package com.yandex.runtime.attestation_storage.internal;

import android.security.keystore.KeyGenParameterSpec;
import android.util.Base64;
import bh.f;
import bh.g;
import bh.j;
import com.yandex.runtime.Runtime;
import com.yandex.runtime.attestation.EcPublicKey;
import com.yandex.runtime.logging.Logger;
import com.yandex.strannik.internal.sloth.performers.a;
import defpackage.c;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import li.d;

/* loaded from: classes5.dex */
public class PlatformKeystoreImpl implements PlatformKeystore {
    private static final String KEY_ALIAS_BASE = "MAPKIT_ATTESTED_KEY_";
    private String alias;
    private KeyStore keyStore;
    private KeyStore.PrivateKeyEntry privateKeyEntry;

    private PlatformKeystoreImpl(String str) throws IOException, CertificateException {
        this.alias = str;
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            this.keyStore = keyStore;
            try {
                keyStore.load(null);
                if (hasEntry()) {
                    tryLoadEntry();
                }
            } catch (NoSuchAlgorithmException e14) {
                StringBuilder q14 = c.q("Can't check the integrity of keystore: ");
                q14.append(e14.getMessage());
                throw new IllegalStateException(q14.toString());
            }
        } catch (KeyStoreException e15) {
            StringBuilder q15 = c.q("No Android Key Store in the system: ");
            q15.append(e15.getMessage());
            throw new IllegalStateException(q15.toString());
        }
    }

    public static boolean attestationAvailable() {
        Provider provider = Security.getProvider("AndroidKeyStore");
        if (provider == null || provider.getService("KeyPairGenerator", "EC") == null || provider.getService("KeyFactory", "EC") == null || Security.getProviders("Signature.NONEwithECDSA").length == 0) {
            return false;
        }
        try {
            CertificateFactory.getInstance("X.509");
            return Security.getProviders("MessageDigest.SHA-256").length != 0;
        } catch (CertificateException unused) {
            return false;
        }
    }

    public static void cleanupUnusedKeys(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            try {
                keyStore.load(null);
                try {
                    Iterator it3 = Collections.list(keyStore.aliases()).iterator();
                    while (it3.hasNext()) {
                        String str2 = (String) it3.next();
                        if (str2.startsWith(KEY_ALIAS_BASE)) {
                            if (str != null) {
                                if (str2.equals(KEY_ALIAS_BASE + str)) {
                                }
                            }
                            keyStore.deleteEntry(str2);
                        }
                    }
                } catch (KeyStoreException e14) {
                    StringBuilder q14 = c.q("Could not delete entry: ");
                    q14.append(e14.getMessage());
                    Logger.error(q14.toString());
                }
            } catch (IOException e15) {
                StringBuilder q15 = c.q("Could not load keystore for key cleanup. I/O error: ");
                q15.append(e15.getMessage());
                Logger.error(q15.toString());
            } catch (NoSuchAlgorithmException e16) {
                StringBuilder q16 = c.q("Could not load keystore for key cleanup. No such algorithm for checking keystore integrity: ");
                q16.append(e16.getMessage());
                Logger.error(q16.toString());
            } catch (CertificateException e17) {
                StringBuilder q17 = c.q("Could not load keystore for key cleanup. Could not load certificate: ");
                q17.append(e17.getMessage());
                Logger.error(q17.toString());
            }
        } catch (KeyStoreException e18) {
            StringBuilder q18 = c.q("Could not get keystore implementation for key cleanup: ");
            q18.append(e18.getMessage());
            Logger.error(q18.toString());
        }
    }

    public static PlatformKeystore createKeystore(String str) {
        try {
            return new PlatformKeystoreImpl(KEY_ALIAS_BASE + str);
        } catch (IOException | CertificateException unused) {
            return null;
        }
    }

    private String createNonce(byte[] bArr) {
        try {
            byte[] certificateChain = getCertificateChain();
            if (certificateChain == null) {
                return null;
            }
            MessageDigest messageDigest = MessageDigest.getInstance(a.f86939c);
            messageDigest.update(bArr);
            messageDigest.update(certificateChain);
            return Base64.encodeToString(messageDigest.digest(), 10);
        } catch (NoSuchAlgorithmException e14) {
            StringBuilder q14 = c.q("No SHA-256 algorithm in the environment: ");
            q14.append(e14.getMessage());
            throw new IllegalStateException(q14.toString());
        }
    }

    private byte[] getCertificateChain() {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            try {
                return CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(this.privateKeyEntry.getCertificateChain())).getEncoded();
            } catch (CertificateEncodingException | CertificateException unused) {
                return null;
            }
        } catch (CertificateException e14) {
            StringBuilder q14 = c.q("X.509 is unsupported in the system: ");
            q14.append(e14.getMessage());
            throw new IllegalStateException(q14.toString());
        }
    }

    private boolean hasEntry() {
        try {
            return this.keyStore.containsAlias(this.alias);
        } catch (KeyStoreException e14) {
            StringBuilder q14 = c.q("Keystore is not initialized: ");
            q14.append(e14.getMessage());
            throw new IllegalStateException(q14.toString());
        }
    }

    private void tryLoadEntry() {
        try {
            KeyStore.Entry entry = this.keyStore.getEntry(this.alias, null);
            if (entry == null) {
                return;
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new IllegalStateException("Key entry is not an instance of a KeyStore.PrivateKeyEntry");
            }
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            this.privateKeyEntry = privateKeyEntry;
            if (privateKeyEntry.getPrivateKey().getAlgorithm() != "EC") {
                removeKey();
            }
        } catch (KeyStoreException e14) {
            StringBuilder q14 = c.q("Keystore has not been loaded: ");
            q14.append(e14.getMessage());
            throw new IllegalStateException(q14.toString());
        } catch (NoSuchAlgorithmException e15) {
            StringBuilder q15 = c.q("No such algorithm in the environment: ");
            q15.append(e15.getMessage());
            throw new IllegalStateException(q15.toString());
        } catch (UnrecoverableEntryException e16) {
            StringBuilder q16 = c.q("Entry is protected: ");
            q16.append(e16.getMessage());
            throw new IllegalStateException(q16.toString());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] ecSign(byte[] bArr) {
        if (this.privateKeyEntry == null) {
            throw new IllegalStateException("Key entry is null. Generate key first.");
        }
        try {
            Signature signature = Signature.getInstance("NONEwithECDSA");
            try {
                signature.initSign(this.privateKeyEntry.getPrivateKey());
                try {
                    signature.update(bArr);
                    return signature.sign();
                } catch (SignatureException e14) {
                    StringBuilder q14 = c.q("Could not sign provided data: ");
                    q14.append(e14.getMessage());
                    throw new IllegalStateException(q14.toString());
                }
            } catch (InvalidKeyException e15) {
                StringBuilder q15 = c.q("Key provided for signing is invalid: ");
                q15.append(e15.getMessage());
                throw new IllegalStateException(q15.toString());
            }
        } catch (NoSuchAlgorithmException e16) {
            StringBuilder q16 = c.q("No NONEwithECDSA support: ");
            q16.append(e16.getMessage());
            throw new IllegalStateException(q16.toString());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void generateKey(byte[] bArr) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "AndroidKeyStore");
            try {
                keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(this.alias, 4).setDigests("NONE").setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")).setAttestationChallenge(bArr).setKeySize(256).build());
                keyPairGenerator.generateKeyPair();
                tryLoadEntry();
            } catch (InvalidAlgorithmParameterException e14) {
                StringBuilder q14 = c.q("Arguments for initialization of EC algorithm are invalid: ");
                q14.append(e14.getMessage());
                throw new IllegalStateException(q14.toString());
            }
        } catch (NoSuchAlgorithmException e15) {
            StringBuilder q15 = c.q("EC algorithm is unsupported in AndroidKeyStore: ");
            q15.append(e15.getMessage());
            throw new IllegalStateException(q15.toString());
        } catch (NoSuchProviderException e16) {
            StringBuilder q16 = c.q("No Android Key Store in the system: ");
            q16.append(e16.getMessage());
            throw new IllegalStateException(q16.toString());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public EcPublicKey getEcPublicKey() {
        try {
            ECPoint w14 = ((ECPublicKeySpec) KeyFactory.getInstance("EC").getKeySpec(this.privateKeyEntry.getCertificate().getPublicKey(), ECPublicKeySpec.class)).getW();
            return new EcPublicKey(w14.getAffineX().toByteArray(), w14.getAffineY().toByteArray());
        } catch (NoSuchAlgorithmException e14) {
            StringBuilder q14 = c.q("EC algorithm is unsupported in AndroidKeyStore: ");
            q14.append(e14.getMessage());
            throw new IllegalStateException(q14.toString());
        } catch (InvalidKeySpecException e15) {
            StringBuilder q15 = c.q("Invalid KeySpec or key could not be processed: ");
            q15.append(e15.getMessage());
            throw new IllegalStateException(q15.toString());
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public byte[] getKeystoreProof() {
        return getCertificateChain();
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public boolean hasKey() {
        return this.privateKeyEntry != null;
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void removeKey() {
        this.privateKeyEntry = null;
        if (hasEntry()) {
            try {
                this.keyStore.deleteEntry(this.alias);
            } catch (KeyStoreException e14) {
                StringBuilder q14 = c.q("Keystore is not initialized: ");
                q14.append(e14.getMessage());
                throw new IllegalStateException(q14.toString());
            }
        }
    }

    @Override // com.yandex.runtime.attestation_storage.internal.PlatformKeystore
    public void requestAttestKey(byte[] bArr, long j14, final AttestationListener attestationListener) {
        String createNonce = createNonce(bArr);
        if (createNonce == null) {
            attestationListener.onAttestationFailed("Could not create nonce");
        }
        d dVar = new d();
        dVar.c(createNonce);
        dVar.b(j14);
        j<li.c> a14 = li.j.a(Runtime.getApplicationContext()).a().a(dVar.a());
        a14.f(new g<li.c>() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.1
            @Override // bh.g
            public void onSuccess(li.c cVar) {
                attestationListener.onAttestationReceived(cVar.a());
            }
        });
        a14.d(new f() { // from class: com.yandex.runtime.attestation_storage.internal.PlatformKeystoreImpl.2
            @Override // bh.f
            public void onFailure(Exception exc) {
                attestationListener.onAttestationFailed(exc.getMessage());
            }
        });
    }
}
