package com.samsung.android.kmxservice.sdk.util;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.util.Log;
import com.samsung.android.security.keystore.AttestParameterSpec;
import com.samsung.android.security.keystore.AttestationUtils;
import com.samsung.android.security.keystore.DeviceIdAttestationException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes.dex */
public final class k {
    public static final String b = n7.c.P(k.class.getSimpleName());

    /* renamed from: a, reason: collision with root package name */
    public final AttestationUtils f3493a = (AttestationUtils) f.d(new androidx.drawerlayout.widget.b(7));

    public static /* synthetic */ AttestationUtils a() {
        return new AttestationUtils();
    }

    public static String e(String str, boolean z7) {
        if (!z7) {
            int indexOf = str.indexOf("\"", str.indexOf("CN=")) + 1;
            return str.substring(indexOf, str.indexOf("\"", indexOf));
        }
        Log.i(b, "[parseSakUid] SAKm Model");
        int indexOf2 = str.indexOf("=", str.indexOf("UID")) + 1;
        return str.substring(indexOf2, str.indexOf(":CA", indexOf2));
    }

    public static boolean g(Certificate[] certificateArr, byte[] bArr) {
        String str = b;
        if (certificateArr == null) {
            Log.e(str, "verifyCertChain certChain is null.");
            return false;
        }
        int length = certificateArr.length;
        X509Certificate[] x509CertificateArr = new X509Certificate[length];
        for (int i7 = 0; i7 < certificateArr.length; i7++) {
            x509CertificateArr[i7] = (X509Certificate) certificateArr[i7];
        }
        if (length != 3) {
            Log.e(str, "Invalid certification chain size : " + length);
            return false;
        }
        try {
            b bVar = new b(x509CertificateArr[0]);
            e eVar = bVar.b;
            byte[] bArr2 = bVar.f3483a;
            if (bArr2 == null || bArr2.length == 0) {
                Log.e(str, "No challenge in the certificate");
                return false;
            }
            if (!Arrays.equals(bArr2, bArr)) {
                Log.e(str, "Challenge in different with certificate : ".concat(new String(bArr2, StandardCharsets.UTF_8)));
                return false;
            }
            if (eVar.f3486a.intValue() != 0) {
                Log.e(str, "The key was not generated in hardware-backed keystore");
                return false;
            }
            h hVar = eVar.b;
            if (hVar.c != 0) {
                Log.e(str, "ROT : VerifiedBootState is invalid");
                return false;
            }
            if (!hVar.b) {
                Log.e(str, "ROT : Device is unlocked");
                return false;
            }
            try {
                X509Certificate a10 = i.a(bVar.d);
                int i10 = length - 1;
                while (i10 >= 0) {
                    X509Certificate x509Certificate = x509CertificateArr[i10];
                    x509Certificate.checkValidity();
                    x509Certificate.verify(a10.getPublicKey());
                    i10--;
                    a10 = x509Certificate;
                }
                return true;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException e) {
                e.printStackTrace();
                if (!(e instanceof CertificateNotYetValidException)) {
                    e.printStackTrace();
                    return false;
                }
                Log.e(str, e.getMessage() + System.lineSeparator() + System.lineSeparator() + "Please set to the current time (Settings > General management > Date and time)");
                return false;
            }
        } catch (CertificateParsingException e8) {
            Log.e(str, "verifyCertChain certificate Parsing Error : ", e8);
            return false;
        }
    }

    public final int b() {
        int i7;
        int i10;
        int i11 = 4;
        byte[] bArr = new byte[4];
        new SecureRandom().nextBytes(bArr);
        AttestationUtils attestationUtils = this.f3493a;
        int i12 = -1;
        if (attestationUtils == null) {
            Log.e(b, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
            return -1;
        }
        try {
            synchronized (attestationUtils) {
                try {
                    if (this.f3493a.getKey("integrity") == null) {
                        Log.i(b, "generated key for integrity checking");
                        this.f3493a.generateKeyPair("integrity", bArr);
                    }
                    this.f3493a.storeCertificateChain("integrity", this.f3493a.attestDevice(new AttestParameterSpec.Builder("integrity", bArr).setDeviceAttestation(true).setVerifiableIntegrity(true).build()));
                    Certificate[] certificateChain = this.f3493a.getCertificateChain("integrity");
                    if (certificateChain == null) {
                        Log.e(b, "getDeviceIntegrity certChain is null");
                        return -1;
                    }
                    try {
                        g a10 = new b((X509Certificate) certificateChain[0]).a();
                        if (a10 != null) {
                            int i13 = a10.f3488a;
                            int i14 = 2;
                            if ((i13 == 0 || i13 == 2) && (((i7 = a10.b) == 0 || i7 == 2) && ((i10 = a10.c) == 0 || i10 == 2))) {
                                if (i13 != -1) {
                                    int i15 = i13 == 1 ? 1 : 0;
                                    if (i7 != 1) {
                                        i14 = 0;
                                    }
                                    int i16 = i15 | i14;
                                    if (i10 != 1) {
                                        i11 = 0;
                                    }
                                    i12 = i16 | i11;
                                }
                                return i12;
                            }
                        }
                        Log.e(b, "integrityStatus is abnormal : " + a10);
                        return i12;
                    } catch (CertificateParsingException e) {
                        Log.e(b, "getDeviceIntegrity certificate Parsing Error : ", e);
                        return -1;
                    }
                } finally {
                }
            }
        } catch (DeviceIdAttestationException | KeyStoreException e8) {
            throw new RuntimeException((Throwable) e8);
        }
    }

    public final String c() {
        String a10 = l.a("ro.security.keystore.keytype");
        AttestationUtils attestationUtils = this.f3493a;
        String str = null;
        if (attestationUtils == null) {
            Log.e(b, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
            return null;
        }
        try {
        } catch (IllegalArgumentException | NullPointerException | ProviderException e) {
            e.printStackTrace();
        }
        synchronized (attestationUtils) {
            try {
                Certificate[] certificateChain = this.f3493a.getCertificateChain("sakUid");
                if (certificateChain != null) {
                    if (certificateChain.length < 3) {
                    }
                    str = e(((X509Certificate) certificateChain[0]).getIssuerX500Principal().toString(), a10.contains("sakm"));
                    return str;
                }
                byte[] bArr = new byte[4];
                new SecureRandom().nextBytes(bArr);
                this.f3493a.generateKeyPair("sakUid", bArr);
                certificateChain = this.f3493a.getCertificateChain("sakUid");
                if (!g(certificateChain, bArr)) {
                    Log.e(b, "certificate chain verification failed.");
                    return null;
                }
                str = e(((X509Certificate) certificateChain[0]).getIssuerX500Principal().toString(), a10.contains("sakm"));
                return str;
            } finally {
            }
        }
    }

    public final X509Certificate[] d(String str, byte[] bArr) {
        X509Certificate[] x509CertificateArr = null;
        if (this.f3493a == null) {
            Log.e(b, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
            return null;
        }
        if (Build.VERSION.SDK_INT < 28) {
            Log.e(b, "You need to check os version ! Now under the Pos");
            return null;
        }
        AttestParameterSpec build = new AttestParameterSpec.Builder(str, bArr).setAlgorithm("RSA").setKeyGenParameterSpec(new KeyGenParameterSpec.Builder(str, 32).setDigests("SHA-256", McElieceCCA2KeyGenParameterSpec.SHA1).setEncryptionPaddings("OAEPPadding").setBlockModes("ECB").build()).setVerifiableIntegrity(true).build();
        try {
        } catch (IllegalArgumentException | NullPointerException | KeyStoreException | ProviderException e) {
            e.printStackTrace();
        }
        synchronized (this.f3493a) {
            try {
                if (this.f3493a.getKey(str) == null) {
                    String str2 = b;
                    Log.i(str2, "generate key for wrap key. : " + str);
                    if (this.f3493a.generateKeyPair(build) == null) {
                        Log.e(str2, "getWrapKey generateKeyPair is null");
                        return null;
                    }
                }
                Certificate[] certificateChain = this.f3493a.getCertificateChain(str);
                if (certificateChain == null) {
                    String str3 = b;
                    Log.e(str3, "getWrapKey certChain is NULL. Retry key generation.");
                    if (this.f3493a.generateKeyPair(build) == null) {
                        Log.e(str3, "getWrapKey retrying generateKeyPair is null");
                        return null;
                    }
                    Certificate[] certificateChain2 = this.f3493a.getCertificateChain(str);
                    if (certificateChain2 == null) {
                        Log.e(str3, "getWrapKey certChain is NULL.");
                        return null;
                    }
                    certificateChain = certificateChain2;
                }
                x509CertificateArr = new X509Certificate[certificateChain.length];
                for (int i7 = 0; i7 < certificateChain.length; i7++) {
                    x509CertificateArr[i7] = (X509Certificate) certificateChain[i7];
                }
                return x509CertificateArr;
            } finally {
            }
        }
    }

    public final void f() {
        AttestationUtils attestationUtils = this.f3493a;
        if (attestationUtils == null) {
            Log.e(b, "Not support attestation utils. Need to check build version :" + Build.VERSION.SDK_INT);
            return;
        }
        try {
            synchronized (attestationUtils) {
                this.f3493a.deleteKey("WRAPPING_KEY");
            }
        } catch (KeyStoreException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }
}
