package com.hihonor.iap.core.utils;

import android.security.keystore.KeyGenParameterSpec;
import android.text.TextUtils;
import android.util.Base64;
import androidx.core.util.Preconditions;
import com.gmrz.fido.markers.ds2;
import com.gmrz.fido.markers.ds4;
import com.gmrz.fido.markers.ll1;
import com.gmrz.fido.markers.qj7;
import com.gmrz.fido.markers.sp5;
import com.gmrz.fido.markers.vo4;
import com.gmrz.fido.markers.wo6;
import com.hihonor.iap.core.Constants;
import com.hihonor.iap.core.api.IAP;
import com.hihonor.iap.core.bean.BaseResponse;
import com.hihonor.iap.core.bean.finger.GetChallengeResult;
import com.hihonor.iap.core.bean.huks.HuksVerifyRequest;
import com.hihonor.iap.core.bean.huks.HuksVerifyResult;
import com.hihonor.iap.core.utils.HuksVerifyUtil;
import com.hihonor.iap.framework.utils.logger.IapLogUtils;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.GregorianCalendar;
import java.util.HashMap;
import javax.security.auth.x500.X500Principal;

/* loaded from: classes7.dex */
public class HuksVerifyUtil {
    private static final String SIGNATURE_KEY_ALIAS = "IapSignatureKeyPriv";
    public static final String TAG = "HuksVerifyUtil";
    private static Provider sProvider = KeyStoreProviderHelper.newInstance();
    private static String sAppId = "com.hihonor.id";
    private static String sAppFingerprint = "";
    private static String sSenderNonce = "";

    /* loaded from: classes7.dex */
    public static class KeyStoreProviderHelper {
        private static Class<?> sClazz;

        private KeyStoreProviderHelper() {
        }

        private static void install() {
            Class<?> cls;
            try {
                cls = Class.forName("com.hihonor.android.security.keystore.HwUniversalKeyStoreProvider");
            } catch (ClassNotFoundException e) {
                StringBuilder a2 = qj7.a("Failed to install HwUniversalKeyStoreProvider: ");
                a2.append(e.getMessage());
                IapLogUtils.printlnError(HuksVerifyUtil.TAG, a2.toString());
                try {
                    cls = Class.forName("com.hihonor.security.keystore.HwUniversalKeyStoreProvider");
                } catch (ClassNotFoundException e2) {
                    StringBuilder a3 = qj7.a("Failed to install HwUniversalKeyStoreProvider: ");
                    a3.append(e2.getMessage());
                    IapLogUtils.printlnError(HuksVerifyUtil.TAG, a3.toString());
                    cls = null;
                }
            }
            Preconditions.checkNotNull(cls, "Failed to install HwUniversalKeyStoreProvider");
            try {
                Method method = cls.getMethod("install", new Class[0]);
                method.setAccessible(true);
                method.invoke(null, new Object[0]);
                sClazz = cls;
            } catch (IllegalAccessException unused) {
                IapLogUtils.printlnError(HuksVerifyUtil.TAG, "HwUniversalKeyStore: cannot access");
            } catch (NoSuchMethodException unused2) {
                IapLogUtils.printlnError(HuksVerifyUtil.TAG, "HwUniversalKeyStore: function not found");
            } catch (InvocationTargetException unused3) {
                IapLogUtils.printlnError(HuksVerifyUtil.TAG, "HwUniversalKeyStore: InvocationTargetException");
            }
        }

        public static Provider newInstance() {
            if (sClazz == null) {
                install();
            }
            try {
                return (Provider) sClazz.newInstance();
            } catch (IllegalAccessException | InstantiationException e) {
                StringBuilder a2 = qj7.a("Failed to obtain HwUniversalKeyStoreProvider: ");
                a2.append(e.getMessage());
                IapLogUtils.printlnError(HuksVerifyUtil.TAG, a2.toString());
                return null;
            }
        }
    }

    private static HuksVerifyResult generateHuksVerifyToken(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.SIGN, str);
        HuksVerifyRequest huksVerifyRequest = new HuksVerifyRequest();
        huksVerifyRequest.setCerts(str2);
        huksVerifyRequest.setAppFingerprint(sp5.b("com.hihonor.id"));
        huksVerifyRequest.setTimestamp(System.currentTimeMillis());
        huksVerifyRequest.setSenderNonce(sSenderNonce);
        huksVerifyRequest.setChallenge(str3);
        return (HuksVerifyResult) ((IAP) ds4.e().d(IAP.class)).verifyHuksCerts(hashMap, huksVerifyRequest).y(new ll1() { // from class: com.gmrz.fido.asmapi.a12
            @Override // com.gmrz.fido.markers.ll1
            public final Object apply(Object obj) {
                HuksVerifyResult lambda$generateHuksVerifyToken$1;
                lambda$generateHuksVerifyToken$1 = HuksVerifyUtil.lambda$generateHuksVerifyToken$1((BaseResponse) obj);
                return lambda$generateHuksVerifyToken$1;
            }
        }).K(vo4.d()).C(new ll1() { // from class: com.gmrz.fido.asmapi.b12
            @Override // com.gmrz.fido.markers.ll1
            public final Object apply(Object obj) {
                HuksVerifyResult lambda$generateHuksVerifyToken$2;
                lambda$generateHuksVerifyToken$2 = HuksVerifyUtil.lambda$generateHuksVerifyToken$2((Throwable) obj);
                return lambda$generateHuksVerifyToken$2;
            }
        }).c();
    }

    private static KeyPair generateKeyPair(String str) {
        KeyGenParameterSpec.Builder attestationChallenge;
        try {
            sAppFingerprint = sp5.b("com.hihonor.id");
            sSenderNonce = Base64.encodeToString(ds2.b(32), 2);
            byte[] hexStr2ByteArray = SHA256Util.hexStr2ByteArray(SHA256Util.getSHA256str(sAppId + sAppFingerprint + sSenderNonce + str));
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(1, 10);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", sProvider);
            attestationChallenge = new KeyGenParameterSpec.Builder(SIGNATURE_KEY_ALIAS, 12).setCertificateSubject(new X500Principal("CN=IapSignatureKeyPriv")).setDigests("SHA-256").setSignaturePaddings("PSS").setCertificateSerialNumber(BigInteger.valueOf(1337L)).setCertificateNotBefore(gregorianCalendar.getTime()).setCertificateNotAfter(gregorianCalendar2.getTime()).setKeyValidityStart(gregorianCalendar.getTime()).setKeyValidityForConsumptionEnd(gregorianCalendar2.getTime()).setAttestationChallenge(hexStr2ByteArray);
            keyPairGenerator.initialize(attestationChallenge.setUserAuthenticationRequired(false).build());
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            StringBuilder a2 = qj7.a("Failed to generateKeyPair: ");
            a2.append(e.getMessage());
            IapLogUtils.printlnError(TAG, a2.toString());
            return null;
        }
    }

    private static Certificate[] getCertificateChain(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeyStore");
            keyStore.load(null);
            IapLogUtils.printlnInfo(TAG, "Load  keystore success!");
            KeyStore.Entry entry = keyStore.getEntry(str, null);
            if (entry == null) {
                IapLogUtils.printlnWarn(TAG, "Entry is not exist");
                return null;
            }
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
            }
            IapLogUtils.printlnWarn(TAG, "Not an instance of a PrivateKeyEntry");
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            wo6.a(e, qj7.a("Failed to getCertificateChain: "), TAG);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ HuksVerifyResult lambda$generateHuksVerifyToken$1(BaseResponse baseResponse) throws Throwable {
        if (baseResponse.isSuccessful()) {
            return (HuksVerifyResult) baseResponse.getData();
        }
        throw new RuntimeException(baseResponse.getMessage());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ HuksVerifyResult lambda$generateHuksVerifyToken$2(Throwable th) throws Throwable {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ String lambda$obtainChallenge$0(Throwable th) throws Throwable {
        return "";
    }

    private static String obtainChallenge() {
        return (String) ((IAP) ds4.e().d(IAP.class)).getChallenge(new HashMap(), 1).y(new ll1<BaseResponse<GetChallengeResult>, String>() { // from class: com.hihonor.iap.core.utils.HuksVerifyUtil.1
            @Override // com.gmrz.fido.markers.ll1
            public String apply(BaseResponse<GetChallengeResult> baseResponse) throws Throwable {
                if (!baseResponse.isSuccessful() || baseResponse.getData() == null || TextUtils.isEmpty(baseResponse.getData().getChallenge())) {
                    throw new RuntimeException(baseResponse.getMessage());
                }
                return baseResponse.getData().getChallenge();
            }
        }).K(vo4.d()).C(new ll1() { // from class: com.gmrz.fido.asmapi.c12
            @Override // com.gmrz.fido.markers.ll1
            public final Object apply(Object obj) {
                String lambda$obtainChallenge$0;
                lambda$obtainChallenge$0 = HuksVerifyUtil.lambda$obtainChallenge$0((Throwable) obj);
                return lambda$obtainChallenge$0;
            }
        }).c();
    }

    public static HuksVerifyResult obtainHuksVerifyToken() {
        String obtainChallenge = obtainChallenge();
        IapLogUtils.printlnDebug(TAG, "challenge: " + obtainChallenge);
        generateKeyPair(obtainChallenge);
        try {
            Certificate[] certificateChain = getCertificateChain(SIGNATURE_KEY_ALIAS);
            StringBuilder sb = new StringBuilder();
            if (certificateChain != null) {
                sb = new StringBuilder(Base64.encodeToString(certificateChain[0].getEncoded(), 2));
                for (int i = 1; i < certificateChain.length; i++) {
                    sb.append(";");
                    sb.append(Base64.encodeToString(certificateChain[i].getEncoded(), 2));
                }
            }
            IapLogUtils.printlnDebug(TAG, "certificates: " + ((Object) sb));
            return generateHuksVerifyToken(signData(SIGNATURE_KEY_ALIAS, sb.toString()), sb.toString(), obtainChallenge);
        } catch (CertificateEncodingException e) {
            StringBuilder a2 = qj7.a("Failed to obtainHuksVerifyToken: ");
            a2.append(e.getMessage());
            IapLogUtils.printlnError(TAG, a2.toString());
            return null;
        }
    }

    public static String signData(String str) {
        return signData(SIGNATURE_KEY_ALIAS, str);
    }

    private static String signData(String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance("HwKeystore");
            keyStore.load(null);
            Key key = keyStore.getKey(str, null);
            if (key == null) {
                return null;
            }
            Signature signature = Signature.getInstance("SHA256withRSA/PSS", sProvider);
            signature.initSign((PrivateKey) key);
            signature.update(SHA256Util.getSHA256str(str2).getBytes(StandardCharsets.UTF_8));
            return Base64.encodeToString(signature.sign(), 2);
        } catch (IOException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | SignatureException | UnrecoverableKeyException | CertificateException e) {
            wo6.a(e, qj7.a("Failed to sign data: "), TAG);
            return null;
        }
    }
}
