package com.bytedance.labcv.bytedcertsdk.ticketguard.key;

import android.content.Context;
import android.content.SharedPreferences;
import android.util.Base64;
import android.util.Log;
import com.bytedance.crash.upload.NetState;
import com.bytedance.labcv.bytedcertsdk.utils.BLog;
import com.umeng.analytics.pro.d;
import i.m.a.q.h.v.b.e;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Metadata(d1 = {"\u0000X\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0010\u0003\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0010\u0012\n\u0002\b\t\n\u0002\u0010\b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\b\u0018\u00002\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00030\u0001B\u001d\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\u0007¢\u0006\u0002\u0010\tJ\u0018\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00072\b\u0010\u0012\u001a\u0004\u0018\u00010\u0013J\b\u0010\u0014\u001a\u00020\u000bH\u0016J\b\u0010\u0015\u001a\u00020\u000bH\u0016J\u0010\u0010\u0016\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u0017\u001a\u00020\u0003J\u0012\u0010\u0018\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u0012\u0010\u001b\u001a\u0004\u0018\u00010\u00022\u0006\u0010\u001c\u001a\u00020\u0007H\u0016J\b\u0010\u001d\u001a\u00020\u0007H\u0014J\b\u0010\u001e\u001a\u00020\u0007H\u0002J\b\u0010\u001f\u001a\u00020\u0007H\u0016J\b\u0010 \u001a\u00020\u0007H\u0016J\u0017\u0010!\u001a\u0004\u0018\u00010\u000b2\u0006\u0010\"\u001a\u00020#H\u0002¢\u0006\u0002\u0010$J\u0015\u0010!\u001a\u0004\u0018\u00010\u000b2\u0006\u0010%\u001a\u00020\u0007¢\u0006\u0002\u0010&J\u0012\u0010'\u001a\u0004\u0018\u00010\u00032\b\u0010(\u001a\u0004\u0018\u00010\u0007J\u0012\u0010)\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u0019\u001a\u00020\u001aH\u0002J\u0012\u0010*\u001a\u0004\u0018\u00010\u00022\u0006\u0010\u001c\u001a\u00020\u0007H\u0016J\u001a\u0010+\u001a\u0004\u0018\u00010\u00072\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010,\u001a\u00020-H\u0002J\u001a\u0010.\u001a\u0004\u0018\u00010\u001a2\u0006\u0010\u001c\u001a\u00020\u00072\u0006\u0010,\u001a\u00020-H\u0002J\u001a\u0010/\u001a\u0004\u0018\u00010\u001a2\u0006\u0010\u001c\u001a\u00020\u00072\u0006\u0010,\u001a\u00020-H\u0002J*\u00100\u001a\u0004\u0018\u00010#2\u0006\u00101\u001a\u0002022\u0006\u00103\u001a\u00020#2\u0006\u0010,\u001a\u00020-2\u0006\u00104\u001a\u00020\u0007H\u0002J\u001a\u00105\u001a\u0004\u0018\u00010#2\u0006\u00103\u001a\u00020#2\u0006\u00104\u001a\u00020\u0007H\u0016J\u000e\u00106\u001a\u00020\u00102\u0006\u0010\"\u001a\u00020\u0007J \u00107\u001a\u00020\u000b2\u0006\u00108\u001a\u00020\u00032\u0006\u00103\u001a\u00020#2\u0006\u00109\u001a\u00020#H\u0016R\u001e\u0010\f\u001a\u00020\u000b2\u0006\u0010\n\u001a\u00020\u000b@BX\u0086\u000e¢\u0006\b\n\u0000\u001a\u0004\b\r\u0010\u000eR\u000e\u0010\b\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006:"}, d2 = {"Lcom/bytedance/labcv/bytedcertsdk/ticketguard/key/TeeKeyHelper;", "Lcom/bytedance/labcv/bytedcertsdk/ticketguard/key/AbsKeyHelper;", "Lcom/bytedance/labcv/bytedcertsdk/ticketguard/key/TeeKeyObject;", "Ljava/security/cert/Certificate;", d.R, "Landroid/content/Context;", "keystoreAlias", "", "principal", "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;)V", "<set-?>", "", "hasEverFail", "getHasEverFail", "()Z", "apiFail", "", "reason", "error", "", "completeKeyObject", "containsAlias", "convertPEMString", "csr", "genCsr", "keyPair", "Ljava/security/KeyPair;", "generateKeyPair", "scene", "getCreateLogSpKey", "getSpKeyClientCert", "getSpKeyPrivateSuffix", "getSpKeyPublicPrefix", "isKeyMatch", "cert", "", "([B)Ljava/lang/Boolean;", "base64Cert", "(Ljava/lang/String;)Ljava/lang/Boolean;", "loadCert", "certAlias", "loadCertFromSp", "loadKeyPair", "realGenCsr", "attemptCount", "", "realGenKey", "realLoadKeyPair", "realSign", "privateKey", "Ljava/security/PrivateKey;", "data", NetState.PATH, "sign", "updateClientCert", e.b, "pubInfo", i.s.f.e.f13649m, "BytedCertSdk_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* renamed from: com.bytedance.labcv.bytedcertsdk.f.a.d, reason: from Kotlin metadata */
/* loaded from: classes2.dex */
public final class TeeKeyHelper extends AbsKeyHelper<TeeKeyObject, Certificate> {

    /* renamed from: e, reason: collision with root package name */
    @NotNull
    private final String f3978e;

    /* renamed from: f, reason: collision with root package name */
    private boolean f3979f;

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public TeeKeyHelper(@NotNull Context context, @NotNull String keystoreAlias, @NotNull String principal) {
        super(context, keystoreAlias);
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(keystoreAlias, "keystoreAlias");
        Intrinsics.checkNotNullParameter(principal, "principal");
        this.f3978e = principal;
        this.f3979f = this.f3975d.getBoolean("has_ever_fail", false);
    }

    private final String a(KeyPair keyPair) {
        for (int i2 = 1; i2 < 4; i2++) {
            String b = b(keyPair);
            if (b != null) {
                return b;
            }
        }
        return null;
    }

    @Nullable
    public static String a(@NotNull Certificate csr) {
        Intrinsics.checkNotNullParameter(csr, "csr");
        try {
            PemObject pemObject = new PemObject(PEMParser.f19117f, csr.getEncoded());
            StringWriter stringWriter = new StringWriter();
            PemWriter pemWriter = new PemWriter(stringWriter);
            pemWriter.j(pemObject);
            pemWriter.close();
            stringWriter.close();
            return stringWriter.toString();
        } catch (CertificateEncodingException e2) {
            throw new RuntimeException(e2);
        }
    }

    private void a(@NotNull String reason, @Nullable Throwable th) {
        Intrinsics.checkNotNullParameter(reason, "reason");
        BLog.d("TeeKeyHelper", reason + " fail, error=" + Log.getStackTraceString(th));
        if (this.f3979f) {
            return;
        }
        this.f3979f = true;
        this.f3975d.edit().putBoolean("has_ever_fail", true).apply();
    }

    private final byte[] a(PrivateKey privateKey, byte[] bArr) {
        byte[] bArr2 = null;
        try {
            System.currentTimeMillis();
            bArr2 = TeeApi.a(privateKey, bArr);
            BLog.d("TeeKeyHelper", "签名成功");
            return bArr2;
        } catch (Throwable th) {
            a("sign", th);
            BLog.d("TeeKeyHelper", "签名失败, exception=" + Log.getStackTraceString(th));
            return bArr2;
        }
    }

    private final String b(KeyPair keyPair) {
        try {
            String a = TeeApi.a(keyPair, this.f3978e);
            BLog.d("TeeKeyHelper", "生成 csr 成功");
            return a;
        } catch (Throwable th) {
            a("generate csr", th);
            BLog.d("TeeKeyHelper", "生成 csr 失败, exception=" + Log.getStackTraceString(th));
            return null;
        }
    }

    @Nullable
    public static Certificate d(@Nullable String str) {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        StringBuilder sb = new StringBuilder("loadCert : ");
        byte[] encoded = keyStore.getCertificate(str).getEncoded();
        Intrinsics.checkNotNullExpressionValue(encoded, "ks.getCertificate(certAlias).encoded");
        sb.append(new String(encoded, Charsets.UTF_8));
        BLog.w("TeeKeyHelper", sb.toString());
        return keyStore.getCertificate(str);
    }

    private final String h() {
        return "client_cert_" + this.b;
    }

    private final KeyPair i() {
        System.currentTimeMillis();
        KeyPair keyPair = null;
        try {
            String str = this.b;
            SharedPreferences.Editor edit = this.f3975d.edit();
            Intrinsics.checkNotNullExpressionValue(edit, "sp.edit()");
            KeyPair a = TeeApi.a(str, edit, b(), c());
            if (a != null) {
                BLog.d("TeeKeyHelper", "生成 Key pair 成功");
                keyPair = a;
            } else {
                BLog.d("TeeKeyHelper", "生成 Key pair 失败");
            }
        } catch (Throwable th) {
            a("generate key", th);
            BLog.e("TeeKeyHelper", "生成 Key pair 失败, exception=" + Log.getStackTraceString(th));
        }
        return keyPair;
    }

    private final KeyPair j() {
        System.currentTimeMillis();
        KeyPair keyPair = null;
        try {
            KeyPair b = TeeApi.b(this.b, this.f3975d, b(), c());
            if (b != null) {
                BLog.d("TeeKeyHelper", "加载 Key pair 成功");
                keyPair = b;
            } else {
                BLog.d("TeeKeyHelper", "加载 Key pair 失败");
            }
        } catch (Throwable th) {
            a("load key pair", th);
            BLog.d("TeeKeyHelper", "加载 Key pair 失败, exception=" + Log.getStackTraceString(th));
        }
        return keyPair;
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    @NotNull
    public final String a() {
        return "tee_create_key_log";
    }

    @Nullable
    public final byte[] a(@NotNull byte[] data, @NotNull String path) {
        Intrinsics.checkNotNullParameter(data, "data");
        Intrinsics.checkNotNullParameter(path, "path");
        TeeKeyObject teeKeyObject = (TeeKeyObject) this.c;
        if (teeKeyObject == null) {
            BLog.d("TeeKeyHelper", "签名失败, 获取私钥失败");
            return null;
        }
        for (int i2 = 1; i2 < 4; i2++) {
            PrivateKey privateKey = teeKeyObject.c.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "it.keyPair.private");
            byte[] a = a(privateKey, data);
            if (a != null) {
                return a;
            }
        }
        return null;
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    public final /* synthetic */ TeeKeyObject b(String scene) {
        Intrinsics.checkNotNullParameter(scene, "scene");
        for (int i2 = 1; i2 < 4; i2++) {
            KeyPair i3 = i();
            if (i3 != null) {
                return new TeeKeyObject(true, i3, a(i3), null);
            }
        }
        return null;
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    public final /* synthetic */ TeeKeyObject c(String scene) {
        String str;
        Intrinsics.checkNotNullParameter(scene, "scene");
        boolean z = true;
        for (int i2 = 1; i2 < 4; i2++) {
            KeyPair j2 = j();
            if (j2 != null) {
                if (this.f3975d.getBoolean("sp_key_has_load_from_origin_sp", false)) {
                    str = null;
                } else {
                    SharedPreferences sharedPreferences = this.a.getSharedPreferences("sp_TicketGuardManager", 0);
                    str = sharedPreferences.getString("sp_key_cert", null);
                    sharedPreferences.edit().remove("sp_key_cert").apply();
                    SharedPreferences.Editor edit = this.f3975d.edit();
                    edit.putBoolean("sp_key_has_load_from_origin_sp", true);
                    if (!(str == null || str.length() == 0)) {
                        byte[] decode = Base64.decode(str, 0);
                        Intrinsics.checkNotNullExpressionValue(decode, "decode(\n                …ULT\n                    )");
                        PrivateKey privateKey = j2.getPrivate();
                        Intrinsics.checkNotNullExpressionValue(privateKey, "keyPair.private");
                        if (TeeApi.a(decode, privateKey)) {
                            edit.putString(h(), str);
                            edit.apply();
                        }
                    }
                    str = null;
                    edit.apply();
                }
                if (str == null || str.length() == 0) {
                    str = this.f3975d.getString(h(), null);
                    if (str != null && str.length() != 0) {
                        z = false;
                    }
                    if (!z) {
                        byte[] decode2 = Base64.decode(str, 0);
                        Intrinsics.checkNotNullExpressionValue(decode2, "decode(cert, Base64.DEFAULT)");
                        PrivateKey privateKey2 = j2.getPrivate();
                        Intrinsics.checkNotNullExpressionValue(privateKey2, "keyPair.private");
                        if (!TeeApi.a(decode2, privateKey2)) {
                            this.f3975d.edit().remove(h()).apply();
                            str = null;
                        }
                    }
                }
                TeeKeyObject teeKeyObject = new TeeKeyObject(false, j2, null, str);
                if (!teeKeyObject.a()) {
                    g();
                }
                return teeKeyObject;
            }
        }
        return null;
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    @NotNull
    public final String d() {
        return "sp_key_public_key";
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    @NotNull
    public final String e() {
        return "sp_key_private_key";
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    public final boolean f() {
        try {
            return TeeApi.a(this.b, this.f3975d, b(), c());
        } catch (Throwable th) {
            a("contains alias", th);
            throw th;
        }
    }

    @Override // com.bytedance.labcv.bytedcertsdk.ticketguard.key.AbsKeyHelper
    public final boolean g() {
        TeeKeyObject teeKeyObject = (TeeKeyObject) this.c;
        if (teeKeyObject == null) {
            return false;
        }
        teeKeyObject.f3980d = a(teeKeyObject.c);
        return teeKeyObject.a();
    }
}
