package al;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec$Builder;
import android.text.TextUtils;
import com.adjust.sdk.Constants;
import com.huawei.wisesecurity.ucs.credential.Credential;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.entity.ErrorBody;
import com.huawei.wisesecurity.ucs.credential.nativelib.UcsLib;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkCapability;
import com.huawei.wisesecurity.ucs.credential.outer.NetworkResponse;
import e2.b0;
import iq.d0;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
import okhttp3.internal.ws.RealWebSocket;

/* loaded from: classes2.dex */
public final class r extends d {
    public r(CredentialClient credentialClient, Context context, NetworkCapability networkCapability) throws wk.c {
        super(credentialClient, context, networkCapability);
        KeyStore keyStore = s.f763a;
        if (!(zk.b.a(context).getInt("ucs_keystore_sp_key_t", -1) == -1)) {
            g.a.z("KeyStoreManager", "keyStoreRootKey status already init", new Object[0]);
        } else if (Build.VERSION.SDK_INT >= 24) {
            zk.b.a(context).edit().putInt("ucs_keystore_sp_key_t", 1).apply();
        } else {
            zk.b.a(context).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
        }
        if (!(zk.b.a(context).getInt("ucs_keystore_sp_key_t", -1) == 1)) {
            throw d0.i("KeyStoreHandler", " keyStoreCertificateChain is off.", new Object[0], 1022L, " keyStoreCertificateChain is off.");
        }
    }

    @Override // al.d
    public final Credential a(String str) throws wk.c {
        try {
            if (Integer.parseInt(new nr.c(str).h("expire")) == 0) {
                return this.f744g.genCredentialFromString(str);
            }
            throw new wk.c(1017L, "unenable expire.");
        } catch (NumberFormatException e10) {
            StringBuilder k9 = ak.a.k("parse TSMS resp expire error : ");
            k9.append(e10.getMessage());
            throw new wk.c(2001L, k9.toString());
        } catch (nr.b e11) {
            StringBuilder k10 = ak.a.k("parse TSMS resp get json error : ");
            k10.append(e11.getMessage());
            throw new wk.c(1002L, k10.toString());
        }
    }

    @Override // al.d
    @SuppressLint({"NewApi"})
    public final String c() throws wk.c {
        KeyGenParameterSpec$Builder attestationChallenge;
        String str;
        byte[] sign;
        s.b();
        KeyStore keyStore = s.f763a;
        try {
            if (s.f763a.containsAlias("ucs_alias_rootKey")) {
                g.a.z("KeyStoreManager", "the alias exists", new Object[0]);
            } else {
                try {
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
                    attestationChallenge = new KeyGenParameterSpec$Builder("ucs_alias_rootKey", 15).setDigests(Constants.SHA256, "SHA-512").setKeySize(3072).setAttestationChallenge("AndroidKeyStore".getBytes(StandardCharsets.UTF_8));
                    keyPairGenerator.initialize(attestationChallenge.setSignaturePaddings("PSS").setEncryptionPaddings("OAEPPadding").build());
                    keyPairGenerator.generateKeyPair();
                    g.a.z("KeyStoreManager", "generateKeyPair OK", new Object[0]);
                } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e10) {
                    StringBuilder k9 = ak.a.k("generateKeyPair failed, ");
                    k9.append(e10.getMessage());
                    g.a.r("KeyStoreManager", k9.toString(), new Object[0]);
                    StringBuilder k10 = ak.a.k("generateKeyPair failed , exception ");
                    k10.append(e10.getMessage());
                    throw new wk.d(k10.toString());
                }
            }
            try {
                String b0Var = new b0(s.f763a.getCertificateChain("ucs_alias_rootKey")).toString();
                List<String> pkgNameCertFP = UcsLib.getPkgNameCertFP(this.f739b);
                String str2 = this.f742e;
                String str3 = this.f741d;
                String str4 = pkgNameCertFP.get(0);
                String str5 = pkgNameCertFP.get(1);
                try {
                    nr.c cVar = new nr.c();
                    cVar.w(2, "alg");
                    cVar.w(1, "kekAlg");
                    cVar.y(str2, "packageName");
                    cVar.y(str3, "appId");
                    cVar.w(1, "akskVersion");
                    cVar.y(str4, "appPkgName");
                    cVar.y(str5, "appCertFP");
                    str = zk.c.b(cVar.toString().getBytes(StandardCharsets.UTF_8), 10);
                } catch (nr.b | wk.c e11) {
                    g.a.r("CredentialJws", "generate payload exception: {0}", e11.getMessage());
                    str = "";
                }
                if (TextUtils.isEmpty(b0Var) || TextUtils.isEmpty(str)) {
                    throw new wk.c(1006L, "Get signStr error");
                }
                String g5 = a.a.g(b0Var, ".", str);
                synchronized (s.f764b) {
                    try {
                        Signature signature = Signature.getInstance("SHA256withRSA/PSS");
                        signature.initSign(s.a());
                        signature.update(g5.getBytes(StandardCharsets.UTF_8));
                        sign = signature.sign();
                    } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e12) {
                        g.a.r("KeyStoreManager", "doSign failed, " + e12.getMessage(), new Object[0]);
                        throw new wk.d("doSign failed , exception " + e12.getMessage());
                    }
                }
                String b4 = zk.c.b(sign, 10);
                if (TextUtils.isEmpty(b0Var) || TextUtils.isEmpty(str) || TextUtils.isEmpty(b4)) {
                    throw new wk.c(1006L, "get credential JWS is empty...");
                }
                StringBuilder sb2 = new StringBuilder();
                if (TextUtils.isEmpty(b0Var) || TextUtils.isEmpty(str)) {
                    throw new wk.c(1006L, "Get signStr error");
                }
                sb2.append(b0Var + "." + str);
                sb2.append(".");
                sb2.append(b4);
                return sb2.toString();
            } catch (KeyStoreException e13) {
                StringBuilder k11 = ak.a.k("getCertificateChain failed, ");
                k11.append(e13.getMessage());
                g.a.r("KeyStoreManager", k11.toString(), new Object[0]);
                StringBuilder k12 = ak.a.k("getCertificateChain failed , exception ");
                k12.append(e13.getMessage());
                throw new wk.d(k12.toString());
            }
        } catch (KeyStoreException e14) {
            StringBuilder k13 = ak.a.k("containsAlias failed, ");
            k13.append(e14.getMessage());
            g.a.r("KeyStoreManager", k13.toString(), new Object[0]);
            StringBuilder k14 = ak.a.k("containsAlias failed , exception ");
            k14.append(e14.getMessage());
            throw new wk.d(k14.toString());
        }
    }

    @Override // al.d
    public final String d(NetworkResponse networkResponse) throws wk.c {
        if (networkResponse.isSuccessful()) {
            return networkResponse.getBody();
        }
        ErrorBody fromString = ErrorBody.fromString(networkResponse.getBody());
        StringBuilder k9 = ak.a.k("tsms service error, ");
        k9.append(fromString.getErrorMessage());
        String sb2 = k9.toString();
        g.a.r("KeyStoreHandler", sb2, new Object[0]);
        String errorCode = fromString.getErrorCode();
        if ("tsms.1018".equalsIgnoreCase(errorCode) || "tsms.1019".equalsIgnoreCase(errorCode)) {
            Context context = this.f739b;
            KeyStore keyStore = s.f763a;
            zk.b.a(context).edit().putInt("ucs_keystore_sp_key_t", 0).apply();
            g.a.z("KeyStoreHandler", "turn off androidkeystore CertificateChain", new Object[0]);
        }
        throw new wk.c(RealWebSocket.DEFAULT_MINIMUM_DEFLATE_SIZE, sb2);
    }
}
