package defpackage;

import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import com.huawei.hbu.foundation.log.Logger;
import com.huawei.hbu.foundation.utils.aj;
import com.huawei.hbu.foundation.utils.aq;
import com.huawei.secure.android.common.encrypt.aes.AesGcm;
import com.huawei.secure.android.common.util.SafeBase64;
import com.huawei.security.keystore.HwUniversalKeyStoreProvider;
import java.io.IOException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.List;

/* compiled from: HUKSUtils.java */
/* loaded from: classes13.dex */
public final class dym {
    private boolean a;
    private Certificate[] b;

    /* compiled from: HUKSUtils.java */
    /* loaded from: classes13.dex */
    private static class b {
        private static final dym a = new dym();
    }

    private dym() {
        this.a = false;
    }

    private String a() {
        String decrypt = AesGcm.decrypt(li.getString(dxt.a, "HUKSChallengeKey"), dyp.getAesKey());
        if (!aq.isBlank(decrypt)) {
            return decrypt;
        }
        String str = me.getCurrentTime() + "_" + SafeBase64.encodeToString(dyp.genSecureRandomBytes(32), 0);
        li.put(dxt.a, "HUKSChallengeKey", AesGcm.encrypt(str, dyp.getAesKey()));
        return str;
    }

    private KeyPair a(String str, String str2, int i, String str3, String str4) {
        Logger.i("ReaderUtils_Device_HUKSUtils", "generateKeyPair");
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2, (Provider) new HwUniversalKeyStoreProvider());
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 1);
            if (Build.VERSION.SDK_INT < 24) {
                return null;
            }
            keyPairGenerator.initialize(new KeyGenParameterSpec.Builder(str, i).setDigests(str3).setSignaturePaddings(str4).setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setAttestationChallenge(a().getBytes(StandardCharsets.UTF_8)).setUserAuthenticationRequired(false).build());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException unused) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "generateKeyPair Algorithm error");
            return null;
        } catch (ProviderException unused2) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "generateKeyPair Provider error");
            return null;
        } catch (Throwable unused3) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "generateKeyPair is failure");
            return null;
        }
    }

    private List<String> a(Certificate[] certificateArr) {
        ArrayList arrayList = new ArrayList();
        if (certificateArr == null || certificateArr.length == 0) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "getBase64Cert,certificates is empty");
            return arrayList;
        }
        try {
            for (Certificate certificate : certificateArr) {
                if (certificate instanceof X509Certificate) {
                    arrayList.add(SafeBase64.encodeToString(certificate.getEncoded(), 0).replaceAll("\n", ""));
                } else {
                    Logger.e("ReaderUtils_Device_HUKSUtils", "getBase64Cert,error certificate");
                }
            }
        } catch (CertificateEncodingException unused) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "getBase64Cert encode error");
        }
        return arrayList;
    }

    private Certificate[] a(String str) {
        try {
            b();
            KeyStore keyStore = KeyStore.getInstance("HwKeystore");
            keyStore.load(null);
            return keyStore.getCertificateChain(str);
        } catch (IOException unused) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "getCertificateChain IOException");
            return new Certificate[0];
        } catch (KeyStoreException | CertificateException unused2) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "getCertificateChain exception");
            return new Certificate[0];
        } catch (NoSuchAlgorithmException unused3) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "getCertificateChain no such algorithm");
            return new Certificate[0];
        }
    }

    private void b() {
        if (this.a) {
            Logger.i("ReaderUtils_Device_HUKSUtils", "initHUKS,inited");
            return;
        }
        Method method = aj.getMethod(aj.getClass("com.huawei.security.keystore.HwUniversalKeyStoreProvider"), "install", (Class<?>[]) new Class[0]);
        aj.setAccessible(method, true);
        aj.invoke(method, null, new Object[0]);
        this.a = true;
        Logger.i("ReaderUtils_Device_HUKSUtils", "initHUKS,finish init");
    }

    public static dym getInstance() {
        return b.a;
    }

    public synchronized boolean generateKeyPair() {
        Certificate[] a2 = a("huawei_books_obtain_vip_card");
        this.b = a2;
        if (a2 == null || a2.length <= 0) {
            return a("huawei_books_obtain_vip_card", "RSA", 12, "SHA-256", "PSS") != null;
        }
        return true;
    }

    public List<String> getCertificateChain() {
        Certificate[] certificateArr = this.b;
        if (certificateArr == null || certificateArr.length == 0) {
            this.b = a("huawei_books_obtain_vip_card");
        }
        return a(this.b);
    }

    public String signData(String str) {
        byte[] bArr = new byte[0];
        try {
            try {
                Logger.d("ReaderUtils_Device_HUKSUtils", "signData start");
                KeyStore keyStore = KeyStore.getInstance("HwKeystore");
                keyStore.load(null);
                Key key = keyStore.getKey("huawei_books_obtain_vip_card", null);
                if (key instanceof PrivateKey) {
                    Signature signature = Signature.getInstance("SHA256withRSA/PSS", (Provider) new HwUniversalKeyStoreProvider());
                    signature.initSign((PrivateKey) key);
                    signature.update(str.getBytes(StandardCharsets.UTF_8));
                    bArr = signature.sign();
                } else {
                    Logger.e("ReaderUtils_Device_HUKSUtils", "signData,privateKey error");
                }
            } catch (InvalidKeyException | UnrecoverableKeyException unused) {
                Logger.e("ReaderUtils_Device_HUKSUtils", "Signature: Key error");
            }
        } catch (IOException unused2) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "Signature: IO error");
        } catch (KeyStoreException unused3) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "Signature: Keystore error");
        } catch (NoSuchAlgorithmException unused4) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "Signature: Algorithm error");
        } catch (SignatureException unused5) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "Signature: Signature error");
        } catch (CertificateException unused6) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "Signature: Certificate error");
        } catch (Throwable unused7) {
            Logger.e("ReaderUtils_Device_HUKSUtils", "signData exception");
        }
        Logger.d("ReaderUtils_Device_HUKSUtils", "signData end");
        return SafeBase64.encodeToString(bArr, 0).replaceAll("\n", "");
    }
}
