e("isUpdateNeeded: " + I3 + ", " + H(), new Object[0]);
        return nVar.compareTo(nVar2) == 1;
    }

    public int c(int i3) throws WizwayException {
        try {
            return Integer.parseInt(String.valueOf(i3).substring(0, 5));
        } catch (Exception unused) {
            throw new WizwayException("Invalid service id " + i3, 11);
        }
    }

    public int d(AuthenticateResponse authenticateResponse, String str, int i3) {
        timber.log.b.e("(Auth) check error... OK", new Object[0]);
        try {
            byte[] decode = Base64.decode(authenticateResponse.getAeskey(), 2);
            byte[] decode2 = Base64.decode(authenticateResponse.getPubkey(), 2);
            byte[] decode3 = Base64.decode(authenticateResponse.getSignature(), 2);
            if (decode != null && decode2 != null && decode3 != null) {
                byte[] A3 = A(F(), decode);
                timber.log.b.e("(Auth) check pubkey and signature...", new Object[0]);
                if (!p(str, decode3, decode2, A3)) {
                    return m.a.f38870c;
                }
                timber.log.b.e("(Auth) put MMI pubK and this aesKey in sharedpref...", new Object[0]);
                l(str + "_ACL", f38494g + i3, Base64.encodeToString(decode2, 2));
                l(str + "_ACL", f38495h + i3, Base64.encodeToString(A3, 2));
                return m.a.f38871d;
            }
            return m.a.f38869b;
        } catch (PackageManager.NameNotFoundException | IOException | GeneralSecurityException e3) {
            timber.log.b.j(e3, "handleAuthResponse", new Object[0]);
            return 1;
        }
    }

    public AuthenticateAgentEntity e(String str) {
        try {
            timber.log.b.e("Start authenticate agent...", new Object[0]);
            String str2 = str + "|" + J();
            byte[] t3 = t(str2.getBytes("UTF-8"), (PrivateKey) F());
            ArrayList<byte[]> i3 = i(G().getEncoded(), P());
            byte[] bArr = i3.get(0);
            byte[] bArr2 = i3.get(1);
            byte[] s3 = s(P(), str2.getBytes("UTF-8"));
            if (bArr == null || bArr2 == null) {
                throw new NullPointerException("HybridCipher AgPubKey returned null");
            }
            AuthenticateAgentEntity authenticateAgentEntity = new AuthenticateAgentEntity();
            authenticateAgentEntity.setSignature(Base64.encodeToString(t3, 2));
            authenticateAgentEntity.setAgentPubKey(Base64.encodeToString(bArr2, 2));
            authenticateAgentEntity.setAgentPubKeyAesKey(Base64.encodeToString(bArr, 2));
            authenticateAgentEntity.setName(this.f38505a.getPackageName());
            authenticateAgentEntity.setSpkgID(Base64.encodeToString(s3, 2));
            authenticateAgentEntity.setOs("Android");
            authenticateAgentEntity.setOsVersion(Build.VERSION.CODENAME.equals("REL") ? Build.VERSION.RELEASE : "Not a release");
            authenticateAgentEntity.setVersion(Utils.versionName(this.f38505a));
            return authenticateAgentEntity;
        } catch (PackageManager.NameNotFoundException e3) {
            e = e3;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (IOException e4) {
            e = e4;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (InvalidKeyException e5) {
            e = e5;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (KeyStoreException e6) {
            e = e6;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (NoSuchAlgorithmException e7) {
            e = e7;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (SignatureException e8) {
            e = e8;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (UnrecoverableEntryException e9) {
            e = e9;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (CertificateException e10) {
            e = e10;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (InvalidKeySpecException e11) {
            e = e11;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (BadPaddingException e12) {
            e = e12;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (IllegalBlockSizeException e13) {
            e = e13;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        } catch (NoSuchPaddingException e14) {
            e = e14;
            timber.log.b.j(e, "authenticateAgentToPF: ", new Object[0]);
            return null;
        }
    }

    public void k(String str, int i3) {
        l(str + "_ACL", f38494g + i3, null);
        l(str + "_ACL", f38495h + i3, null);
    }

    public boolean o(int i3, String str) {
        try {
            return y(i3, str);
        } catch (Exception unused) {
            return false;
        }
    }

    public boolean p(String str, byte[] bArr, byte[] bArr2, byte[] bArr3) throws CertificateException, PackageManager.NameNotFoundException, NoSuchAlgorithmException, SignatureException, InvalidKeyException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException {
        if (!q(bArr, P(), bArr2)) {
            timber.log.b.A("(Auth) verify signature... KO", new Object[0]);
            return false;
        }
        timber.log.b.e("(Auth) verify signature... OK", new Object[0]);
        timber.log.b.e("(Auth) decipher MMI hash...", new Object[0]);
        byte[] u3 = u(bArr3, bArr2);
        timber.log.b.e("(Auth) compare " + str + " hash with AuthenticateResponse pubkey hash...", new Object[0]);
        String v3 = v(str);
        String E3 = E(Base64.encodeToString(Base64.decode(u3, 2), 2));
        timber.log.b.e("(Auth) ResponseHash: " + E3, new Object[0]);
        timber.log.b.e("(Auth) ****MMI_hash: " + v3, new Object[0]);
        if (E3.equals(v3)) {
            timber.log.b.e("(Auth) hash comparison... OK", new Object[0]);
            return true;
        }
        timber.log.b.A("(Auth) hash comparison... KO", new Object[0]);
        return false;
    }

    public boolean q(byte[] bArr, PublicKey publicKey, byte[] bArr2) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException {
        if (bArr == null || publicKey == null) {
            timber.log.b.A("verifySignatureWithKey, cannot verify with a null argument", new Object[0]);
            return false;
        }
        Signature signature = Signature.getInstance(f38498k);
        signature.initVerify(publicKey);
        signature.update(bArr2);
        return signature.verify(bArr);
    }

    public String v(String str) {
        try {
            byte[] byteArray = this.f38505a.getPackageManager().getPackageInfo(str, 64).signatures[0].toByteArray();
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
                if (messageDigest == null || byteArray == null) {
                    throw new CertificateException("Cannot instanciate message digest");
                }
                return g(messageDigest.digest(byteArray));
            } catch (NoSuchAlgorithmException e3) {
                e = e3;
                timber.log.b.j(e, "getSignature: ", new Object[0]);
                return "";
            } catch (CertificateEncodingException e4) {
                e = e4;
                timber.log.b.j(e, "getSignature: ", new Object[0]);
                return "";
            }
        } catch (PackageManager.NameNotFoundException e5) {
            e = e5;
            timber.log.b.j(e, "getSignature: ", new Object[0]);
            return "";
        } catch (CertificateException e6) {
            e = e6;
            timber.log.b.j(e, "getSignature: ", new Object[0]);
            return "";
        }
    }

    public void x(String str, String str2) {
        l(str + "_ACL", f38496i, str2);
    }

    public boolean y(int i3, String str) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException {
        byte[] r3 = r(str + "_ACL", f38494g + i3);
        byte[] r4 = r(str + "_ACL", f38495h + i3);
        if (r4 != null && r3 != null) {
            byte[] u3 = u(r4, r3);
            String v3 = v(str);
            String E3 = E(Base64.encodeToString(Base64.decode(u3, 2), 2));
            if (E3.equals(v3)) {
                timber.log.b.e("(Auth) verified OK", new Object[0]);
                return true;
            }
            timber.log.b.A("(Auth) hash mismatch, authentication FAILED!", new Object[0]);
            timber.log.b.e("(Auth) ResponseHash: " + E3, new Object[0]);
            timber.log.b.e("(Auth) ****MMI_hash: " + v3, new Object[0]);
        }
        return false;
    }
}
